• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Pandora’s Box of Processor Vulnerabilities is Open – Now What?

January 15, 2020 By The Editor

Security researchers shook the industry to its core back in 2018 when they disclosed Meltdown and Spectre, two serious vulnerabilities found in virtually every computer processor. Pandora’s box of processor security vulnerabilities had just been opened. One of the scariest parts is that these types of vulnerabilities are far more dangerous and effective when attackers use them in virtual environments, rather than non-virtual or desktop settings.

In his latest column for Dark Reading, WatchGuard’s senior security analyst, Marc Laliberte, explains how the processor speed race gave birth to attacks that abuse speculative execution processes, and ultimately why this issue is likely to cause industry leaders to develop separate lines of processors designed specifically to protect cloud applications from Meltdown, Spectre and the like. Here’s a brief excerpt from the article:

“Since Meltdown and Spectre’s disclosure, researchers have found several variants and other vulnerabilities that abuse speculative execution to access restricted memory. Intel and AMD, the two largest processor manufacturers, have been playing a cat-and-mouse game of patching these flaws, usually at the cost of processor performance. The performance loss has been up to 30% in extreme cases. This has led many desktop users, who are less impacted by Spectre, Meltdown, and the like, to disable the security options to retain more processing power. 

Mitigating this type of vulnerability in a cloud environment where security is paramount ranges from difficult to impossible. Patching these vulnerabilities requires difficult microcode updates to the processor itself. Because of these challenges, we’re likely heading towards a future where Intel and AMD manufacture different classes of processors that focus on either security or speed.”

Read the complete article on Dark Reading for more insights on the perils of speculative execution vulnerabilities in the cloud and how the industry will likely adjust to meet demands for both performance and security. And don’t forget to subscribe to Secplicity to receive the latest security news, analysis and best practices directly to your inbox.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: cloud security, meltdown, security, spectre

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use