Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-13 Thread Lelio Fulgenzi
Lovely. Just lovely. Sent from my iPhone > On Jan 13, 2018, at 11:13 AM, James Andrewartha > wrote: > > Hi Lelio, > > It’s not just Microsoft, now Intel’s saying that the microcode updates for > some of their CPUs are faulty:

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-13 Thread James Andrewartha
Hi Lelio, It’s not just Microsoft, now Intel’s saying that the microcode updates for some of their CPUs are faulty: https://kb.vmware.com/s/article/52345 Thanks, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob.

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-11 Thread Lelio Fulgenzi
Thanks for this great summary Ed. I'm on board. [image1.GIF] Sent from my iPhone On Jan 11, 2018, at 10:32 AM, Ed Leatherman > wrote: >From what info I'm aware of, hypervisor fixes (at least vmware) are not >resulting in a perceptible

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-11 Thread Lelio Fulgenzi
Thanks James. I think you hit on another issue. The fixes available may not be the last ones. More may come. Requiring additional service impacting maintenance windows. I believe there was also rumour of a Microsoft patch that broke things and people needed to rush to fix that. I think

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-11 Thread Ed Leatherman
>From what info I'm aware of, hypervisor fixes (at least vmware) are not resulting in a perceptible performance degradation, however fixes at the guest OS level are showing performance issues depending on the type of operation involved. To completely mitigate the vulnerabilities, seems like in

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread James Andrewartha
Hi Lelio, On 11/01/18 01:10, Lelio Fulgenzi wrote: > Ok. one last question (for now) >   > Why BIOS updates for C Series servers? >   > What do those updates address? >   > The CIMC application? Or more? I believe (but haven't done heaps of research) is that the BIOS updates contain microcode

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi
:59 AM To: James Andrewartha <jandrewar...@ccgs.wa.edu.au<mailto:jandrewar...@ccgs.wa.edu.au>>; Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>> Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Spectre

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ben Amick
puck.nether.net> Subject: RE: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems OK. Thanks. To be clear, by “administrators” I meant : a limited number of trusted users meant to access the machine, not necessarily those with administrator privileges. This is helping me buil

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ben Amick
; Ryan Ratliff (rratliff) <rratl...@cisco.com> Cc: voip puck <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems But that would mean my administrator is trying to exploit the system, wouldn’t it? Or are we saying tha

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi
Ryan Ratliff (rratliff) <rratl...@cisco.com> Cc: voip puck <cisco-voip@puck.nether.net> Subject: RE: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems Proper access control is always important and will theoretically mitigate many an issue. I believe your answ

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi
at 11:42 pm To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com<mailto:rratl...@cisco.com>> Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems OK – Just so I

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ben Amick
isco-voip@puck.nether.net> Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable… Is it because this is a “local attack” ? And needs someone to login to the shell? https://tools.cisco.

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread James Andrewartha
t;cisco-voip-boun...@puck.nether.net> on behalf of Lelio Fulgenzi <le...@uoguelph.ca> Date: Wednesday, 10 January 2018 at 11:42 pm To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com> Cc: voip puck <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] Spectre and Mel

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi
gt; Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems The only baremetal versions of those products that would require a patch are the ones that ran on Windows. Since we moved to linux root has been locked down and you can’t run custom code on the box, which is a r

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi
; Cc: voip puck <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems The only baremetal versions of those products that would require a patch are the ones that ran on Windows. Since we moved to linux root has been locked down a

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ryan Ratliff (rratliff)
oguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben Amick Sent: Monday, January 8, 2018 4:27 PM To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: [c

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-09 Thread Lelio Fulgenzi
From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben Amick Sent: Monday, January 8, 2018 4:27 PM To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems So I haven’t

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-09 Thread Lelio Fulgenzi
4:27 PM To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems So I haven’t had much time to look into this, but has anyone else compiled a list of or needs for remediation for ci