YASLV (Yet Another Spectre-Like Variant) - Spoiler

  • I haven't completely given up on patching these...but I'm close. I get these types of attacks are potentially dangerous. However, I see that danger as being more for the cloud providers more-so than folks who run their own virtualization platforms in-house.

    Maybe I'm taking the wrong stance on it... But the last time we tried to patch our VMswear infrastructure here, we had to roll back patches on several servers because the patches applied by VMware caused more problems than they fixed.

  • I concur. We're not putting much effort into our on-premises solution sets as the user there is the low hanging fruit and primary attack vector anyway.

    For our hosting solutions though, what a PITA.

    We coach our hosting contractors on locking down RDS to help mitigate any PEBKAC issues (ID10T types). And for the most part, they've been very successful as we have many examples of the "steel toed boots" preventing the bullet to the foot so to speak. 😉

Log in to reply