Lucky Dip

 In ITC's Threat of the Week

An unusually slow week at the coalface with a distinct lack of the shrieking headlines to which we like to add perspective.

In January, we did two pieces that discussed the Spectre and Meltdown processor issues. Between the two of these issues, they affect pretty much every processor ever made and result in naughty code being able to read the protected memory space of other instances or programs sharing the same processors (Virtual Machines included).

The newswires have been buzzing about the subject since January including announcements of yet more issues and furious debates about the efficacy and risks of implementing patches.

It seems that the first patches from Intel whose chips are pretty much all vulnerable, borked the host operating system(s) in a number of cases. To that end Intel has released a second set of patches for many of its chips and has a road map for the rest of them.

Obviously upgrading Microcode is no walk in the park and it is probably best to let someone else test these updates in anger before committing yourselves. Nobody knows for instance the performance implications, let alone stability!

Following someone else’s testing, our initial advice on patching priority still stands even though attacks have not yet been seen in the wild.

We know that we are paranoid, but if you ever think that we would advise against patching, you have another thing coming!

If this week hasn’t done for your brains, you might remember that last week’s blog was to do with the rise and rise of crypto mining. This week has seen a number of high profile articles about crypto mining in general, including the somewhat astonishing fact that the power people of Iceland (the country not the frozen food emporium) are saying that more energy will be used on crypto mining than by the population. Iceland is very popular amongst mining crews on account of the very cheap power.

On the dark side of mining, the systems that power the interactive murder map of the LA Times (yes, an interactive murder map is a real thing!) were compromised to mine for the digital goodness. This went unnoticed for a couple of weeks and has now been dealt with – if you are hosting sites driven by Java, beware. Read all about it on our friend Graham Cluley’s blog for Tripwire.

Remember Marcus Hutchins – Saviour of the NHS, currently on bail in the USA? As promised, we have been keeping a watch on him but after all this time have decided to leave him to his day in court. The guy’s Twitter feed is banal with a whiff of some sort of superiority complex. That’s the Snowflakes for you. Fingers crossed he gets off though, those American prisons are basically slave labour.

Please contact us on: enquiries@itcsecure.com or call 020 7517 3900 if you would like to discuss Chipzilla, crypto mining or pretty much anything else related. Have a nice weekend.

Author: Kevin Whelan

Recent Posts

Leave a Comment

totwtotw