Still don’t believe in ghosts?
Ever since we started writing about the Spectre and Meltdown side-channel processor vulnerabilities, we have urged everyone to take the threat very seriously and to implement patches after thorough testing and probably a couple of versions, certainly not version 0.01 given that the patches go straight to the core of your precious machineses.
In case six months at the coal-face have addled your personal circuits, here’s a quick refresher. Side channel attacks use processor functionality, predominately designed for performance, to extract data from parts of memory that should not be visible – like the cache from an adjacent process or virtual machine. The theory which has now been proved many times over in the Lab at least, and possibly (according to some of the many cynics in our circle) in the wild by nation states for some time, is that these techniques can be used to leak sensitive data such as cryptographic keys. Ouch.
As our previous article went to great lengths to explain, we believed then and still do, that it is when, not if, these techniques will be used by criminal masterminds (mwahahaha) for nefarious purposes.
It is a shame that many of our customers, friends, family and the rest have not heeded this warning, somewhat in the manner of a flat earther. It would obviously have been easy to say Ostrich right there but it turns out during exhaustive research for this blog that Ostriches put their head in the sand to turn their eggs, not to ignore impending doom, who knew?
As time moves on, the judgement hour comes ever closer. Two announcements this week should sharpen the attention of even the biggest naysayers. You know who you are.
The first is that the thoroughly good, security focussed eggs at Open-BSD have announced that they will be disabling support for Intel’s hyper-threading technology because they are concerned about Spectre type attacks. Now we know that you have all had enough of ‘so-called’ experts but when Mark Kettenis (of OpenBSD) speaks, we listen. So should you.
So, please take these threats very seriously. Please re-read our earlier missive and make a plan because this stuff is coming down the pipe.
If you would like us to help you assess your risk to these or any other cyber threats, please contact us at: [email protected] or call 020 7517 3900 and one of our charming colleagues will be more than happy to help.