* Posts by Bill2357

4 posts • joined 21 Feb 2018

It's April 2018 – and Patch Tuesday shows Windows security is still foiled by fiendish fonts

Bill2357

Re: "This is something that should be available directly into browsers..."

Often It is but not obvious.

Example: FF try these...

Tools, Options, General, Font & Colors, Advanced and Uncheck "Allow pages to choose their own fonts."

Or

Open about:config then Set "gfx.downloadable_fonts.enabled" to false.

Others have that buried somewhere too. Just web search disable fonts Browser Name

Bill2357
Meh

Many governments still use Flash

And won't update the sites because no budget to do so.

One example is https://radar.weather.gov/ Go to any radar and click any "loop."

Note that FF allows Flash to Always Ask before Running. Is under Tools/Add-ons/Plugins. I been doing this for many years.

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Bill2357
Unhappy

The Reg has no clue?

"Most the CPUs listed above are oldies that went on sale between 2007 and 2011, so it is likely few remain in normal use." is garbage and Reg authors/editors should get out in the real world.

Look at MS OS share from any source.

Look at Missing CPU types in April "Guidance" and you find PDF doesn't even cover all CPU models w/ Meltdown and Spectre problems.

Most systems running XP, Vista and Win7/8/8.1 have "old" Intel CPU and won't get a New BIOS. Most Running XP and some w/ Win7 are people down/up graded Vista systems and see little reason to replace them. Most won't buy New Intel products just to fix Meltdown and Spectre either. Note that Intel CPU bugs go back to a least Pentium FDIV bug that also never got fixed. Intel offered replacements but few knew of this and fewer bothered to get them.

Dell et al had no intention to offer BIOS updates most or all system over 2-5 years old and now have an easy way out because Intel won't bother making new MCU for most of them.

OS patches? Funny. Not. Many Win7 alone have not patch since 12-17 because MS patch failed and fix patches for that also failed. Most Linux users haven't patch for this either.

If at first you don't succeed, you're likely Intel: Second Spectre microcode fix emitted

Bill2357

Intel's "patches" doesn't matter to most.

Because Dell Asus etc won't make new "BIOS" updates for most products they make. Most Only update the BIOS for computers build in last 1 to 3 years. Maybe ~5 years for Business types like Dell Latitude. Many "White Box" MoBo's from Asus et al are same thing but many "old" MoBo's are still in stock at Newegg months to years after makers mostly stopped supporting them. IOW You bought a MoBo 2 years ago but the Manufacturer sees many MoBo as 4-5 years old.

So Don't hold your breath thinking you will get this patch later.

Even then Most Dell etc owners never upgraded the BIOS. Not even most Enterprise owner like NHS, Big Banks, etc.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020