Originally posted by cybertraveler
View Post
-
He didn't mention those things because they are not high value. As you stated: they very much can be high value. He mentioned them because the nature of use of those machines often means that you can't actually use the spectre and meltdown exploits. e.g. If I had a machine without spectre/meltdown mitigations that was purely serving static files, then an attacker has no opportunity to execute code and read protected memory. However if I'm using a computer without spectre/meltdown mitigations for browsing the web, then an attack can potentially create a specially crafted website with javascript on it which will exploit a buggy CPU and exfiltrate sensitive data.Originally posted by Djhg2000 View Post
Note: I've simplified some aspects of the situations above, but it's close enough.Leave a comment:
-
my gaming pc has spectre disabled and even if someone hacks it i dont care because there is nothing important on it.Originally posted by Djhg2000 View Post
if someone starts to send spam from it i'd notice it sooner or later - and they would not need spectre to do it: a normal user account is totally fine for that.
dont forget: spectre doesnt open magically the doors for everyone. you still need to execute the code which starts the attack somehow
Leave a comment:
-
"Disabling is a good option for strictly confined environments where no 3d party untrusted code is ever to be run, e.g. a rendering farm, a supercomputer, or even a home server which runs Samba/SSH server and nothing else."
Wait what? Wouldn't render farms and supercomputers be high value targets for hackers? Home servers woudn't be, but on the other hand they would probably be easier targets. The only legitimate use case I can think of is in strictly offline computers.Leave a comment:
-
Nowadays 1, 2.5, 5, and 10 gigabit LANs are so cheap that you could easily offload all data accesses to a separate NAS doing encryption and such. When doing dual boot, you need to know that if you don't cycle the power off, the data (keys) might be intact in RAM after rebooting. There's a switch to wipe the RAM when shutting down in the kernel, but it slows down rebooting considerably on modern 16-64 GB RAM machines.Originally posted by flower View PostLeave a comment:
-
Indeed. I also have a separate system for gaming. I pay far less attention to the security of that system than my other systems.Originally posted by flower View PostLeave a comment:
-
Exactly.Originally posted by F.Ultra View Post
I support giving users the option to disable these features if they want to, but I advocate that novice users (typical home users and gamers) do not disable these features unless they know what they are doing and are aware of the risks and the benefits. Computer security is a big deal and is becoming even more important as time progresses.Leave a comment:
-
only if the disks are mounted the key is in memoryOriginally posted by cybertraveler View Post
dualboot is important in that case because it might(!) be easy to get root and replace some system-binaries with nasty ones.
it also depends on your security profile. i ONLY care about my important data. i dont want it to leak or be tampered with.Leave a comment:
Leave a comment: