Re: [Astlinux-users] Spectre / Meltdown

Mon, 22 Jan 2018 09:43:45 -0800 

Hi Lonnie,

Thanks for the kind words.  The pleasure is mine!  

The only untrusted user of my AstLinux box is me.  But I'm not allowed to add 
executable binaries so we're probably OK.   

As always, I appreciate your insight.  

Dan
On Mon, Jan 22, 2018 at 11:04 AM, Lonnie Abelbeck  wrote:
Hi Dan,  Always a pleasure to hear from you ...

This topic has been under private discussion within the AstLinux team ... I 
won't speak for others but I will share my personal thoughts.

The Cisco folks offer this nice Summary ...
--
Cisco: CPU Side-Channel Information Disclosure Vulnerabilities

"To exploit any of these vulnerabilities, an attacker must be able to run 
crafted code on an affected device. Although the underlying CPU and operating 
system combination in a product may be affected by these vulnerabilities, the 
majority of Cisco products are closed systems that do not allow customers to 
run custom code on the device, and thus are not vulnerable. There is no vector 
to exploit them."

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
 
(https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel)
--

AstLinux is the same sort of fixed-code device (appliance) ... "There is no 
vector to exploit them (the vulnerabilities)."

Let's assume you do not allow untrusted users adding executable binaries to 
your AstLinux box :-)

My opinion, keep your AstLinux network stack as locked down as possible, only 
enable services you need, use a VPN for remote management, and keep up with the 
latest AstLinux security fixes we offer.

Lonnie

On Jan 22, 2018, at 5:34 AM, Dan Ryson  wrote:

Hi,

Considering the prominence of Spectre and Meltdown discussions in the trade 
press, I must ask:  What is the prevailing advice for those (like me) who are 
running Internet-facing AstLinux systems on Intel hardware?

Thanks,

Dan

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to