As for DEFENDO owners there is no need to panic about "Meltdown" and "Spectre" because at first, in order to exploit the leak, malicious
code has to be executed at DEFENDO. But, under normal circumstances, no foreign code is executed at DEFENDO (in contrast to e.g. web browsers, loading java script from the net).
So, how can an attacker still take advantage of the leak?
- comes from inside: has stolen "admin" access
- from the internet: open SSH port with hacked "admin" access
- exploit of an unpatched security vulnerability which enables execution of code
- by physical system access: manipulate programs by installing hard disc at another system
Anyways, an update which fixes "Meltdown" has already been published.
The abuse of "Spectre" turned out to be VERY demanding, but, since we never underestimate any threat, we will gradually release
updates with patches during the upcoming weeks.
Background of our action plan:
- Intel attack "Meltdown" affects DEFENDO (Intel CPU)
- Attack "Spectre" affects DEFENDO (Intel) as well as DEFENDOORBITER (AMD)