Meltdown and Spectre when using encryption and VPN

security vpn

Can the Meltdown and Spectre vulnerabilities affect also computers with encrypted home directory and usage of a VPN service? In Other words, would hackers still be able to steal passwords when encrypted transmissions and VPN services are implemented?


Solution 1:

Yes.

Disk encryption protects against access to the disk when it is not in use, for instance if someone steals your computer. VPN protects against anyone sniffing the wire.

Meltdown and Spectre can give attackers local access to the data, before it is encrypted.

For the system to use any kind of information, it more or less has to be available in un-encrypted form. Whenever it is available in un-encrypted form any attacker with superuser access to the computer can copy it at will.

Solution 2:

Yes, in fact this is one of the hypothetical situations where these vulnerabilities might be attacked: when using encryption and trying to access the in-memory encryption key normally unavailable to other processes.

Related

'chmod -644' would set file permission to 000
How to run 'ufw' without interactive mode?
How to execute commands in gnuplot using shell script?
Firefox developer edition icon duplication in Gnome shell
For loop with Alphabet
ubuntu gnome 17.04 boot failure in VirtualBox after installing guest additions
Accidentally deleted ~/.config directory
Bash script to limit the number of logins
Download remote FTP directory
Can I hide the title bar of MPlayer in gnome?
How to login into a Ubuntu machine from Windows
Cannot add PPA: 'ppa:yannubuntu/boot-repair'