undefined | Better HN

0 pointsrurban8y ago0 comments

Not against Spectre, which can extract any memory via javascript or user applications. Eg your secret keys or passwords

0 comments

Spectre is a much more serious bug I feel, but it requires the VM to run the malicious code snippet inside itself and with the right context, not from other guest VM, that is how I understand this. The kinda bug that would totally destroy cloud as a business is the one that other guest VM can read your memory...which doesn't seem like to be the case, for now...

rurbanOP8y ago

Spectre is mostly about JavaScript extracting keys and passwords from the browser process. Install their ChromeZero extension for a start.

Meltdown on the other hand can do everything. But only on Intel.

j / k navigate · click thread line to collapse

0 comments

oh-kumudo8y ago

rurbanOP8y ago

Spectre is mostly about JavaScript extracting keys and passwords from the browser process. Install their ChromeZero extension for a start.

Meltdown on the other hand can do everything. But only on Intel.

j / k navigate · click thread line to collapse