[kwlug-disc] Meltdown and computer sales

Khalid Baheyeldin kb at 2bits.com
Tue Jan 16 18:01:58 EST 2018


If you are on Firefox ESR (like me), then ESR is not vulnerable to
Meltdown, with or without extensions.

If you are on Firefox 57, there is an option that you can turn off to
eliminate the risk of Meltdown. Unless you upgraded to the latest 57,
and that gets done for you.

SharedArrayBuffer is the option.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

On Tue, Jan 16, 2018 at 4:29 PM, Andrew Stevanus (KWLUG)
<andrew+kwlug at hoot.tech> wrote:
> Seconding uMatrix. It allows much more fine-grained control than
> NoScript. It doesn't have some of NoScript's other features like ABE,
> XSS, and clickjacking protection, though, so I actually use both and
> just enable scripts globally in NoScript and block them with uMatrix.
>
> On 2018-01-16 04:25 PM, Chamunks wrote:
>> You should consider uMatrix it's really quite good and lets you enjoy a bit
>> more of a modern web experience without the finnicky nature of NoScript
>> itself https://addons.mozilla.org/en-US/firefox/addon/umatrix/
>>
>> On Tue, Jan 16, 2018 at 4:20 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>>
>>> Yes, I use NoScript currently on Firefox ESR.
>>>
>>> On Tue, Jan 16, 2018 at 4:02 PM, Chamunks <chamunks at gmail.com> wrote:
>>>> Local exploit that with frameworks like WebAssembly might be exploitable
>>>> through your browser.  Use uMatrix & Firefox/Chrome or Brave browser
>>> with JS
>>>> disabled by default on places you don't trust.
>>>>
>>>> On Tue, Jan 16, 2018 at 4:00 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>>>>>
>>>>> Remember that Meltdown is a LOCAL exploit.
>>>>> That means that someone is able to execute unauthorized code on your
>>>>> machine.
>>>>>
>>>>> On desktops and dedicated servers, this is less of a concern, since it
>>>>> is game over already if someone is able to execute code locally.
>>>>>
>>>>> On virtualized machines, this is a big concern. Data can be leaked by
>>>>> other instances active on the same physical server. So companies
>>>>> operating virtual servers are concerned about this.
>>>>>
>>>>> AMD's vulnerability (Spectre) is less severe than Meltdown, and their
>>>>> latest generation of CPUs caught up to Intel in terms of performance
>>>>> and cost as well.
>>>>>
>>>>> I will consider them in future purchases.
>>>>>
>>>>> _______________________________________________
>>>>> kwlug-disc mailing list
>>>>> kwlug-disc at kwlug.org
>>>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>
>>>
>>>
>>> --
>>> Khalid M. Baheyeldin
>>> 2bits.com, Inc.
>>> Fast Reliable Drupal
>>> Drupal optimization, development, customization and consulting.
>>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>>> For every complex problem, there is an answer that is clear, simple,
>>> and wrong." -- H.L. Mencken
>>>
>>> _______________________________________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>
>>
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>



-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple,
and wrong." -- H.L. Mencken




More information about the kwlug-disc mailing list