A grounded and principled understanding of the cybersecurity domain can ensure your organisation is not liable to any unwanted security threats. We provide - structured training. + structured training taliored to your threat model.
diff --git a/src/_posts/2016-09-23-our-founding-principles.md b/src/_posts/2016-09-23-our-founding-principles.md index 3c92fd3..eb69367 100644 --- a/src/_posts/2016-09-23-our-founding-principles.md +++ b/src/_posts/2016-09-23-our-founding-principles.md @@ -1,8 +1,8 @@ --- layout: post title: Our Founding Principles -description: Autonomic Co-operative And Our Core Values. -image: pic01.jpg +description: Autonomic Co-operative And Our Core Values +image: thinkpad.jpg category: values date: 2017-10-03 --- diff --git a/src/_posts/2018-01-11-spectre-and-meltdown.md b/src/_posts/2018-01-11-spectre-and-meltdown.md new file mode 100644 index 0000000..0cb2c02 --- /dev/null +++ b/src/_posts/2018-01-11-spectre-and-meltdown.md @@ -0,0 +1,150 @@ +--- +layout: post +title: Spectre and Meltdown +description: A Spectre Is Haunting Our Processors... +image: spectre.jpg +category: values +date: 2018-01-11 +--- + +Autonomic have now completed the process of applying patches to to all +of our servers in response to the so called Spectre and Meltdown +vulnerabilities. Our upstream providers have also confirmed that they have +patched their infrastructure. We will monitor the situation as it develops. + +We are currently super busy with clients so we decided to repost the +excellent security bulletin from our friends over at [Rise Up](https://riseup.net/) +which goes into detail oh how to update various operating systems. All credit +to them for the rest of this blog post. + +## The Facts + +As you have probably read, there are three related security problems in +contemporary CPUs. These vulnerabilities open the potential for a +nefarious program to steal passwords, secrets, and personal information +from you computer, even if the program is just Javascript loaded from a +web site you visit. These vulnerabilities are as serious as they sound, +and you should take action to upgrade your software. + +* The first flaw, called "Meltdown," affects nearly all Intel CPUs and +has been fixed with updates to most operating systems. + +* The two other flaws, called "Spectre," apply to nearly all CPUs built +in the last 20 years, not just Intel, although they are more difficult +to exploit. There are no permanent fixes for Spectre available at this +time, although if you update your software you will make these attacks +much less likely. + +You should take *both* these steps now, for all your devices: + +* Upgrade your web browser (see below). These fixes make the new +attacks against CPUs more much difficult. + +* Upgrade your operating system. There are updates available for +Windows, macOS, and GNU/Linux that fix the Meltdown vulnerability for +Intel CPUs and provide some mitigations for Spectre. Additionally, new +releases of iOS and Android have mitigations for Spectre. + +Better fixes will continue to arrive in the next weeks/months for your +operating system and software. Please keep your system up to date! + +## Browsers +By updating your browser, you can make it significantly harder for an +attacker to steal secrets off your computer using Javascript loaded from +a web site you visit. + +Firefox version 57.0.4 and later [includes mitigation measures](https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/) +against Spectre attack. + +Edge has been updated to include Spectre migitations. When you apply the +latest Windows update, you will get the new version of Edge. + +Safari will be updated very soon, according to Apple. Check the App +Store updates. + +Chrome will include Spectre mitigations starting with version 64, to be +released Jan 23. In the mean time, you can change your configuration to +greatly mitigate [against the Spectre vulnerability by enabling](https://support.google.com/chrome/answer/7623121?hl=en) + "site isolation." + +Additionally, please see [Rise Up's better browsing guide](https://riseup.net/en/better-web-browsing) for +instructions on best practices for securing your web experience (which +will also help mitigate against these new attacks). + +## Windows +For Windows 10, you must first upgrade any anti-virus software before +upgrading Windows. [Failure to do so may make your computer stop working](http://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/). + +To upgrade Windows 10: + +``` +Select the Start button, and then go to Settings > Update & security > Windows Update, and select Check for updates. +``` + +Now is a good time to enable automatic updates: + +``` +Select the "Start" button, then select "Settings" > "Update & security" > "Windows Update" > "Advanced options" +and then under "Choose how updates are installed", select "Automatic (recommended)". +``` + +If you are running Windows 7 or 8, an update is also available. + +## macOS +If you already have macOS version 10.13.2 then you are [protected against Meltdown](https://support.apple.com/en-us/HT208394). +Otherwise, to upgrade macOS: + +``` +Open the App Store app on your Mac. Click "Updates" in the App Store toolbar, then use the "Update" buttons +to download and install any updates listed. +``` + +Now is a good time to check enable automatic updates: + +``` +Select the Apple menu, then select "System Preferences" > "App Store" > "Automatically check for updates". +``` + +Apple plans to soon release an update to Safari browser to provide some +mitigation against Spectre. + +## iOS +Apple has said that iOS is affected by Spectre, and an update to +mitigate against most of the new attacks has been released. If you have +iOS version 11.2 or later, [then you are good](https://support.apple.com/en-us/HT208394). + +To check for new updates, go to `Settings > General > Software Update.` + +## Android +The bad news is that Android is vulnerable to Spectre and unless you +have a Google-branded phone or run a custom firmware you might not get +an update for months, if ever. However, the consensus among security +researchers at the moment is that the Spectre attack is difficult enough +that there are probably easier ways to compromise an Android device. +Yeah? + +There is one thing you can do now to make your Android device more safe +against these new CPU attacks: + +* Turn on ["site isolation" in Chrome](https://support.google.com/chrome/answer/7623121?hl=en) +* Upgrade Chrome Browser after Jan 23. +* Alternately, use Firefox for Android. + +## Debian/Ubuntu GNU/Linux +Run "Software Center" or "Software Updater." + +Alternately, open a terminal and type: + +``` +sudo apt update +sudo apt upgrade +sudo reboot +``` + +## Fedora GNU/Linux +Open a terminal and type: + +``` +sudo dnf --refresh update kernel +sudo reboot +```