SoylentNews first reported the vulnerabilities on January 3. Since then, we have had a few stories addressing different reports about these vulnerabilities. Now that it is over two weeks later and we are *still* dealing with reboots, I am curious as to what our community's experience has been.
What steps have you taken, if any, to deal with these reports? Be utterly proactive and install every next thing that comes along? Do a constrained roll out to test a system or two before pushing out to other systems? Wait for the dust to settle before taking any steps?
What providers (system/os/motherboard/chip) have been especially helpful... or non-helpful? How has their response affected your view of that company?
What resources have you been using to check on the status of fixes for your systems? Have you found a site that stands above the others in timeliness and accuracy?
How has this affected your purchasing plans... and your expectations on what you could get for selling your old system? Are you now holding off on purchasing something new?
(Score: 5, Informative) by fyngyrz on Friday January 19 2018, @02:02PM (9 children)
My work systems are completely isolated from the net. They generate code. They don't take in files, are not connected to the LAN in any way, don't get upgraded OS's, or talk to other systems. They generate files, which get sneaker-netted from them to the uploading-capable hardware.
Consequently, they are not at risk from black hats or being (further) slowed down (they're old hardware, they aren't that fast anyway.) Replacements, when needed, are installed from known good media that is really quite old. That's only happened once, when a motherboard went bad.
I'll have to swallow the slowdown if I ever had to upgrade to a new work machine with a new OS (not looking at all likely), but there's no reason to "upgrade" the work machines at this point, nor has there been for quite a few years.
I intentionally build on the oldest OS I can (for OS X, that's 10.6.8, and Windows XP for for the rest) so that I'm not screwing my users. Once that's done, stuff gets tested on the latest machines, and if it still works, it's good to go and it gets to go into distribution.
As for the net-connected desktop - this machine - who cares. If it gets sick, it gets nuked and I start over. It's just browsers and the like anyway. I can't see connecting a computer to the Internet with critical data on it. That's just asking for something bad to happen.
I can see how it'd be a problem for a one-machine setup, but I'm not inclined to go there; it's neither a good idea for compatibility's sake for generating the applications I write, or WRT keeping the black hats out of the critical goodness.
Security's important - and the one thing we should all recognize by now is that if you're net-connected, you're not secure.
(Score: 2) by acid andy on Friday January 19 2018, @02:14PM (3 children)
I like this approach, so long as the upload machine doesn't have write access to the media (or the media is never reinserted in the secure machine) although maybe on Linux this is less of a worry than Windows. DVDR / CDR would do it.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 5, Funny) by fyngyrz on Friday January 19 2018, @02:23PM (2 children)
Yes. CD-R is exactly how I do it. I have cases of the things. So far, they all write just fine, and once used, they're tossed. Eventually I'll run out, and/or they'll probably stop making them, but I'll probably croak or at least quit writing software first. One of the (very few) benefits of being old. :)
(Score: 1, Offtopic) by Bot on Friday January 19 2018, @04:12PM (1 child)
You might want to investigate rewritable CDRs.
Account abandoned.
(Score: 2, Informative) by Anonymous Coward on Friday January 19 2018, @06:37PM
If you read, the disposability is considered a feature, as they act as a data diode.
There also exist data diodes that allow realtime pushing of data:
http://www.waterfall-security.com/wp-content/uploads/2012/02/Securing-Critical-Cyber-Assets-with-Data-Diodes.pdf [waterfall-security.com]
(Score: 2) by Gaaark on Friday January 19 2018, @04:19PM
"and the one thing we should all recognize by now is that if you're net-connected, you're not secure"
So say we all! SO say we all! SO SAY we all!
--Commander Adama approves this message.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by RS3 on Friday January 19 2018, @06:45PM (3 children)
You're quite safe, but ... it was about 1994, I had been using the Internet for ftp, archie, etc., but not the web yet. Although we (company I worked for) had a LAN, we still did a lot of sneakernet. I remember putting a 1.44M floppy in a machine and got an error that it was write protected. That's odd, machine was running MS-DOS, nothing was running- just command.com prompt. Why was anything accessing the floppy drive, let alone trying to write to it? I don't remember what tools I had, but being a low-level guy I did some sector scanning, disassembler / debug on the stuff and found my first computer virus. One of the other employees had downloaded and run something on that machine (modem days). Somewhere I had gotten a scanner- Norton, McAfee? don't remember- but the little bugger had replicated itself to many floppies around the company, so we had to do a mass scan, then be vigilant by using the write-protect shutter and anti-virus software. Sigh.
Point of the story: even sneaker-net can carry malware, and Microsoft's "autoplay" makes it worse (I _always_ turn autoplay OFF for all drives / globally).
(Score: 0) by Anonymous Coward on Friday January 19 2018, @08:10PM (2 children)
Is that really the term that was used for the situation?
(Score: 0) by Anonymous Coward on Friday January 19 2018, @08:13PM
Sorry.
(Score: 2) by Runaway1956 on Friday January 19 2018, @09:29PM
Not sure where you're coming from. I'll presume that you are young, and never used floppy disks. There was a little sliding plastic tab at the top corner of the disk. Slide the tab closed, and your floppy drive could write to the disk. Slide the tab open, and your floppy drive could not write to the disk. The term generally used was "write protect".
http://www.techbuzz.in/how-can-i-enable-or-disable-write-protection-of-a-3%C2%BD-inch-floppy-disk.php [techbuzz.in]
image here http://art-design-glossary.musabi.ac.jp/wpwp/wp-content/uploads/2014/01/039_floppy-disk_03_2_en.jpg [musabi.ac.jp]