Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think there still aren't any spectre/meltdown attacks, just proof of concepts. On my home PC I might deactivate mitigation since I rarely execute unknown code. On the other hand CPU power isn't really a bottleneck for me.

It is a memory leakage problem and in the world of today with apps stealing info left and right, I am almost unsure if I should care about it that much. Maybe attackers might be able to steal a key here and there, but I managed to stay quite cool when the architectural flaws were published.

I believe I saw a demonstration about the M1 not being affected by these side channel attacks, but I have no source.



Is it possible to attack via JS/WASM through the browser? That's pretty much the only unknown code I am running.


In theory, yes, it should be possible.

But I don't think anybody managed to, due to the amount of noise the browsers sandboxes add into the necessary syscalls.


That's not true at all. Some of the first proof of concept attacks were done in JS.

Now the question would be are those attacks still viable given the additional hardening browsers have done independent of the kernel mitigations?


That is why I got NoScript when the attacks were discovered

Although many pages do not work with it, so I disable it quite often

I wonder if it is possible to activate the mitigations only for the browser?

Or only for one user? I have created a separate user for the browser, so it cannot change my actual files




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: