Date: Mon, 8 Jan 2018 04:15:46 -0500 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: Matthias Apitz <guru@unixarea.de>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: =?UTF-8?B?UmU6IE1lbHRkb3duIOKAkyBTcGVjdHJl?= Message-ID: <CAGBxaXnSRwtS=mbdsePyKvyZjTpu1tvo2O61SW60yQfdDJH4gA@mail.gmail.com> In-Reply-To: <20180108085756.GA3001@c720-r314251> References: <f9cc484e-be92-7aff-52fe-38655e85dbaa@columbus.rr.com> <CAH78cDqPnOUGoU=6x-BiugnpjmjYcd=CZS3fSNaX5tq-Uvma7g@mail.gmail.com> <bc9ad15b-a718-b901-76fa-bc43ce0c1f1a@columbus.rr.com> <3AECDC7F-8838-4C09-AC7F-117DFBAA326C@sigsegv.be> <20180108085756.GA3001@c720-r314251>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz <guru@unixarea.de> wrote: > As I side note, and not related to FreeBSD: My Internet server is run by > some webhosting company (www.1blu.de), they use Ubuntu servers and since > yesterday they have shutdown SSH access to the servers argumenting that > they want > protect my (all's) servers against attacks of Meltdown and Spectre. > > Imagine, next time we have to shutdown all IOT gadgets... Not always possible for things like medical test equipment/devices. For example I maintain a specialized EMR for interacting with Dr. prescribed remote cardiac monitors. Having those off line is not an option since they are used to detect if the patient needs something more serious like a pace maker (also almost always a IoT device these days) surgery. The actual monitoring is done on Windows and was attacked by some ransomeware via a bit coin miner that somehow installed it self. Since all the users claim that they don't read email/upload/download executables or any other of the known attack vectors this leaves something like Meltdown or Spectre. We have also detected issues on the CentOS that has the non-medical corporate site on it. The only machine left on touched on the physical server (running some bare metal virtualization tool) is the FreeBSD machine that runs the actual EMR we wrote. TL;DR -- It seems Linux and Windows already have issues with these holes but I have seen little to no evidence that FreeBSD (when run as a host). In general when ever any virtualization issue (like the bleed through on Qemu last year) comes up FreeBSD is the one OS that seems to be immune (thanks to good design of the OS and bhyve). This is the main reason why I chose FreeBSD over Linux as the reference host for PetiteCloud. -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaXnSRwtS=mbdsePyKvyZjTpu1tvo2O61SW60yQfdDJH4gA>