So, 2018Â has really kicked off with a bang! Â If you use a computer, tablet, phone, etc (hint, if you think you’re not then how are you reading this page 😉 )… then you really need to be aware of one of the latest vulnerabilities … and, I would argue, one of the most significant the IT industry has faced to date!
World, meet Meltdown and Spectre
What is Meltdown/Spectre?
For a rather interesting variety of reasons, I’m actually not going to cover the detail of what these vulnerabilities are, what they affect, or how they work.  These have been well documented in many different locations, and you only need to Googleâ„¢ the two names to find out more (or, you could use one of the reference links below!).
What should I do?
A purely personal perspective … would be to:
- Patch in a non-production environment
- Test
- Test
- Test again
- Then, carefully promote to production, having taken into account a risk-based approach
That patching is required is well documented, and clear.  What is also clear is that there is an evolving set of patches from many different vendors.  Before applying any patches, understand what is needed, understand what they do, verify that you have the latest information available.  And please … test!
Did someone say “performance”?
There is a lot of ahem “speculation” about whether implementing the various mitigation patches will affect the performance of a system/device.  Without offering an opinion either way, I did find the following article from Olaf Kirch, Distinguished Engineer and VP of Engineering at SUSE, very interesting.  In this article, he explains why it is so difficult to predict the performance impact of these mitigations and why the only real answer is to do your own benchmarks.
https://www.suse.com/c/meltdown-spectre-performance/
Reference Links
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
- https://meltdownattack.com
- https://spectreattack.com
- https://exchange.xforce.ibmcloud.com/collection/Central-Processor-Unit-CPU-Architectural-Design-Flaws-c422fb7c4f08a679812cf1190db15441
One Reply to “2018 brings … Meltdown and Spectre!”
Comments are closed.