Re: OT: Some more "good" news

Fri, 05 Jan 2018 08:33:48 -0800 



Actually, as far as it concerns _personal_ computers, - as far as you 
allow a malicious code to run on your computer, - all bets are off, - with 
or without this vulnerability.

From what I've read so far (the actual information is still undisclosed),

in case of a personal computer, this vulnerability makes it easier to 
access _private_ information that might be protected through various ways,

e.g. stored passwords.

But a malicious program can, in principle, intercept all your keyboard 
input, in which case the passwords entered will be stolen.



IMHO, the impact is much stronger for shared computers, where, 
essentially, one user can access secrets of others.
In a server environment, different users (including "root", the superuser) 
are "compartmentalized", so, one user cannot access anything of others,

The vulnerabilities in question open a vector of how that barrier
can be penetrated.


Smartphones, where many users install apps from questionable sources 
(even if it is on Google Play, it doesn't mean the app is trusted, but 
that's a separate issue) is also potentially a problem, despite only one 
user using the particular phone.



As for the US embassy, - have they opened one in NC yet? ;)

Cheers,

Igor



John Thu, 04 Jan 2018 10:47:14 -0800 wrote:


Just a heads up. I guess a lot of you already know more about this than I 
do, but I thought I'd share for the sake of the rest.



Apparently there's a bug in Intel CPUs since the Pentium Pro. It's also
possible it will affect AMD and ARM (Android Phone) CPUs.


Windows & Linux are both affected, and probably Mac OS because it runs on 
top of a flavor of Unix.



It's not panic time yet, because an attacker has to get you to run a 
malicious code before he can get into your system. But, you should step up 
your vigilance against phishing & other malware.


Here's what Google's security blog has to say about it:

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html


Good luck ... and if I'm not back in three days, notify the American 
Embassy.

8^)

--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow 
the directions.






















					Reply via email to