Categories
Uncategorized

Meltdown and Spectre security vulnerabilities


Sounds like a buddy movie for cheesy anime villains, doesn’t it?

Ugh. Melty cheesy pun not intended, sorry about that.

ANYHOW, please do update your browser on your desktop/laptop/mobile device. The timing attack requires precise time info, which is mostly blocked by changes in browsers in the latest version.  This is very important; while Spectre exploits are not found in the wild yet, you really don’t want malicious Javascript in a rogue web page inspecting *all your other processes for passwords*.

So patch, please.  See my running twitter feed e.g. https://twitter.com/d_a_keldsen/status/952294692300972032 

To see the whole stream, do:

https://twitter.com/search?q=d_a_keldsen%20spectre&src=typd

For those of us who also run servers, the problem is much more extensive. In particular, I worry about containerized apps where the host is shared between tenants.  

The security escalation game continues…

Dak

By Dak

Father, leader, writer, scientist, visionary.

Technical software development leader (CTO, VP). Excels when improving and turning around teams, putting better tools and software architectures in place, and getting better outcomes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.