Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-20 Thread Ted Roche 
On Tue, Jan 9, 2018 at 1:24 PM, Ted Roche  wrote:
> On Sun, Jan 7, 2018 at 5:27 AM, AndyHC  wrote:
>
>> Having read El Reg's pretty good article [
>> http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ ] I
>> would just take issue with the suggestion that the vulnerability could be
>> breached by Javascript (malign code in e.g. a jpg maybe, but not just
>> javascript in a browser).
>
> Thanks for the reference. Linux machines were all updated Friday,
> Windows machines under my supervision Friday and again Saturday.
> Client LAMP boxes onsite were updated Friday, and VPS machines still
> seem to be getting updates. Rebooted Friday and again Sunday
> afternoon.

And my hosting provider (Linode, good experience) has updated their
host machines, requiring another very brief restart on each of my
hosted boxes.

>
>>  If you've got a home PC don't worry about state-level actors - if they want
>> you they'll get you. Oh but don't let your browser remember important
>> passwords, and try to remember to switch off each time after doing your
>> online banking.
>
> And... right on time: "Windows Meltdown and Spectre patches: Now
> Microsoft blocks security updates for some AMD based PCs:"
> "Microsoft has paused nine operating system security updates after
> complaints that they rendered some AMD PCs unbootable."
>
> http://www.zdnet.com/article/meltdown-and-spectre-now-microsoft-blocks-security-updates-for-some-amd-based-devices/
>

And, apparently, security never sleeps, as Microsoft released an
updated advisory on Friday night (~5 PM Seattle time, hmmm...) that it
was okay to patch AMD machines again.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Perhaps I'll wait a while on this one, and find out how it works for others...


-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/CACW6n4veeSrNOQ10htBaUMSp__6mooARf1j=+gqcE++m=yp...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-09 Thread Ted Roche 
On Sun, Jan 7, 2018 at 5:27 AM, AndyHC  wrote:

> Having read El Reg's pretty good article [
> http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ ] I
> would just take issue with the suggestion that the vulnerability could be
> breached by Javascript (malign code in e.g. a jpg maybe, but not just
> javascript in a browser).

Thanks for the reference. Linux machines were all updated Friday,
Windows machines under my supervision Friday and again Saturday.
Client LAMP boxes onsite were updated Friday, and VPS machines still
seem to be getting updates. Rebooted Friday and again Sunday
afternoon.

> Putting on my very battered old security consultant's hat I would say it's
> time to evaluate actual risk on a per situation basis:
>  If you are a company that has foolishly put the family jewels on someone
> else's computer because you believed in Clouds - then hope that someone up
> in the clouds can fix it!

I think clouds have been over-promised and people misunderstand what
they are supposed to be. A redundant array of inexpensive services
with graceful failover and no loss of data-in-motion is a great idea,
but only an idea for most.

On the other hand, I have web servers on the internet ("Don't call it
a cloud") that are hosted on VPS that are right in the middle of the
target, so I've been working on those.

>  If you are running heavily VM'd in-house then look out for your own
> villains and try to air-gap your internet facing servers.

I'm thinking that air-gapping your internet facing servers is a good idea.

>  If you've got a home PC don't worry about state-level actors - if they want
> you they'll get you. Oh but don't let your browser remember important
> passwords, and try to remember to switch off each time after doing your
> online banking.

And... right on time: "Windows Meltdown and Spectre patches: Now
Microsoft blocks security updates for some AMD based PCs:"
"Microsoft has paused nine operating system security updates after
complaints that they rendered some AMD PCs unbootable."

http://www.zdnet.com/article/meltdown-and-spectre-now-microsoft-blocks-security-updates-for-some-amd-based-devices/


-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/CACW6n4s4KLJOm1t0hcqGh4Nhj7_nM=gea3kgmqz3z451dtb...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-07 Thread AndyHC 

On 07-Jan-2018 9:57 PM, Paul Hill wrote:

Old cheesy related joke:

Knock knock!
Branch prediction
Who's there?


Like!


