Tag Archives: linux

Meltdown & Spectre Security Vulnerabilities

Hello Readers!
Here we are in 2018, as we are just about to enter 2018, our newsfeed is filled with this alarming issue. By now, you have probably heard about securities issues called Meltdown & Spectre,  that have wreaked digital havoc and mass of confusion in their wake. Earlier this week, security researchers release official documentation – complete nicknames and logos-of two major flaws found in nearly in all modern central processing units, or CPUs.

The flaw name Meltdown & Spectre were discovered by Security Researchers at Project Google’s Project Zero in conjunction with academic and industry researchers from several countries.

Meltdown and Spectre are the name of two (2) serious security flaws that have been found in within computer processors. This Meltdown & Spectre allows cybercriminals to steal sensitive information from almost any computer, mobile device or even from the cloud. Not just that, this affects all current Intel, ARM and AMD processors, regardless of the devices.

Sounds Scary right?

The great news is patched have been created, to protect many affected systems and products and efforts are underway to update others.  While the bad news is these fixes might slow down computer performance.

In order to understand where did, these threats come from, you first will need to understand the behind the scene process called speculative execution.

These speculative execution lets devise do some work ahead of time to speed up the routine task. But, it also creates a security vulnerability nobody expected.

Let’s imagine that your computer as a restaurant and you are the Cook. Every day you will see a pattern of your customers ordering the same menu for breakfast. Eventually, you will make order ahead of time to ensure the breakfast is ready when a customer comes starts to come. But how about if that regular customer decided to order different menu one day? Now, you as the cook will have to throw away the prepared breakfast and start over.Speculative execution works in a similar way.

Whenever computers perform calculations that aren’t actually needed, the results are thrown away.  This data ends up in an unsecured part of the computer’s cache memory, where unauthorized users can access it through a side channel.

What are Meltdown and Spectre?

Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected. Meanwhile, Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.

Why Data Left Unsecured?

Previously, back in 60’s computers were very self-contained and there is no way to see data being thrown away. Nobody thought it was a risk, and it was never secured. But, nowadays, computers and mobile devices share system resources with many applications and environments. Sharing is good, but when unprotected data from speculative execution ends in shared memory, it can become a serious issue.

Like robbers trying to rob your house, these cybercriminals will try hard to look for a loophole and use a side channel to sneak in and hijack data.

Even, worse, they can trick computers into loading any data like passwords and account information into the shared memory so they can steal it.


So what’s being done about Meltdown and Spectre?

When researchers identified them, they brought them to the attention of major technology companies. Hundreds of engineers came together to create patches that block Meltdown and Spectre attacks. It’s critical to install these patches right away and stay up to date with the latest releases of operating systems.

“Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement, denying that fixes would slow down computers based on the company’s chips. “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

In the future, system designs will change to eliminate these kinds of vulnerabilities for good. The reality is, computers will always have some securities issues. That’s why it’s so important to have as many engineers and developers looking for them as possible, and for companies to come together and solve problems that affect us all.

What can I do about it?

Update your computer with latest security fixes as soon as possible and as mobile users, you should receive updates from your manufacturer.

Apple has advised customers in a blog post to update their devices’ operating system and only download software from “trusted sources such as the App Store”.

ServerFreak Servers

Majority of our servers are patched now, where some older OSes are waiting for our vendor to patch it to the latest stable version. A kernel update required a server reboot. Please expect a 5-20 mins downtime on each server reboot.

We will also help our managed server clients to update the kernel and windows updates, which we will schedule in waves, and out of hours.

Following the reboot, it would also be advisable for unmanaged customers to update their virtual machine’s to secure them too if you are unsure how please contact our support team who will be happy to assist!

Read more here on our Meltdown and Spectre patching announcements

Related topics  How to avoid Chrome Browser’s ‘Not Secure’ Warning

Battle between the Shared Hosting Operating Systems

Which operating system to choose? What are the differences? This common confusion will occur for the newbie in the web hosting. The answer is easy. It’s easy to choose if you know the differences and features of these two operating systems.

Linux Shared Hosting

Linux operating system is a popular choice by the clients. In fact, most of the websites are hosted on Linux due to its affordable and flexibility.  The development of Linux is one of the most prominent examples of free and open source software collaboration as it costs less for the hosting providers to install, maintain and provide support. Linux is compatible with various type of language programmings as PHP, Perl, and MySQL. These are used by the web applications such as content management system which support scripts such as WordPress, Cube Cart, phpB. This is a stable operating system as if there are problems occur within Linux can be fixed by the technical support staff of the web hosting provider. Commonly, the sites for blog, forum, gallery and e-commerce are convenient to run on Linux Hosting.

Windows Shared Hosting

If PC or laptop runs on Windows, clients have to choose Windows Shared Hosting? The answer is definitely NO.

Windows Hosting is based on the Windows operating system. Operating system is different from the PC applications. Windows Shared Hosting is expensive as the mandatory licences come with a price. Clients who wish to host on Windows Servers are mainly running applications on Windows platforms such as classic ASP and ASP.net due to the fact that both are Microsoft technologies and will not function correctly on any other operating systems. Besides, Windows shared hosting services are also the only web hosting services available that can host Microsoft SQL Server and Microsoft Access databases.

Which to Choose?

Those who need the Windows applications such as Microsoft SQL to run on their site, Windows Shared Hosting is for you. If your site is a ordinary blog/forum/company website setup using language script such as PHP and you are not an IT literate person, Linux Shared Hosting will be your best choice.