+- Drunkard's Walk Forums (http://www.accessdenied-rms.net/forums)
+-- Forum: General (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=1)
+--- Forum: General Chatter (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=2)
+--- Thread: Security alert - "Meltdown" and "Spectre" (/showthread.php?tid=12720)
Pages:
1
2
RE: Security alert - "Meltdown" and "Spectre" - robkelk - 01-24-2018
An aside: Moore's Law was already on its last legs; Meltdown and Spectre drove the final nails into its coffin.
RE: Security alert - "Meltdown" and "Spectre" - robkelk - 02-23-2018
OpenBSD releases Meltdown patch
RE: Security alert - "Meltdown" and "Spectre" - robkelk - 02-24-2018
Intel knew about Meltdown/Spectre and didn't inform CERT
Time to seriously investigate AMD chips for the next PC...
RE: Security alert - "Meltdown" and "Spectre" - Inquisitive Raven - 02-24-2018
You did notice that AMD was part of the non-informing cabal, right?
RE: Security alert - "Meltdown" and "Spectre" - robkelk - 02-24-2018
<sigh> No, I missed that. But Intel was the company that discovered the issue.
RE: Security alert - "Meltdown" and "Spectre" - LynnInDenver - 02-25-2018
Probably time to seriously consider making my next web surfing computer be a Raspberry Pi then...
RE: Security alert - "Meltdown" and "Spectre" - Star Ranger4 - 02-25-2018
Raspberry Pi ala Modem, then?
RE: Security alert - "Meltdown" and "Spectre" - Bob Schroeck - 02-26-2018
<rimshot>
RE: Security alert - "Meltdown" and "Spectre" - Dartz - 03-13-2018
Apparently it's AMD's turn. Although, instead of having months to work on a solution and arrange a quick sell off of corporate shares there's only been 24 hours notice in this case.
Things are a bit light on the technical description and eyebrows are being raised at the lab itself.
It seems like a sort of perfectly normal level of insecurity that you'd expect in such hideously complex systems - insecurity and untrustworthiness is the normal state of affairs. The more complex a thing is, the more likely there'll be holes in it somewhere. This is, after all, the reason why Europe is laughing at the idea of a hard border in NI - it's got more holes and crossings than any other EU border.
Also. Why the fuck does every security vulnerability have to have a fucking brand these days? Is it some idiotic way of drawing attention to the brander.
RE: Security alert - "Meltdown" and "Spectre" - robkelk - 03-14-2018
(03-13-2018, 05:12 PM)Dartz Wrote: Also. Why the fuck does every security vulnerability have to have a fucking brand these days? Is it some idiotic way of drawing attention to the brander.
That's for the system administrators' benefit.
Have we patched CVE-2715? I don't know, there's a lot of CERT alerts for stuff that often doesn't apply to our servers.
Have we patched Meltdown? Yes.
(CVE-2715 is one of Meltdown's CERT serial numbers, IIRC. Not the only one.)
RE: Security alert - "Meltdown" and "Spectre" - Dartz - 03-14-2018
Maybe I'm just feeling catastrophically cynical about this one....
It came with premade branding - so was known about it for long enough for someone to cook up said branding, without actually revealing the problem to the manufacturer.
And as much as branding the things helps with public (and managerial awareness), it just feels a bit foolish for me. If it's utterly catastrophic, then yeah - but you're quickly into a sort of semantic satiation if you're naming every vulnerability you discover.