Thursday, January 4, 2018

Tech Tip Tuesday - Meltdown and Spectre The vulnerabilities of the year are here and it pretty much effects everything with a processor that was made in the last 20 years. Meltdown and Spectre were responsibly disclosed to manufacturers a few months ago and it is just now becoming public. Microsoft has issued out of cycle (not Patch Tuesday) update and other vendors are doing the same. Here are a couple of good talking points for each vulnerability. “Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.” “Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre” https://meltdownattack.com/ If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

No comments:

Post a Comment