Meltdown & Spectre

What’s the problem?

In many processors, unauthorized memory access is possible during speculative execution of code. Under certain circumstances, this vulnerability can be exploited by malicious code. Such code can also originate from JavaScript executed in the user’s browser, or from other virtual servers in the cloud. In a blockchain, the potential threat comes from scripts executed to carry out transactions (e.g. Bitcoin (un)locking scripts, Chaincode by HyperLedger).

 

How long have we known about the issue?

Google and Graz University of Technology have known about the issue since the summer of 2016.

 

Have Spectre and Meltdown already been exploited?

It’s possible. However, to the best of our knowledge, no exploits have yet come to light.

 

Have there been similar issues in the past?

Intel had a problem with its processors in 2012 (http://www.kb.cert.org/vuls/id/649219), but not on the same scale. These issues are usually dealt with secretly until patches are available. In the case of Spectre and Meltdown, the issues came to light before the planned patch day (9.1.18).

 

What can be done?

Patch the operating system of all devices with affected processors.

 

Where can I find more information?

More information can be found here:

 

Complete Revision of the Federal Data Protection Act

The complete revision's draft of the Federal Data Protection Act is currently in political consultation. Data Protection is to be increased by giving people more control over their private data as well as reinforcing transparancy regarding the handling of confidential data.

Links: draft, report

Eurospider Information Technology AG
Schaffhauserstrasse 18
8006 Zürich

 

Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok Decline