jermsmit

Meltdown & Spectre Vulnerabilities

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer.  Malicious programs can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs obtaining passwords, logon details and what was once thought to be secured information.

Meltdown and Spectre work on personal computers, mobile devices, and in the Cloud – AWS, Azure, and other 3rd party Cloud / IaaS Providers.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an un-patched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

 

Vendor recommendations:

Information on the vulnerabilities:

 

Current known list of affected vendors and their respective advisories and/or patch announcements below

Vendor Advisory/Announcement
Amazon (AWS) AWS-2018-013: Processor Speculative Execution Research Disclosure
AMD An Update on AMD Processor Security
Android (Google) Android Security Bulletin—January 2018
Apple HT208331: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
HT208394: About speculative execution vulnerabilities in ARM-based and Intel CPUs
ARM Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
Azure (Microsoft) Securing Azure customers from CPU vulnerability
Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities
Chromium Project Actions Required to Mitigate Speculative Side-Channel Attack Techniques
Cisco cisco-sa-20180104-cpusidechannel – CPU Side-Channel Information Disclosure Vulnerabilities
Citrix CTX231399: Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Debian Debian Security Advisory DSA-4078-1 linux — security update
Dell SLN308587 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
SLN308588 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking)
F5 Networks K91229003: Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
Google’s Project Zero Reading Privileged Memory with a Side-Channel
Huawei Security Notice – Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design
IBM Potential CPU Security Issue
Intel INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
Lenovo Lenovo Security Advisory LEN-18282: Reading Privileged Memory with a Side Channel
Microsoft Security Advisory 180002: Guidance to mitigate speculative execution side-channel vulnerabilities
Windows Client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Windows Server guidance to protect against speculative execution side-channel vulnerabilities
SQL Server Guidance to protect against speculative execution side-channel vulnerabilities
Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
Mozilla Mozilla Foundation Security Advisory 2018-01: Speculative execution side-channel attack (“Spectre”)
NetApp NTAP-20180104-0001: Processor Speculated Execution Vulnerabilities in NetApp Products
nVidia Security Notice ID 4609: Speculative Side Channels
Security Bulletin 4611: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels
Security Bulletin 4613: NVIDIA Shield TV Security Updates for Speculative Side Channels
Raspberry Pi Foundation Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
Red Hat Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
SUSE SUSE Linux security updates CVE-2017-5715
SUSE Linux security updates CVE-2017-5753
SUSE Linux security updates CVE-2017-5754
Synology Synology-SA-18:01 Meltdown and Spectre Attacks
Ubuntu Ubuntu Updates for the Meltdown / Spectre Vulnerabilities
VMware NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution
Xen Advisory XSA-254: Information leak via side effects of speculative execution

Backup of VMware vCenter Server Appliance 6.5

It’s always a good idea to backup your work to provide you a way to recovery if things go wrong with your environment. Running an home lab I have cause my own share of issues many of times which had forced me to reinstall and configure my vCenter environment. Moving forward I will be taking advantage of the backup features included with the vCSA.

Using The vCenter Server Appliance Management Interface (VAMI) an administrator uses the HTML5 web interface to perform administrative tasks to the appliance configuration. These tasks included changing the host name, the network configuration, NTP configuration, applying patches / updates and performing backups.

Once logged into the VAMI, under the Summary tab, Click on “Backup” to start the backup of the vCenter Sever appliance.

There are options allowing you to perform a backup using different protocols and location settings. These include the following: FTP, FTPS, HTTP, HTTPS, SCP.

Next specify the protocol of choice and then the credentials for accessing the remote location where the backup will be stored. As an added option, you can encrypt the backup data before transferring.

Click Next

 

A minimum set of data needed to restore the appliance will be backed up by default. This includes the data such as OS, VC services, vCenter Server database, inventory and configuration. Historical data such as tasks, events, and alarms.

Click Next

You get a final review before you click Finish to start the backup process

Depending on the data size of the vCenter server appliance, backups will take a few minutes to complete.

When completed, Click on OK

 

My Facebook: Why I recently purged

Today is Monday, January 1, 2018

I just finished what I is the first round of purges of my social media feeds. Mostly on my Facebook accounts.

This was not a task that was simple to do, because many of the persons removed I do like them but no longer maintain a connection outside of seeing them on my friends list.

I wanted to lower my feed footprint and maximize of the value of relationships that have continued to add value to me.

What I mean by connection:

Those that do not show activity on their account or are not responsive to my attempts to interact with them? In addition, we do not maintain any “offline” connection what so ever these days.

There are those from my past  whom I’ve classified as “watches” that simply may be viewing my posts or have me added as just another notch in their friend count.

Limiting information:

I also wanted to limit my information to a more restricted group of people. People I once knew from the past are practical strangers at this point and I wouldn’t allow a stranger to be on my list, so why would I start now.

Those persons who use third-party apps that gather information from them and their friends. Such apps expose details about my account I would not share openly.

The majority of these apps require login to ones Facebook account.

Once logged in the apps are granted a large amount of access to the persons account and details of their friends.

 

That said I had placed these users in limited groups giving them basically “no access” to my feeds, and later removing those connected persons.

Relationships fade:

I believe that its perfectly natural that some relationships fade into distant memory and this happened well before the existence of Facebook.  The only difference is now, that I now have taken affirmative action in severing those ties by removing the persons from my friends list.

Where I can be found:

I have many “public” profiles that those looking to follow me can do so. I have made many of them available so feel free to do so.  List below.

My Blog:  jermsmit.com

My Instagram Accounts:

My Twitter Accounts:

Facebook Pages:

 

It’s 2018 – Happy New Year

Happy New Year,

Wishing you all the best this year.  Starting now we have 365 days to go after all the things we want and finish 2018 strong.  Be relentless in your efforts and focused on the desired results.  At the end of the day, the only thing that matter is what you truly want.  Let’s make 2018 our best one yet, because dreams don’t amount to much more than that if you don’t give it your all.  I write this for you all, but mainly a message to myself to stay motivated and driven by continues success.

This year I will be working on many things.  This blog, my fitness adventures in addition to technical community that I’m passionate about. Keep a look out for #jermfit (jermfit.com) also on facebook twitter via @jermfit

With that said; Happy New Year, and God Bless

Sincerely,

Jermal

Richard Branson: My Tips for Happiness in 2018

We all have influencers in our lives; either by choice or organically. It is those set of influential people who help open our minds to new ways of thinking and going about our day-to-day.  I have followed Richard Branson for a long time and truly admin this man.  Today he posted on LinkedIn a open letter he wrote and I took ever single word in.

Please take a moment and read; most of all enjoy.

 

Dear Stranger,

You don’t know me but I hear you are going through a tough time, and I would like to help you. I want to be open and honest with you, and let you know that happiness isn’t something just afforded to a special few. It can be yours, if you take the time to let it grow.

It’s OK to be stressed, scared and sad, I certainly have been throughout my life. I’ve confronted my biggest fears time and time again. I’ve cheated death on many adventures, seen loved ones pass away, failed in business, minced my words in front of tough audiences, and had my heart broken.

I know I’m fortunate to live an extraordinary life, and that most people would assume my business success, and the wealth that comes with it, have brought me happiness. But they haven’t; in fact it’s the reverse. I am successful, wealthy and connected because I am happy.

So many people get caught up in doing what they think will make them happy but, in my opinion, this is where they fail. Happiness is not about doing, it’s about being. In order to be happy, you need to think consciously about it. Don’t forget the to-do list, but remember to write a to-be list too.

Kids are often asked: ‘What do you want to be when you grow up?’ The world expects grandiose aspirations: ‘I want to be a writer, a doctor, the prime minister.’

They’re told: go to school, go to college, get a job, get married, and then you’ll be happy. But that’s all about doing, not being – and while doing will bring you moments of joy, it won’t necessarily reward you with lasting happiness.

Stop and breathe. Be healthy. Be around your friends and family. Be there for someone, and let someone be there for you. Be bold. Just be for a minute.

If you allow yourself to be in the moment, and appreciate the moment, happiness will follow. I speak from experience. We’ve built a business empire, joined conversations about the future of our planet, attended many memorable parties and met many unforgettable people. And while these things have brought me great joy, it’s the moments that I stopped just to be, rather than do, that have given me true happiness. Why? Because allowing yourself just to be, puts things into perspective. Try it. Be still. Be present.

For me, it’s watching the flamingos fly across Necker Island at dusk. It’s holding my new grandchildren’s tiny hands. It’s looking up at the stars and dreaming of seeing them up close one day. It’s listening to my family’s dinner-time debates. It’s the smile on a stranger’s face, the smell of rain, the ripple of a wave, the wind across the sand. It’s the first snow fall of winter, and the last storm of summer.

There’s a reason we’re called human beings and not human doings. As human beings we have the ability to think, move and communicate in a heightened way. We can cooperate, understand, reconcile and love, that’s what sets us apart from most other species. 

Don’t waste your human talents by stressing about nominal things, or that which you cannot change. If you take the time simply to be and appreciate the fruits of life, your stresses will begin to dissolve, and you will be happier.

But don’t just seek happiness when you’re down. Happiness shouldn’t be a goal, it should be a habit. Take the focus off doing, and start being every day. Be loving, be grateful, be helpful, and be a spectator to your own thoughts.

Allow yourself to be in the moment, and appreciate the moment. Take the focus off everything you think you need to do, and start being I promise you, happiness will follow.

Happy regards,

Richard Branson

 

Source: Mind’s book: Dear Stranger, Letters on the subject of happiness.

Ref: https://www.virgin.com/richard-branson/my-tips-happiness-2018