|
I guess stock buyers/sellers have only read about Meltdown, not Spectre 
|
#
?
Jan 4, 2018 18:26
|
|
|
|
| # ? May 24, 2024 20:22 |
|
|
jaegerx posted:I’m selling meltdown inside stickers. Who wants one? I want one. I also want the SA SHSC USB that was talked about before the holidays and then abandoned. It was abandoned right? You guys aren't holding out on me are you? I desperately need to move 16-64GB of
|
|
#
?
Jan 4, 2018 18:34
|
|
|
CLAM DOWN posted:I guess stock buyers/sellers have only read about Meltdown, not Spectre I mean, given that Spectre hits pretty much every chip out there, it's almost a rational response. Both of the big guys will need to redesign their poo poo, but in the meantime AMD can just point to Meltdown to steal market share.
|
|
#
?
Jan 4, 2018 18:36
|
|
|
Inspector_666 posted:I mean, given that Spectre hits pretty much every chip out there, it's almost a rational response. Both of the big guys will need to redesign their poo poo, but in the meantime AMD can just point to Meltdown to steal market share. I genuinely don't see that happening. It's not like big VM private clouds or AWS are going to all of a sudden start buying AMD chips. I see AMD gaining value short-term but not by stealing market share from Intel, and I see Intel recovering and continuing just fine. The entire technology industry is a security dumpster fire and we're all hosed and nothing will ever change. e: spelling CLAM DOWN fucked around with this message at 18:41 on Jan 4, 2018 |
|
#
?
Jan 4, 2018 18:38
|
|
|
CLAM DOWN posted:I genuinely don't see that happening. It's not like big VM private clouds or AWS is going to all of a sudden start buying AMD chips. I see AMD gaining value short-term but by stealing market share from Intel, and I see Intel recovering and continuing just fine. The entire technology industry is a security dumpster fire and we're all hosed and nothing will ever change. I actually see the move to IaaS as a great thing for security, because hardware issues like this are in the provider's best interest to mitigate/resolve, and so it actually will be, whereas smaller places will say they can't afford to replace the hardware, and can't afford the performance hit on something like this. I'm also very naïve and often take candy from strangers.
|
|
#
?
Jan 4, 2018 18:40
|
|
|
CLAM DOWN posted:I genuinely don't see that happening. It's not like big VM private clouds or AWS is going to all of a sudden start buying AMD chips. I see AMD gaining value short-term but by stealing market share from Intel, and I see Intel recovering and continuing just fine. The entire technology industry is a security dumpster fire and we're all hosed and nothing will ever change. Right, I should have said "try to steal market share" in that post. Just that regarding stock price, it does kind of make sense that people wouldn't really see Spectre as being something to drag down AMD's price.
|
|
#
?
Jan 4, 2018 18:41
|
|
|
CLAM DOWN posted:I guess stock buyers/sellers have only read about Meltdown, not Spectre It's also like a 4 point Y axis. So while it looks bad cause OMG IT WENT FROM THE TOP OF THE GRAPH TO THE BOTTOM, it's not actually that much movement.
|
|
#
?
Jan 4, 2018 18:59
|
|
|
Docjowles posted:It's also like a 4 point Y axis. So while it looks bad cause OMG IT WENT FROM THE TOP OF THE GRAPH TO THE BOTTOM, it's not actually that much movement. Also if you think the hype is overblown, now would be a great time to buy discounted Intel stock
|
|
#
?
Jan 4, 2018 19:05
|
|
|
jaegerx posted:I’m selling meltdown inside stickers. Who wants one? Definitely interested. ALSO hihifellow posted:Wonder if this was the reason behind Azure wanting to do updates on the hosts for the past few weeks. lol Microsoft just went and restarted every single VM and instance in Azure last night rather than keep to their schedules and some of our clients are now on fire. None of mine though 
|
|
#
?
Jan 4, 2018 19:08
|
|
|
mewse posted:Also if you think the hype is overblown, now would be a great time to buy discounted Intel stock It's only down $3 over the week and is still up from the price a month ago, so maybe not the best time to try and buy low.
|
|
#
?
Jan 4, 2018 19:08
|
|
|
Sefal posted:This was me last year when i started at the company i'm currently at. We at least have separate accounts for domain admin. Best part is I work at an AV/Security company. I'm just desktop support, and a contractor to boot, so I can't really push for a change. It just startled the hack out of me. Judge Schnoopy posted:Eliminate 'every little install', problem solved. Why are so many computers getting snowflake software outside of the standard deployment? We don't, really, so I'm not sure of the reasoning here. I get it for the teams testing releases and such, but Sales guys don't really need to be mucking around with installs. Half the time they ask us to do it anyway. edit: talking with one of engineers about Meltdown/Spectre, and he brought up the point that our antivirus product is likely to be blamed for slowdowns caused by the patches for years to come, because it's *always* AV overhead from sniffing your file transfers that's the problem. He's probably not wrong. Darchangel fucked around with this message at 19:15 on Jan 4, 2018 |
|
#
?
Jan 4, 2018 19:13
|
|
|
My sense of fatalism means I don't have to respond to the CPU vulnerabilities because in the end we're all going to die anyway.
|
|
#
?
Jan 4, 2018 19:15
|
|
|
In case anyone still doesn’t grasp how big of a deal this is, check out this PoC using JavaScript. https://twitter.com/lavados/status/948716579801493506
|
|
#
?
Jan 4, 2018 19:19
|
|
|
YOLOsubmarine posted:One thing that definitely doesn’t work very well to stop being a passenger in your own life is being morose and defeatist. Focus on setting some achievable goals that aren’t dependent on others. Getting a promotion at work isn’t a useful goal because it’s not something you can control. Adding a new certification, or skill is a useful goal that will make you more employable. Yeah I know. It’s just hard to feel any different since it feels like I’m in a tailspin and nothing seems to work anymore. I’m trying to get ICND1, but it’s tough going because I can barely even focus on reading most of the tome. I’ll “read” the text, but it’s gone as soon as I move on along the page.
|
|
#
?
Jan 4, 2018 19:27
|
|
|
I got a call about a senior network engineer position paying really good money. I know I could get this job, but it's with a consultant / MSP firm, and my god do I not want to go back to doing that poo poo. Feels good to be in a position where I can look at a job offer for 140% current salary and sleep soundly rejecting it.
|
|
#
?
Jan 4, 2018 19:41
|
|
|
skooma512 posted:Yeah I know. It’s just hard to feel any different since it feels like I’m in a tailspin and nothing seems to work anymore. I really would suggest taking a Cisco course at a community college. The course is run by Cisco, and is split into 4 quarters. It really helped jump start my interest in networking, and get my CCNA.
|
|
#
?
Jan 4, 2018 19:46
|
|
|
hihifellow posted:lol Microsoft just went and restarted every single VM and instance in Azure last night rather than keep to their schedules and some of our clients are now on fire. None of mine though Huh? There's no way they would just restart tens of thousands of production servers for customers without warning.
|
|
#
?
Jan 4, 2018 19:55
|
|
|
Peachfart posted:I really would suggest taking a Cisco course at a community college. The course is run by Cisco, and is split into 4 quarters. It really helped jump start my interest in networking, and get my CCNA. I took the first 2 of these back in college and they are REALLY good if you have issues with self-paced study, I would recommend them highly.
|
|
#
?
Jan 4, 2018 20:00
|
|
|
Ranter posted:Huh? There's no way they would just restart tens of thousands of production servers for customers without warning. Oh they sent emails out last night. After they already started rebooting machines. quote:Dear Azure customer,
|
|
#
?
Jan 4, 2018 20:00
|
|
|
Good. That's the cloud, it's not your datacenter so get used to poo poo getting rebooted.
|
|
#
?
Jan 4, 2018 20:01
|
|
|
mewse posted:Also if you think the hype is overblown, now would be a great time to buy discounted Intel stock No one should think this is overhyped because this is hilariously bad and widespread, but people should also just accept that these companies will never change or die and we should all get used to massive vulnerabilities like this. Party on Garth.
|
|
#
?
Jan 4, 2018 20:04
|
|
|
hihifellow posted:Oh they sent emails out last night. After they already started rebooting machines. loving lol. But now I'm wondering why I have zero alerts in my inbox this morning....
|
|
#
?
Jan 4, 2018 20:05
|
|
|
hihifellow posted:Oh they sent emails out last night. After they already started rebooting machines. I had to read it twice before I was sure of what I was reading when I got that email. "wait they've already started rebooting?" "lol"
|
|
#
?
Jan 4, 2018 20:07
|
|
|
quote:This Azure infrastructure update addresses the disclosed vulnerability at the hypervisor level
|
|
#
?
Jan 4, 2018 20:21
|
|
|
Guaranteed many people think these rolling reboots fix their vulnerability issue at the OS level
|
|
#
?
Jan 4, 2018 20:26
|
|
|
Sepist posted:Guaranteed many people think these rolling reboots fix their vulnerability issue at the OS level What's the vulnerability at the OS level if the hypervisor is patched?
|
|
#
?
