Go Back   Web User Forums > Security > Security & Privacy Help and Discussions

Reply
 
Thread Tools Search this Thread Display Modes
  #21  
Old 05-02-18, 18:06
Sneakybeaky's Avatar
Sneakybeaky Sneakybeaky is offline
Passionate member
 
Join Date: Aug 2012
Location: Gosport Hants
Posts: 1,212
Default Re: Computer Actives Meltdown test.

The workspace for a program only exists in RAM whilst the program is running. It is transient. When the program is closed it should release the RAM that it was using, the data will be lost, and other programs can use the space. A running program should have exclusive use of it ‘memory’ whilst it is running. No other running program should be able to access the memory of another. This has been found to be possible under certain circumstances, hence the panic and the look for fixes.
__________________
Contrariwise,continued Tweedledee, if it was so, it might be; and if it were so, it would be: but as it isn't, it ain't. That's logic.
Reply With Quote
  #22  
Old 05-02-18, 21:56
george29 george29 is offline
Familiar face
 
Join Date: Aug 2017
Posts: 90
Default Re: Computer Actives Meltdown test.

Hello,

For those of us who are not as technically blessed...

With so much web chatter about these problems it was good to come across this link which gives the current state of affairs.

It also has a link to this little utility by the respected ( shields up) Gibson Research to see if you are protected.

http://www.tomshardware.co.uk/forum/...egathread.html
Reply With Quote
  #23  
Old 05-02-18, 22:58
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,649
Default Re: Computer Actives Meltdown test.

Thanks for the link.

I was protected against Meltdown but not Spectre on this Intel based machine and it said my performance was slow although I hadn't noticed any difference, but I downloaded InSpectre and disabled Meltdown protection and will see if there's a noticeable improvement in performance after a reboot.
Reply With Quote
  #24  
Old 05-02-18, 23:02
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,649
Default Re: Computer Actives Meltdown test.

Quote:
Originally Posted by Sneakybeaky View Post
The workspace for a program only exists in RAM whilst the program is running. It is transient. When the program is closed it should release the RAM that it was using, the data will be lost, and other programs can use the space. A running program should have exclusive use of it ‘memory’ whilst it is running. No other running program should be able to access the memory of another. This has been found to be possible under certain circumstances, hence the panic and the look for fixes.
So you would only be vulnerable while logged into sensitive sites and therefore no need to clear the memory after logging out ?
Reply With Quote
  #25  
Old 06-02-18, 00:37
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 47,851
Default Re: Computer Actives Meltdown test.

Quote:
It also has a link to this little utility by the respected ( shields up) Gibson Research to see if you are protected.
I had already posted about InSpectre in this forum here:

InSpectre from GRC - Web User Forums
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
  #26  
Old 06-02-18, 08:18
Sneakybeaky's Avatar
Sneakybeaky Sneakybeaky is offline
Passionate member
 
Join Date: Aug 2012
Location: Gosport Hants
Posts: 1,212
Default Re: Computer Actives Meltdown test.

Quote:
Originally Posted by Cantrel View Post
So you would only be vulnerable while logged into sensitive sites and therefore no need to clear the memory after logging out ?
Quote:
These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
https://meltdownattack.com/
__________________
Contrariwise,continued Tweedledee, if it was so, it might be; and if it were so, it would be: but as it isn't, it ain't. That's logic.
Reply With Quote
  #27  
Old 06-02-18, 09:12
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,649
Default Re: Computer Actives Meltdown test.

Then I suppose it depends on what people are using on their computers for their passwords.
Reply With Quote
  #28  
Old 06-02-18, 10:15
george29 george29 is offline
Familiar face
 
Join Date: Aug 2017
Posts: 90
Default Re: Computer Actives Meltdown test.

Hello,

Think the best way for safety is to ensure that for key banking sites that they use some form of 2FA that generates a one time unique code, so even if these bugs did copy things it would still be useless to them , .... correct ?

We questioned one 'bank' about their log on procedure as it was rather basic with no real unique codes etc, the operator fell off his chair, saying we were the first people to ever mention that, usually their customers say their log on is too complicated .

Speaks for itself , we think !!
Reply With Quote
  #29  
Old 06-02-18, 11:09
Sneakybeaky's Avatar
Sneakybeaky Sneakybeaky is offline
Passionate member
 
Join Date: Aug 2012
Location: Gosport Hants
Posts: 1,212
Default Re: Computer Actives Meltdown test.

Quote:
Originally Posted by george29 View Post
Hello,

Think the best way for safety is to ensure that for key banking sites that they use some form of 2FA that generates a one time unique code, so even if these bugs did copy things it would still be useless to them , .... correct ?
!
The devastating nature of these two exploits is that they may be able to read the ‘memory’ of a running program. At some point your password is in that memory in plain unencrypted form. IF the exploit is running at that moment it does not matter how you have encrypted it and save to to your harddrive.
__________________
Contrariwise,continued Tweedledee, if it was so, it might be; and if it were so, it would be: but as it isn't, it ain't. That's logic.
Reply With Quote
  #30  
Old 06-02-18, 11:55
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,649
Default Re: Computer Actives Meltdown test.

I wonder if going to sensitive sites in Safe Mode with Networking would be a counter ?
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Search the forum

Search

© Dennis Publishing Limited Licensed by Felden





All times are GMT. The time now is 05:32.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright Dennis Publishing 2010, All rights reserved