Friday, January 05, 2018

More MELTDOWNS - What I am reading 1/5/2018

Forbes - Here Are All The Available Fixes You Need For Those Huge Chip Hacks -- UPDATED -
Vendors are rushing out fixes for the Meltdown and Spectre attacks that were disclosed on Wednesday. The hacks can occur in various ways, but ultimately users should be aware both allow for an attacker to access the entire memory of a vulnerable computer. Smartphones and other devices containing the vulnerable Intel, AMD and ARM chips are open to either both or one of the attacks. Furthermore, Spectre attacks can be exploited over the Web just by visiting a website running the requisite malicious code; Meltdown attacks require the hacker to already have access to the computer.
I'm not sure exactly how the updates are being pushed out.  All my systems are on the compatible anti-virus list and I have not received the Microsoft or any of the Google, Firefox, etc. patches.  

GizmodoCheck This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

Update:  I did get the updates from Microsoft it's KB4056892

Infosec Institute - An Asset Management Guide for Information Security Professionals -

In the realm of information security and information technology, an asset is anything of value to a business that is related to information services. These can take the form of a device, data or information, or even as people or software systems within the structure of a business. Anything that has value and supports the operation of a business can be considered an asset.
It is therefore very important for an asset classification system to be implemented, monitored and followed closely. This will allow you, as an information security specialist, to take stock of your company’s requirements and create the appropriate strategies needed to maintain all of the information systems required to allow your business to operate efficiently.
Asset management is a huge part of a good security strategy and it his often neglected, but number 1 and number 2 on the CIS Top 20 Critical Security Controls are Hardware Inventory and Software Inventory for a reason.

Network Computing - A Networking To-Do List for 2018 -

SD-WAN, automation, and the cloud are here to stay, so getting up to speed on these trends will pay off for networking pros. Neglecting them may lead to loss of control over the infrastructure
That may be a little overstated but still they are areas of growing importance. 



Post a Comment

Weird Dream Alert

Very weird dream last night.  I was selected to facilitate a SANS Sec660 course that was being put together at the last minute.  I fly down ...