--- StripMime Report -- processed MIME parts ---
multipart/alternative
 text/plain (text body -- kept)
 text/html
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/1ee53486-8f62-1bb3-74ab-e8084e17b...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-07 Thread Paul Hill 
Old cheesy related joke:

Knock knock!
Branch prediction
Who's there?

-- 
Paul

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/cadwx0+jgvdfo16xjpq2pb9snkrrsopdhx7jqc-xvyvwvn6t...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-07 Thread AndyHC 
Having read El Reg's pretty good article [ 
http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ 
] I would just take issue with the suggestion that the vulnerability 
could be breached by Javascript (malign code in e.g. a jpg maybe, but 
not just javascript in a browser).
Putting on my very battered old security consultant's hat I would say 
it's time to evaluate actual risk on a per situation basis:
 If you are a company that has foolishly put the family jewels on 
someone else's computer because you believed in Clouds - then hope that 
someone up in the clouds can fix it!
 If you are running heavily VM'd in-house then look out for your own 
villains and try to air-gap your internet facing servers.
 If you've got a home PC don't worry about state-level actors - if they 
want you they'll get you. Oh but don't let your browser remember 
important passwords, and try to remember to switch off each time after 
doing your online banking.


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/1fe853ad-bd91-a9e0-54ec-886a07a35...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Alan Bourke 
Can software fix a hardware design fault? No, but you can work potentially 
around it by causing the processor to work in a different way.

Also connecting a C64 to the internet is easier than you might think.


-- 
  Alan Bourke
  alanpbourke (at) fastmail (dot) fm

On Sat, 6 Jan 2018, at 3:20 PM, Ted Roche wrote:
> > On Sat, Jan 6, 2018 at 4:38 AM, AndyHC  wrote:
> >
> >> Well ... if you *need* to believe that software can patch hardware design
> >> faults
> >
> 
> It turns out, Microsoft very much agrees with Andy:
> 
> "6. Why aren't Windows Server 2008 and Windows Server 2012 platforms
> getting an update? When can customers expect the fix?"
> 
> "Addressing a hardware vulnerability with a software update presents
> significant challenges with some operating systems requiring extensive
> architectural changes. Microsoft continues to work with affected chip
> manufacturers and investigate the best way to provide mitigations."
> 
> from:
> 
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
> 
> 
> I encourage you to re-read the two questions and the non-answer.
> 
> -- 
> Ted Roche
> Ted Roche & Associates, LLC
> http://www.tedroche.com
> 
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/1515263266.2084174.1226422968.74c50...@webmail.messagingengine.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Kurt at VR-FX 
Yes - I guess I could have answered my own question. I was mostly 
shocked at the concept.


And - no - its SO Damn Cold up here in the NorthEast right now - that 
even Google is Frozen and doesn't work!!!


:-)

-K-


On 1/6/2018 12:39 PM, Ed Leafe wrote:

On Jan 6, 2018, at 10:57 AM, Kurt at VR-FX  wrote:


Will admit - I never heard of this RowHammer concept! Is it for Real? I suspect 
so...

Oh, they don't have Google in your area? Too bad!

http://lmgtfy.com/?q=rowhammer


-- Ed Leafe







--- StripMime Report -- processed MIME parts ---
multipart/signed
   text/plain (text body -- kept)
   application/pgp-signature
---


[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/fb559a43-6747-455d-cc3a-d8ad94d8d...@optonline.net
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Ed Leafe 
On Jan 6, 2018, at 10:57 AM, Kurt at VR-FX  wrote:

> Will admit - I never heard of this RowHammer concept! Is it for Real? I 
> suspect so...

Oh, they don't have Google in your area? Too bad!

http://lmgtfy.com/?q=rowhammer


-- Ed Leafe







--- StripMime Report -- processed MIME parts ---
multipart/signed
  text/plain (text body -- kept)
  application/pgp-signature
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/664ede64-7279-4e76-a1aa-15544253c...@leafe.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Kurt at VR-FX 

Ed - that comic is pretty wild!

Will admit - I never heard of this RowHammer concept! Is it for Real? I 
suspect so...


