John Von Essen on 4 Jan 2018 08:27:34 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] It's the final meltdown!! (Security vulnerabilies)


I know people are freaking out about this, and its a big deal, but…. the thing I dont fully understand is why cant antivirus detect the “act” of grabbing leaked memory data? Also, what are the uneffected CPUs?

Even if antivirus cant detect the reading of CPU memory, the attack still requires a piece of software to implement, most hackers will ultimately end up using and distributing the same or similar software, so that can be tagged by anti-virus. I mean do you think every hacker will write their own custom malware.

Lastly, you still need to get the malware on your PC, so if you are very careful, behind a firewall, and only install “approved” or “signed” apps, you should be good. On my work PC, for the past 10 years, I have never gotten infected by anything, the only software I install is commercial products like Office, etc.,. and I never download random apps, I mainly download PDFs, and misc content.

So with good self control, this shouldn’t be too bad.

The real threat is cloud computing, where a hacker can just buy a VM, run their malware, and read all the contents of the cloud platforms CPU. Hence another reason not to use the cloud for critical stuff or sensitive data. Cloud is great for little web sites of content, but super sensitive data should be on your own hardware.

-John



 

On Jan 4, 2018, at 12:49 AM, Will <staticphantom@gmail.com> wrote:

Thank you to Keith Perry and Rich Mingin. 

The security issues broken down from their more proper CVE's can be seen here: https://meltdownattack.com

The website discussed the bugs found in hardware as well as their scope. Ladies and Gentlemen we maybe witnessing a defining moment of security this year as the impact may reach heart bleed level press in the next few days. 

-Will C
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug