Off-Topic > Off-Topic - Tiny Core Lounge
Meltdown and Spectre Vulnarablity
Pats:
From a common small users POView, is Tinycorelinux Safe and Secure from Meltdown vulnarablity ?
What I know abt it is :
Meltdown and /or Spectre exploit can access any kind of priviledged data like pwords, emails, personal info in memory which only a CPU processor can have access while executing low-level instructions.
Ordinarily, the mechanisms described above are considered secure. They provide the basis for most modern operating systems and processors. Meltdown exploits the way these features interact, to bypass the CPU's fundamental privilege controls and access privileged and sensitive data from the operating system and other processes.
One can say that the data that is mapped in virtual memory (much of which the process is not supposed to be able to access), and look at how the CPU responds when a process attempts to access unauthorized memory. The process is running on a vulnerable version of Windows, Linux , or MacOS, on a 64 bit processor of a vulnerable type. Unfortunately this is a very common combination across almost all desktop computers, notebooks, laptops, servers and mobile devices.
1) Is it solvable at TCL lvl or at Linux Kernel level from Mr. Linus T ?
2) Does it affect only 64-bit OS or 32-bit is also vulnarable ?
3) Should we worry as of now ?
Just curious !
curaga:
TC is just as vulnerable as every other OS.
figosdev:
Alex Oliva, the author of Linux-libre, is working on an article explaining why these vulnerabilities arent a real threat to people who only use free software.
Ive shared my own scepticism about this; he and I have spoken back and forth about it, and it is at least worth a read. I dont know if hes published it yet, Im just passing word along.
I dont take vulnerabilities lightly; personally I think it is going to become increasingly impossible to be secure without libre hardware, and Olivas article is moot if you dont whitelist javascript on websites. It is important to consider his point however, if you are one of those people who consider non-free microcode patches a problem. Obviously, most people do not; for those who do, this is important. "Do we need these patches (to be secure) or not?" I hope he publishes soon, so his points can be reviewed by more people.
Pats:
--- Quote ---Alex Oliva, the author of Linux-libre, is working on an article explaining why these vulnerabilities arent a real threat to people who only use free software..
--- End quote ---
On a lighter vein , the obvious reason - why it is not a real threat to majority of free software user .. , may be beacuase there seems to be no attraction for hckers for any monetary gains !
... By the way , have read somewhere that , Qubes OS has been approved by NSA whistleblower Edward Snowden for security features ! ... Wonder , what is so special about Qubes features , that is not posible or present in TCL !!
vinceASPECT:
Hello there,
Well it's interesting ......the Intel patches and so forth stop it. Although, this is an extremely extremely extremely old flaw (perhaps oceans of Ex's really).....they'v always known about it. Therefor it has existed for an extremely long while....and indeed masses of multiples of times over (it could have been discovered........ but never was)......exponentially oceans of them.
you must also apply that adage above.....to......... well .........how much dissemination of the bugs has taken place....?..... .and maybe in another (ocean of dinosaurs later)......people will discover how to gather (Spectre/Meltdown) dust while the hardware world has all moved on.
That is mostly what people know.
Remember KEY LOGGER thumb plugs.....?......that's a whole computer, designed for it's purpose which is a reality......don't people think about what "could" happen if you don't understand how nothing ever did happen.
The real scenario to consider, is the world of it and e-commerce wanting re-compense for service and hard/w agreements as to them being pursuing a compensation model.
V
Navigation
[0] Message Index
[#] Next page
Go to full version