-K-

On 1/5/2018 3:20 PM, Ed Leafe wrote:

On Jan 5, 2018, at 9:00 AM, Ed Leafe  wrote:


Here’s an excellent explanation of the problem, and how the exploits work:

https://twitter.com/gsuberland/status/948907452786933762

It’s a long thread, but then again, it’s a complex issue.

And, of course, the required xkcd take on things:

https://xkcd.com/1938/


-- Ed Leafe







[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/8243e4d4-94e3-2afe-3f6d-2fc4a05e1...@optonline.net
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Ted Roche 
> On Sat, Jan 6, 2018 at 4:38 AM, AndyHC  wrote:
>
>> Well ... if you *need* to believe that software can patch hardware design
>> faults
>

It turns out, Microsoft very much agrees with Andy:

"6. Why aren't Windows Server 2008 and Windows Server 2012 platforms
getting an update? When can customers expect the fix?"

"Addressing a hardware vulnerability with a software update presents
significant challenges with some operating systems requiring extensive
architectural changes. Microsoft continues to work with affected chip
manufacturers and investigate the best way to provide mitigations."

from:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002


I encourage you to re-read the two questions and the non-answer.

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/cacw6n4vwkejg4vwr+umf1cb1jtczdfxxlmmxkdqsikcnhr9...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Ted Roche 
Well, actually, he geek-splains...

On Sat, Jan 6, 2018 at 4:38 AM, AndyHC  wrote:
> On 06-Jan-2018 1:50 AM, Ed Leafe wrote:
>>
>> On Jan 5, 2018, at 9:00 AM, Ed Leafe  wrote:
>> And, of course, the required xkcd take on things:
>>
>> https://xkcd.com/1938/
>>
>>
>> -- Ed Leafe
>>
>>
> 
>

> Well ... if you *need* to believe that software can patch hardware design
> faults

It's a thumb in the dike, not a fix. Firmware updates and eventually
new chip designs are necessary.

> and you also believe that these clever patches have either (a) been written
> in 48 hours

No, under the rules of limited disclosure, the discoverers notified
the hardware and software vendors some time ago, and the disclosure
has been under embargo until such time as Microsoft and Google and
Mozilla and Apple had patches ready to go.

  or (b) been written well in advance *and* that's not
> sinister

While it's getting a bit long in the tooth (2014), "Countdown to Zero
Day" by Kim Vetter has a good layperson's description of the zero day
marketplace, and the white-, black- and grey-hat hackers who make
serious money ($100,000 USD or more for root-level exploit, in some
cases). Is it sinister? Absolutely. Like all marketplaces, there are
good guys, there are bad guys and there are seriously-scary bad guys
(and governments). In this case, some geeks figured out an obscure way
to poke through the garbage pile that CPUs discard and build it into
an exploit. And chose to make white-hat money.

> - - - - -now I know I've got a Sinclair Scientific calculator and a abacus
> around here somewhere.

Once I get my C=64 hooked up to the internet, I'll be all set!

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/CACW6n4tWJH-R=bodrza4u0e7_pctmx5ca1qxgh+3vtgzjv6...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread Laurie Alvey 
This is similar to the old "What came first, viruses or antivirus software?"

Laurie

On 6 January 2018 at 09:38, AndyHC  wrote:

> On 06-Jan-2018 1:50 AM, Ed Leafe wrote:
>
>> On Jan 5, 2018, at 9:00 AM, Ed Leafe  wrote:
>> And, of course, the required xkcd take on things:
>>
>> https://xkcd.com/1938/
>>
>>
>> -- Ed Leafe
>>
>>
>> 
>
> Well ... if you *need* to believe that software can patch hardware design
> faults
> and you also believe that these clever patches have either (a) been
> written in 48 hours  or (b) been written well in advance *and* that's not
> sinister
> - - - - -now I know I've got a Sinclair Scientific calculator and a abacus
> around here somewhere.
>
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/CAMvTR9f54ik9dM1bd=+7vjHSYm9=nm1syzfpwzawk1+cpgv...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-06 Thread AndyHC 

On 06-Jan-2018 1:50 AM, Ed Leafe wrote:

On Jan 5, 2018, at 9:00 AM, Ed Leafe  wrote:
And, of course, the required xkcd take on things:

https://xkcd.com/1938/


-- Ed Leafe





Well ... if you *need* to believe that software can patch hardware 
design faults
and you also believe that these clever patches have either (a) been 
written in 48 hours  or (b) been written well in advance *and* that's 
not sinister
- - - - -now I know I've got a Sinclair Scientific calculator and a 
abacus around here somewhere.


