05

Yesterday, Intel was busy trying to mitigate the damage to their share price collapse by saying the architecture “flaw” is not unique to Intel products and ARM, AMD also suffers from the same issue. 

Today, FT reported that government-sponsored cybersecurity team had stepped back from its severe warning about the impact of the flaw.

Long-term, ARM, AMD and Intel will gain from the story as we will probably have to replace our hardware and that would mean more sale for the big Chip giants and AMD is already gaining as a result!

melt2

AFAIK the bottom line is that no matter which operating system is running the device, iOS, Mac OS, Windows, Linux or Android the problem will persist. We have a CPU that is designed with a back-door at the hardware level to help Administrators and security personnel to get in and fix things. This door may be should not have been in the architecture for as long as it has. IMHO, no matter how often one changes the lock to a hardware back-door, in time, a smart hacker will be able to break it.

Yesterday, I had an email from a client that asked is my site safe as it is on Azure (Cloud)? And I did not know the answer until I did some research and it is clear that same server technology is powering the cloud infrastructure. Therefore, Amazon, Google and Microsoft are all busy trying to patch or at least put in place solutions that learn about the breaches when they happen.  

Yesterday, according to CNBC;

"a Microsoft spokesperson told CNBC in an email. "We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD."

The term used for the issue is "Meltdown" and "Spectre" being the two methods of exploiting a security vulnerability. Meltdown is easier to fix Albeit, will have a negative performance impact. However, Spectre is much harder to fix as theoretically will require hardware fixes. However, the good news is that Spectre is harder to execute compared to ‘Meltdown’, According to the researchers, this “allows an attacker to trick error-free programs” and leak their secrets. “Safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre”.

For now, since Salaro's web hosting and application infrastructure is mostly on Windows Server platform, we are applying the following patches to all the servers running 2016 and 2008R2. 

Windows Server 2016 - 4056890

Windows Server 2008 R2 - 4056897

Please do not hesitate to contact me if I can be of any help here on Linkedin or via email. I will keep you all posted with any negative implication of the patches we apply.

Salar Golestanian

Skype id: "salaro"

Salaro.com

Post Rating

Comments

help with assignment
Friday, June 22, 2018 12:26 PM
It's dependably somewhat odd to hear that organizations were educated of a noteworthy security blemish like this one months prior, just like the case with Meltdown and Specter. This specific endeavor has been under scrutiny for quite a while by analysts, and expression of it streamed out as little updates to different working frameworks tending to an up to this point undocumented security imperfection.
asd
# asd
Wednesday, July 4, 2018 1:43 PM
wedding video editing
Hadwyn
# Hadwyn
Thursday, July 5, 2018 5:42 PM
The impact that you are talking about is going to take only on bid4papers reddit and there isn't anything new about it. People should work on it and we will know about it.
jocisub
# jocisub
Monday, July 16, 2018 1:51 PM
Macys Insite Login guide is updated on this site. Here you will find the detailed instructions which will help you log in successfully. Also, check the information which will ease your access to the employeeconnection.net Login portal.

Post Comment

Name (required)

Email (required)

Website

CONTACT US!
section6_map
section5_line

Head Office:Working     : UK

Development Office     : Pondicherry

 
 
section6_msg
section5_line

Email :

Click here

 
 
Enter Your Name
Enter Your Mail Id
Enter Your Subjects
Enter Your Message