Hornbill Blog

Security: Meltdown and Spectre

A recent critical security announcement for three bugs CVE-2017-5715 CVE-2017-5753 and CVE-2017-5754 which have been nicknamed meltdown and spectre. These were found by multiple people, including Jann Horn, who works for projects Zero at Google. He has done an excellent write up on exactly how he found the Issues

As with any new serious vulnerability found these days it has to have a catchy name, matching logo and dedicated website that says this about the two issues -

"Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."

These security issues have been hidden in Intel CPU's since 1995 undiscovered until now.  Spectre can also effect AMD and ARM CPU's because these processors also implement speculative instruction execution features, which means pretty much every major manufacturer. The good news though is there are currently no known active uses of the exploit.

Hornbill's own cloud is running a mix of the CentOS Linux distribution and Windows. Both Of these OS's are affected by these issues so will require patching when they are made publicly available. Our "Secure By Design" approach means we run our own bare-metal hardware and do not provide direct access to our systems to anyone outside of our own operations team. We are in full control of the software we execute on our systems, our customers are not able to run code on our systems, only access the services we provide, which significantly limits the exposure we have for these vulnerabilities.

The patch process for this will be the same as usual with the exception of starting to applying as soon as they are available. The process is to push to our development environment and run our tests. We then push to our beta environment which is used internally by Hornbill as our production system. If no issues are found here normally after 48 hours we then push to our productions machines.

There has been speculation that performance degradation anywhere between 5% and 30% my be experienced after applying the patches. We will of course be monitoring this after applying any patches and do what we can to mitigate this impact for our customers.

As this will be an OS/Kernel update a reboot will be required of the production systems in the usual maintenance windows.

Latest Posts

  • We are getting ready for INSIGHTS 19

    Feb 12, 2019
    News Item

    I am excited to tell you that we have been busy at Hornbill, planning and organizing our next annual conference, INSIGHTS 19. This event is the highlight of our year at Hornbill, as we create it for our community. It brings our customers, prospects,...

  • Love me Tender

    Jan 22, 2019
    Collaborative Service Management

     Although Elvis Presley and Vera Matson were given the credit, the principal writer of “Love me tender” was Ken Darby. At the time, Elvis’ publishing deal demanded that writers concede 50% of the credit for the song if they wanted Presley to record...

  • Be the change you so desperately seek!

    Sep 23, 2018
    Blog Posts

    I love the idea of this quote, attributed to the wise man Mahatma Gandhi this simple quote is profound because it strikes right at the heart of human behavior.   In every part of our lives, there is change, and most of it is outside of our control;...

  • Why do people struggle to follow processes?

    Aug 27, 2018
    Blog Posts

    Many a great manager has asked themselves the time-honored question; How do you make people follow procedures and not miss things?  Having more or less documented the processes, and having put them into your knowledge base tool, and having created...

  • Release Roundup - Customer Feedback

    Jul 30, 2018
    Release Roundup

    Hornbill is deployed using Continuous Delivery, and this means we typically make multiple incremental releases every week. As well as providing essential fixes, we also release new features as and when they become available. To supplement the more...

Subscribe to our mailing list and keep up with our latest software updates.