Re: [c-nsp] [j-nsp] Meltdown and Spectre

No … only a one time password. My password does not leave my computer. But again. Yes, you can construct something that might be a risk. But the users (by intention very limited amount) cannot run unsigned code (a Gert described already). So in the moment we are waiting for the vendors and than

Re: [c-nsp] [j-nsp] Meltdown and Spectre

The password will not be seen on the box itself so no problem. The users are tacacs+ authorized/authenticated. Most scenarios are much easier to accomplish by using the already granted rights on the boxes per user then using these kinds of attack vectors opened by Meltdown and Spectre. Our

Re: [c-nsp] [j-nsp] Meltdown and Spectre

On Mon, 2018-01-08 at 10:01 +0100, Gert Doering wrote: > On Mon, Jan 08, 2018 at 09:32:23AM +0100, Thilo Bangert wrote: > > The idea of having secure individual logins goes down the drain > > with Meltdown and Spectre. You want to be sure that a person logged > > into a box cannot snoop the

Re: [c-nsp] [j-nsp] Meltdown and Spectre

Hi, On Mon, Jan 08, 2018 at 09:32:23AM +0100, Thilo Bangert wrote: > Den 06-01-2018 kl. 19:49 skrev Sebastian Becker: > > Same here. User that have access are implicit trusted. > > You do have individual user accounts on the equipment, right? > > The idea of having secure individual logins goes

Re: [c-nsp] [j-nsp] Meltdown and Spectre

Same here. User that have access are implicit trusted. So no need for panic. — Sebastian Becker s...@lab.dtag.de > Am 06.01.2018 um 12:58 schrieb Gert Doering : > > Hi, > > On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote: >> For cve related to Meltdown and