Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

New hardware-agnostic side-channel attack works against Windows and Linux

Post Reply
User avatar
colin_b
Forum Regular
Forum Regular
Posts: 551
Joined: Sun Mar 19, 2017 7:21 pm

New hardware-agnostic side-channel attack works against Windows and Linux

#1

Post by colin_b » Wed Jan 09, 2019 7:30 pm

https://www.zdnet.com/article/new-hardw ... and-linux/
The research team, which includes some of the brightest minds in IT security, including some of the people behind the Spectre/Meltdown vulnerabilities, have contacted OS vendors prior to disclosing their findings.

Microsoft has already fixed the way Windows deals with page cache reads in a Windows Insiders build, while discussions on how to deal with Linux patches are still ongoing. Both OS teams are expected to fix the issues at the heart of this side-channel attack in the future.

User avatar
BitJam
Forum Veteran
Forum Veteran
Posts: 3347
Joined: Sat Aug 22, 2009 11:36 pm

Re: New hardware-agnostic side-channel attack works against Windows and Linux

#2

Post by BitJam » Wed Jan 09, 2019 8:35 pm

Note to self: should add microcode to the live systems.
Will I cry when it's all over?
When I die will I see Heaven?

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 19864
Joined: Fri Dec 15, 2006 8:07 pm

Re: New hardware-agnostic side-channel attack works against Windows and Linux

#3

Post by Stevo » Wed Jan 09, 2019 10:51 pm

Good thing is that a kernel patch should fix that. They also said that malicious code has to be running on the system first, which could be browser javascript, I guess. But then you already have problems anyway with that code on your machine.

Sounds like a good case for browser sandboxing, too.

User avatar
manyroads
Forum Guide
Forum Guide
Posts: 1761
Joined: Sat Jun 30, 2018 6:33 pm

Re: New hardware-agnostic side-channel attack works against Windows and Linux

#4

Post by manyroads » Wed Jan 09, 2019 10:59 pm

@stevo has anyone here published guidance on recommended sandboxing in MX. I tried firejail in the past with some success. The problem I had was with browsers; the default browser was not accessible from Thunderbird. Thunderbird had other problems.
Pax vobiscum,
Mark Rabideau - http://many-roads.com - Reg. Linux User #449130
bspwm MX-18.3 kernel: 5.1.11-antix.1-amd64-smp
"For every complex problem there is an answer that is clear, simple, and wrong." H. L. Mencken

Post Reply

Return to “Software / Configuration”