DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Join us tomorrow at 1 PM EST: "3-Step Approach to Comprehensive Runtime Application Security"
Save your seat
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. One Year Later, Looking Back at Meltdown and Spectre Bugs

One Year Later, Looking Back at Meltdown and Spectre Bugs

It’s been a year since the IT world experienced two of the worst bugs in history: Meltdown and Spectre.

Giridhara Raam user avatar by
Giridhara Raam
·
Jan. 03, 19 · Analysis
Like (2)
Save
Tweet
Share
6.20K Views

Join the DZone community and get the full member experience.

Join For Free

Image title

It’s been a year since the IT world experienced two of the worst bugs in history: Meltdown and Spectre. These well-known bugs are complicated to resolve, mostly due to the exploited vulnerabilities' ubiquity. Both bugs manipulate the fundamental structure of modern processors, so resolving these bugs requires most processor manufacturers to redesign the entire framework of their processors.

Intel, AMD, ARM, and even Nvidia were victims when these bugs were disclosed to the public in January of 2018. Security professionals around the globe raced to patch their machines as soon as vendors released them. OS and firmware-level patches eliminated the vulnerabilities these bugs exploit, but CPU performance took a hit. The only permanent fix that didn't impact CPU performance was at the hardware level — but that means developers had to rethink the framework of processors. Some, like Intel, already had.

Flashback to These Catastrophic Bugs

Jann Horn, from Google's Project Zero team, was first to discover the vulnerabilities that Meltdown and Spectre exploited. After these bugs were identified and reported, temporary patches were deployed, but unfortunately, many of these patches affected device performance.

Meltdown targets a vulnerability that exists between a system and the applications running on that system, while Spectre targets a vulnerability between the applications themselves. Spectre is often considered to be more problematic than Meltdown due to how complicated it was to resolve.

New Variants of Meltdown and Spectre

In May of 2018, two new variants of Meltdown and Spectre were reported:

The first was Rogue System Register Read, a vulnerability that potentially allows cybercriminals with local access to read system data through side-channel analysis. This could allow them to steal business-critical information.

The second was a Speculative Store Buffer Bypass, a subgroup of the speculative execution side-channel vulnerability that Meltdown and Spectre use.

Reports in the Wild

Though there were no reports in the wild of Spectre and Meltdown being maliciously used, security firm AV-TEST released a report indicating in February 2018 that there were 139 different types of malware related to these CPU vulnerabilities.

The issue with the Meltdown and Spectre bugs is that they leave no trace in traditional log files. A user or admin will never be able to track a cybercriminal's path if they use either of these bugs.

Fix From Intel Corporation

Intel has introduced 9th generation processors that include permanent fixes to the vulnerabilities that Meltdown and Spectre exploit.

At Intel's Fall Desktop Launch event, they stated "...[our] new desktop processors include protections for the security vulnerabilities commonly referred to as 'Spectre,' 'Meltdown,' and 'L1TF.' These protections include a combination of the hardware design changes we announced earlier this year as well as software and microcode updates."

Best Practices to Enhance Cybersecurity for 2019

  1. Always keep your software and hardware updated. Utilize automated patching procedures, specifically with options for customization.
  2. Enforce privileged access management onto business sensitive data.
  3. Update your devices. This one may require some time, but it seems like upgrading to the newest generation of processors can be an option for eliminating these bugs from your network without sacrificing performance.
  4. Cyber awareness also equally contributes to building and sustaining an effective cybersecurity strategy. Keeping up-to-date with cyber trends can be highly beneficial to combat unforeseen threats. Take this quiz to self evaluate your cyber knowledge.

Upgrading all your hardware can take a while, so make sure you deploy the necessary patches, in the meantime, to keep your system free from these speculative execution flaws. Looking back at these major bugs in 2019 will remind us how critical regular patching is and why businesses should never take cybersecurity procedures lightly. Patching can also help businesses defend against ransomware, which has become a persistent threat over the last few years.

Cybersecurity Ventures predicted that ransomware will cost businesses across the globe an estimated $11.5 billion by the end of 2019. Is your business secure enough to face the new year? Start the new year off right by making sure all your systems and applications are up to date.

Vulnerability

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • PostgreSQL: Bulk Loading Data With Node.js and Sequelize
  • Top Five Tools for AI-based Test Automation
  • What Should You Know About Graph Database’s Scalability?
  • Why Does DevOps Recommend Shift-Left Testing Principles?

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: