open source insight: meltdown, spectre security flaws “impact everything”

16
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything” Fred Bals | Senior Content Writer/Editor

Upload: black-duck-software

Post on 21-Jan-2018

98 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

Open Source Insight:Meltdown, Spectre Security Flaws “Impact Everything”

Fred Bals | Senior Content Writer/Editor

Page 2: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

Cybersecurity News This Week

Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”

In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.

Page 3: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

• Today's CPU Vulnerability: What You Need

to Know

• Meltdown, Spectre: What We Know About

the Major Cyber Security Flaws and How to

Protect Yourself

• Cyber Security Predictions 2018

• Reshaping Automotive Design

• Threat Identification Tool for Cybersecurity

in Self-Driving Cars

Open Source News

Page 4: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

More Open Source News

• Assessing Risk: Identifying and Analyzing Cybersecurity Threats to Automated Vehicles

• Containers and the Question of Trust

• 10 Open Source Technologies You’ll Need to Know in 2018

• Zealot Loads Cryptocurrency Miner on Linux, Windows Machines

• Is Breach of the GPL License Breach of Contract?

Page 5: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

via Google Security blog: Last year, Google’s Project

Zero team discovered serious security flaws caused by

“speculative execution,” a technique used by most modern

processors (CPUs) to optimize performance. These

vulnerabilities affect many CPUs, including those from AMD,

ARM, and Intel, as well as the devices and operating systems

running on them.

Today's CPU Vulnerability: What You Need to Know

Page 6: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

Meltdown, Spectre: What We Know About the Major Cyber Security Flaws and How to Protect Yourself

via Newsweek: The discovery of massive cyber security flaws affecting nearly every computer and device has sent developers across major platforms around the world racing to roll out fixes for the bugs.

Page 7: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

via ITProPortal: 2017 was certainly a year

to be noted for cyber-attacks and 2018 is

going to be equally scorching. Expect

more devastating cyber attacks aimed at

businesses and even mobile phones next

year.

Cyber Security Predictions 2018

Page 8: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

Reshaping Automotive Design

via Semiconductor Engineering: In markets such as mobile phones or computers, if any part of a system failed, it typically was patched with software and replaced in the next rev of a product, which usually was sometime in the next few years. But with safety critical markets, such as automotive, industrial or medical, these parts need to function reliably for 10 to 15 years.

Page 9: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

via Phys Org: Hypothetical scenarios—posited in a new white paper by University of Michigan researchers working with Mcity—illustrate the breadth of the cybersecurity challenges that must be overcome before autonomous and connected vehicles can be widely adopted. While every new generation of auto tech brings new security risks, the vulnerabilities that come along with advanced mobility are both unprecedented and under-studied, the paper states.

Threat Identification Tool for Cybersecurity in Self-Driving Cars

Page 10: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

Assessing Risk: Identifying and Analyzing Cybersecurity Threats to Automated Vehicles

via University of Michigan: Driverless vehicles will be at least as vulnerable to all the existing security threats that regularly disrupt our computer networks. That could include data thieves who want to glean personal and finance information, spoofers who present incorrect information to a vehicle, and denial-of-service attacks that move from shutting down computers to shutting down cars.

Page 11: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

via SC Magazine: Existing software

development and security methodologies may

need to be modified to better support a new way

of developing, running, and supporting

applications made possible by containerization

says Black Duck technical evangelist, Tim

Mackey.

Containers and the Question of Trust

Page 12: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

10 Open Source Technologies You’ll Need to Know in 2018

via Datamation: In Black Duck's 2017 Open Source 360° Survey, 77

percent of enterprises surveyed said they use open source to build

internal applications, 69 percent said that they use it to create

customer applications and 69 percent said that open source powers

their infrastructure. And 48 percent of those surveyed said that the

number of people in their organizations contributing to open source

is increasing.

Page 13: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

via Linux Insider: The increased use of open

source applications and the growing popularity of

cryptocurrency have created more opportunities for

bad actors, according to Mike Pittenger, vice

president of security strategy at Black Duck

Software.

Zealot Loads Cryptocurrency Miner on Linux, Windows Machines

Page 14: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”

Is Breach of the GPL License Breach of Contract?

via Black Duck blog (Michael Riskin, Associate, Intellectual

Property, Fenwick & West LLP): While courts have found that breach

of an open source license can result in IP infringement, until now courts

had not definitively ruled whether breach of an open source license is a

breach of a contract.

Page 16: Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”