[kwlug-disc] Meltdown and Spectre, on Firefox

jvj at golden.net jvj at golden.net
Thu Jan 18 23:00:09 EST 2018


http://business.financialpost.com/technology/how-a-22-year-old-discovered-the-worst-chip-flaws-in-history
[1]

JohnJ

-------------------------
SUBJECT: Re: [kwlug-disc]
Meltdown and Spectre, on Firefox
DATE: Mon, 08 Jan 2018 13:52:47
-0500
FROM: 
TO: KWLUG discussion 
REPLY-TO: KWLUG discussion 

Alex K -
You can go easy on the software folks on this one.
AFAIK 
The Meltdown
and Spectre vulnerabilities have their roots (:/) in the processor
hardware.
And Yes - they are getting better at discovering
vulnerabilities. 
Someone suspected these vulnerabilities and went
looking for them.
JohnJ

-------------------------
SUBJECT: Re:
[kwlug-disc] Meltdown and Spectre, on Firefox
DATE: Mon, 8 Jan 2018
12:02:37 -0500
FROM: Alex K 
TO: KWLUG discussion 
REPLY-TO: KWLUG
discussion 

Don't forget WPA2 crack. Are we getting better at
discovering vulnerabilities or at building way too complex software?


On Mon, Jan 8, 2018 at 11:28 AM, Khalid Baheyeldin  wrote:

One thing
I noticed is that vulnerabilities just keep getting worse every year.


We had Heartbleed in OpenSSL, and now we have the really scary Meltdown
(Intel) and Spectre (multiple).

 Your browser can also be affected!
Carefully crafted Javascript loaded from a web site can be made to
exploit some of these.

If you are running Firefox ESR, you are not
"less at risk".
If you are running Firefox 57, you can disable a
parameter, if you have not applied the update that was pushed a few days
ago.

https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
[3]

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[4]
-- 

Khalid M. Baheyeldin
2bits.com [5], Inc.
Fast Reliable
Drupal
Drupal optimization, development, customization and
consulting.
Simplicity is prerequisite for reliability. -- Edsger
W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da
Vinci
For every complex problem, there is an answer that is clear,
simple, and wrong." -- H.L. Mencken    

_______________________________________________
 kwlug-disc mailing
list
kwlug-disc at kwlug.org
[6]
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org [7]




Links:
------
[1]
http://business.financialpost.com/technology/how-a-22-year-old-discovered-the-worst-chip-flaws-in-history
[2]
mailto:kb at 2bits.com
[3]
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
[4]
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[5]
http://2bits.com
[6] mailto:kwlug-disc at kwlug.org
[7]
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180118/fd34d010/attachment.htm>


More information about the kwlug-disc mailing list