Meet the Author

  • Matt Lintott
  • Operations Director

Matt has been a professional in media and technology since the mid 90’s having started with Dabs which was among the first e-commerce companies in existence. Moving over to roles with companies like Thompsons Reuters, ITN and was involved in the latest technologies for a variety of banks and corporates. Nothing excites Matt more than innovations in tech and getting hands on the latest kit. Matt has been at Lab for a decade steering adoption of new technologies to keep Lab and its clients at the forefront of innovation. Outside of Lab - Matt is a keen photographer and videographer having rediscovered a passion for shooting and editing. Catch up with Matt on Twitter @mattlintott 


Takeaways

  • Project Zero have uncovered major vulnerabilities in processors going back as far as 1995 - how can you protect yourself from the recently discovered security threat?

Meltdown & Spectre: The security flaw that affects us all


09 January 2018
Thought Leadership
2 mins

This week, Google's in-house security team known as Project Zero announced details of multiple major security flaws affecting processors dating back as far as 1995 from Intel, AMD and ARM CPUs, regardless of the operating system – so there won’t be anyone unaffected here.


These flaws have been named as Meltdown: https://meltdownattack.com/ and Spectre: https://spectreattack.com/


These vulnerabilities could potentially allow an attacker to read arbitrary memory locations on a server,  workstation or any device, thus leaking highly sensitive information such as passwords, private data or customer data. This affects both physical and virtual servers, workstations and devices.


Companies including Microsoft, Amazon, Apple and Google are in the process of issuing patches* which should be available in the next few days, with some beta versions already available for testing. Patches are now available for some Windows and Linux builds. For Linux these are now making their way into downstream distributions.
*Patches are normally small (but sometimes large) updates to the software or data that are meant to improve the solution, often through performance or security improvements, but also could be bug fixes to resolve a problem.


Whilst it may sound crazy, this also affects tablets and mobiles. You’ll see press coverage aimed at Intel and Apple as that will generate clicks for the articles, but it will literally affect everyone.


Performance Impact


As the vulnerability is due to a physical hardware design flaw, patches to fix these vulnerabilities require extensive changes to the operating system kernels. These fixes unfortunately have a significant performance impact.


It has been reported that systems can expect a 5-30% performance drop depending on the nature of the workload. There are some reports of up to 60% in certain test cases. This may impact website performance, causing longer page load times. Monitoring reports will be reviewed to indicate what impact has been identified, and your Digital Planner and Support team will work with you to identify where this can be recovered.


Public Information


The vulnerabilities have the following CVE codes:


Additional information can also be found here:


Managed Hosting

 

Lab clients with Support and Maintenance will be getting these patches applied as quickly as possible, and where Lab don’t manage or assist with hosting - we will be available to work with our clients to ensure everything is done correctly. This is regardless of platform, so everyone will need it.


Lab normally operate a strict deployment window for updates and patches, but these may need to be escalated to get the patches deployed as quickly as possible.

If you have any concerns, please reach out to the Lab Support Team, or your Digital Planner, who can organise a discussion.



Takeaways

  • Project Zero have uncovered major vulnerabilities in processors going back as far as 1995 - how can you protect yourself from the recently discovered security threat?

Meet the Author

  • Matt Lintott
  • Operations Director

Matt has been a professional in media and technology since the mid 90’s having started with Dabs which was among the first e-commerce companies in existence. Moving over to roles with companies like Thompsons Reuters, ITN and was involved in the latest technologies for a variety of banks and corporates. Nothing excites Matt more than innovations in tech and getting hands on the latest kit. Matt has been at Lab for a decade steering adoption of new technologies to keep Lab and its clients at the forefront of innovation. Outside of Lab - Matt is a keen photographer and videographer having rediscovered a passion for shooting and editing. Catch up with Matt on Twitter @mattlintott