[This is kind of getting far afield of mediawiki, but...] Spectre can
potentially be used to read your private (bitcoin) keys, so bitauth is just
as vulnerable to it as anything else (assuming keys on your computer and
not some hardware token setup). The only benefit i see is that bitauth
would pro
My favorite solution to the password problem is BitAuth2017. I believe
that Spectre / Meltdown can't beat PoW, but I'm not 100% sure of the
details.
On 4 January 2018 at 17:29, Denny Vrandečić wrote:
> I often get emails that someone is trying to get into my accounts. I guess
> there are just so
On Thu, Jan 4, 2018 at 9:29 AM, Denny Vrandečić wrote:
> I often get emails that someone is trying to get into my accounts. I guess
> there are just some trolls, trying to login into my Wikipedia account. So
> far, these have been unsuccessful.
>
> Now I got an email that someone asked for a temp
Labs and production machines are separate machines. An attack on labs in
the worst case would only be able to attack other labs users.
As Cyken said, one of the very scary scenarios is js getting access to data
it should not have access to (e.g. if your inputting your password in one
tab and a mal
Ah, that sounds good. I was thinking of a scenario where someone runs code
in, say labs, and gains access to memory while that machine generates my
temporary code to send it to me, and thus gains access to that code.
Or, alternatively, just attack my browser through a compromised site
running a JS
Spectre can be exploited in just only javascript.
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Browsers are making changes to mitigate this.
http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html
The actual extents o
Hi!
> So far so good. What I am wondering is whether that password reset trial is
> actually even more dangerous now given Spectre / Meltdown?
I think for those you need local code execution access? In which case,
if somebody gained one on MW servers, they could just change your
password I think.
No, spectre/meltdown wouldnt apply to that situation.
The meltdown/spectre vulnerabilities is all about computer programs having
access to data they should not. In order to exploit the attacker must be
able to run computer programs on the victims computer.
--
brian
On Thursday, January 4, 2018,
I often get emails that someone is trying to get into my accounts. I guess
there are just some trolls, trying to login into my Wikipedia account. So
far, these have been unsuccessful.
Now I got an email that someone asked for a temporary password for my
account.
So far so good. What I am wonderin