Skip to main content

Statement Regarding Intel Bug

I am at a loss for words. As the reality of the Intel bug settles in, the tech community has been shaken. For years we have falsely assumed the security of virtualization technologies. The convenience and ease of ‘spinning up’ and ‘blowing away’ vms (virtual machines) in server farms has become standard practice across the globe. Even McAfee Media Solutions utilizes virtualization to manage our web and vpn servers; helping us reduce costs and insure greater up times.

However, with the introduction of today’s security patches, we have learned a terrible lesson. Not only are virtual servers on Intel systems insecure, the only fix may cause literal crippling reductions in speed. Some independent testing is reporting as high as a 20-30% reduction in speeds. And this doesn’t just affect servers. Users of any Intel chipsets produced in the last decade will be effected. This includes any Apple laptop, desktop, or server produced since 2005, all Intel based Windows systems, and all Intel based Linux systems. Currently, AMD processors are not affected.

Today marks a historic benchmark in our society.

Today may be the day society learns just how much we depend on these fragile devices, and how important they are to us.

With the reduction in speeds that may be present across the cloud, we may see these speed reductions come to cripple the services we utilize day in and day out. This would mean any service ran on Amazon’s Web Services (e.g. Netflix), the entirety of Google’s infrastructure (e.g. Gmail, Drive, Docs) and Microsoft’s One Drive and Office 360 lines.

As we move forward, I will do my best to inform, educate, and help mitigate this issue to have the lowest impact possible on our clients and their services. We will begin looking into replacing or mirroring our Intel servers with the comparable AMD Ryzen chipset and will consult with others as necessary to insure the safety and security of our systems.

Additional information regarding the identification of this bug and its consequences are available in the Sysadmin subreddit and at The Register.

Popular posts from this blog

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories.  Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous  Put a castiron in a cold oven at 425°.  Remove when preheat finishes and melt in a 1\4 stick of butter.   Pour in batter.  Top with parm and fresh herbs.  Cook 15m.