cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kaity
Community Manager

How are you handling Meltdown and Spectre?

Another day, another exploit. Or two. For now. News of Meltdown and Spectre is all around us...

Here are a few articles: 

Meltdown and Spectre: How chip hacks work - BBC

A Critical Intel Flaw Breaks Basic Security for Most Computers - WIRED

 

Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk - eWeek

Critical Microprocessor Flaws Affect Nearly Every Machine - Dark Reading

 

So what are you - and your organization - doing to respond? Advice to share? Warnings?

 

Let us know! 

22 Replies
Caute_cautim
Community Champion

Absolutely spot on JoePete.   Each organisation should be setting up meetings with their respective cloud provider and asking them exactly how will they be protecting their clients businesses?  What reassurances can they the Cloud Provider provide clients as to the additional controls they are putting in place to protect the clients investment in their services.   What monitoring capabilities does the Service Providers have in place and what enhancements to their existing Incident response procedures have been put in place i.e. will the client be notified before the Service Provider realises something has gone awry?

saeedakh
Viewer

This latest vulnerability has caused a huge concern for the IT industry in particular. Though the risk (when successfully exploited) is immense, the potential and possibility to exploit these vulnerabilities is not as simple/easy as it is perceived, for following basic reasons:

 

  • Both of these attacks (Meltdown and Spectre) are local attacks which means the vulnerability can’t be exploited just because the devices are connected to the network. It requires someone with an authorized access to the system (a legitimate but lower privilege) to exploit this vulnerability.
  • It’s closely similar to Privilege escalation attack which essentially allows an intruder to do bad stuff on a system that he already has access to (albeit only after manipulating to gain higher level access)
  • There is some possibility to launch Spectre attacks through Web (using malicious JavaScript)
  • Both of these attacks are READ-ONLY which means the possibility of forcing code execution in virtual machine, OS kernel or other programs, is bleak.

Some basic suggestions to Mitigate -

  • Apply the patches (BIOS and OS)
  • Harden & Isolate the the system/processes as best as possible.
  • Deploy Defense in Depth (aka Layered Security architecture)
  • Encrypt the files as needed
  • Strong Password with Salting protection
 
Just my 0.02 cents
 
Thanks
Saeed Akhter
Caute_cautim
Community Champion

Some good suggestions, augmented with identifying those assets affected, their criticality to the organisations business and potential impact, which will assist you to risk management the situation and priority.

 

The current collection and latest information can be found at: 

 

https://exchange.xforce.ibmcloud.com/collection/Central-Processor-Unit-CPU-Architectural-Design-Flaw...