Re: Intel Microcode updates

To: debian-security@lists.debian.org
Subject: Re: Intel Microcode updates
From: Rob van der Putten <rob@sput.nl>
Date: Thu, 20 Jun 2019 14:31:43 +0200
Message-id: <[🔎] qefubf$4hc4$1@blaine.gmane.org>
In-reply-to: <[🔎] fe685278-efd7-0e70-6532-a7899ad1fe18@affinityvision.com.au>
References: <[🔎] 3261648.SxaLSeNWXX@xev> <[🔎] 20190611021914.eiq2ins57wlj3x6l@khazad-dum.debian.net> <[🔎] 08981663-1152-cbbd-7ca9-c3a5c4db846c@affinityvision.com.au> <[🔎] 20190611171632.wjp4a43bvi6xol6e@layer-acht.org> <[🔎] 105b058c-95d6-6792-6b05-5f7ee8e64d3a@affinityvision.com.au> <[🔎] 990ae84a-a151-b624-6f7d-08eab5366bfb@affinityvision.com.au> <[🔎] 75078b0e-a3ce-6ac0-ee73-b00a012b3831@gmail.com> <[🔎] fe685278-efd7-0e70-6532-a7899ad1fe18@affinityvision.com.au>

Hi there


On 18/06/2019 20:21, Andrew McGlashan wrote:

It doesn't have to be JavaScript, it can be ANY scripting.


Or any code.
The whole idea of running software you don't know anything about is insane.

 When it
comes to an updated browser, the exploit relies upon very precise
timing differences between operations -- if the browser won't report
timing with enough precision, then the exploit cannot work reliably if
at all (probably not at all).

Now as for TB, well, one would hope (I don't now the answer), that
they too have implemented the same fixes that Mozilla made for Firefox
to thwart the success of an exploit as well, ie have timing being less
granular to be able to perform the exploit.

Anyway, if the CPU microcode can be attained for the older CPUs, then
the licensing issue with Debian providing it is no longer a concern (I
believe).  Refer https://01.org/mcu-path-license-2018


My CPU isn't even in the list of non-supported CPU's.
In Thunderbird I have JavaScript off. _ALWAYS_!

I Firefox it's off most of the time. It's only on with companies I knowand trust. I have been doing things this way for decades.On top of that my Squid proxy server has a redirector with DNS-basedblacklists (RBLs): If a website is known to have a leaky CMS it'sreplaced with a transparent GIF.



Regards,
Rob

Reply to:

References:
- Intel Microcode updates
  - From: Russell Coker <russell@coker.com.au>
- Re: Intel Microcode updates
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Intel Microcode updates
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Intel Microcode updates
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Intel Microcode updates
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Intel Microcode updates
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Intel Microcode updates
  - From: Elmar Stellnberger <estellnb@gmail.com>
- Re: Intel Microcode updates
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: Intel Microcode updates
Next by Date: Re: Intel Microcode updates
Previous by thread: Re: Intel Microcode updates
Next by thread: Re: Intel Microcode updates
Index(es):
- Date
- Thread