From owner-freebsd-questions@freebsd.org Tue Jan 9 14:47:11 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28914E9A83E for ; Tue, 9 Jan 2018 14:47:11 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F36F97F84B for ; Tue, 9 Jan 2018 14:47:10 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 8A62B6229E for ; Tue, 9 Jan 2018 09:38:13 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DJdDWtCY55pe for ; Tue, 9 Jan 2018 09:38:11 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 679A860FEE for ; Tue, 9 Jan 2018 09:38:11 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Tue, 9 Jan 2018 09:38:11 -0500 Message-ID: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca> Date: Tue, 9 Jan 2018 09:38:11 -0500 Subject: Re: Meltdown =?iso-8859-1?Q?=96_Spectre?= From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 14:47:11 -0000 I have read some accounts which seem to imply that the rate of ssh attacks measurably increased following the announcement of these two flaws. The implication being that there was some cause and effect relationship. I cannot fathom what this could be. I do not wish to exist in a state of blissful ignorance. But, neither do I wish to overestimate the degree of threat these two flaws present to our operations. >From what I have read the impression I obtain is that both of these two security flaws require that unaudited software be allowed to run on the affected hosts. If one is running a private data centre, and if only authorized software is permitted to run therein, then how much of a threat does this development pose to such? It seems to me that public 'cloud' environments is where this sort of stuff would find its most vulnerable targets. Private data systems are no more likely to succumb to attacks along this vector than to any other routinely available rootkit. Is that a fair assessment? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3