(01-05-2018, 09:26 AM)robkelk Wrote:(01-05-2018, 03:20 AM)Labster Wrote: ...
I'm really not sure where the cell phone password advice is coming from -- most cell chips are on ARM and Spectre isn't all that exploitable yet. That sounds a little like sky-is-falling paranoia.
The only problem being that the sky is actually falling. ...
Yeah, that's the thing. Some people really do have a wolf to worry about, so this cry of "wolf!" is real for them. (It's definitely real for those of us who store passwords n their desktop or laptop browsers.)
Oh, yes - patch your systems before changing your passwords. If you do it in the other order, your new passwords will have been vulnerable to discovery and will need to be changed again.
More importantly, it's showing to those who have been warning that security is full of holes, that yes indeed, it is full of holes. Granted, this set of vulnerabilities looks like it requires just enough specialized knowledge that someone like me doesn't have to worry overmuch about J Random Criminal (it looks like enough of an effort they need to select higher value targets), but it's still looking more and more like all sorts of places need to go whitelist/offline. Part of the problem is going to be pursuading vendors that, no, sorry, security of the site takes a back seat to the desire to keep our installs checking in. (It's a bit of a fight with that where I work; printshop, we've got a couple of networks, the "prepress" side is kept off the internet except for the check-in every three months, and that's only because we have to keep the latest version handy for customer files.)
I haven't touched my passwords yet, in part because I am waiting for the Windows 7 patch to become available. I'm actually becoming more annoyed because I'm trying to select "high entropy" unique-to-site passwords, and yet I'm still being forced into the whole "reset all your damned passwords now" because of these sorts of things. I'll probably go ahead and do another round of "am I using this site often enough/getting something unique enough to justify keeping my account open there" purging.
"You know how parents tell you everything's going to fine, but you know they're lying to make you feel better? Everything's going to be fine." - The Doctor