k0nr4d

https://meltdownattack.com/
2 exploits in intel/amd/arm cpus. Most linux distributions already have patches (albiet that slow down the system a bit).

I wouldn't want to be a VPS provider right now

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

Paul&John

As far as I know meltdown works only on Intel.. the second one - spectre is for all three.

__________________
Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

k0nr4d

Correct. I'm surprised no one is talking about this on here - it's literally the largest security hole ever.

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

freecartoonporn

ha jokes on INTEL , i use AMD,

who knows, how many reputable apps have already stolen shotloads of data., and this day data = money.,

__________________

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

Phoenix

Fix yet?

__________________
Skype Phoenixskype1
Telegram PhoenixBrad
https://quantads.io

Paul&John

Nah first the Intel CEO had to sell some of his stocks before it hit the news

https://www.cnbc.com/2018/01/04/inte...ity-flaws.html
Intel CEO Brian Krzanich sold off a large chunk of his stake in the company after the chipmaker was made aware of serious security flaws, according to multiple reports

__________________
Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

Bladewire

"2 exploits in intel/amd/arm cpus"

Sarn

And how fix it?

k0nr4d

Meltdown via software patches that slow down cpu 5-30%. Spectre supposidely unfixable.

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

GAMEFINEST

Sell them stocks..

__________________
Compound interest.

deonbell

How do computer get the aids? Not remotely attack like heart bleed? Not by visiting website?

Maybe have to put exploit on executable? Put code with a bejewdled game then bad guy gives computer aids and reads your password?

__________________

shake

Pretty crazy right. It won't really effect home users much but it's going to be a big problem at the server level.

__________________
Crazy fast VPS for $10 a month. Try with $20 free credit

k0nr4d

Spectre is executable via javascript.

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

deonbell

Hmm, Note just Node.js problem? Look like possible to escape browser sandbox? Ignore Same Orgy Policy on websites.

https://www.react-etc.net/entry/expl...via-javascript

__________________

rowan

I was wondering the other day if a major crypto exchange I use is "in the cloud", and if so, what that may mean for security.

My mild concern becomes more serious after learning of these new attack vectors, considering that it may be possible for another customer to access arbitrary memory on the same host. To steal funds from a Bitcoin address all you need is a 32 byte private key.

rowan

To elaborate further: that is really all you need to steal someone's Bitcoin balance. You don't need to be able to control the victim's computer/VPS in any way, nor do you need access to the file system. You just need to grab those 32 bytes of private key (for each address) from the victim's (running) Bitcoin client, then import them into your own wallet. The victim no longer has control of the funds once you move them to your own address.

You don't even need to know if any given 32 byte string is a Bitcoin key. You can just import it and let the client figure out if it owns any funds.

sandman!

This only applies to someone that?s running bitcoin on a vps/cloud server which is less then 1% of users

__________________
Need WebHosting ? Email me for some great deals [email protected]

rowan

How many exchanges do you think run on bare metal? I bet a lot of them rely heavily on cloud instances in order to scale.

Consider also that even a dedicated server could be attacked via another vector. A process which is running chrooted/jailed, such as a coin daemon, could be examined by an exploit in another part of the server.

sandman!

Yes it?s possible but there have always been exploits un known out there I have a system that has kept me and my customers safe for along time that I won?t be posting here 🙃

__________________
Need WebHosting ? Email me for some great deals [email protected]

k0nr4d

I think most of them are running on bare metal, with CDN's in front. Bittrex is behind cloudflare. Cloudflare would be vulnerable, and it acts like a proxy for requests between you and bittrex. Besides that, this could be used to steal google authenticator tokens for the two-factor logins on sites.

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

rowan

This page has a good technical-but-not-excessively-technical explanation of how the attacks work. It's on the Raspberry Pi site but it's not really Pi specific.

https://www.raspberrypi.org/blog/why...e-or-meltdown/