Meltdown and Spectre
As for DEFENDO owners there is no need to panic about "Meltdown" and "Spectre" because at first, in order to exploit the leak, malicious
code has to be executed at DEFENDO. But, under normal circumstances, no foreign code is executed at DEFENDO (in contrast to e.g. web browsers, loading java script from the net).
So, how can an attacker still take advantage of the leak?
- comes from inside: has stolen "admin" access
- from the internet: open SSH port with hacked "admin" access
- exploit of an unpatched security vulnerability which enables execution of code
- by physical system access: manipulate programs by installing hard disc at another system
Anyways, a DEFENDO update with patches for both, "Meltdown" and "Spectre", has already been published.
Background of our action plan:
- Intel attack "Meltdown" affects DEFENDO (Intel CPU)
- Attack "Spectre" affects DEFENDO (Intel) as well as DEFENDOORBITER (AMD)