Department of confusion & obfuscation?
Have a baffling day.
Alan C
-----Original Message-----
From: Igor PDML-StR
Sent: 5 January, 2018 6:32 PM
To: PDML@pdml.net
Subject: Re: OT: Some more "good" news
Actually, as far as it concerns _personal_ computers, - as far as you
allow a malicious code to run on your computer, - all bets are off, - with
or without this vulnerability.
From what I've read so far (the actual information is still undisclosed),
in case of a personal computer, this vulnerability makes it easier to
access _private_ information that might be protected through various ways,
e.g. stored passwords.
But a malicious program can, in principle, intercept all your keyboard
input, in which case the passwords entered will be stolen.
IMHO, the impact is much stronger for shared computers, where,
essentially, one user can access secrets of others.
In a server environment, different users (including "root", the superuser)
are "compartmentalized", so, one user cannot access anything of others,
The vulnerabilities in question open a vector of how that barrier
can be penetrated.
Smartphones, where many users install apps from questionable sources
(even if it is on Google Play, it doesn't mean the app is trusted, but
that's a separate issue) is also potentially a problem, despite only one
user using the particular phone.
As for the US embassy, - have they opened one in NC yet? ;)
Cheers,
Igor
John Thu, 04 Jan 2018 10:47:14 -0800 wrote:
Just a heads up. I guess a lot of you already know more about this than I
do, but I thought I'd share for the sake of the rest.
Apparently there's a bug in Intel CPUs since the Pentium Pro. It's also
possible it will affect AMD and ARM (Android Phone) CPUs.
Windows & Linux are both affected, and probably Mac OS because it runs on
top of a flavor of Unix.
It's not panic time yet, because an attacker has to get you to run a
malicious code before he can get into your system. But, you should step up
your vigilance against phishing & other malware.
Here's what Google's security blog has to say about it:
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Good luck ... and if I'm not back in three days, notify the American
Embassy.
8^)
--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and
follow the directions.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow
the directions.
