On Sun, Jan 7, 2018 at 5:27 AM, AndyHC <a...@hawthorncottage.com> wrote:
> Having read El Reg's pretty good article [ > http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ ] I > would just take issue with the suggestion that the vulnerability could be > breached by Javascript (malign code in e.g. a jpg maybe, but not just > javascript in a browser). Thanks for the reference. Linux machines were all updated Friday, Windows machines under my supervision Friday and again Saturday. Client LAMP boxes onsite were updated Friday, and VPS machines still seem to be getting updates. Rebooted Friday and again Sunday afternoon. > Putting on my very battered old security consultant's hat I would say it's > time to evaluate actual risk on a per situation basis: > If you are a company that has foolishly put the family jewels on someone > else's computer because you believed in Clouds - then hope that someone up > in the clouds can fix it! I think clouds have been over-promised and people misunderstand what they are supposed to be. A redundant array of inexpensive services with graceful failover and no loss of data-in-motion is a great idea, but only an idea for most. On the other hand, I have web servers on the internet ("Don't call it a cloud") that are hosted on VPS that are right in the middle of the target, so I've been working on those. > If you are running heavily VM'd in-house then look out for your own > villains and try to air-gap your internet facing servers. I'm thinking that air-gapping your internet facing servers is a good idea. > If you've got a home PC don't worry about state-level actors - if they want > you they'll get you. Oh but don't let your browser remember important > passwords, and try to remember to switch off each time after doing your > online banking. And... right on time: "Windows Meltdown and Spectre patches: Now Microsoft blocks security updates for some AMD based PCs:" "Microsoft has paused nine operating system security updates after complaints that they rendered some AMD PCs unbootable." http://www.zdnet.com/article/meltdown-and-spectre-now-microsoft-blocks-security-updates-for-some-amd-based-devices/ -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CACW6n4s4KLJOm1t0hcqGh4Nhj7_nM=gea3kgmqz3z451dtb...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.