Announcement

Collapse
No announcement yet.

Linux Kernel Gets Patch For New SpectreRSB Vulnerability

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #11
    Originally posted by andyprough View Post
    Are there any actual examples in the wild of anyone getting compromised via any of these vulnerabilities?

    Or is this simply the new performance tax we all have to pay for running a computer? Keeping in mind that performance taxes will cost you real money.
    You can avoid it and risk being an example in the wild; or, since the cat's out of the bag, err on the side of caution. The performance penalty after having your sensitive data stolen might be higher than taking precautions to avoid known vulnerabilities.

    Comment

    • #12
      Originally posted by azdaha View Post
      You can avoid it and risk being an example in the wild; or, since the cat's out of the bag, err on the side of caution. The performance penalty after having your sensitive data stolen might be higher than taking precautions to avoid known vulnerabilities.
      So basically, no. No one has ever been actually successfully attacked this way in the wild. And not a single news article from anywhere in the world with an actual example.

      Comment

      • #13
        Originally posted by andyprough View Post
        Are there any actual examples in the wild of anyone getting compromised via any of these vulnerabilities?
        If there are, and assuming they actually noticed it, they are keeping it secret for obvious reasons. You know, the most important thing is not getting sued, not actually keeping your data safe.

        If you ask if malware is actively searching for and has exploit payloads for Meltdown and Spectre, yes, like a month later. https://lifars.com/2018/02/researche...variants-wild/

        It's probably too soon for SpectreRSB, but it will be added to the roster.

        Comment

        • #14
          Originally posted by andyprough View Post
          So basically, no. No one has ever been actually successfully attacked this way in the wild. And not a single news article from anywhere in the world with an actual example.
          FYI lack of proof means "we don't know", not "it didn't happen".
          Security or even safety does not usually assume that all is fine until people die horribly, and then act only to prevent that from happening again, regardless of what the media makes it look like.
          Last edited by starshipeleven; 27 July 2018, 01:47 AM.
          • Likes 1

          Comment

          • #15
            Originally posted by AsuMagic View Post

            They have mitigations too, though..?
            Yes, but they're still behind Linux in this case.

            Comment

            • #16
              Originally posted by Djhg2000 View Post

              Depends on your use case. They all have different sets of features which yields different performance for different loads. You pick whichever performs best for you.
              No, they don't. I don't buy everyone's equal bullshit.

              Comment

              • #17
                Originally posted by Pawlerson View Post

                No, they don't. I don't buy everyone's equal bullshit.
                My point was the opposite; they're not equal.
                • Likes 2

                Comment

                • #18
                  Originally posted by AsuMagic View Post
                  They have mitigations too, though..?
                  I didn't find some authoritative source that states how and why and what I should check on Windows to confirm what is mitigated and what is not.

                  Comment

                  • #19
                    Originally posted by Djhg2000 View Post

                    My point was the opposite; they're not equal.
                    I think I've got your point, but I mean they're not equal in terms of performance (and your original point was they're optimized for typical workloads which doesn't really matter in the end). There's no performance related task where Linux will fail against FreeBSD or Windows. However, there are tasks where putting Windows or FreeBSD instead of Linux will be sub-optimal. When comes to features? Stop kidding.
                    Last edited by Guest; 27 July 2018, 12:29 PM.

                    Comment

                    • #20
                      Originally posted by starshipeleven View Post
                      I didn't find some authoritative source that states how and why and what I should check on Windows to confirm what is mitigated and what is not.
                      And if there's a need for recompiling every single application.. oh God, they're doomed! Furthermore, compatibility with old applications, compatibility with old windowses etc. etc. Fix all of this mess. They weren't even able to fix a single desktop icons bug for very long time. Some windows fanboys were screaming this compatibility and stable API are features. Yes, these 'features' introduce so many vulnerabilities it's not even funny (just kidding, it's very funny)!
                      Last edited by Guest; 27 July 2018, 12:34 PM.

                      Comment

                      Previous 1 2 3 template Next
                      Working...
                      X