Mozilla has confirmed web-based attack vector for Meltdown and Spectre CPU bugs

meltdown-spectre-logo

“Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins,” said Luke Wagner, a software engineer with the Mozilla Foundation.

from: https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

The Register reports: “‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign”

Intel Chip Broken

A security design flaw in Intel x86 chips may force users to sacrifice up to 33% of performance to mitigate the issue. More testing is required, and more info can be found with technical details on the linux kernel mailing list, postgresql page, and here: http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

From: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/, courtesy of Fredrik Korsbäck on the packetpushers.net slack community.

Password management sucks? Lasspass makes it suck far, far less.

Lastpass Logo

Now that 2018 is in full swing, I decided it was way past time to do something about my horrible password management practices.  I try not to reuse passwords.  I try to use complicated strings.  It’s not enough though… my brain can only handle so many things, and there are far too many websites and things I need to log in to.

In short, I really suck when it comes to applying secure password policies in my daily non-enterprise life.

Enter: Lastpass

Lastpass lets me simplify password management and share it between devices.  I can import my saved passwords for websites from my google account (after of which, I deleted them from there and disabled google password management on my account).  It will check to make sure I’m not reusing the same credentials, it will check the strength of those credentials, and I can rotate passwords or generate strong new credentials for “weak” logins automatically if I tell it to do so.  It’s also setup to store all kinds of other things… credit cards, bank info, drivers license information, passwords, even random notes.  I’m nervous about doing this (even with MFA), but I can see how many would find this very valuable.

What does this cost me to do all this, and to help prevent cross-site or multi-site breaches? $2/month. That’s it.

I can’t think of anything this useful for $2.00/month, can you?

Check in to their family plans as well – I’m considering enrolling mine (good for multiple devices and up to 6 users) for only $4.00/month.  It’s a great opportunity to teach my family (primarily my oldest son and wife) how important this is and to establish good practices.

Don’t forget to set up Multi-Factor-Authentication (MFA) on your main account login!

You can check their other pricing and features here: https://www.lastpass.com/pricing

(Lastpass in no way endorsed or paid for this post, I simply find their service incredible valuable and want others to understand how important this is to help protect critical personal information!)