Hi!
So far so good. What I am wondering is whether that
password reset trial is
actually even more dangerous now given Spectre / Meltdown?
I think for those you need local code execution access? In which case,
if somebody gained one on MW servers, they could just change your
password I think. Spectre/Meltdown from what I read are local privilege
escalation attacks (local user -> root or local user -> another local
user) but I haven't heard anything about crossing the server access barrier.
(I probably should set up 2FA right now. Have been too
lazy so far)
Might be a good idea anyway :)
--
Stas Malyshev
smalyshev(a)wikimedia.org