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/7a3dcfdf-930f-638f-5c5e-fe176f999...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Gene Wirchenko 

At 00:28 2018-01-05, Alan Bourke  wrote:
These exploits are nasty but if they've been in Intel chips ever 
since they started implementing out-of-order execution in 1995 then 
surely if there was a serious real-world threat we would have seen it long ago?


 No.

 It is possible that the Black Hats do not know every weakness of systems.

[snip]

Sincerely,

Gene Wirchenko


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/ecaffe3b1b10da625b4da661c4b9c9e5@mtlp85
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Paul H. Tarver 
My thoughts exactly. I usually read what the media says ("A! REPLACE
ALL COMPUTERS TODAY!") and know that the reality is more like "Keep Calm And
Patch On!"

Paul H. Tarver
Tarver Program Consultants, Inc.


-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Alan
Bourke
Sent: Friday, January 05, 2018 2:28 AM
To: profoxt...@leafe.com
Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information

These exploits are nasty but if they've been in Intel chips ever since they
started implementing out-of-order execution in 1995 then surely if there was
a serious real-world threat we would have seen it long ago?



--
  Alan Bourke
  alanpbourke (at) fastmail (dot) fm

On Thu, 4 Jan 2018, at 7:46 PM, Ken Dibble wrote:
> Virtually everything we do here involves HIPAA-sensitive information, 
> but we have very robust perimeter defenses. I'm much more concerned 
> about a potential 30%+ performance loss in systems that are constantly 
> used by nearly a hundred people every day.
> 
> >The exploit allows VMs to go into the memory space of other VMs. 
> >Very bad. Unless you don't have any sensitive info that needs to stay  
> >that way.
> >
> >--
> >
> >rk
> >
> >-Original Message-
> >From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of 
> >Ken Dibble
> >Sent: Thursday, January 04, 2018 1:35 PM
> >To: profoxt...@leafe.com
> >Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information
> >
> >I just can't wait to see what it's going to do to my highly 
> >virtualized network--if I ever decide to let it through. Probably a 
> >smaller version of what it's already started to do to some commercial 
> >cloud systems.
> >
> >Windows Automatic Updates: Just Say No. (TM)
> >
> > >Also, kudos to Microsoft for shipping their patches a week early, 
> > >and spontaneously rebooting idle Windows workstations while people 
> > >were freaking out over the new exploits. Good job!
> > >
> > >On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble <krdib...@stny.rr.com>
wrote:
> > > > Hi folks,
> > > >
> > > > Ask Woody has a very thorough report on this, with links to more 
> > > > information.
> > > >
> > > > We all need to be fully informed about this; it is going to 
> > > > affect everybody.
> > > >
> > > > https://www.askwoody.com/
> > > >
> > > > Ken Dibble
> > > > www.stic-cil.org
> > > >
> > > >
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/007501d38673$29a84150$7cf8c3f0$@tpcqpc.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Ted Roche 
On Fri, Jan 5, 2018 at 3:20 PM, Ed Leafe  wrote:

> And, of course, the required xkcd take on things:
>
> https://xkcd.com/1938/
>

And that's pretty much all you need to know!

Happy Friday, folks!

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/cacw6n4shyib17o5nvsgbhc5yi4iqgduxsg9uxqrtg-tj_-3...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Ed Leafe 
On Jan 5, 2018, at 9:00 AM, Ed Leafe  wrote:

> Here’s an excellent explanation of the problem, and how the exploits work:
> 
> https://twitter.com/gsuberland/status/948907452786933762
> 
> It’s a long thread, but then again, it’s a complex issue.

