[kwlug-disc] Meltdown and Spectre, on Firefox
jvj at golden.net
jvj at golden.net
Mon Jan 8 13:52:47 EST 2018
Alex K - You can go easy on the software folks on this one.
AFAIK
The
Meltdown and Spectre vulnerabilities have their roots (:/) in the
processor hardware.
And Yes - they are getting better at discovering
vulnerabilities.
Someone suspected these vulnerabilities and went
looking for them.
JohnJ
-------------------------
SUBJECT: Re:
[kwlug-disc] Meltdown and Spectre, on Firefox
DATE: Mon, 8 Jan 2018
12:02:37 -0500
FROM: Alex K
TO: KWLUG discussion
REPLY-TO: KWLUG
discussion
Don't forget WPA2 crack. Are we getting better at
discovering vulnerabilities or at building way too complex software?
On Mon, Jan 8, 2018 at 11:28 AM, Khalid Baheyeldin wrote:
One thing
I noticed is that vulnerabilities just keep getting worse every year.
We had Heartbleed in OpenSSL, and now we have the really scary Meltdown
(Intel) and Spectre (multiple).
Your browser can also be affected!
Carefully crafted Javascript loaded from a web site can be made to
exploit some of these.
If you are running Firefox ESR, you are not
"less at risk".
If you are running Firefox 57, you can disable a
parameter, if you have not applied the update that was pushed a few days
ago.
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
[2]
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[3]
--
Khalid M. Baheyeldin
2bits.com [4], Inc.
Fast Reliable
Drupal
Drupal optimization, development, customization and
consulting.
Simplicity is prerequisite for reliability. -- Edsger
W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da
Vinci
For every complex problem, there is an answer that is clear,
simple, and wrong." -- H.L. Mencken
_______________________________________________
kwlug-disc mailing
list
kwlug-disc at kwlug.org
[5]
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org [6]
Links:
------
[1] mailto:kb at 2bits.com
[2]
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
[3]
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[4]
http://2bits.com
[5] mailto:kwlug-disc at kwlug.org
[6]
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180108/19c4e837/attachment.htm>
More information about the kwlug-disc
mailing list