[kwlug-disc] Meltdown and computer sales
Chamunks
chamunks at gmail.com
Wed Jan 17 16:16:02 EST 2018
Thanks for posting that Khalid I never would have dug it up.
On Tue, Jan 16, 2018 at 6:03 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
> If you are on Firefox ESR (like me), then ESR is not vulnerable to
> Meltdown, with or without extensions.
>
> If you are on Firefox 57, there is an option that you can turn off to
> eliminate the risk of Meltdown. Unless you upgraded to the latest 57,
> and that gets done for you.
>
> SharedArrayBuffer is the option.
>
>
> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>
> On Tue, Jan 16, 2018 at 4:29 PM, Andrew Stevanus (KWLUG)
> <andrew+kwlug at hoot.tech> wrote:
> > Seconding uMatrix. It allows much more fine-grained control than
> > NoScript. It doesn't have some of NoScript's other features like ABE,
> > XSS, and clickjacking protection, though, so I actually use both and
> > just enable scripts globally in NoScript and block them with uMatrix.
> >
> > On 2018-01-16 04:25 PM, Chamunks wrote:
> >> You should consider uMatrix it's really quite good and lets you enjoy a
> bit
> >> more of a modern web experience without the finnicky nature of NoScript
> >> itself https://addons.mozilla.org/en-US/firefox/addon/umatrix/
> >>
> >> On Tue, Jan 16, 2018 at 4:20 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
> >>
> >>> Yes, I use NoScript currently on Firefox ESR.
> >>>
> >>> On Tue, Jan 16, 2018 at 4:02 PM, Chamunks <chamunks at gmail.com> wrote:
> >>>> Local exploit that with frameworks like WebAssembly might be
> exploitable
> >>>> through your browser. Use uMatrix & Firefox/Chrome or Brave browser
> >>> with JS
> >>>> disabled by default on places you don't trust.
> >>>>
> >>>> On Tue, Jan 16, 2018 at 4:00 PM Khalid Baheyeldin <kb at 2bits.com>
> wrote:
> >>>>>
> >>>>> Remember that Meltdown is a LOCAL exploit.
> >>>>> That means that someone is able to execute unauthorized code on your
> >>>>> machine.
> >>>>>
> >>>>> On desktops and dedicated servers, this is less of a concern, since
> it
> >>>>> is game over already if someone is able to execute code locally.
> >>>>>
> >>>>> On virtualized machines, this is a big concern. Data can be leaked by
> >>>>> other instances active on the same physical server. So companies
> >>>>> operating virtual servers are concerned about this.
> >>>>>
> >>>>> AMD's vulnerability (Spectre) is less severe than Meltdown, and their
> >>>>> latest generation of CPUs caught up to Intel in terms of performance
> >>>>> and cost as well.
> >>>>>
> >>>>> I will consider them in future purchases.
> >>>>>
> >>>>> _______________________________________________
> >>>>> kwlug-disc mailing list
> >>>>> kwlug-disc at kwlug.org
> >>>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>>
> >>>
> >>>
> >>> --
> >>> Khalid M. Baheyeldin
> >>> 2bits.com, Inc.
> >>> Fast Reliable Drupal
> >>> Drupal optimization, development, customization and consulting.
> >>> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> >>> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> >>> For every complex problem, there is an answer that is clear, simple,
> >>> and wrong." -- H.L. Mencken
> >>>
> >>> _______________________________________________
> >>> kwlug-disc mailing list
> >>> kwlug-disc at kwlug.org
> >>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>>
> >>
> >>
> >>
> >> _______________________________________________
> >> kwlug-disc mailing list
> >> kwlug-disc at kwlug.org
> >> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>
> >
> >
> > _______________________________________________
> > kwlug-disc mailing list
> > kwlug-disc at kwlug.org
> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple,
> and wrong." -- H.L. Mencken
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180117/6426e3b3/attachment.htm>
More information about the kwlug-disc
mailing list