And, of course, the required xkcd take on things:

https://xkcd.com/1938/


-- Ed Leafe






___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/f302b639-769d-4a40-b46f-519736ff6...@leafe.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread José Enrique Llopis 

A very interesting and realistic report on this subject


https://researchcenter.paloaltonetworks.com/2018/01/threat-brief-meltdown-sp
ectre-vulnerabilities/?utm_source=Adobe+Campaign+-+ACS_medium=email_
campaign=20180105.NL.unit42.PANW_subs.threat.global.xx.xx=DM170
8



Jose Enrique Llopis



-Mensaje original-
De: ProFox [mailto:profox-boun...@leafe.com] En nombre de AndyHC
Enviado el: jueves, 04 de enero de 2018 18:46
Para: profox@leafe.com
Asunto: Re: [NF] Meltdown and Spectre CPU Flaw Information

Nah! - nothing to worry about here - just an old government backdoor 
into - er - everything.

On 04-Jan-2018 10:57 PM, Ken Dibble wrote:
> Hi folks,
>
> Ask Woody has a very thorough report on this, with links to more 
> information.
>
> We all need to be fully informed about this; it is going to affect 
> everybody.
>
> https://www.askwoody.com/
>
> Ken Dibble
> www.stic-cil.org
>
>
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/352B762C35D648EC8126D51690F8D38A@LENOVO1
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Dave Crozier 
Andy,
Memories from the past indeed!

We had similar when I moved from Singer to ICL on their 7502 Front End 
Processor (FEP).

I got involved in some coding in the dreaded PLAN programming language (Uuugh!) 
on their 1904s range of machines before the 2900 Microcode range was launched.

Dave




---
This communication and the information it contains is intended for the person 
or organisation to whom it is addressed. Its contents are confidential and may 
be protected in law. If you have received this e-mail in error you must not 
copy, distribute or take any action in reliance on it. Unauthorised use, 
copying or disclosure of any of it may be unlawful. If you have received this 
message in error, please notify us immediately by telephone or email.

Flexipol Packaging Ltd. has taken every reasonable precaution to minimise the 
risk of virus transmission through email and therefore any files sent via 
e-mail will have been checked for known viruses. However, you are advised to 
run your own virus check before opening any
attachments received as Flexipol Packaging Ltd will not in any event accept any 
liability whatsoever once an e-mail and/or any attachment is received.

It is the responsibility of the recipient to ensure that they have adequate 
virus protection.

Flexipol Packaging Ltd.
Unit 14 Bentwood Road
Carrs
Industrial Estate
Haslingden
Rossendale
Lancashire
BB4 5HH

Tel:01706-222792
Fax: 01706-224683
www.Flexipol.co.uk
---

Terms & Conditions:

Notwithstanding delivery and the passing of risk in the goods, the property in 
the goods shall not pass to the buyer until the seller
Flexipol Packaging Ltd. ("The Company") has received in cash or cleared funds 
payment in full of the price of the goods and all other goods agreed to be sold 
by the seller to the buyer for which payment is then due. Until such time as 
the property in the goods passes to the buyer, the buyer shall hold the goods 
as the seller's fiduciary agent and bailee and keep the goods separate from 
those of the buyer and third parties and properly stored protected and insured 
and identified as the seller's property but shall be entitled to resell or use 
the goods in the ordinary course of its business. Until such time as the 
property in the goods passes to the buyer the seller shall be entitled at any 
time

-Original Message-
From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of AndyHC
Sent: 05 January 2018 17:05
To: profox@leafe.com
Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information

On 05-Jan-2018 7:27 PM, Alan Bourke wrote:
> I think it's more of a side effect of the principle of out of order 
> execution, not everything is a conspiracy.
>
That's been going on for a very long time - IBM were doing instruction 
pre-fetch in the 70's or early 80's


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/54ed184e-138a-1b2b-633b-dd803d67b...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.
___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/18725b8cd2d5d247873a2baf401d4ab2beac7...@ex2010-a-fpl.fpl.LOCAL
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread AndyHC 

On 05-Jan-2018 7:27 PM, Alan Bourke wrote:

I think it's more of a side effect of the principle of out of order execution, 
not everything is a conspiracy.

