From: Mayayana <mayayana@invalid.nospam>
Subject: Re: Your computer will be slllowwwwing dooowwwnnnnnn....
Full headers:
Path: news.netfront.net!goblin2!goblin1!goblin.stu.neva.ru!eternal-september.org!feeder.eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: "Mayayana" <mayayana@invalid.nospam>
Newsgroups: rec.photo.digital
Subject: Re: Your computer will be slllowwwwing dooowwwnnnnnn....
Date: Sun, 21 Jan 2018 10:27:24 -0500
Organization: A noiseless patient Spider
Lines: 71
Message-ID: <p42bh5$qrr$1@dont-email.me>
References: <8e70b980-876c-4911-b43a-86bc976726cc@googlegroups.com> <p3qk14$e58$1@dont-email.me> <e3b9e67a-71a6-4a1b-b3e2-df3b9f36b25d@googlegroups.com>
Injection-Date: Sun, 21 Jan 2018 15:27:33 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="4cbefde860c9bef9ebbd819598519db3";
logging-data="27515"; mail-complaints-to="abuse@eternal-september.org";posting-account="U2FsdGVkX1+b7gXy689WavTrlVng5CWga3fFdNfaRkk="
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
Cancel-Lock: sha1:MssKC+5/4AfXEosq+YAuWXHjPJg=
X-Priority: 3
X-MSMail-Priority: Normal
Print Article
Forward Article
"RichA"<rander3128@gmail.com> wrote

| I switched to AMD when the 386DX-40 came out.  But other devices have 
Intel in them besides home computers so you may have one and not even know 
it.
|

  You haven't bothered to answer my question, but
I've been trying to keep up on this issue. It turns
out you're right:

https://www.techarp.com/articles/intel-amd-arm-cpu-bug-4/

   That site even lists known CPUs at risk. With
Apple it's pretty much everything. Android doesn't
seem to be much better.

  That adds a whole new wrinkle. For anyone
on a computer, especially using AMD, the actual
risks are very slight: An attacker has to go
through a browser, or similar Internet-connected
software, or be installed. Installed software can
already access data, so the real issue is script
in the browser or malware. Script can be
limited. Malware is already a risk. And browsers
are being updated.

  Even if you allow script and get attacked, there's
very little risk. An attack on AMD can only read
random memory from other programs. An attack
on Intel can read all memory, but there still has
to be something worth reading.
   So a running password manager with your banking
password might have a longshot chance of giving
up that password.

 On the other hand, even if you're reckless enough
to do online banking, what nut would put that
password into a password manager? There is a
tiny chance that your credit card number could
be stolen if you shop with multiple browser windows
open. Don't do that. There's no need.

  So the actual risk is very small, and very tiny
for people who pay any attention to security.

  But on a phone.... If you shop and store lots
of sensitive data on your phone that risk is more
realistic, mostly because it's so hard to control
access to your phone. Mal-apps have become a
big problem. Non-mal-apps are still often spyware
because they're ad-supported. The system is a
sieve.
  On the other hand, if you're giving out your
current location to every Tom, Dick and Harry
app maker now, what info do you have that
you consider sensitive?

   Maybe the moral of this story is don't shop
or bank from your phone. In other words, common
sense.

  You have to remember context in general. A
"smart" door lock? It might be vulnerable, but
there's nothing there to exploit it. A "smart"
frig? Again, it's running alone. Even if such an
item could be exploited, will Chinese hackers
profit by knowing you're low on mayo? This is
not a takeover bug. It's a data stealing bug.