Category: Collaborative Security

Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security

Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.

There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:

https://meltdownattack.com/

At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.

For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.

From our perspective, today’s news highlights a couple of points:

  • Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place for patches to be applied rapidly. Vigilance is critical.
  • “Upgradeability” is necessary. We’ve mentioned this particularly in the IoT context, but devices need to be able to be upgraded. They can’t just be distributed or sold to people without some mechanism for updates. We see approaches such as the Online Trust Alliance IoT Framework as critical to help on this issue.
  • Independent security research is essential. These vulnerabilities were discovered by different groups of researchers at companies, security firms, and universities. If we didn’t have people doing this research for the benefit of all of us, we would be open to attacks by those who might find these vulnerabilities and exploit them for malicious purposes.
  • Collaborative security is the key. Sharing this research – and coordinating activity across the industry – is critical to ensuring a secure and trusted Internet.  We need the kind of collaboration shown today to be the norm across the industry.

The key point right now for everyone reading this is simply this: get out there and patch your systems! Don’t delay installing the latest security updates for your computers, mobile phones and other devices.

Each of us play a critical role in ensuring the security of an open, global and trusted Internet!

The post Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security appeared first on Internet Society.

This Week: Watch Internet Society President & CEO Kathy Brown Speak About Collaborative Governance And Security

How do Collaborative Governance and Collaborative Security bring about a stronger and more trusted Internet that enables more opportunity for people around the world?  What do these approaches mean for the future of Internet governance? What actions can people take as part of our collective responsibility for the future of the open Internet?

Today and tomorrow you will have two opportunities to hear Internet Society President and CEO Kathy Brown speak about these points and more on live video streams.

First, today, Wednesday, July 15, 2015, starting at 12:15pm US Eastern (UTC-4), Kathy will be speaking at an event by the Hudson Institute in Washington, DC, titled: “Collaborative Governance and Security: A Stronger Internet for the Future“. The Hudson Institute staff indicate the live video stream will be available at:

http://www.hudson.org/events/1264-collaborative-governance-and-security-a-stronger-internet-for-the-future72015

They also seem to live-tweet many of their sessions using @HudsonEvents on Twitter.

Tomorrow, Thursday, July 16th, Kathy will be at the Internet Governance Forum USA (IGF-USA) giving keynote remarks during the session between 1:00 – 1:50 pm US Eastern. My colleague Paul Brigner wrote about the IGF-USA yesterday outlining what is going on and indicating that the live video streams will be at:

http://www.isoc-dc.org/isoc-dc-tv/

The full agenda can be found on the IGF-USA site, as well as information about how to attend in person.

Both of Kathy’s presentations today and tomorrow will be recorded so that you can view them later.

We hope you do get a chance to watch either (or both) of Kathy’s sessions and learn more about what we are doing with collaborative governance and collaborative security.

If you would like to learn more right now you can visit these links:

 

The post This Week: Watch Internet Society President & CEO Kathy Brown Speak About Collaborative Governance And Security appeared first on Internet Society.