Ask HN: How can Meltdown/Spectre be used against a webapp?
From my understanding so far, the areas that I have to be most afraid of are attacks on my personal devices and servers living in AWS/Digital Ocean/etc. Personal devices are really vulnerable and easily accessible to hackers (via desktop apps, or even JS in the browser), while in the cloud someone could possibly attack from within their virtual machine and gain data from someone else's guest OS.
What I don't understand though is, how can someone gain use this vulnerability against me when all they have access to is my web application (or whatever I load for them in the browser). Is it possible at all? Put another way, as someone running a web app, as long as my cloud provider has updated their machines, what ways could I be attacked if I haven't updated my own OS that I run there?
0 comments
[ 4.1 ms ] story [ 12.1 ms ] threadNo comments yet.