From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-181778-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 333CD1382C5
	for <garchives@archives.gentoo.org>; Thu,  4 Jan 2018 12:21:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 92DFDE085E;
	Thu,  4 Jan 2018 12:21:07 +0000 (UTC)
Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com [IPv6:2607:f8b0:4003:c0f::244])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 345EEE07C7
	for <gentoo-user@lists.gentoo.org>; Thu,  4 Jan 2018 12:21:07 +0000 (UTC)
Received: by mail-ot0-x244.google.com with SMTP id p31so1158224ota.4
        for <gentoo-user@lists.gentoo.org>; Thu, 04 Jan 2018 04:21:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=+zw3P3zQtyuBhUh/O+Oq779oFLnGu5lAhME4Y42BDrE=;
        b=aj7TiO0Lc1716IFBS8ZsCO0KJoJzznm13nkbntb78K8PL4ESaXvV9f/X4E+RQDZbQ2
         9VZRq8wvVBMlUQOBvHoNxWkjhylHa/Sx1Qo1QlRSICeTTPbPlsI2lCF+NsWQ7Gh7ehrP
         sc/RWcLxJXFJJSAW3E1H/GcTLhXIFUflo2jEQ8opdcozuMKkhuI4oYMIHlpDRO+h0rb8
         F1Vs17iM/w0j5EiJRqTlNDe7DtxPvOyOxL1zfVzaY6FLyEF65PQvljTmkF/lGxhCmRkt
         u2vaOKXS8NoXX25PXzaVbAMLp73p783mRn5tbEGU+vgZf5Bq8RQ8YHV4fKkKLkhyDkh6
         Hizw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=+zw3P3zQtyuBhUh/O+Oq779oFLnGu5lAhME4Y42BDrE=;
        b=BAoO1wPDK3877IxE4V7PbESptrbf9aokNvH2dNfiSEmV2gq9bl+itFQ3Sm7ZZppztn
         mWOK2ZQgSqOGL7gCH/QWIQosZnluujVoZar6CC+FY2E3pzz2Iho5KODDYr3qFqT4p71s
         BBL6o1Fkz/h/N5C2KedVT1LVgHbSZVI81idtXcRpUyRemhF+lXVNk+SAUkfEwr8tN/3L
         sraXQx7WBscU4Q9iTbZdUJRKx+rnaNXfK3F3dlhkjJZQ4kBimMc4c3kZyI7RJz04AfOD
         rp/T9vRlv6cmC6ja1V6XlVuU3abwsgKOgQBrzy6NJIBw68xXWzlPm2xQNZcjYbsS80Q4
         LjTA==
X-Gm-Message-State: AKGB3mLIUV51F3ypCIcMo0Px9lq5ckIqFhvYos9R0ZXTy2+cJQxjuyp4
	tKAUscnYOCM4OOtnApl8QRLzyQmPyi/RBlAx5aztPhkW
X-Google-Smtp-Source: ACJfBoupojwttwccjSB32+bGUE9BTvR1bLhHPugWdNWUn06XEHYorOruncWRdlgTlgiGlQM+LsKkRFa0klM/SIxsCo4=
X-Received: by 10.157.38.238 with SMTP id i43mr2412588otd.94.1515068466212;
 Thu, 04 Jan 2018 04:21:06 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.157.19.65 with HTTP; Thu, 4 Jan 2018 04:21:05 -0800 (PST)
In-Reply-To: <CAC=wYCHm1ufiDLpFi57u6pZXA06Q5X-nAG88sDyuzuhpzbgf+g@mail.gmail.com>
References: <CAC=wYCHm1ufiDLpFi57u6pZXA06Q5X-nAG88sDyuzuhpzbgf+g@mail.gmail.com>
From: Adam Carter <adamcarter3@gmail.com>
Date: Thu, 4 Jan 2018 23:21:05 +1100
Message-ID: <CAC=wYCGypL8ZyZah+CBGCjCsKkCNSS=13MafU73KnMp+XcPA2g@mail.gmail.com>
Subject: [gentoo-user] Re: Spectre and Meltdown summary
To: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary="001a11352278bd33590561f25dda"
X-Archives-Salt: eee16667-61e4-4e6a-8263-04313915b864
X-Archives-Hash: aa44d66292d23b3fe74c2b48185d3d8e

--001a11352278bd33590561f25dda
Content-Type: text/plain; charset="UTF-8"

Browser stuff

I'm guessing this relates to Variant1;
@hackerfantastic "Blackhats will be weaponizing spectre to steal session
cookies from additional websites opened in the browser, especially
financial sites. Enable site isolation in Chrome now.
https://support.google.com/chrome/answer/7623121?hl=en-GB"

Sounds like Mozilla will make some changes in Firefox 57 to make the
attacks more difficult;
"Our internal experiments confirm that it is possible to use similar
techniques from Web content to read private information"
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

--001a11352278bd33590561f25dda
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Browser stuff<br><br>I&#39;m guessing this relates to=
 Variant1;<br>@hackerfantastic &quot;Blackhats will be weaponizing spectre =
to steal session cookies from additional websites opened in the browser, es=
pecially financial sites. Enable site isolation in Chrome now. <a href=3D"h=
ttps://support.google.com/chrome/answer/7623121?hl=3Den-GB">https://support=
.google.com/chrome/answer/7623121?hl=3Den-GB</a>&quot;<br><br>Sounds like M=
ozilla will make some changes in Firefox 57 to make the attacks more diffic=
ult;<br>&quot;Our internal experiments confirm that it is possible to use s=
imilar techniques from Web content to read private information&quot; <a hre=
f=3D"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-c=
lass-timing-attack/">https://blog.mozilla.org/security/2018/01/03/mitigatio=
ns-landing-new-class-timing-attack/</a> <br><br></div></div>

--001a11352278bd33590561f25dda--