What are these Spectre and Meltdown vulnerabilities all about

26233602_10156066773008967_3685407331900146306_o

For any of my friends that are not computer savvy, or usually don’t care. In this post I’ve digested the info for you about the security bug in CPUs, which is a BIG DEAL. You will start to hear the words like #Meltdown and #Spectre alot soon regarding your computer security. Allow me to explain in very high level, hopefully this helps some of you to better understand the biggest security bug in history :
Meltdown is the name of a vulnerability found in Intel CPUs only, where security is compromised to gain more speed. Basically Intel engineers designed their CPUs to be more performant but neglected to make sure they are secure enough, and the result is that one piece of code running on an Intel CPU can read the “kernel memory” of the operating system (OS) . Think of the kernel memory as your brain’s secret thoughts, what would have happened if I gained access there? In the computer world that’s where all your passwords are for example.
The patches that are coming out for this one are on the OS side (windows, Linux etc) and they expect to slow down all Intel chip sets by 30%-50%. Yes, your computer will be slower.
Do not underestimate this problem, code and guides how to exploit this vulnerability are already surfacing. (see link below)
The second name you might hear is “Spectre”. This is a vulnerability that affects ALL cpu vendors. And the worst thing, this cannot be patched, it’s a basic design flaw and it will stay with us for at least a decade until the current HW cycle gets refreshed world wide. Fortunately this one is much harder to exploit. We will have to see how this rolls out.
Most worrisome use case besides getting the password of your grandma back accounts, is shared HW, especially in the cloud. Think of one customer who rents compute resources from the cloud and is able to read password and data of other customers running on the same HW. Maybe your bank is the victim? And this affect everyone!
That’s it, hope this helps, let me know your thoughts.
Those who wants to read more see this link https://meltdownattack.com/

read more

vRA tidbit – AWS provisioning and the key pair conundrum

choice

One of the main advantages of vRealize automation in the Cloud management space is that it provides customers with choices, this is true in many aspects of the solution like where to consume services from, how to deploy them, how the forms will look etc but in this post I want to talk about the creation of AWS key pairs.

There are many solutions out there that provide an interface for provisioning instances to AWS,  some have more capabilities than others and without getting into a full feature by feature comparison I will just say that vRA is one of the more comprehensive solutions out there with many capabilities that are required for cloud management such as self-service portal, multi cloud/vendor provisioning, automation and orchestration capabilities and much more.

read more