|
spankmeister posted:Nice company. For a clown to work at. true story: one of my clients back in the day was a literal clown college they weren't the worst shitshow of clients i had by a longshot
|
# ? Jan 19, 2018 14:00 |
|
|
# ? May 17, 2024 14:59 |
|
Kazinsal posted:gently caress that noise all of intel's microcode patches for spectre cause random reboots so no it's speed/security/stability pick two aren't the microcode updates needed to be secure? so it's more like speed/security/stability pick one
|
# ? Jan 19, 2018 14:16 |
|
ymgve posted:aren't the microcode updates needed to be secure? so it's more like speed/security/stability pick one Replace hardware should be an option.
|
# ? Jan 19, 2018 14:19 |
lmao i administer a website ont he side for a local nonprofit since they have no idea what they're doing the site's throwing an ssl error for some reason so i contacted their tech support since thye provide the cert. they had an existing domain and i basically did some updated and make sure it's not on fire for a tiny bit of money per month. code:
|
|
# ? Jan 19, 2018 15:03 |
|
jerry seinfel posted:lmao i administer a website ont he side for a local nonprofit since they have no idea what they're doing lol completely unironically they should probably be on a squarespace type thing
|
# ? Jan 19, 2018 15:19 |
|
I love getting questions from endusers on why MalwareByte is detecting so much "Fileless Malware" that other solutions do not. It's always just orphaned registry keys that are doing nothing. gently caress that lovely program.
|
# ? Jan 19, 2018 15:57 |
|
BangersInMyKnickers posted:I love getting questions from endusers on why MalwareByte is detecting so much "Fileless Malware" that other solutions do not. It's always just orphaned registry keys that are doing nothing. gently caress that lovely program. "this program is finding viruses that my mcafee didn't, it must be the best"
|
# ? Jan 19, 2018 16:03 |
|
is there any consensus in this thread on how boned systems that aren't going to get microcode updates for spectre and meltdown are? is it only a matter of time before exploits appear? or is it possible that software patches alone can secure them? we're in a funny time where a 6 year old machine can actually be just fine for a lot of people, it'll be a shame if they all have to be trashed.
|
# ? Jan 19, 2018 16:47 |
Father Jack posted:is there any consensus in this thread on how boned systems that aren't going to get microcode updates for spectre and meltdown are? i wouldn't use those systems for anything important, and i think that a year is a very generous window for "real" hacks to appear
|
|
# ? Jan 19, 2018 17:02 |
|
they're right next to the rowhammer in-the-wild attacks
|
# ? Jan 19, 2018 17:06 |
|
Wiggly Wayne DDS posted:they're right next to the rowhammer in-the-wild attacks hammered by chinese
|
# ? Jan 19, 2018 17:07 |
|
as usual with this kind of poo poo you need to fall back on defence-in-depth and layered mitigation. isolate systems with large surface area to mitigate lateral movement, implement a solid RBAC systems to mitigate privilege elevation and just be smart about poo poo. with the vulnerabilities worst case is your server is popped so plan for that and mitigate accordingly. honestly this poo poo isnt the end of the world. it's a large concern, but it isn't game over.
|
# ? Jan 19, 2018 17:08 |
|
i'm thinking more about home users with an older laptop/desktop running w10 and getting patches as they come out. is it probable they're going to need to upgrade just for this? or is it more likely to remain a thoeretical threat that never becomes a big thing? i guess if you can pop a whole bunch of people with lower hanging fruit why bother with something more complex, but it's still unnerving. everything of mine is flashed and patched except my ancient htpc. i was planning to upgrade it anyway, but i'd be wanting to now even it wasn't slow as balls. maybe i'm being paranoid because of how much media attention this has got, so this seemed the place to ask.
|
# ? Jan 19, 2018 17:32 |
Father Jack posted:i'm thinking more about home users with an older laptop/desktop running w10 and getting patches as they come out. no one will tell you "yeah dude there is no way in hell this relatively recent processor flaw will affect you in the slightest, ever"
|
|
# ? Jan 19, 2018 17:48 |
|
the vulns themselves are quite esoteric and from what i understand exploiting them isn't exactly easy. honestly they'd really only see widespread impact if included in the toolkits utilised by botnet/malware as a service outfits. even then they'd need to find a way to chain it with other exploits and it would only be as effective as the vector. idk unless someone can explain otherwise it's p much business as usual. edit: business as usual being patching your poo poo and maintaining/enforcing existing controls
|
# ? Jan 19, 2018 17:53 |
|
cinci zoo sniper posted:no one will tell you "yeah dude there is no way in hell this relatively recent processor flaw will affect you in the slightest, ever" sure, and if they did i'd think they were full of poo poo. i'm just trying to get an idea of how bad a knowledgeable community think this might be based on what's currently known, not get a one time guarantee i don't have to worry about it.
|
# ? Jan 19, 2018 17:59 |
|
Father Jack posted:sure, and if they did i'd think they were full of poo poo. meltdown is a really fuckin bad exploit for any local user. it's not a remote exploit though. spectre is so complicated to exploit i somewhat doubt it will ever be used for anything
|
# ? Jan 19, 2018 18:02 |
|
cheese-cube posted:the vulns themselves are quite esoteric and from what i understand exploiting them isn't exactly easy. honestly they'd really only see widespread impact if included in the toolkits utilised by botnet/malware as a service outfits. even then they'd need to find a way to chain it with other exploits and it would only be as effective as the vector. this is kind of my current understanding of the issue, that they're potentially a way to extract information from a system that is already running malicious code is that correct?
|
# ? Jan 19, 2018 18:04 |
|
Father Jack posted:this is kind of my current understanding of the issue, that they're potentially a way to extract information from a system that is already running malicious code yes
|
# ? Jan 19, 2018 18:05 |
|
yes but that code could be JITed javascript
|
# ? Jan 19, 2018 18:07 |
|
Father Jack posted:this is kind of my current understanding of the issue, that they're potentially a way to extract information from a system that is already running malicious code where malicious code includes any such in a virtual machine (e.g. on any cloud host) or sandbox (e.g. js in your browser)
|
# ? Jan 19, 2018 18:09 |
|
this thread, or some previous version, made me uninstall java and flash long ago, and spread the word to others to do so.
|
# ? Jan 19, 2018 18:13 |
|
spectre for home users will be mainly on the browsers to mitigate by generating increasingly contorted jit code
|
# ? Jan 19, 2018 18:13 |
|
ymgve posted:yes but that code could be JITed javascript most of the browsers that JIT javascript have new versions out, and at least two of 'em (firefox and chrome) are comically difficult to not update
|
# ? Jan 19, 2018 18:20 |
|
it is exceedingly unlikely and would be out of the norm given that rowhammer attacks are more potent, yet don't have any end-user relevant attacks going around. end of the day spectre+meltdown are read-only info disclosures. it'd be nice as a technique for escalating your rce, but on its own it's reliant on there being interesting memory on the device to read and being actively manipulated at the time of attack. servers care as they have private keys and external services that can be leveraged further combined with means of manipulating those independent processes. end users aren't likely to have a ssh server running to pivot to, or an access method outside of a browser. the most dangerous scenario then is an extremely motivated attacker knows the system inside-out, which password manager is running and gets them onto a site - while the password manager is handling passwords in memory - and uses that to access external services, but 2fa exists as do in-depth mitigations on the browser itself. really all history has shown is that criminal groups are incredibly slow to adopt to new exploit techniques, and your nation state attackers would rather not have that white elephant of a vuln sitting in their systems as well. there's a strange misconception on the quantity of black hat attackers producing malware, their development processes and sophistication. really that is a topic in dire need of analysis because the reality really doesn't add up to the expectation of competency there, even accounting for nsa exploits being released and turnaround time for those being used outside of targeted attacks
|
# ? Jan 19, 2018 18:27 |
|
BangersInMyKnickers posted:I love getting questions from endusers on why MalwareByte is detecting so much "Fileless Malware" that other solutions do not. It's always just orphaned registry keys that are doing nothing. gently caress that lovely program. my fave was the one that reported every single goddamn browser cookie
|
# ? Jan 19, 2018 18:30 |
|
Wiggly Wayne DDS posted:it is exceedingly unlikely and would be out of the norm given that rowhammer attacks are more potent, yet don't have any end-user relevant attacks going around. thanks for this and all other replies. for, i think the first time ever, i am slightly less paranoid after reading this thread.
|
# ? Jan 19, 2018 18:48 |
|
Wiggly Wayne DDS posted:
Criminals are in it for not for exploiting hot new vulns, which the security bug hype doesn't really match up with.
|
# ? Jan 19, 2018 19:04 |
|
apseudonym posted:Criminals are in it for not for exploiting hot new vulns, which the security bug hype doesn't really match up with. https://twitter.com/thegrugq/status/563964286783877121
|
# ? Jan 19, 2018 19:08 |
|
Wiggly Wayne DDS posted:really all history has shown is that criminal groups are incredibly slow to adopt to new exploit techniques lol where do you think the botnet/malware as a service industries sprung from?
|
# ? Jan 19, 2018 19:31 |
|
I'm honestly a bit annoyed that this patch is costing me performance while I'm not that convinced it's a threat on my home pc
|
# ? Jan 19, 2018 19:48 |
|
spankmeister posted:I'm honestly a bit annoyed that this patch is costing me performance while I'm not that convinced it's a threat on my home pc have you noticed a performance hit? i didn't benchmark before/after on anything but i thought it wasn't likely to impact home systems much if at all.
|
# ? Jan 19, 2018 19:52 |
|
I have seen bigger performance hits from running motherboard "monitoring software" like msi afterburner. Haven't had the January updates cause any noticeable difference yet.
|
# ? Jan 19, 2018 19:59 |
|
Father Jack posted:have you noticed a performance hit? Honestly not really no.
|
# ? Jan 19, 2018 20:21 |
|
Father Jack posted:is there any consensus in this thread on how boned systems that aren't going to get microcode updates for spectre and meltdown are? Meltdown does not require microcode, only Spectre. With that said, many of the common ingress application for specter are being patched to mitigate regardless so the impact is fairly low.
|
# ? Jan 19, 2018 21:08 |
|
not news: google continues to suck at vetting extensions and responding when malicious ones are found
|
# ? Jan 19, 2018 22:24 |
|
https://twitter.com/EdOverflow/status/954093588362809345
|
# ? Jan 19, 2018 23:10 |
|
That obviously violates the NAP
|
# ? Jan 19, 2018 23:17 |
|
https://twitter.com/EdOverflow/status/954388572320288770
|
# ? Jan 19, 2018 23:36 |
|
|
# ? May 17, 2024 14:59 |
|
what's keybase and who uses it?
|
# ? Jan 20, 2018 00:31 |