Ian Pratt, Bromium Co-Founder, Speaks on Spectre and Meltdown – Video, Part 1
- The Intel chip vulnerability triggered Spectre and Meltdown – information leakage vulnerabilities.
- Both let attackers that have execution in some unprivileged user space to read data belonging to other processes, even more privileged ones including the kernel itself.
- Meltdown only effects Intel CPUs, whereas the Spectre vulnerability is present on pretty much all modern CPUs including Intel and AMD, and even different architectures such as ARM.
We asked our founder, Ian Pratt, to talk to us about Spectre, Meltdown and what this means to the industry and to Bromium customers. He also wrote up these notes to accompany the video. This is part one of a three-part series (see part two and part three). We have a blog with information for Bromium customers – the most important thing is to make sure you get the Bromium upgrade before you patch Windows – and we’re here to help if you have additional questions.
Watch: ransomware contained in a micro-VM.
Spectre, Meltdown and what this means to computing.
These two vulnerabilities were found via security research by many groups around the world, but primarily Google and Graz University of Tech. They independently started investigating the security consequences of some microarchitectural features (speculative execution and branch predictors) that started being introduced on CPUs 20 years ago with the Pentium Pro, and have become ever more sophisticated in the quest for better performance.
Read the entire article here, Ian Pratt, Bromium Co-Founder, Speaks on Spectre and Meltdown [Video, Part 1]
via the fine folks at Bromium