Spectre can be exploited in just only javascript.
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-…
Browsers are making changes to mitigate this.
http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascrip…
The actual extents of the attack that are realistically possible in this
scenario, I do not know. But as stated in the article google suggests:
"Where possible, prevent cookies from entering the renderer process' memory
by using the SameSite and HTTPOnly cookie attributes, and by avoiding
reading from document.cookie."
I would take that to mean that cookies could be accessed, at the least.
On Thu, Jan 4, 2018 at 12:16 PM, Stas Malyshev <smalyshev(a)wikimedia.org>
wrote:
Hi!
So far so good. What I am wondering is whether
that password reset trial
is
actually even more dangerous now given Spectre /
Meltdown?
I think for those you need local code execution access? In which case,
if somebody gained one on MW servers, they could just change your
password I think. Spectre/Meltdown from what I read are local privilege
escalation attacks (local user -> root or local user -> another local
user) but I haven't heard anything about crossing the server access
barrier.
(I probably should set up 2FA right now. Have
been too lazy so far)
Might be a good idea anyway :)
--
Stas Malyshev
smalyshev(a)wikimedia.org
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l