I'm in the same camp as Mike - being a avid OpenBSD user for several
years I respect Theo's opinion but also recognize that his no-compromise
views toward security issues might make him susceptible to blowing
things out of proportion. Theo tends to pick his topic and understand it
fully so I don't doubt there are potential security issues hiding in the
processors - the real question would be what is the real risk associated
with those potential problems.
Can someone compromise or DOS a machine from remote with no access
regardless of the OS? Does someone have to be logged in with certain
privileges? Theo states that any user might be able to use some of the
vulnerabilities - but what basic access to the machine does the person
need to have? If physical access would be needed in some cases (not
saying it is) is this topic even relevant?
Theo's challenge seems to be that he spends a lot of time waving his
arms and yelling (as close as you can get in text) with a fervent
followers passion for the topic regardless of the real risk rather than
communicating it in a way that helps people understand the issue and
make them want to take action. Theo has a great point that all vendors
should be considering security at every step of the way as he has been
preaching for years but businesses have a tight rope to walk between
security, flexibility, time to market, money pressures, etc..
At this time I'm not going to panic, if there is a real concern here it
will soon be slashdotted or documented somewhere other than in Theo's
dissection of the vendor documentation. He has brought the problem to
light, now someone needs to figure out whether this is a drippy faucet
or a water main break.
-Alan
Mike Tibor wrote:
> On Wed, 27 Jun 2007, Damien Hull wrote:
>
>
>> Greg Madden wrote:
>>
>>> If this is easiear to read, something is wrong with your system Theo ;-)
>>>
>>>
>>>
>>>> An easier summary document for some people to read:
>>>>
>>>>
>>>> http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21
>>>> __full.gif
>>>>
>>>>
>>>
>>>
>> What are your thoughts on this? Should I/we be concerned?
>>
>
> I don't know what others will say, but I certainly respect Theo's
> knowledge in areas like this. It's possible he may be blowing it out of
> proportion, but until there's some strong indication that's the case, I'll
> certainly be paying attention to this.
>
> Thanks for posting it.
>
> Mike
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jun 28 13:42:32 2007
This archive was generated by hypermail 2.1.8 : Thu Jun 28 2007 - 13:42:32 AKDT