[kwlug-disc] Meltdown and Spectre, on Firefox
Alex K
korobkin+kwl at gmail.com
Mon Jan 8 12:02:37 EST 2018
Don't forget WPA2 crack. Are we getting better at discovering
vulnerabilities or at building way too complex software?
On Mon, Jan 8, 2018 at 11:28 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> One thing I noticed is that vulnerabilities just keep getting worse every
> year.
>
> We had Heartbleed in OpenSSL, and now we have the really scary Meltdown
> (Intel) and Spectre (multiple).
>
> Your browser can also be affected! Carefully crafted Javascript loaded
> from a web site can be made to exploit some of these.
>
> If you are running Firefox ESR, you are not "less at risk".
> If you are running Firefox 57, you can disable a parameter, if you have
> not applied the update that was pushed a few days ago.
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
>
> https://blog.mozilla.org/security/2018/01/03/
> mitigations-landing-new-class-timing-attack/
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180108/1822b2b4/attachment.htm>
More information about the kwlug-disc
mailing list