Re: Intel Microcode updates
that you will be save from arbitrary code execution. I am using
Thunderbird as an email client and it has the same intrusion problem as
problem does to my believe more relate to common vulnerabilities like
which is of course an additional security risk. As long as the code base
is changing rapidly and as long as new arbitrary code execution problems
are discovered from time to time you are not save. The speed new bugs
are moved in is simply higher than the speed by with some of the old
bugs are corrected for browsers like Chromium or Firefox (I would not
trust software from Google anyway as it is part of the empire of
'evil'.). Intelligence services usually use zero days exploits for which
there is no known mitigation. If you wanna be save on a computer do not
use an email client or web browser; at least not if it can connect to
sites spoofed by secret services. To avoid connecting to a 1:1 mirror
site of an intelligence service we would need an improvement of https
certificate management like f.i. DANE provides. There are many rogue
certificates issued for intelligence services out there and restricting
your browser to use https does not help.
Am 11.06.19 um 21:09 schrieb Andrew McGlashan:
-----BEGIN PGP SIGNED MESSAGE-----
On 12/6/19 3:16 am, Holger Levsen wrote:
On Wed, Jun 12, 2019 at 03:05:13AM +1000, Andrew McGlashan
Exploiting the flaws needs malicious code to be running on your
box. If you are in total control over all VMs and processes
on the box, then you should be good.
Good point, yes that is another risk.
Actually though, if you update your browser to lessen the granularity
of time that the exploits require, it might not be an issue. So,
don't run an out of date browser.... is that enough?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----