On 1/5/2018 11:32, Igor PDML-StR wrote:
Actually, as far as it concerns _personal_ computers, - as far as you
allow a malicious code to run on your computer, - all bets are off, - with
or without this vulnerability.


My understanding is that this _particular_ vulnerability requires you to execute a particular type of malicious code for it to get into your system. It might affect you if you allow indiscriminate execution of dodgy JavaScripts.

Practicing safe computing is always a good idea in and of itself.

IMHO, the impact is much stronger for shared computers, where,
essentially, one user can access secrets of others.
In a server environment, different users (including "root", the superuser)
are "compartmentalized", so, one user cannot access anything of others,
The vulnerabilities in question open a vector of how that barrier
can be penetrated.

It apparently affects applications that run in a "Virtual Machine", allowing a rogue program to break out into the code the computer core uses to manage the memory allocated to other Virtual Machines.


Smartphones, where many users install apps from questionable sources
(even if it is on Google Play, it doesn't mean the app is trusted, but
that's a separate issue) is also potentially a problem, despite only one
user using the particular phone.


As for the US embassy, - have they opened one in NC yet? ;)


The embassy thing is a throw-away joke line that came from an old Walt Disney movie I saw as a child.


John Thu, 04 Jan 2018 10:47:14 -0800 wrote:

Just a heads up. I guess a lot of you already know more about this than I
do, but I thought I'd share for the sake of the rest.


Apparently there's a bug in Intel CPUs since the Pentium Pro. It's also
possible it will affect AMD and ARM (Android Phone) CPUs.

Windows & Linux are both affected, and probably Mac OS because it runs on
top of a flavor of Unix.

It's not panic time yet, because an attacker has to get you to run a
malicious code before he can get into your system. But, you should step up
your vigilance against phishing & other malware.

Here's what Google's security blog has to say about it:

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Good luck ... and if I'm not back in three days, notify the American
Embassy.
8^)



--
Science - Questions we may never find answers for.
Religion - Answers we must never question.

--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow 
the directions.

Reply via email to