Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
meepmorp
on Jan 4, 2018
|
parent
|
context
|
favorite
| on:
LLVM patch to fix half of Spectre attack
Unless, of course, the site you trust is hosted in a shared hosting VM which is also vulnerable to spectre or meltdown. In which case, you can’t trust the scripts.
XR0CSWV3h3kZWg
on Jan 4, 2018
[–]
spectre can read, not write.
meepmorp
on Jan 4, 2018
|
parent
|
next
[–]
If I can read arbitrary data, what’s stopping me from reading the credentials I need to write data?
anfilt
on Jan 4, 2018
|
parent
|
prev
|
next
[–]
What if I read the sites TLS/SSL keys? I could MITM the connection and inject JS to do more malcious thing.
Or even easier get the ssh key for the VM. Then do what ever I want.
dtparr
on Jan 4, 2018
|
parent
|
prev
[–]
If it can read the right data (private keys, etc.), then it can write whatever it wants.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
