What’s In A Name: Meltdown and Spectre

Written by Dan Powers

One of the reasons this latest threat is so complicated is because it’s actually multiple vulnerabilities that were unveiled at the same time. They’re similar in some ways, but differ in important others — a fact hinted at by their names.

According to researchers,
1. Meltdown “basically melts security boundaries which are normally enforced by the hardware.”
2. Spectre, meanwhile, “breaks the isolation between different applications” allowing “an attacker to trick error-free programs, which follow best practices, into leaking their secrets.”
And what does that actually mean? Essentially, either of these vulnerabilities could be theoretically exploited to steal sensitive data, like passwords, off your computer. Spectre is also a threat to your smartphone, so no escape there.

Simply an example of using this to steal passwords: https://youtu.be/RbHbFkh6eeE

Meltdown – Vendors have been extremely quick to help “mitigate” this risk (we say mitigate, because it is still new and none of these software patches can 100% protect you). But, taken these steps are some of the most important patching steps all organizations should be doing with quick haste.

Spectre – This one is a little trickier. Harder to exploit, but also MUCH harder to protect against, some software patches help slow this down, but only some FIRMWARE/BIOS updates will actually fix the issue, and vendors are slower to provide fixes for this. This alone makes this very difficult to manage when you have multiple endpoints/devices/IoT spread across the organization.

We were able to use IBM BigFix (Windows only) to track and help manage this:

Everything above (99%) that shows TRUE (blue), are VUNVERVABLE endpoint devices. But we can keep “TRACK” of how this is being handled.

1. Pie Chart one: More steps are REQUIRED to protect yourself
2. Pie Chart Two: BIOS/FIRMWARE is in need of updates… harder as vendors are slower to update this
3. Pie Chart Three: Shows (Windows) that these devices have NOT installed the latest MS patches to address this issue
4. Bar Chart: Showing the various CPU (can add BIOS data) that is used in the environment.

Learn more about BigFix and our capabilities by visiting: https://www.championsg.com/ibm-bigfix


Hot, Warm, Cold – DR & HA Strategies for IBM i


How To Avoid Fines Associated With The EU GDPR Regulation Coming May 2018


Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.


Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.


Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!


As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.


He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.


Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.


Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.


In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.


Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.