{"id":2017,"date":"2018-01-03T23:18:45","date_gmt":"2018-01-04T04:18:45","guid":{"rendered":"http:\/\/lisa.rushworth.us\/?p=2017"},"modified":"2018-01-04T14:15:08","modified_gmt":"2018-01-04T19:15:08","slug":"spectre-meltdown","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=2017","title":{"rendered":"Spectre &#038; Meltdown"},"content":{"rendered":"<p>The academic whitepapers for both of these vulnerabilities can be found at\u00a0<a href=\"https:\/\/spectreattack.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/spectreattack.com\/<\/a> &#8212; or <a href=\"http:\/\/www.theregister.co.uk\/2018\/01\/04\/intel_amd_arm_cpu_vulnerability\/\" target=\"_blank\" rel=\"noopener\">El Reg&#8217;s article<\/a>\u00a0and <a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/\" target=\"_blank\" rel=\"noopener\">their other article<\/a> provide a good summary for those not included to slog through technical nuances. There&#8217;s a lot of talk about chip manufacturer&#8217;s stock drops and vendor patches &#8230; but I\u00a0<em>don&#8217;t<\/em> see anyone asking how bad this is on hosted platforms. Can I sign up for a free Azure trial and start accessing data on\u00a0<em>your<\/em>\u00a0instance? Even if they isolate free trial accounts (and accounts given to students through University relationships), is a potential trove of data worth a few hundred bucks to a hacker? Companies run web storefronts that process credit card info, so there&#8217;s potentially profit to be made. Hell, is the data worth a few million to some state-sponsored entity or someone getting into industrial espionage? I&#8217;m really curious if MS uses the same Azure farms for their hosted Exchange and SharePoint services.<\/p>\n<p>While Meltdown has patches (not such a big deal if you&#8217;re use cases are GPU intensive games, but does a company want a 30% performance hit on business process servers, automated build and testing machines, data mining servers?), Spectre patches turn IT security into TSA regulations. We can make a patch to mitigate the last exploit that occurred. Great for everyone else, but doesn&#8217;t help anyone who experienced that last exploit. Or the people about to get hit with the\u00a0<em>next<\/em> exploit.<\/p>\n<p>I wonder if Azure and AWS are going to give customers a 5-30% discount after they apply the performance reducing patch? If I agreed to pay\u00a0<em>x<\/em>$ for y processing capacity, now they&#8217;re supplying 0.87<em>y<\/em> &#8230; why wouldn&#8217;t I pay 0.87<em>x<\/em>$?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The academic whitepapers for both of these vulnerabilities can be found at\u00a0https:\/\/spectreattack.com\/ &#8212; or El Reg&#8217;s article\u00a0and their other article provide a good summary for those not included to slog through technical nuances. There&#8217;s a lot of talk about chip manufacturer&#8217;s stock drops and vendor patches &#8230; but I\u00a0don&#8217;t see anyone asking how bad this &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,29],"tags":[479,477,476,69,475,478],"class_list":["post-2017","post","type-post","status-publish","format-standard","hentry","category-system-administration","category-technology","tag-cloud-computing","tag-it-security","tag-meltdown","tag-security","tag-spectre","tag-vulnerabilities"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/2017","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2017"}],"version-history":[{"count":6,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/2017\/revisions"}],"predecessor-version":[{"id":2023,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/2017\/revisions\/2023"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2017"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2017"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2017"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}