Q: Considering the success of pentests and attackers at horizontal/vertical movement on unsegmented networks once they have code execution, is Meltdown/Spectre an expectional, new category of risk to most orgs? How would cross-VM disclosure/privesc suddenly be required to win?
-
-
Browser ads are a distribution mechanism that can get whatever twist on spectre someone cooks up deployed immediately at world scale.
-
I do think this opens a new potential escalation path, indeed. Atm, execution is subtle but might not remain that way.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.