The real question will be: did any government org (US, China, Russia) know about this before hand, and will they find any exploits using this out in the wild?
4 Likes
SGI should have never sold MIPS.
2 Likes
I still have my Amiga!
I wonder if I can get firefox to run on it.
4 Likes
Provided you’re happy to travel also back in time to Firefox 4.0 - http://www.os4depot.net/index.php?function=showfile&file=network/browser/timberwolf.lha
3 Likes
That’s a very laid back development schedule.
TenFourFox is still useful to those of us running PowerPC Macs:
http://www.floodgap.com/software/tenfourfox/
3 Likes
Man, I guess I need to break the A4000 out.
It still has a Video Toaster and Flyer.
6 Likes
It looks like at least some MIPS designs also have speculative execution and might be vulnerable.
It probably isn’t a good sign that I can’t find any mention of someone actually bothering to check; especially as you still do run into it occasionally; typically skulking around in the same sort of places where PPC hangs out(another one that might also be vulnerable; but does not seem to be the focus of much attention),
1 Like
The malware author would have to custom tailor their exploit to the CPU, right? So vintage computers will be effectively immune since no cybercrooks are going to waste time custom tailoring an exploit to them.
2 Likes
distraction will kill something dead somewhere
Easy fix: just unplug tty0. Kids these days, eh?
1 Like
This is just a scam by the new quantum computer sector!
Make us all scared of our classical pcs.
1 Like
Professionally speaking I’m much happier with my infrastructure being entirely cloud based. I work with both Amazon and Google and both organizations are handling the issue marvelously. Most IaaS providers have heavily modified kernels and are way more secure than any other server in Ludite Co.'s data center managed by Bill with his M.S. from RIT.
Security is literally all cloud providers do. Google actually discover the vulnerabilities and have patches and protections across every service they offer and have for over a month. They’re IaaS structure is uniquely designed to deal with this particular type of issue.
AWS and Azure aren’t far behind. AWS is just older and a bit more complicated so they should have it completely closed soon. Azure just needs so users to fix thier own things but is otherwise good.
2 Likes
Any thoughts on whether this is connected?
12 Likes
I’m gonna say a big, fat “YES IT IS!” to that.
Here’s all I need to connect it:
6 Likes
So how much of the money that Brian Krzanich obtained from those stocks is going towards lawyers to keep him out of prison for insider trading?
Maybe he is regretting cancelling that fundraiser for Trump now, it would have come in handy for getting a presidential pardon.
3 Likes
Is there some toolkit
Bro1 does a good job, as an open source solution. It takes some configuring, but you can set it up to email or page you, or whatever, on “events”, so no, you don’t have to sit there and watch it all day.
There are some script here that do heuristic exfil detection:
https://github.com/reservoirlabs/bro-scripts/tree/master/exfil-detection-framework
There is also Security Onion2, for the less do it yourself oriented. (Too “Swiss army knife” for my tastes.)
That being said, data exfil is of course, only one of your worries with a vulnerability like this.
1: Named as a reference to “big brother” from Orwell, they are planning a name change due to the unfortunate connotations with “bro culture” now.
2: Also uses Bro
3 Likes
There are a couple of mitigating factors that mean it probably won’t get to quite that point. A lot of data center applications will be constrained by disk or network I/O, rather than CPU performance, so the patch may make servers run hotter without affecting overall performance. And, if a server is only running code installed by admins, it might be an acceptable risk to just not patch those servers; if you patch your NAS or proxy server, you’re still depending on attackers not being able to run code on that server anyway, i.e. it’s like changing the lock on a lockbox inside a bank vault.
1 Like
I have to say that one bit of excellent advice my father gave me was “never speculate”.
1 Like
