Meltdown and Spectre CPU bugs — Simon Smith from eVestigator® talks live
A basic rundown of where the Meltdown and Spectre CPU bugs sit, how to attain updates, and what it means to you, especially if you lease or host Virtual Private Servers. First, a basic radio interview on the state of affairs Monday morning.
CURRENT STATUS
Google has now revealed more details about the CPU security flaw dubbed Meltdown and Spectre affecting many Intel CPU’s. ARM (Intel) also appears to be affected by the security ‘vulnerability’, but the latest news at the time of writing this article is that AMD now too appear to be susceptible.
NON DISCLOSURE AGREEMENTS
Apparently it has been revealed that those in the industry involved, all the way from the chipset production to experts in the field had been made to sign non-disclosure agreements, as this was all known (at least to the Google) over a month ago. Sadly, like with every breach, which usually refer to data breach, but in this case, it is a physical breach it does mean action must be taken.
FIRST THE NECESSARY BUT BORING BIT
Please contact your software and device manufacturers or carriers to make sure that all applications and operating systems installed on your phones, chromebooks, laptops, and other devices are up to date. For those of you who have rooted or jailbroken your phones (this means hacked the phone to gain superuser rights) — you may want to think about going back to stock firmware!
WHAT DOES INTEL SAY?
Intel have began issuing their patches for both the Meltdown and Spectre vulnerabilities that affect its processors. The tricky part for Intel will be to get them sent through its distributor and branded network.
WHAT DOES MICROSOFT AND APPLE SAY?
Naturally both Corporations have patched their latest operating systems, including the latest releases of Linux, but to this date, there has been no announcement as to gaming consoles, smart televisions or any other devices. This is of grave concern.
APPLE, MACS, IPHONES AND IPADS
Those who run the Mac OS v 10.13.2 are fine with that version Apple has stated publicly. However, all Macs, iPhones and iPads are affected by Meltdown and the updates that were going to be scheduled for later this week have been ‘hurried up’ because the vulnerability got “discovered”.
GOOGLE ANDROID/SAMSUNG/HUNDREDS OF MANUFACTURERS
Android mobile devices and tablets are a concern. They almost all use ARM processors in their Android based devices, especially Samsung, the most popular. What is difficult here, is that these updates are going to have to be filtered down through manufacturers, and networks, and this creates several points of failure. It is vital that owners take control, and chase these updates, as although at the moment there is nothing “vicious” that has been created, you can bet that many hackers out there are trying!
THE BIGGEST CONCERN
Virtual Private Servers are of grave concern. If the main operating system and/or hardware is not patched on a host server, then any child VPS could possibly get direct access to cached portions of the CPU intended for a completely different “virtual server” or client. This could lead to a major cybersecurity breach, and this should be the top priority for any network engineer who is responsible for delivering services on the cloud.
Simon
Remember, humans are the weakest link in any System. Technology comes second!
☑New: Exciting news about a range of enterprise products coming soon that will revolutionise the Cybersecurity needs of organisations, not complicate them.
Direct: +61410643121. Connect for Insights and Media Requests on LinkedIn: https://www.linkedin.com/in/simonsmithinvestigator/
https://www.evestigator.com.au (Available within Australia), http://www.cyberblog.com.au, http://www.evestigatorreviews.com.au
https://www.evestigatormedia.com.au (Available worldwide).
Subscribe to all media interviews via my YouTube Channel by clicking here: https://www.youtube.com/c/evestigatorAu/?sub_confirmation=1