That's been going on for a very long time - IBM were doing instruction 
pre-fetch in the 70's or early 80's



--- StripMime Report -- processed MIME parts ---
multipart/alternative
 text/plain (text body -- kept)
 text/html
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/54ed184e-138a-1b2b-633b-dd803d67b...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Ed Leafe 
On Jan 5, 2018, at 2:28 AM, Alan Bourke  wrote:

> These exploits are nasty but if they've been in Intel chips ever since they 
> started implementing out-of-order execution in 1995 then surely if there was 
> a serious real-world threat we would have seen it long ago?

The flaws were only discovered recently, so there hasn’t been enough time for 
exploits to become widespread. You can bet now that the track vectors are well 
known, they will be exploited more often.

Here’s an excellent explanation of the problem, and how the exploits work:

https://twitter.com/gsuberland/status/948907452786933762

It’s a long thread, but then again, it’s a complex issue.


-- Ed Leafe






___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/e9d1baf7-db07-4e6a-b4bc-80c8a8927...@leafe.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Ken Dibble 


If you are a HIPAA shop then I'm sure your IT team is paying proper 
attention to this.


Hah! I AM the IT team. (I have a couple of part-time assistants who 
do help desk and maintenance, but I'm the CIO/SysAdmin/DBA/Systems 
Analyst/Code Monkey/chief cook and bottle washer.


We have an internal "cloud"; we don't use any form of commercial 
cloud storage for documents, or for any sensitive data (unless you 
count email as such; and sensitive data sent by email is 
password-encrypted in zip file attachments using 7-Zip). We do not 
host public-facing websites or email servers.


I have a consultant that I use for extremely technical purposes. I've 
requested their opinion on the issues.


I have a lot of stuff to research on my own, though, as I don't 
accept anybody's opinion without evaluating it for myself to the best 
of my ability.


My primary concern is what happens to the performance of VMWare when 
they issue a patch for this, and what happens to the performance of 
various vintages of MS Server that have been virtualized after I 
apply patches to them.


Ken 



___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Alan Bourke 
I think it's more of a side effect of the principle of out of order execution, 
not everything is a conspiracy.

-- 
  Alan Bourke
  alanpbourke (at) fastmail (dot) fm

On Fri, 5 Jan 2018, at 9:28 AM, AndyHC wrote:
> On 05-Jan-2018 1:58 PM, Alan Bourke wrote:
> > These exploits are nasty but if they've been in Intel chips ever since they 
> > started implementing out-of-order execution in 1995 then surely if there 
> > was a serious real-world threat we would have seen it long ago?
> >
> >
> >
> Unless it's been very carefully done by state-level actors!
> 
> 
> --- StripMime Report -- processed MIME parts ---
> multipart/alternative
>   text/plain (text body -- kept)
>   text/html
> ---
> 
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/1515160624.896609.1225279832.55ade...@webmail.messagingengine.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread AndyHC 

On 05-Jan-2018 1:58 PM, Alan Bourke wrote:

These exploits are nasty but if they've been in Intel chips ever since they 
started implementing out-of-order execution in 1995 then surely if there was a 
serious real-world threat we would have seen it long ago?




Unless it's been very carefully done by state-level actors!


--- StripMime Report -- processed MIME parts ---
multipart/alternative
 text/plain (text body -- kept)
 text/html
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/8a512143-0659-2383-a0d7-81623ad2a...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread AndyHC 

On 04-Jan-2018 11:47 PM, Ted Roche wrote:

Also, kudos to Microsoft for shipping their patches a week early, and
spontaneously rebooting idle Windows workstations while people were
freaking out over the new exploits. Good job!



...  it's almost as if they're saying "here's one I prepared earlier!"   


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/7bc6e9b9-472b-1799-7ece-e5b2cbc68...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-05 Thread Alan Bourke 
These exploits are nasty but if they've been in Intel chips ever since they 
started implementing out-of-order execution in 1995 then surely if there was a 
serious real-world threat we would have seen it long ago?



-- 
  Alan Bourke
  alanpbourke (at) fastmail (dot) fm

On Thu, 4 Jan 2018, at 7:46 PM, Ken Dibble wrote:
> Virtually everything we do here involves HIPAA-sensitive information, 
> but we have very robust perimeter defenses. I'm much more concerned 
> about a potential 30%+ performance loss in systems that are 
> constantly used by nearly a hundred people every day.
> 
> >The exploit allows VMs to go into the memory space of other VMs. 
> >Very bad. Unless you don't have any sensitive info that needs to 
> >stay  that way.
> >
> >--
> >
> >rk
> >
> >-Original Message-
> >From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Ken 
> >Dibble
> >Sent: Thursday, January 04, 2018 1:35 PM
> >To: profoxt...@leafe.com
> >Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information
> >
> >I just can't wait to see what it's going to do to my highly
> >virtualized network--if I ever decide to let it through. Probably a
> >smaller version of what it's already started to do to some commercial
> >cloud systems.
> >
> >Windows Automatic Updates: Just Say No. (TM)
> >
> > >Also, kudos to Microsoft for shipping their patches a week early, and
> > >spontaneously rebooting idle Windows workstations while people were
> > >freaking out over the new exploits. Good job!
> > >
> > >On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble <krdib...@stny.rr.com> wrote:
> > > > Hi folks,
> > > >
> > > > Ask Woody has a very thorough report on this, with links to more
> > > > information.
> > > >
> > > > We all need to be fully informed about this; it is going to affect
> > > > everybody.
> > > >
> > > > https://www.askwoody.com/
> > > >
> > > > Ken Dibble
> > > > www.stic-cil.org
> > > >
> > > >
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/1515140886.815878.1225027584.154a1...@webmail.messagingengine.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-04 Thread Richard Kaye 
If you are a HIPAA shop then I'm sure your IT team is paying proper attention 
to this. 

--

rk

-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Ken Dibble
Sent: Thursday, January 04, 2018 2:46 PM
To: profoxt...@leafe.com
Subject: RE: [NF] Meltdown and Spectre CPU Flaw Information

Virtually everything we do here involves HIPAA-sensitive information, 
but we have very robust perimeter defenses. I'm much more concerned 
about a potential 30%+ performance loss in systems that are 
constantly used by nearly a hundred people every day.

>The exploit allows VMs to go into the memory space of other VMs. 
>Very bad. Unless you don't have any sensitive info that needs to 
>stay  that way.
>
>--
>
>rk
>
>-Original Message-
>From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Ken Dibble
>Sent: Thursday, January 04, 2018 1:35 PM
>To: profoxt...@leafe.com
>Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information
>
>I just can't wait to see what it's going to do to my highly
>virtualized network--if I ever decide to let it through. Probably a
>smaller version of what it's already started to do to some commercial
>cloud systems.
>
>Windows Automatic Updates: Just Say No. (TM)
>
> >Also, kudos to Microsoft for shipping their patches a week early, and
> >spontaneously rebooting idle Windows workstations while people were
> >freaking out over the new exploits. Good job!
> >
> >On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble <krdib...@stny.rr.com> wrote:
> > > Hi folks,
> > >
> > > Ask Woody has a very thorough report on this, with links to more
> > > information.
> > >
> > > We all need to be fully informed about this; it is going to affect
> > > everybody.
> > >
> > > https://www.askwoody.com/
> > >
> > > Ken Dibble
> > > www.stic-cil.org
> > >
> > >
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/mwhpr10mb177482304dba53204e569459d2...@mwhpr10mb1774.namprd10.prod.outlook.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-04 Thread Ken Dibble 
Virtually everything we do here involves HIPAA-sensitive information, 
but we have very robust perimeter defenses. I'm much more concerned 
about a potential 30%+ performance loss in systems that are 
constantly used by nearly a hundred people every day.


The exploit allows VMs to go into the memory space of other VMs. 
Very bad. Unless you don't have any sensitive info that needs to 
stay  that way.


