[OPLIN 4cast] OPLIN 4Cast #576: Meltdown and Spectre Security Attacks

OPLIN Support support at oplin.ohio.gov
Wed Jan 10 10:30:05 EST 2018 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4Cast #576: Meltdown and Spectre Security Attacks
January 10th, 2018

[image: Laptop showing SECURITY BREACH] The news went public last week of
the discovery of two major vulnerabilities with widespread impact,
affecting personal computers, mobile devices, and cloud services.
"Meltdown" allows user applications (like browsers) to access kernel
memory, normally reserved for the operating system. The "Spectre"
vulnerability exploits techniques normally used to speed up processing, and
tricks other applications into revealing information in their memory
structures. The major web browser providers are issuing patches as a first
line of defense. Initial concerns were that operating system fixes could
slow processing by up to 30%. Of most concern are cloud services; while
there is no indication that the exploits currently available could work
against these platforms, companies are taking the threat seriously and
doing everything they can to contain it.

   -
   - Researchers Discover Two Major Flaws in the World’s Computers
   <https://www.nytimes.com/2018/01/03/business/computer-flaws.html> [New
   York Times | Cade Metz & Nicole Perlroth] "To take advantage of
   Meltdown, hackers could rent space on a cloud service, just like any other
   business customer. Once they were on the service, the flaw would allow them
   to grab information like passwords from other customers. That is a major
   threat to the way cloud-computing systems operate."
   - Microsoft reveals how Spectre updates can slow your PC down
   <https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown>
   [The Verge | Tom Warren] "Microsoft is essentially warning server customers
   to make a tricky choice between security and performance."
   - Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are
   doing about it
   <https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/>
   [Ars Technica | Peter Bright] "Longer term, it seems likely that Meltdown
   will recede into the distance—an annoyance, perhaps, but fully patched and
   protected against—but the rather more subtle Spectre is going to be with us
   for a while."
   - Microsoft pauses AMD updates for Spectre and Meltdown after consumer
   issues
   <https://www.washingtonpost.com/news/the-switch/wp/2018/01/09/microsoft-pauses-amd-updates-for-spectre-and-meltdown-after-consumer-issues/>
   [Washington Post | Hamza Shaban] "Microsoft appears to pin the blame on the
   faulty updates with the manufacturer. 'After investigating, Microsoft has
   determined that some AMD chipsets do not conform to the documentation
   previously provided to Microsoft to develop the Windows operating system
   mitigations to protect against the chipset vulnerabilities known as Spectre
   and Meltdown.'"

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Crosman, Penny. "What Bankers Need to Know about Meltdown, Spectre
   Chip Flaws
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=buh&AN=127163777&site=ehost-live>
   ." *American Banker*, vol. 183, no. 6, 09 Jan. 2018, p. 1.
   - Fox-Brewster, Thomas. "Will Huge Chip Vulnerabilities Lead to Mass
   Intel, AMD and ARM Recalls?
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=buh&AN=127125329&site=ehost-live>
   " *Forbes.Com*, 04 Jan. 2018, p. 1.
   - White, Jeremy B. "Spectre and Meltdown Bugs Affect ‘Almost All’ Mac
   and iOS Devices, Says Apple
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=cmh&AN=4HGINDINMLMMGLSTRY000029858040>
   ." *Independent (UK)*, 06 Jan. 2018.

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL: http://www.oplin.org/4cast/
   index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast
   <http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20180110/d7c9f642/attachment.html>

More information about the OPLIN4cast mailing list