Spectre Archives - IT Jungle

Security Vulnerability In VIOS, AIX, And Maybe IBM i

November 23, 2020 Timothy Prickett Morgan

IBM i shops that use the Virtual I/O Server, which is a cut-down version of the AIX implementation of Unix created by Big Blue, have to be aware that there is a security vulnerability that affects recent releases of AIX and VIOS.

The vulnerability, announced in Security Vulnerability CVE-2020-4788, affects Power9 machinery running VIOS 3.1 or AIX 7.1 and AIX 7.2, and under what are called “extenuating circumstances” the vulnerability could allow a local user on the system to obtain sensitive information stored on the L1 cache on the Power9 cores.

The vulnerability was reported on November 18, and …
Read more
An IBM i Year In Review

December 10, 2018 Alex Woodie

Another year is just about wrapped up for us here at IT Jungle. That means it’s time to ease off the news pedal just a tad and enter into a retrospective mood, with the hope of gaining some perspective on where we’ve been in 2018 and perhaps how we’ll start off 2019.

It all started off rather poorly, way back in. . .

January

. . . when the big news was about Spectre and Meltdown, the two vulnerabilities that brought everybody rudely back to the real world following the New Year’s celebration. Nearly all types of processors, including …
Read more
The Herculean Task Of Applying Spectre/Meltdown Patches

October 1, 2018 Timothy Prickett Morgan

The Spectre and Meltdown speculative execution vulnerabilities are, as our resident chief technology officer and author of the weekly IBM i PTF Guide, Doug Bidwell, is fond of saying, the gift that just keeps on giving.

We had the shock of finding out in January that there were vulnerabilities in all processor architectures that use speculative execution in their instruction chewing engines – that means all existing processors, by the way. There are none that do not use this very useful architectural feature. And then we had the wait to see what the industry would do to patch these …
Read more
IBM Patches Another BIND Flaw In IBM i

March 28, 2018 Alex Woodie

A serious flaw has been discovered in the BIND networking service that could be used to launch a denial of service attack against impacted servers, including IBM i. IBM patched the flaw in every version of the OS from IBM i 6.1 to 7.3 with a program temporary fix (PTF) made available earlier this month. IBM also patched a serious flaw in WebSphere that could let information leak out.

According to the IBM security bulletin issued March 12, the ISC BIND flaw known as CVE-2017-3145 has the potential to allow a remote attacker to crash a vulnerable server by sending …
Read more
The Performance Impact Of Spectre And Meltdown

March 12, 2018 Timothy Prickett Morgan

We have been waiting to see what impact on performance the Spectre and Meltdown speculative execution patches, which plug some security vulnerability holes that search engine giant Google discovered last summer and made public in early January, would have on Power Systems iron running the IBM i operating system.

Now that Big Blue has published the first edition of the Power Systems Performance Report that includes the new “ZZ” Power 9-based systems, we not only get a sense of the relative performance of the “Nimbus” Power9 chip for entry servers. We also can figure out the performance impact of the …
Read more
IBM i PTF Guide, Volume 20, Number 3: Important Update For Spectre/Meltdown

January 22, 2018 Doug Bidwell

There has been an important development in the area of the Spectre and Meltdown security vulnerabilities as it relates to Power Systems. As you can see from this follow-on notice from January 15, IBM’s Product Security Incident Response Team (PSIRT) has these vulnerabilities classified as “High Severity,” which is more a reflection about the potential threat they represent, given the nature of speculative execution of Power (and other) processors, rather than because of an actual exploit that is in the wild that is using these vulnerabilities to get access to unauthorized information on systems.

We have a little more …
Read more
Update On The Spectre And Meltdown Patches For Power

January 15, 2018 Timothy Prickett Morgan

When it comes to the Spectre and Meltdown speculative execution security vulnerabilities that hit as the new year was getting going, the important word to ponder is “mitigated.” Everyone is talking about mitigating the issue, but no one is using the word “fixed.” As we discussed last week, one of the two types of Spectre vulnerabilities – the Variant 2 known as branch target injection – is particularly tricky to hack and to fix, so IT vendors are choosing their words very carefully.

The odds were that unintended consequences for such a low-level fix will occur, so you can …
Read more
Power Systems And The Spectre And Meltdown Threats

January 10, 2018 Timothy Prickett Morgan

Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.

Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

January

Content archive

Recent Posts

Subscribe

Pages

Search