• Risk Based Security brings some sanity to the Meltdown debacle

    Posted on January 9, 2018 at 15:52 CST by Comment in the Forums

    I just finished reading this article, recommended by Kevin Beaumont. The Slow Burn of Meltdown and Spectre: Exploits, Lawsuits, and Perspective.

    Here’s the conclusion:

    Vulnerabilities are disclosed every day, to the tune of over 20,000 new disclosures in 2017 alone. Just because a vulnerability receives a name, a website, and/or a marketing campaign does not necessarily mean it is high risk or that it will impact your organization. As always, we strongly encourage organizations to cut through the noise and focus on the details relevant to them, and make a decision based on that alone.

    I repeat – forgive me if you’ve heard this before – but there are NO KNOWN Meltdown or Spectre exploits in the wild. Folks who run servers with sensitive data — banks, brokerage houses, military contractors, cryptocurrency exchanges — need to be concerned about Meltdown and Spectre in the near term, realizing that the data can only be snooped if you allow an unauthorized program to run on your server.

    For everybody else, the first attacks (if there ever are any) are likely to come through web browsers. You need to harden your browser as soon as the update is available. You’ll want to install the new Windows patches as soon as they pass muster. And you need to get your BIOS or UEFI updated one of these days. But there’s no big rush.

    What you’re witnessing is a colossal “Sky is Falling” routine, aided and abetted by folks who are going to make money from the havoc.

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.