blob: 9e4f73ffd285ad894811fd300b810c1f1f9239e6 (plain
# Meltdown/Spectre and the Web
The recently-released [Meltdown] and [Spectre] CPU timing attacks
affect virtually every user in some way;
the consequences are profound.
There are plenty of good write-ups on the topic,
so I don't feel the need to re-iterate the technical details here.
(See an easily digestible one [from the Raspberry Pi][rpi] project, and an
in-depth analysis [from Project Zero][zero].)
What I do want to draw attention to is that these attacks [are exploitable
via web browsers][mozilla].
<!-- more -->
The reason for this is that your web browser,
automatically downloads and executes programs without your knowledge or
CPU cache timing attacks are possible.
[I spoke about the security issues][lp2016] of running these programs in your web
browser back in 2016---it
was a bad idea then,
and it's still a bad idea now.
[I spoke further of privacy issues][lp2017] last year at LibrePlanet 2017.
I encourage you to use extensions like [NoScript] to block the execution of
and stop random people from treating your computer as a puppet to do
their own bidding.