On 1/5/2018 11:32, Igor PDML-StR wrote:
Actually, as far as it concerns _personal_ computers, - as far as you allow a malicious code to run on your computer, - all bets are off, - with or without this vulnerability.
My understanding is that this _particular_ vulnerability requires you to execute a particular type of malicious code for it to get into your system. It might affect you if you allow indiscriminate execution of dodgy JavaScripts.
Practicing safe computing is always a good idea in and of itself.
IMHO, the impact is much stronger for shared computers, where, essentially, one user can access secrets of others. In a server environment, different users (including "root", the superuser) are "compartmentalized", so, one user cannot access anything of others, The vulnerabilities in question open a vector of how that barrier can be penetrated.
It apparently affects applications that run in a "Virtual Machine", allowing a rogue program to break out into the code the computer core uses to manage the memory allocated to other Virtual Machines.
Smartphones, where many users install apps from questionable sources (even if it is on Google Play, it doesn't mean the app is trusted, but that's a separate issue) is also potentially a problem, despite only one user using the particular phone. As for the US embassy, - have they opened one in NC yet? ;)
The embassy thing is a throw-away joke line that came from an old Walt Disney movie I saw as a child.
John Thu, 04 Jan 2018 10:47:14 -0800 wrote: Just a heads up. I guess a lot of you already know more about this than I do, but I thought I'd share for the sake of the rest. Apparently there's a bug in Intel CPUs since the Pentium Pro. It's also possible it will affect AMD and ARM (Android Phone) CPUs. Windows & Linux are both affected, and probably Mac OS because it runs on top of a flavor of Unix. It's not panic time yet, because an attacker has to get you to run a malicious code before he can get into your system. But, you should step up your vigilance against phishing & other malware. Here's what Google's security blog has to say about it: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html Good luck ... and if I'm not back in three days, notify the American Embassy. 8^)
-- Science - Questions we may never find answers for. Religion - Answers we must never question. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
