Page 1 of 3 123 LastLast
Results 1 to 10 of 26
  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    640

    Default Meltdown & Spectre patches?

    Has Untangle yet released patches for these vulnerabilities? If not, can you confirm you will need to, and that you are working on it? ETA?

    Thanks,
    -
    Doug

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,580

    Default

    Untangle doesn't need to patch honestly, it isn't a multiuser system... if you're ON the OS doing things you're rather doing it wrong. Dirk said earlier in this thread they are looking at the viability of the patch against the pain. But honestly, this is yet another instance where Untangle being used properly just isn't vulnerable.

    https://xkcd.com/1938/
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,424

    Default

    Untangle is aware of the Meltdown vulnerability affecting Intel processors and is evaluating options.

    The meltdown flaw allows unprivileged users and processes to read memory of other processes or the kernel.
    This is not a major concern for the Untangle NGFW as the system is not a multi-user system and does not support running third-party applications at all, so accidentally running malicious software is not possible.

    However, it is good security practice to maintain that non-privileges processes within a server can not use any technique to escalate privileges should they themselves somehow become compromised. Given that Untangle is evaluating options to determine if the performance penalty is worth the trade-off the the internal additional security measures.

    This is a major concern for regular PCs and devices that run arbitrary software that should not have escalated privileges. Untangle recommends installing all the updates for end-user devices such as PCs, phones, tablets, etc when updates become available.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    640

    Default

    Sounds good. I kind of thought that may be the case, but felt it would be irresponsible not to ask.

    Thanks guys.

    Rob thanks for the comic. ;-)

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,580

    Default

    And, if my test network here is any indication, the patches aren't resulting in a noticeable performance drop in any workload I've observed yet. Synthetic workloads such as SQL I expect to be impacted a bit, but even those aren't statistically different for anything I have control over... yet. We'll find out soon, because on the 9th MS will push updates to Server 2012, and that's when my largest SQL server will get the update.

    *Edit*

    Today's XKCD is hilarious, especially the alt text...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    817

    Default

    "Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it"
    https://arstechnica.com/gadgets/2018...oing-about-it/
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  7. #7
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    817

    Default

    D'oh! I have thought for awhile now we've moved beyond the old cycle of upgrade software, demands upgrade hardware, upgrade software, demands upgrade hardware...the majority of us now have more processing power then we can honestly use and enormous amounts of memory available that there hasn't been the need for hardware upgrades like of the past. I've wondered what will "they" do to generate demand more hardware? BAM! Welcome the hidden (inadvertent?) CPU flaw...there's no real software fix for bad hardware, and now everyone needs to replace their current systems and devices. It's still a vicious cycle!

    "Spectre and Meltdown Attacks Against Microprocessors"
    https://www.schneier.com/blog/archiv...and_mel_1.html
    Last edited by f1assistance; 01-06-2018 at 08:14 AM.
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,580

    Default

    And if you read the comic I linked... go look at Row Hammer. Nothing is being done about that, because nothing really can be done.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    817

    Default

    Simply another feel good for the herd...now, don't focus here, look over there, and there. D'oh!
    The secure/private illusion must go on...or the tech dependency will collapse and the sheeple start sobering up. Expect more of the same for all other platforms.

    "Microsoft releases PowerShell script to check if your PC is vulnerable to Meltdown and Spectre"
    https://betanews.com/2018/01/05/micr...pectre-script/
    Last edited by f1assistance; 01-07-2018 at 04:17 AM.
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  10. #10
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    817

    Default

    "Cisco to release patches for Meltdown, Spectre CPU vulns, just in case"
    http://www.theregister.co.uk/2018/01...eltdown_patch/
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2