Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,434
    Location:
    qld.au
    Again, well aware that there's still the possibility of finding more exploits. Again, still not aware of any which exist in the wild and the last round (Foreshadow) take significant efforts and the perfect storm to exploit (near impossible under typical cloud / VM envs). It's also trivial to detect someone trying the exploit, providing further mitigation.

    With the recent launch of the Cascade Lake gen Xeons, we'll start to see the possibility drop rapidly over the next 5 years. It won't be zero (and Intel only have a few quick fixes in hardware anyway), but it's simply not the massive threat everyone makes it out to be.
     
  2. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,273
    Location:
    Rocky
    Not sure that's the point. The point was, even with current mitigations and current vulnerabilities, data can still be extracted. That said, to my knowledge there still hasn't been an attack of this nature seen in the wild. I do wonder how anyone would even know if they had been affected by this though. If creds go walkabout I seriously doubt anyone's mind would go straight to spectre/meltdown etc.
     
  3. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,273
    Location:
    Rocky
    I know a lot of people have been curious, so just an update on the status of Mitch01. He's currently at 31000ft over Armadale.


    [​IMG]
     
  4. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,044
    Location:
    Brisbane
    As frustrating as he could be, I really hope he developed the confidence to actually implement some of the repeated suggestions on here and stopped making excuses.
     
  5. shredder

    shredder Member

    Joined:
    Dec 26, 2001
    Messages:
    11,406
    Location:
    Dec 27, 1991
    According to my in-depth research, he's now either a storm, an asian woman, or a shoe. My money's on the latter.
     
  6. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,270
    I suspect he still lurks, to make a triumphant return when the Bulldogs lift the premiership trophy sometime in 2030.
     
    GumbyNoTalent likes this.
  7. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,434
    Location:
    qld.au
    No, the point is that future exploits may exist, not that they're exploitable now.

    Every C program (ie 95% of Windows / Linux kernel etc) which copies data without checking the bounds is also susceptible to buffer overflow exploits as well, which can deliver you the same result. Should we panic and avoid all C/C++ programs as well?

    Or, should we simply assume that software written by humans will have some vulnerabilities from legacy code and therefore plan a patching regime to match? I know I'm firmly in the latter camp, I roll-out frequent updates to mitigate these sorts of things as they arise.
     
  8. wullieb1

    wullieb1 Member

    Joined:
    Jul 9, 2013
    Messages:
    446
    I just learned today that C++ and VB are scripting languages.
     
  9. DavidRa

    DavidRa Member

    Joined:
    Jun 8, 2002
    Messages:
    3,033
    Location:
    NSW Central Coast
    *Record scratch* wait, what? You can't just drop that kind of crap here on a Monday, then run away without explanation and exposition!
     
    2SHY and NSanity like this.
  10. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,273
    Location:
    Rocky
    I think this is where the hangup is. I'm clearly not an expert here, but from those who are I'm hearing that current mitigations are not completely effective. Ergo, they aren't completely mitigated. This is what I think Itsmydamnation was trying to get at.

    Assuming for a moment that they are though, in an area where it's clear there *will* be more exploits discovered, can you ever really consider it mitigated? I mean it's not like it's flash where you shake it and shells fall out, but then again flash is being killed off for it's sins.
     
  11. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    36,589
    Location:
    Brisbane
    Leave that basic water cooler chat for the actual water cooler, please. We're intellectuals here.
     
    Unframed and NSanity like this.
  12. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    12,080
    Location:
    Canberra
    anything is a scripting language if you're obtuse enough to write a script in it.

    today I'm writing a script in 8065 assembler (to copy some registers to memory so I can read them externally for debugging/logging).
     
  13. KDog

    KDog Member

    Joined:
    Jan 9, 2002
    Messages:
    248
    Location:
    ACT
    Isn't that just a subroutine?
     
  14. wullieb1

    wullieb1 Member

    Joined:
    Jul 9, 2013
    Messages:
    446
    Haha shit yeah its not Friday yet is it, ooops my bad

    New PD comes out with Scripting experience PowerShell, VB, C++

    I wouldn't use either for scripting but if that is what needs to be done then so be it :)
     
  15. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,270
    Hello fellow human
    how about that local team eh.
     
  16. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,434
    Location:
    qld.au
    They're absolutely 100% mitigated against all known attacks. If not, Google, Amazon, Microsoft and so forth would stop selling compute.

    Again, same as my previous examples. Not all of the C code has been 100% protected against buffer overflow exploits. Is they sky falling? No. Does patching one overflow fix all instances? No! Can future programs learn from this and either use a language (eg Rust) with inbuilt memory safety? Yes. Can Intel add further protection in hardware against these style of attacks? Absolutely... and already are.

    Speculative Execution has broadened the potential for threats, but nothing to panic about if you have a decent patching regime.
     
  17. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,270
    Citation needed.

    There have been guest to host in the past, and will be more in the future, across all hypervisors. and at no point have any of any of the cloud providers stopped selling.
     
  18. Unframed

    Unframed Member

    Joined:
    Mar 30, 2010
    Messages:
    9,058
    Location:
    Hella south west
    Could be why he still hasn't fixed his backups.
     
    NSanity likes this.
  19. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    36,589
    Location:
    Brisbane
    Would rather discuss gravitational waves and their effects on spacetime. So I do, and drive the sportsball people far, far away.
     
    cvidler and NSanity like this.
  20. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,434
    Location:
    qld.au
    All the majors get advanced warning before there's any public announcements and hence they're patched in advance. This is _why_ they've never stopped selling, they already had their shit patched and mitigated before the public announcements.

    Even the smaller guys worked rapidly together to get patches out and ensure everything was patched as quickly as possible: https://techcrunch.com/2018/01/06/h...d-together-to-cope-with-spectre-and-meltdown/
     

Share This Page

Advertisement: