No … only a one time password. My password does not leave my computer.
But again. Yes, you can construct something that might be a risk. But the users
(by intention very limited amount) cannot run unsigned code (a Gert described
already). So in the moment we are waiting for the vendors and than
The password will not be seen on the box itself so no problem. The users are
tacacs+ authorized/authenticated.
Most scenarios are much easier to accomplish by using the already granted
rights on the boxes per user then using these kinds of attack vectors opened by
Meltdown and Spectre.
Our
On Mon, 2018-01-08 at 10:01 +0100, Gert Doering wrote:
> On Mon, Jan 08, 2018 at 09:32:23AM +0100, Thilo Bangert wrote:
> > The idea of having secure individual logins goes down the drain
> > with Meltdown and Spectre. You want to be sure that a person logged
> > into a box cannot snoop the
Hi,
On Mon, Jan 08, 2018 at 09:32:23AM +0100, Thilo Bangert wrote:
> Den 06-01-2018 kl. 19:49 skrev Sebastian Becker:
> > Same here. User that have access are implicit trusted.
>
> You do have individual user accounts on the equipment, right?
>
> The idea of having secure individual logins goes
Same here. User that have access are implicit trusted. So no need for panic.
—
Sebastian Becker
s...@lab.dtag.de
> Am 06.01.2018 um 12:58 schrieb Gert Doering :
>
> Hi,
>
> On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote:
>> For cve related to Meltdown and