Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.
I ran it in Internet Explorer--all "unclear." That's the desired result, I guess.
re do with version 1.0.4 so for meltdown is patched,for spectre no because of microcode
The website test doesn't show if your computer is vulnerable or not!!
Note this comment:
So it looks like I'm good, yes? no?
I don't know Safe Money, but I have some recomendations.
If one want to login into bank account I would recommend following steps to mitigate risk of leaking cookies (aside NoScript) by Spectre attack.
1. Exit browsers
2. Run browser again (it may be Safe money), but with only one tab: your bank login page.
3. Don't open any other tabs until you complete transaction.
5. Go to "about:blank" page. Delete cookies (Ctrl-Shift-Delete shortcut)
Of course update your firmware (or other way to update microcode), OS, browser and other apps and follow other trustworthy recommendations to mitigate Spectre.
Machines here also read as still "vulnerable" to Spectre but I'll wait for Lenovo to issue the mitigation for that. So far, there is none available but reportedly it's not as dire as Meltdown. I made certain to apply every chipset, BIOS and firmware update via Lenovo, as well as the Windows kb4056892. Unless Intel provides replacement CPUs (yeah right), that's the extent of it, applying all available software and firmware mitigations.
What does this mean?
Website test doesn't show anything about your computer. Use SpecuCheck instead.
But can it also be made permanent? Or does the OS have to load it at every boot?
From the context from Linux kernel docs and VMware tool for Windows I infer that it must be loaded every time CPU is powered down.
1. Shutdown, then turn on -> needs to be loaded again
2. Reboot -> needs to be loaded again
3. Sleep -> probably needs to be loaded again
I assume this means via the processor driver. Somewhat shown by prior posting of VMWare driver doing likewise.
Also an interesting point in regards to the VMWare driver installation instructions:
This implies the following:
1. The VMWare driver only supports Intel firmware updating.
2. You can update an AMD processor microcode with an Intel firmware update?
It isn't permanent. Its loaded into the kernel using a driver on startup up. If you boot some other OS (say a recovery drive) the CPU microcode version stays at the level of the BIOS/UEFI code.
This can be done using the VMware Microcode Update Driver. I don't know of another way to do it.
If you go down this route and subsequently get a bios update you can easily uninstall the driver.
At the moment though Intel haven't released an appropriate "microcode.dat" file to mitigate these bugs, though binary microcode data has been issued to some manufacturers and linux distros.
They will probably update this file for older linux distros at some point, then the file can be downloaded (it's the linux file that is used, even for windows). If they don't update the file it will be because
they would rather people buy new systems/CPUs so we'll see.
No both are supported. To install AMD microcode you need the AMD microcode file and an "empty" intel microcode.dat file.
The installer checks both files are present but only installs the right one for your system. This is crazy and lazy code but it does work. You can hack the install.bat script and make one that's specific to your CPU type if you know what you are doing.
What Didier Stevens wrote to me:
In case anyone here has any suggestions re recurrent BSOD since KB4056892 ...
I also get the same layout with XP.
Almost certainly not vulnerable CPU.
For more info on your CPU:
what if you have (like ive had for years ) a separate firefox profile for banking. no other site has ever been loaded in that profile
I have anonymus browsing so The browser doesn t Save cookies or site cache, si correct?
@Mister X previously posted KB4058702 needs to be installed prior to KB4056892. I did install KB4056892 first and didn't have any issues. But I also have an AMD processor that might be the reason their are no issues. In any case and to play it safe, I uninstalled KB4056892 and then reinstalled it.
Ref.: http://windowsreport.com/kb4056892-issues/ - appears you are far from alone.
By default it saves, but it deletes it sooner. You probably would not login into bank account with cookies completely disabled.
My primary point is: don't use more than one tab in browser (like in old days when there were not tabs in browsers) if you are doing something that needs extra security such as logging to bank account.
You can also have separate Firefox profile for profiles as porrkanon said. In that approach you could even whitelist bank domains , but I didn't do that, so I don't know whether there is such addon for whitelisting.
Owners of an ASUS motherboard can have a look at the following page to see if a BIOS update is available:
ASUS Motherboards Microcode Update for Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
January 5, 2018
Guess my Asus P8Z77-V LK Motherboard is boned eh?
I just thought, this is a genius idea to sell new hardware.
Now that the 3letters other ways to know everything.
These "flaws" don't need to be kept secret.
Usually this warning means the system is not protected regarding the instructions on the site:
I had the same error before I applied the patch for 8.1 x64.
Now I am seeing this:
and I am waiting for the microcode update.