Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[TheBoy]

As opposed to "wanted", being the key. I'm in no rush.

Yeah, I'm pretty much the same.  I think, for general purpose use, if you bought a reasonable quality, reasonably specced PC back in the days of Vista - much like my trusty old laptop (Core2 duo) and my only very recently retired desktop (Core2 quad) - and done basic tuning and upgrades (probably just memory and an SSD), they are still plenty "good enough" for general use today.


I only replaced the desktop (with an old offcast from my Bro's business, where I saved a couple of Dell Vostro i5's from the skip 2 or 3 yrs ago) just before Christmas because a mate asked if I had a spare PC, as his had died, and I remembered I had these 2 sat in the garage, so gave him one, which gave me the reminder/enthusiasm to replace mine.

Apart from the extra RAM (8Gb - the old PC maxed out at 4Gb), I can't say I've noticed the difference, and I only use that extra RAM for CAD type stuff

[aaronjb]

I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.

Java (as opposed to javascript).

Nope, he was right with javascript https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript

Even running as a normal user won't protect you from all the variants - everything needs patching; and by everything, I mean everything.

[TD]

My notebook, suddenly decided to do a BIG update this morning, the type with a blue screen, so you have to wait for the update to finish after it rebooted itself....I wonder if that was patches for the bugs 

[TheBoy]

My notebook, suddenly decided to do a BIG update this morning, the type with a blue screen, so you have to wait for the update to finish after it rebooted itself....I wonder if that was patches for the bugs 

MS currently rolling out Win10 patches, Insiders have been patched for a month.

However, I suspect your big one was 1709, rather than this.

[TheBoy]

I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.

Java (as opposed to javascript).

Nope, he was right with javascript https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript

Even running as a normal user won't protect you from all the variants - everything needs patching; and by everything, I mean everything.

Hmmm, reason I'm slightly suspicious about javascript is every browser vendor uses their own javascript implementation, so the underlying code that's run on the CPU - the machine code in old skool parlance - will be different.  This and the fact by its nature its difficult to get it to do anything beyond simple.  Maybe a different set of exploits per browser (and maybe even browser version) could work.

On the upside, if it is exploitable by javascript, that is pretty easy to fix* in the browser, due to the isolation techniques already present in them.


*In the scale of things


But there will be other dodgy applications and downloads and so on, so this is going to be patching and patching for a fair time yet, as your rightly say.


I've been concentrating more at servers, Linux in particular, and even from enterprise vendors, hard information is quite scare.  I think they were/are geared up for release next week, when the disclosure was planned, but Intel bit on some media baiting.

[TheBoy]

Fact remains, whilst it allows reading of kernel space memory, the read rate is slow, and viability of finding something usefully juicy isn't that great.

Needs fixing, and is serious, but the hype is encroaching beyond that IMHO.