On Tue, Jan 9, 2018 at 1:24 PM, Ted Roche tedroche@gmail.com wrote:
On Sun, Jan 7, 2018 at 5:27 AM, AndyHC andy@hawthorncottage.com wrote:
Having read El Reg's pretty good article [ http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ ] I would just take issue with the suggestion that the vulnerability could be breached by Javascript (malign code in e.g. a jpg maybe, but not just javascript in a browser).
Thanks for the reference. Linux machines were all updated Friday, Windows machines under my supervision Friday and again Saturday. Client LAMP boxes onsite were updated Friday, and VPS machines still seem to be getting updates. Rebooted Friday and again Sunday afternoon.
And my hosting provider (Linode, good experience) has updated their host machines, requiring another very brief restart on each of my hosted boxes.
If you've got a home PC don't worry about state-level actors - if they want you they'll get you. Oh but don't let your browser remember important passwords, and try to remember to switch off each time after doing your online banking.
And... right on time: "Windows Meltdown and Spectre patches: Now Microsoft blocks security updates for some AMD based PCs:" "Microsoft has paused nine operating system security updates after complaints that they rendered some AMD PCs unbootable."
http://www.zdnet.com/article/meltdown-and-spectre-now-microsoft-blocks-secur...
And, apparently, security never sleeps, as Microsoft released an updated advisory on Friday night (~5 PM Seattle time, hmmm...) that it was okay to patch AMD machines again.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Perhaps I'll wait a while on this one, and find out how it works for others...