Spectre can be exploited in just only javascript.
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-t...
Browsers are making changes to mitigate this.
http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript...
The actual extents of the attack that are realistically possible in this scenario, I do not know. But as stated in the article google suggests: "Where possible, prevent cookies from entering the renderer process' memory by using the SameSite and HTTPOnly cookie attributes, and by avoiding reading from document.cookie."
I would take that to mean that cookies could be accessed, at the least.
On Thu, Jan 4, 2018 at 12:16 PM, Stas Malyshev smalyshev@wikimedia.org wrote:
Hi!
So far so good. What I am wondering is whether that password reset trial
is
actually even more dangerous now given Spectre / Meltdown?
I think for those you need local code execution access? In which case, if somebody gained one on MW servers, they could just change your password I think. Spectre/Meltdown from what I read are local privilege escalation attacks (local user -> root or local user -> another local user) but I haven't heard anything about crossing the server access barrier.
(I probably should set up 2FA right now. Have been too lazy so far)
Might be a good idea anyway :)
-- Stas Malyshev smalyshev@wikimedia.org
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l