Re: [NF] Meltdown and Spectre CPU Flaw Information

[AndyHC]

Having read El Reg's pretty good article [ 
http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ 
] I would just take issue with the suggestion that the vulnerability 
could be breached by Javascript (malign code in e.g. a jpg maybe, but 
not just javascript in a browser).
Putting on my very battered old security consultant's hat I would say 
it's time to evaluate actual risk on a per situation basis:
 If you are a company that has foolishly put the family jewels on 
someone else's computer because you believed in Clouds - then hope that 
someone up in the clouds can fix it!
 If you are running heavily VM'd in-house then look out for your own 
villains and try to air-gap your internet facing servers.
 If you've got a home PC don't worry about state-level actors - if they 
want you they'll get you. Oh but don't let your browser remember 
important passwords, and try to remember to switch off each time after 
doing your online banking.

_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/1fe853ad-bd91-a9e0-54ec-886a07a35...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.