Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jan 2018 09:38:11 -0500
From:      "James B. Byrne" <byrnejb@harte-lyne.ca>
To:        freebsd-questions@freebsd.org
Subject:   Re: Meltdown =?iso-8859-1?Q?=96_Spectre?=
Message-ID:  <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca>

Next in thread | Raw E-Mail | Index | Archive | Help
I have read some accounts which seem to imply that the rate of ssh
attacks measurably increased following the announcement of these two
flaws.  The implication being that there was some cause and effect
relationship.  I cannot fathom what this could be.

I do not wish to exist in a state of blissful ignorance.  But, neither
do I wish to overestimate the degree of threat these two flaws present
to our operations.

>From what I have read the impression I obtain is that both of these
two security flaws require that unaudited software be allowed to run
on the affected hosts.  If one is running a private data centre, and
if only authorized software is permitted to run therein, then how much
of a threat does this development pose to such?

It seems to me that public 'cloud' environments is where this sort of
stuff would find its most vulnerable targets.  Private data systems
are no more likely to succumb to attacks along this vector than to any
other routinely available rootkit.  Is that a fair assessment?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?3037cb3560fe970cdfb789a265faf21b.squirrel>