Hi! > So far so good. What I am wondering is whether that password reset trial is > actually even more dangerous now given Spectre / Meltdown?
I think for those you need local code execution access? In which case, if somebody gained one on MW servers, they could just change your password I think. Spectre/Meltdown from what I read are local privilege escalation attacks (local user -> root or local user -> another local user) but I haven't heard anything about crossing the server access barrier. > (I probably should set up 2FA right now. Have been too lazy so far) Might be a good idea anyway :) -- Stas Malyshev smalys...@wikimedia.org _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
