[CRTech] Christian Radio Tech [MSG 81674]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: CPU security vulnerability
To: CRTech <crtech@crtech.org>, Jon Foreman <Jon@ksgn.com>
Subject: Re: CPU security vulnerability
From: sjm <sjm.mlists@gmail.com>
Date: Mon, 8 Jan 2018 21:35:45 -0600
Content-language: es-ES
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=EAxm67OnPKK/DPYFudZk4bzLnMVDECGo1uXDK1Ot5f4=; b=ofpk6jb/Z/volgWjWQ/L9H05JvOKS8+IWgSVkQlo4OmvIkYX0lX2Jl60wKZwMs37+J kdimiW2yYp7hLEBMIksfmGf9B0h3LIwHGzA8XjjWRLNNiuzkzcZewRiz34A/mxvcG366 xduKx8Ig+VJT5923YfCr/pyzPgfqZwHDlGN8g6FAJUpIhXVojHImaWXp62KyQBzpVVda 2XheaWmreEXjcrheiAsoq5U3vpApIZYPpSBniaYB5ocWPkCB6AtBkm9zyfGB5ybgwj/n +uDsc3nGd9NNnobmNzjNTDqqo5N+5m45OPrr/wjhzJKkyLDD4Lv6oO4pfEmLioRUu17F KPkw==
In-reply-to: <39BDB4B5A083864B9802AFB66985BC07C146DF@KSGN-DC.KSGNNET.local>
References: <CAOkhgWoMjjwszWXySMMGr=B=tDwe7xi2JHMBw0LsArEhLawk+A@mail.gmail.com> <CAOkhgWqy2to-JUQuJg=a0b5Djyg2YXBBJxKiCCzk1MD1RoEThg@mail.gmail.com> <2B4D9BC7-CD59-4B3B-8B7E-AEF3ADA2FB41@paravelsystems.com> <39BDB4B5A083864B9802AFB66985BC07C146DF@KSGN-DC.KSGNNET.local>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
Am I correct in saying that for Meltdown or Spectre to run on one of my systems and do their damaging work, the Meltdown or Spectre code must first get into my system? So should the anti-malware software be keeping me relatively safe from these?

From what I understand, yes, the code needs to run locally, but you need to also realize that javascript runs locally on your computer.

Also, from what I read, Meltdown is a much easier vector to attack and only affects Intel chips. There are two ways to use the Spectre attack and, if running in the default configurations, only affects Intel and ARM?, I think.

So, the attack vectors are larger for Intel than AMD and the patches that are coming out from the various OS vendors are making the hole and vector smaller even still, but a complete fix will need to wait for the hardware vendors to issue a redesign/fix.

References: CPU security vulnerability
(Willie Barnett <wbradiolists@gmail.com>, 8 Jan 2018 15:33:48 -0000)
Re: CPU security vulnerability
(Willie Barnett <wbradiolists@gmail.com>, 8 Jan 2018 17:18:04 -0000)
Re: CPU security vulnerability
(Fred Gleason <fredg@paravelsystems.com>, 8 Jan 2018 17:40:10 -0000)
RE: CPU security vulnerability
(Jon Foreman <Jon@ksgn.com>, 8 Jan 2018 18:20:57 -0000)
Prev by date: Re: Public File Spreadsheet?
(Paul Brown, 8 Jan 2018 23:56:44 -0000)
Next by date: RE: SRN Business News cut-off
(David Woodworth, 9 Jan 2018 13:46:31 -0000)
Prev by thread: Re: CPU security vulnerability
(Willie Barnett, 8 Jan 2018 20:25:15 -0000)
Next by thread: RE: Re: CPU security vulnerability
(Gullikson, Brian F, 8 Jan 2018 17:50:54 -0000)