AstrotalkUK

Not for profit website/blog on astronomy, space and my writing

  • Home
    • FAQ
    • Contact
    • About
    • Privacy Policy
  • Content
    • Podcast
    • All episodes
    • Book Review
    • Cyber Security
  • Events

New Year and New Cyber Vulnerabilities – Spectre and Meltdown

By Gurbir Dated: January 4, 2018 Leave a Comment

A new year and a new cyber threat. This time the vulnerabilities are baked into the design of microprocessors delivering most of the IT services on the planet. Virtually, all devices, independent of operating systems or installed applications could be affected. It is not just the laptops and PC but almost all devices including tablets, smartphones, virtual servers and impact all vendors including Microsoft, Google, Amazon and Apple.

The vulnerabilities come from serious security flaws in “speculative execution” a technique that enhances the performance of modern processors made by Intel, AMD and ARM. The vulnerabilities with their snazzy names, Meltdown and Spectre were discovered and reported to microprocessor manufactures in June 2017 by Google’s Project Zero team along two papers (Spectre and Meltdown)  published by independent researchers around the same time.  The difference between Spectre and Melton is summarised by https://meltdownattack.com/ as

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”

Spectre is not easy to exploit but has no fix. Meltdown is arguably the more critical of two because it can be exploited in the Cloud Computing environment. Over the last decade, Cloud Computing services have blossomed and now deliver most of the popular applications used by online consumers, governments and industry. Multi tenanting is the mechanism by which cloud service providers can share computer resources (including processor, memory, storage) between multiple customers whilst ensuring secure segregation between them. Meltdown has the potential to undermine this fundamental principle of user segregation in a cloud-based service. Attackers in one cloud-based tenant can exploit Meltdown to access and download data (at 503 KB/s) that they are not authorised to do from a neighbouring tenant.

The flaws were due to be publicised next week but some news agencies, including The Register, published on Monday 2nd January. The vulnerabilities are not easy to exploit and according to the NCSC no exploits have yet been reported, but eventually, the cost of the fix will be humongous. The proposed software fixes reduce CPU process by around 20% to 30%. Commercially that may be too high a price to pay. At the present, the ultimate fix appears to be a hardware one.

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Facebook (Opens in new window) Facebook

Information Security. Cloud Computing – A Commercial and Legal Perspective 

By Gurbir Dated: September 15, 2014 2 Comments

A  joint meeting from the Institute for Information Security Professionals (IISP) and the Manchester Branch of BCS, The Chartered Institute for IT. This is a free  event and open to anyone with an interest in information security. No need to book just turn up. 
 
Speaker: Dai Davis from Percy Crow Davis & Co.
Date: 18th November 2014
Time: 18:00 for 18:30 start
Title: Cloud Computing – A commercial and legal perspective 
Cost: Free. Refreshments provided
Venue: Room E232, MMU, John Dalton Building, Chester Street, Manchester, M1 5GD
 

Cloud computing has been an information technology (IT) buzzword for many years and now it’s firmly ensconced in the mainstream of ICT and business.  Various forms of cloud computing, such as “Software as a Service” (SaaS) provide a more cost-effective alternative for enterprises to achieve their business objectives than traditional computing systems.

In some areas of business, such as records management, cloud computing has high visibility because it is associated with large costs savings.  However, cloud computing can be used in a less high profile manner in other areas of a business, from marketing to engineering, from contact database management to employee management and word processing. Cloud computing can be easily adopted, but with that adoption can come both obvious and hidden difficulties of great importance.

But is cloud computing for everyone? What are the contractual and legal risks of cloud computing? How should they be addressed? How can they be minimised and avoided? This talk examines how cloud computing can be adopted and the dangers avoided on a practical level.

