| Jonathan Simpson on 4 Jan 2018 08:46:21 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] It's the final meltdown!! (Security vulnerabilies) |
John, As far as I understand it, the malware could be javascript running on a website you visit, so even with reasonably careful protections, you can still end up running it. Unless of course you block all scripts. On Thu, Jan 4, 2018 at 11:27 AM, John Von Essen <john@quonix.net> wrote: > I know people are freaking out about this, and its a big deal, but…. the > thing I dont fully understand is why cant antivirus detect the “act” of > grabbing leaked memory data? Also, what are the uneffected CPUs? > > Even if antivirus cant detect the reading of CPU memory, the attack still > requires a piece of software to implement, most hackers will ultimately end > up using and distributing the same or similar software, so that can be > tagged by anti-virus. I mean do you think every hacker will write their own > custom malware. > > Lastly, you still need to get the malware on your PC, so if you are very > careful, behind a firewall, and only install “approved” or “signed” apps, > you should be good. On my work PC, for the past 10 years, I have never > gotten infected by anything, the only software I install is commercial > products like Office, etc.,. and I never download random apps, I mainly > download PDFs, and misc content. > > So with good self control, this shouldn’t be too bad. > > The real threat is cloud computing, where a hacker can just buy a VM, run > their malware, and read all the contents of the cloud platforms CPU. Hence > another reason not to use the cloud for critical stuff or sensitive data. > Cloud is great for little web sites of content, but super sensitive data > should be on your own hardware. > > -John > > > > > > On Jan 4, 2018, at 12:49 AM, Will <staticphantom@gmail.com> wrote: > > Thank you to Keith Perry and Rich Mingin. > > The security issues broken down from their more proper CVE's can be seen > here: https://meltdownattack.com > > The website discussed the bugs found in hardware as well as their scope. > Ladies and Gentlemen we maybe witnessing a defining moment of security this > year as the impact may reach heart bleed level press in the next few days. > > -Will C > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > > > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug