Tweet
Originally posted by nanonyme
View Post
-
PC is not just station to access and run remote services, there are many PCs who mainly just run one internaly usefull proggy and nothing else. -
This seems silly, even with your gaming PC, sometimes you still need to sign in gaming accounts. You are no way to avoid from the risk.Originally posted by cybertraveler View PostComment
-
THISOriginally posted by cybertraveler View Post
It is my understanding, too. So unless you let someone execute arbitrary code on your computer, how could this be exploited? The browser with JS (always nice to have a selective whitelist here) would be the only thing coming to mind here. Especially with slower CPUs I think it will be difficult to achieve the necessary timing precision in JS to extract useful data. Given that browsers are being patched to lower timing resolution (https://blog.mozilla.org/security/20...timing-attack/), what exacty is the remaining attack vector for a single-user desktop PC?Comment
-
Same here.Originally posted by cybertraveler View Post
Is your gaming rig on linux? Because if you have a separate gaming rig there are so much good reasons to just use Windows on it, and the point of smartalgorithm becomes quite weak.
Last edited by starshipeleven; 11 January 2018, 05:43 PM.Comment
-
The exploit for this vuln would be probably used as a second stage, first stage is something that just compromises the browser so it loads something outside its sandbox but maybe not with root privileges, and this second stage allows the attacker to pwn the system somehow (looking at other processes to get root access, or steal info regardless of root access, or whatever).Originally posted by MeFri View Post
Malware is modular, serious ones have 2 stages or more and you can have them deliver your payload of choice.Comment
-
Gaming accounts are not highly sensitive information, and you can buy/download games from your safe system.Originally posted by wsxy162 View Post
For Steam for example I can buy stuff with just a web browser and a Paypal account, and Steam is set to not remember my Paypal password so I have to authorize any transaction by authenticating into Paypal. Even if they managed to steal my steam account (I have also connected a phone number because of recovery purposes), my money would still be inaccessible.
Maybe this won't work for Pay2Win games with an in-game store, but that's crap I don't buy (or play) anyway.Comment
-
And people where complaining about performance loss of micro kernels. Maybe time to go micro kernels for all the added benefits, not only security, but also stability when your NIC or audio driver has an off-by-one typo or two ;-)!Comment
-
There are many scenarios where you would consider disabling KPTI, retpoline, and other security measures that have a runtime cost.- A PC which is used exclusively for gaming
- A PC which is occasionally used for browsing, but the web browser's (PDF reader's, ...) JavaScript JIT is disabled.
- A HPC node which runs only trusted code
- A server which does not execute user code
Comment
-
I, too, game on a machine that I don't do anything else important on. It's because it's a windows machine and I don't trust the software security enough to trust it with anything important.Comment
-
There's no point in disabling KPTI on a gaming rig. All performance tests say that the effect on the gaming performance is negligible.Comment
Comment