[c-nsp] [j-nsp] Meltdown and Spectre

Gert Doering gert at greenie.muc.de
Mon Jan 8 04:01:25 EST 2018


Hi,

On Mon, Jan 08, 2018 at 09:32:23AM +0100, Thilo Bangert wrote:
> Den 06-01-2018 kl. 19:49 skrev Sebastian Becker:
> > Same here. User that have access are implicit trusted.
> 
> You do have individual user accounts on the equipment, right?
> 
> The idea of having secure individual logins goes down the drain with 
> Meltdown and Spectre. You want to be sure that a person logged into a 
> box cannot snoop the password of a co-worker.

Only if said person can execute *arbitrary* code.  Which you can't on my
routers, no matter what sort of account I'm giving you.

gert
-- 
now what should I write here...

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20180108/e5b514ac/attachment.sig>


More information about the cisco-nsp mailing list