Originally posted by linuxgeex
View Post
Announcement
Collapse
No announcement yet.
Google Publishes "Leaky.Page" Showing Spectre In Action Within Web Browsers
Collapse
X
-
Originally posted by carewolf View Post
Intel and Apple.
Only thing that makes spectre hard to exploit is Firefox because of low precision timers. On firefox only 1st test can be somewhat succesful (but at much higher tries) while 2nd/3rd test for me was impossible. Edge/Chrome fail both on AMD 2nd and 3rd test.
Also if on Firefox you decrease furthermore precision of timers, you gonna make attacks reliant on performance.now() timer impossible unless you give literally hours of probing.
- Likes 4
Comment
-
Originally posted by elatllat View PostTurning on mitigations would be cheaper, safer, faster, cooler, and quieter.
(personally I also have spec_store_bypass_disable=on)
- Likes 1
Comment
-
Originally posted by linuxgeex View PostMy bank for example invites 14 3rd party script hosts to my banking login page. Any one of them can snoop my credentials. Scriptsafe will make it very plain to you where 3rd party scripts are in use.
(I'm kidding, but someone out there might be doing just this...)Last edited by ed31337; 12 March 2021, 10:26 PM.
- Likes 2
Comment
-
Originally posted by elatllat View Post
Turning on mitigations would be cheaper, safer, faster, cooler, and quieter.
- Likes 1
Comment
Comment