Meltdown and Spectre security vulnerabilities

Sounds like a buddy movie for cheesy anime villains, doesn’t it?

Ugh. Melty cheesy pun not intended, sorry about that.

ANYHOW, please do update your browser on your desktop/laptop/mobile device. The timing attack requires precise time info, which is mostly blocked by changes in browsers in the latest version.  This is very important; while Spectre exploits are not found in the wild yet, you really don’t want malicious Javascript in a rogue web page inspecting *all your other processes for passwords*.

So patch, please.  See my running twitter feed e.g. https://twitter.com/d_a_keldsen/status/952294692300972032 

To see the whole stream, do:

https://twitter.com/search?q=d_a_keldsen%20spectre&src=typd

For those of us who also run servers, the problem is much more extensive. In particular, I worry about containerized apps where the host is shared between tenants.  

The security escalation game continues…

Dak

Advertisements