Reducing the accuracy of timers to mitigate Intel CPU flaw

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
yereverluvinuncleber
Fanatic
Fanatic
Posts: 105
Joined: Wed, 06 Dec 2017, 21:25

Reducing the accuracy of timers to mitigate Intel CPU flaw

Unread postby yereverluvinuncleber » Thu, 04 Jan 2018, 19:43

Question:

Browser developers such as firefox are reducing the accuracy of timing functions as precise timing is required to exploit the Intel CPU side exploit flaw, reduction in timer accuracy means that drive-by web based exploits would be harder to carry out using javascript on the web.

Are the PaleMoon developers planning on doing the same? It seems to me that it would be a positive marketing change to do so as well as a sensible security precaution?

If it isn't done then two issues arise: Firstly, Firefox devs could point out that they are the only people who can be trusted to secure the web from exploits in the wild and as a result all should use real firefox instead of forks...
Secondly, that in not doing the change that browsers such as Palemoon are in fact potential Trojan Horses.

I would strongly suggest the the PM devs look at what Firefox are doing to mitigate web-based drive-by exploits and see if it can replicated in PM if only for the sake of looking good in the browser community and to the world in general. I am not a developer of these things so I cannot suggest more. It just needed to be raised.
Last edited by yereverluvinuncleber on Thu, 04 Jan 2018, 20:00, edited 1 time in total.


yereverluvinuncleber
Fanatic
Fanatic
Posts: 105
Joined: Wed, 06 Dec 2017, 21:25

Re: Reducing the accuracy of timers to mitigate Intel CPU flaw

Unread postby yereverluvinuncleber » Thu, 04 Jan 2018, 20:21

Thanks for that, I wasn't aware of topic no.2 - Mitigate Speculative Side-Channel Attack Techniques

I'm glad I'm on-stream - I hope the importance of this change is acknowledged by the Devs and when we implement it we do so loud and clear and make a fanfare of it too. A minor patch just for this would seem a good thing.
Last edited by yereverluvinuncleber on Thu, 04 Jan 2018, 20:25, edited 1 time in total.


Return to “General discussion”

Who is online

Users browsing this forum: No registered users and 3 guests