DZone Article on Meltdown and Spectre features Stronghold Cyber Security CEO

DZone is one of the world’s largest online communities and leading publisher of knowledge resources for software developers.  Recently, they published an article pertaining to the Meltdown and Spectre bugs and discussed with Jason McNew, CEO and founder of Stronghold Cyber Security, his thoughts on the implications of Meltdown and Spectre as it pertains to IoT.

A brief excerpt is below.

McNew commented that “Notably, the Meltdown attack is a theoretical attack that was discovered by security researchers, who notified vendors and CERT so that the flaw could be addressed. As of this writing, there is no evidence that the bad guys have used a Meltdown attack against anyone, or even have tools to do so.”

However, the bad news is that since it is a hardware flaw, the Meltdown bug cannot really be fixed, but only mitigated, by software.

“Imagine that something made a small hole in your roof, letting light through – and you just replaced the roofing felt and the shingles over the hole. Your roof probably won’t leak, but the hole is still there. Also, like the KRACK bug, if state-backed security services were aware of the Meltdown bug (very possible), it is highly likely they would sit on it instead of informing the public,” explained McNew.

“A Spectre attack can only be executed in a lab by a gaggle of PhDs. Trying to pull this attack off would be like trying to stack Jenga blocks to a height of 25 feet on a crooked table as a drinking game. Possible, but very difficult. Even if an attacker could execute this attack, it is highly unlikely they would get anything of value out of it.”

Please view the article written by Cate Lawrence for DZone titled What Are the Implications of Meltdown and Spectre for IoT? in its entirety here.