do-er for hire. He discovered computing around the time Intel released the 4004 chip, in 1971. After 1979 he worked across most sectors, educational, commercial and finance, in some seriously technical, managerial and hands-on roles. Brian organises Linuxing In London, co-organises London JavaScript Community and Covent Garden Pi Jam. He is rather fond of opera and history books. NB: Brian speaks in paragraphs. Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
verbal equivalent of Wikipedia on everything about Meltdown and Spectre. However, it will provide: A quick introduction to issues relating to Meltdown and Spectre, but it is an exceedingly complex topic, a Frequently Asked Questions (FAQ) and links are provided at the end of the presentation. Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
Knowledge Patch - a software fix for a problem or security weakness Exploit - a bug/weakness which allow access to a PC/laptop/server Kernel - essense of an operating system, does the complex stuff CVE - Common Vulnerabilities and Exposures is a database of publicly known vulnerabilities. Chip/Processor/CPU - used interchangeably (incorrectly) Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
know your systems, monitor for odd activities, have a plan. Don’t accept anything from unverified sources Use an ad block Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
your system Practice IT hygiene Install a good Ad Blocker Update and upgrade your kernel regularly (every 1-3 days) Get to know GRUB Backups, backups and more backups (test them too). Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
laptops, tablets, servers, everything Compile a risk register, what is important and what is not. Check with specific vendors, suppliers etc for patches Plan a rollback strategy Make extra backups Study the experience of others with similar equipment Revise your implementation plan Implement patches and upgrades selectively at first. Monitor CVE and key new channels for IT security weaknesses Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
Because they are built in to most processors in the world, in the order of about a billion. 2. What platforms do they affect? Nearly everyone from Intel, AMD, the Power architecture, and some ARM processors (although not all), i486DX and before should be OK Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
has admitted that they are as affected as anyone else. 4. I have Windows 10. Ha ha ha. Good luck! 5. When were these vulnerabilities discovered? June to July 2017 but became public knowledge in January 2018. Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
same path of Investigation but most are credited to researchers at a German institution, IAIK at Graz University and the Google Zero Project. Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
was an embargo until the 9th of January agreed by many parties but it was leaked by the Register. It appears that different groups found out at different times. Whereas the Linux kernel developers knew what was going on but kept it to themselves, the BSD developers did not know about it and have been playing catch-up. Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
also move to the latest Linux kernel and have a rollback plan if changes cause reboots or minor problems. Be on Twitter, follow the latest updates on these vulnerabilities. Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
what's at risk by Josh Fruhlinger https://www.csoonline.com/article/3247868/vulnerabilities/spectre- and-meltdown-explained-what-they-are-how-they-work-whats-at-ris k.html Those huge CPU vulnerabilities, Meltdown and Spectre, explained by Jack Morse http://mashable.com/2018/01/04/spectre-meltdown-explained/#e5 hw5kcmBmqK Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
performance by Ben Treynor Sloss https://www.blog.google/topics/google-cloud/protecting-our-google -cloud-customers-new-vulnerabilities-without-impacting-performanc e/ Meltdown and Spectre Linux Kernel Status by Greg Kroah-Hartman http://kroah.com/log/blog/2018/01/06/meltdown-status/ Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 by Red Hat https://access.redhat.com/security/vulnerabilities/speculativeexecuti on Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
Reading privileged memory with a side-channel by Jann Horn, Project Zero https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged -memory-with-side.html About speculative execution vulnerabilities in ARM-based and Intel CPUs by Apple https://support.apple.com/en-gb/HT208394 Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
ctre-cpu-bugs Detection of the Meltdown and Spectre Vulnerabilities https://research.checkpoint.com/detection-meltdown-spectre-vulner abilities-using-checkpoint-cpu-level-technology/ Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
update compatibility matrix by Kevin Beaumont https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpz AtckQxYiuirADzf3cL42FQ/edit#gid=0 Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]
brianlinuxing
araihara
yutailang0119
donabe3
kzkmaeda
badams
hayatokudou
soudai
eventhub
siropaca
hirotomotaguchi
tattaka
yoshiiryo1
keithpitt
cassininazir
hannesfritz
lara
eileencodes
jonyablonski
morganepeng
maltzj
tammielis
stephaniewalter
lynnandtonic
colly
![VT100 terminal Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]](https://files.speakerdeck.com/presentations/b305d8261abb4c2b9ea8c83ef3b86cf8/slide_3.jpg){kind=link}
![5 minutes or 50? Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]](https://files.speakerdeck.com/presentations/b305d8261abb4c2b9ea8c83ef3b86cf8/slide_4.jpg){kind=link}
![Intel CPU Meltdown and Spectre Twitter:@BrianLinuxing Email: [email protected]](https://files.speakerdeck.com/presentations/b305d8261abb4c2b9ea8c83ef3b86cf8/slide_6.jpg){kind=link}
