David W. Hodgins wrote:

> Given this description of seeing full urls, etc, I take it back. It is
> a critical problem, that will have be be mitigated asap.

If I read that article correctly, they haven't actually tested the 
exploit against processors made earlier than 2011.

That leaves a lot of socket 478/775 cpu's as yet to be proved vulnerable.

I would think that speculative execution is a "quirky" function in a 
CPU, and that exactly how it operates depends a great deal on the 
specific CPU die we're talking about, and possibly the microcode 
revision it has?

I would love to see an on-line proof-of-concept test for this. 
Naturally, something "white-hat" in nature.  Barring that, a safe, 
downloadable executable.

If a meltdown exploit is running on a PC, wouldn't windows firewall 
prevent out-bound communication of meltdown-derived data from an 
infected PC to the outside world?

Or is the thinking that the exploit would attempt a privledge escalation 
based on brute-force password testing?

Does Windows have any ability to lock-out an application or process from 
gaining admin-level if it attempts too many password attempts?

Or is the thinking that somehow, meltdown and it's memory-viewing 
ability able to perform privlige escalation upon only a handful of 
attempts, even the first attempt?
--- NewsGate v1.0 gamma 2