“That’s really bad, and you should all patch your system right now, before you finish reading this blog post.”
I think they patched it already, no?
Yes, they did. They patched it first and then let everyone know. The thing is though, not everyone updates. This could also possibly be in older versions of Windows.
This is huge. I’ll never trust the NSA, but this exploit is nasty! Let everyone know!
ELI5 on how exploitable this is and how it works? Crypto stuff always goes over my head.
Basically, once a piece of malware is on your computer, the computer sees it as non malicious and lets it do whatever it pleases. Such malware could install itself as a rootkit and hide deep in the system.
There’s still the challenge of getting the malware on someones computer, but once it’s there and it exploits this vulnerability, nothing is really going to stop it.
As for the few sentences on man in the middle attacks, I don’t know. I’m not sure how that’d work, but Bruce Schneier (the guy who wrote this article) is a world class computer security expert. I trust his word, he seems to be someone who actually cares about ordinary people.
Apparently the Microsoft browsers use that crypto library too, along with most system based SSL connections I’m assuming, so I guess you can man in the middle that.
So does Chrome for some reason. FireFox is safe though since it uses OpenSSL!
Wow, that’s messed up! It makes me really glad I don’t use Windows anymore haha. On that note, I migrated my less-used desktop to Trisquel Mini, a libre distro last night! I plan on migrating my daily driver laptop as well, and may buy some libre hardware to replace what I currently own as well. This year is looking pretty bright for libre software so far!
Speaking of, my only Windows laptop has been trying and failing to update for months now and I’m terrified of all the holes it has now. Once uni gets less hectic I will probably do a system reset to get rid of whatever is snagged in the update process.
Try not to worry about it too much. Remember to take life one step at a time. If you have more important things to think of, do those first.
Really wish I could switch to Linux entirely, but it has basically no decent apps for making hand-drawn notes. After I’m done with university calculus, hopefully I will be able to type the rest of the notes for my degree.
You just reminded me of something you may find interesting. https://castel.dev/post/lecture-notes-1/ Other than this, I don’t really see a way. You should be able to configure Emacs to do something like this as well but I’m not sure. I’m also not very familiar with LaTeX at all.