Jan 4, 2018 20:30
|
|
|
Ranter posted:Huh? There's no way they would just restart tens of thousands of production servers for customers without warning. Azure's logic is that if it's production, you should be running it in an availability set. Which is true.
|
|
#
?
Jan 4, 2018 20:31
|
|
|
Ranter posted:What's the vulnerability at the OS level if the hypervisor is patched? Literally the main vulnerability is still there, accessing private kernel memory. You have to patch the OS as well. The VM host patch addresses the host escape issue.
|
|
#
?
Jan 4, 2018 20:39
|
|
|
CLAM DOWN posted:Literally the main vulnerability is still there, accessing private kernel memory. You have to patch the OS as well. The VM host patch addresses the host escape issue. But to be fair the host escape is a super huge mega deal and OS is only sorta a huge mega big deal.
|
|
#
?
Jan 4, 2018 20:42
|
|
|
CLAM DOWN posted:Literally the main vulnerability is still there, accessing private kernel memory. You have to patch the OS as well. The VM host patch addresses the host escape issue. Is the windows update patch out for this yet? If so, is wsus already receiving it?
|
|
#
?
Jan 4, 2018 20:43
|
|
|
Sickening posted:Is the windows update patch out for this yet? If so, is wsus already receiving it? It's out, but it's all kinds of hosed it, it causes BSODs on most 3rd party AV solutions right now because they don't abide by some kind of compatibility reg key. If you don't have this key and use a third party AV than regular Windows Update won't even prompt you for the patch. If you're on Windows 10 and Windows Defender you're fine, otherwise hold onto ur butts.
|
|
#
?
Jan 4, 2018 20:46
|
|
|
I was literally coming back to ask what everyone is doing re: client patching. Holding off a few days? There's no known malware spreading around rapidly yet right? edit: we're a Sophos AV/Encryption shop. Apparently they already addressed the registry/BSOD stuff for F*CKWIT lol but the updates aren't pushing to clients til tomorrow: https://community.sophos.com/kb/en-us/128053 Bald Stalin fucked around with this message at 20:54 on Jan 4, 2018 |
|
#
?
Jan 4, 2018 20:50
|
|
|
There's already PoC JavaScript implementations running in browsers, in a day or two we'll probably see the coinminer-ads replaced with password-sniffing Spectre exploits.
|
|
#
?
Jan 4, 2018 20:53
|
|
|
Ranter posted:I was literally coming back to ask what everyone is doing re: client patching. Holding off a few days? There's no known malware spreading around rapidly yet right? I would not recommend waiting, it should be considered in the wild.
|
|
#
?
Jan 4, 2018 21:01
|
|
|
CLAM DOWN posted:It's out, but it's all kinds of hosed it, it causes BSODs on most 3rd party AV solutions right now because they don't abide by some kind of compatibility reg key. If you don't have this key and use a third party AV than regular Windows Update won't even prompt you for the patch. We use Sophos, which is one with an improper reg key. The official ETA on fix from them is "Sometime next week" 
|
|
#
?
Jan 4, 2018 21:05
|
|
|
Security departments are paralyzed right now as their mandate requires AV but AV is preventing the deployment of the patch. It's like Kirk talking a computer to death.
|
|
#
?
Jan 4, 2018 21:07
|
|
|
bull3964 posted:Security departments are paralyzed right now as their mandate requires AV but AV is preventing the deployment of the patch. it's an ouroboros of poo poo eating itself to death
|
|
#
?
Jan 4, 2018 21:07
|
|
|
bull3964 posted:Security departments are paralyzed right now as their mandate requires AV but AV is preventing the deployment of the patch. I think I just got the go ahead the nuke all virus scan software... the dream is live.
|
|
#
?
Jan 4, 2018 21:08
|
|
|
bull3964 posted:Security departments are paralyzed right now as their mandate requires AV but AV is preventing the deployment of the patch. I notified my boss yesterday morning about this, our 12 man security department still hasn't notified us about it
|
|
#
?
Jan 4, 2018 21:10
|
|
|
|
| # ? May 24, 2024 20:22 |
|
|
bull3964 posted:Security departments are paralyzed right now as their mandate requires AV but AV is preventing the deployment of the patch. I just messaged our security people about the AV because I know this is gonna be a "WHOA ALL OF THIS STUFF NEEDS TO BE PATCHED RIGHT NOW!" issue on Monday.
|
|
#
?
Jan 4, 2018 21:10
|
|