--

rk

-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Ken Dibble
Sent: Thursday, January 04, 2018 1:35 PM
To: profoxt...@leafe.com
Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information

I just can't wait to see what it's going to do to my highly
virtualized network--if I ever decide to let it through. Probably a
smaller version of what it's already started to do to some commercial
cloud systems.

Windows Automatic Updates: Just Say No. (TM)

>Also, kudos to Microsoft for shipping their patches a week early, and
>spontaneously rebooting idle Windows workstations while people were
>freaking out over the new exploits. Good job!
>
>On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble <krdib...@stny.rr.com> wrote:
> > Hi folks,
> >
> > Ask Woody has a very thorough report on this, with links to more
> > information.
> >
> > We all need to be fully informed about this; it is going to affect
> > everybody.
> >
> > https://www.askwoody.com/
> >
> > Ken Dibble
> > www.stic-cil.org
> >
> >

[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-04 Thread Richard Kaye 
The exploit allows VMs to go into the memory space of other VMs. Very bad. 
Unless you don't have any sensitive info that needs to stay  that way.

--

rk

-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Ken Dibble
Sent: Thursday, January 04, 2018 1:35 PM
To: profoxt...@leafe.com
Subject: Re: [NF] Meltdown and Spectre CPU Flaw Information

I just can't wait to see what it's going to do to my highly 
virtualized network--if I ever decide to let it through. Probably a 
smaller version of what it's already started to do to some commercial 
cloud systems.

Windows Automatic Updates: Just Say No. (TM)

>Also, kudos to Microsoft for shipping their patches a week early, and
>spontaneously rebooting idle Windows workstations while people were
>freaking out over the new exploits. Good job!
>
>On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble <krdib...@stny.rr.com> wrote:
> > Hi folks,
> >
> > Ask Woody has a very thorough report on this, with links to more
> > information.
> >
> > We all need to be fully informed about this; it is going to affect
> > everybody.
> >
> > https://www.askwoody.com/
> >
> > Ken Dibble
> > www.stic-cil.org
> >
> >
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/mwhpr10mb177425e77fd9e2074307b0a8d2...@mwhpr10mb1774.namprd10.prod.outlook.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-04 Thread Ken Dibble 
I just can't wait to see what it's going to do to my highly 
virtualized network--if I ever decide to let it through. Probably a 
smaller version of what it's already started to do to some commercial 
cloud systems.


Windows Automatic Updates: Just Say No. (TM)


Also, kudos to Microsoft for shipping their patches a week early, and
spontaneously rebooting idle Windows workstations while people were
freaking out over the new exploits. Good job!

On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble  wrote:
> Hi folks,
>
> Ask Woody has a very thorough report on this, with links to more
> information.
>
> We all need to be fully informed about this; it is going to affect
> everybody.
>
> https://www.askwoody.com/
>
> Ken Dibble
> www.stic-cil.org
>
>

[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-04 Thread Ted Roche 
Also, kudos to Microsoft for shipping their patches a week early, and
spontaneously rebooting idle Windows workstations while people were
freaking out over the new exploits. Good job!

On Thu, Jan 4, 2018 at 12:27 PM, Ken Dibble  wrote:
> Hi folks,
>
> Ask Woody has a very thorough report on this, with links to more
> information.
>
> We all need to be fully informed about this; it is going to affect
> everybody.
>
> https://www.askwoody.com/
>
> Ken Dibble
> www.stic-cil.org
>
>
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/cacw6n4u-jc7-0fbxrvrx4gymcgz+uav53ju7ea9vex5uh-h...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: [NF] Meltdown and Spectre CPU Flaw Information

2018-01-04 Thread AndyHC 
Nah! - nothing to worry about here - just an old government backdoor 
into - er - everything.


On 04-Jan-2018 10:57 PM, Ken Dibble wrote:

Hi folks,

Ask Woody has a very thorough report on this, with links to more 
information.


We all need to be fully informed about this; it is going to affect 
everybody.


https://www.askwoody.com/

Ken Dibble
www.stic-cil.org



[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/fe2dc23c-7906-fbf2-be1e-ed148a369...@hawthorncottage.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.