Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 8 Jan 2018 04:15:46 -0500
From:      Aryeh Friedman <aryeh.friedman@gmail.com>
To:        Matthias Apitz <guru@unixarea.de>, FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   =?UTF-8?B?UmU6IE1lbHRkb3duIOKAkyBTcGVjdHJl?=
Message-ID:  <CAGBxaXnSRwtS=mbdsePyKvyZjTpu1tvo2O61SW60yQfdDJH4gA@mail.gmail.com>
In-Reply-To: <20180108085756.GA3001@c720-r314251>
References:  <f9cc484e-be92-7aff-52fe-38655e85dbaa@columbus.rr.com> <CAH78cDqPnOUGoU=6x-BiugnpjmjYcd=CZS3fSNaX5tq-Uvma7g@mail.gmail.com> <bc9ad15b-a718-b901-76fa-bc43ce0c1f1a@columbus.rr.com> <3AECDC7F-8838-4C09-AC7F-117DFBAA326C@sigsegv.be> <20180108085756.GA3001@c720-r314251>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz <guru@unixarea.de> wrote:

> As I side note, and not related to FreeBSD: My Internet server is run by
> some webhosting company (www.1blu.de), they use Ubuntu servers and since
> yesterday they have shutdown SSH access to the servers argumenting that
> they want
> protect my (all's) servers against attacks of Meltdown and Spectre.
>
> Imagine, next time we have to shutdown all IOT gadgets...


 Not always possible for things like medical test equipment/devices.  For
example I maintain a specialized EMR for interacting with Dr. prescribed
remote cardiac monitors.   Having those off line is not an option since
they are used to detect if the patient needs something more serious like a
pace maker (also almost always a IoT device these days) surgery.

The actual monitoring is done on Windows and was attacked by some
ransomeware via a bit coin miner that somehow installed it self.   Since
all the users claim that they don't read email/upload/download executables
or any other of the known attack vectors this leaves something like
Meltdown or Spectre.   We have also detected issues on the CentOS that has
the non-medical corporate site on it.   The only machine left on touched on
the physical server (running some bare metal virtualization tool) is the
FreeBSD machine that runs the actual EMR we wrote.

TL;DR -- It seems Linux and Windows already have issues with these holes
but I have seen little to no evidence that FreeBSD (when run as a host).
In general when ever any virtualization issue (like the bleed through on
Qemu last year) comes up FreeBSD is the one OS that seems to be immune
(thanks to good design of the OS and bhyve).   This is the main reason why
I chose FreeBSD over Linux as the reference host for PetiteCloud.
-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAGBxaXnSRwtS=mbdsePyKvyZjTpu1tvo2O61SW60yQfdDJH4gA>