  • Among the aspects of cloud computing that Dai will cover are:
  • What is the relationship between cloud computing, SaaS and similar services?
  • How, when and why is cloud computing used in companies?
  • How, when and why should cloud computing be used?
  • Security due diligence and data security implications
  • Control and ownership of data in the cloud
  • Dealing with termination and other practical issues

About the Speaker
Dai is a Technology Lawyer. He read Physics at Keble College, Oxford and took a Masters Degree in Computing Science at the University of Newcastle-upon-Tyne before qualifying as a Solicitor.  He is a qualified Chartered Engineer and Member of the Institution of Engineering and Technology.  Dai is an active member of the Society for Computers and Law in the United Kingdom and has been Chairman of its Northern Branch and a member of the Council of that Society.  Dai has consistently been recommended in the Legal 500 and in Chambers Guides to the Legal Profession.

www.daidavis.com

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Facebook (Opens in new window) Facebook

IISP NW Regional Meetings

By Gurbir Dated: July 28, 2013 Leave a Comment

The videos below are recordings of the NW regional branch meetings of the Institute of Information Security Professional (IISP) recorded in Manchester. The videos and  slides  are made available with the consent of the speakers who remain the copyright owners.

The next meeting, a joint one with the Chartered Institute for IT in Greater Manchester. It is on the evening of 16th September 2013 with Michael Colao entitled “The outlook is cloudy:  How to screw up a cloud implementation or Why almost every cloud security talk you have ever heard is wrong“. Register free here

#  #  #

11th June  2013 by Professor Fred Piper from Royal Holloway University London, on “Cryptography – From Black Art to Popular Science”. Slides  here.

*  *  *  *  *  *  *  *  *  *

 

23 May 2013 by Kawser Hamid, lead policy officer from the Information Commissioner’s Office on the theme of “Data Protection in the Cloud”. A technical issue (the battery packed up!) meant I only had the first 20 minutes. I thought it was still worth uploading.  Slides  here.

*  *  *  *  *  *  *  *  *  *

 

15th November 2012 by Will Roebuck from www.eradar.eu on the theme of  security  associated with doing business online. Slides  here.

*  *  *  *  *  *  *  *  *  *

 

5th July 2012 by Stephen Porter from Trend Mirco Limited on the theme of cloud security. Slides here.

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Facebook (Opens in new window) Facebook

Ben Kepes – Future of Cloud Computing

By Gurbir Dated: September 27, 2012 Leave a Comment

Ben Kepes

When I speak to anyone in a time zone with a 12 hours difference and in opposite hemispheres it implies we are about as far as two people on the planet can be. You can play or download the recording at the bottom of this page.

Ben is known for amongst other things, as the curator of CloudU. He has been speaking about Cloud Computing from a business perspectives long before it became trendy to do so.

We spoke about CloudU,  CSA’s CCSK and the future of Cloud Computing and its relationship with Open Source.

Links to some of the topics we discussed include.

CloudU

Ben’s Blog

Future of Cloud Computing video from Oscon

Cloud Security Alliance – Cloud Computing Security Knowledge and my blog post  discussing the pros and cons of CCSK.

https://media.blubrry.com/astrotalkuk_podcast_feed/astrotalkuk.org/wp-content/uploads/Ben_Kepes_23Sep2012.mp3

Podcast: Play in new window | Download (0.5KB) | Embed

Subscribe: Spotify | RSS | More

 

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Facebook (Opens in new window) Facebook
Next Page »

Find me online here

  • E-mail
  • Facebook
  • LinkedIn
  • Twitter
  • Vimeo
  • YouTube

subscribe to mailing list and newsletter

  • This field is for validation purposes and should be left unchanged.

Browse by category

Recent Comments

  • Frank Pleszak on Episode 117 – Early Aviation in Manchester
  • Gurbir Singh on Episode 111 – Chandrayaan-3
  • Lunar Polar Exploration Mission: Difference between revisions – भोजपुरी on Episode 82: Jaxa and International Collaboration with Professor Fujimoto Masaki
  • Gurbir on Public Event. Anglo Indian Stephen Smith – India’s forgotten Rocketeer
  • Sandip Kumar Chakrabarti on Public Event. Anglo Indian Stephen Smith – India’s forgotten Rocketeer

Archives

Select posts by topic

apollo astrobiology Astrophotography BIS Book Review Carl Sagan CCD CCSK China Cloud Computing cnsa commercial Cosmology curiosity Education ESA Gagarin History India Infosec ISRO jaxa Jodrell Bank Mars Media Moon NASA podcast radio astronomy Rakesh Sharma rocket Rockets Roscosmos Science Science Fiction seti Solar System soviet space space spaceflight titan USSR video Vostok Yuri Gagarin

Copyright © 2008–2025 Gurbir Singh - AstrotalkUK Publications Log in