Welcome to our PLM Tech Tips Tuesday!
Meltdown, Spectre and Bitcoin
You have likely heard of these in the news lately as these are the HOT topics right now in cybersecurity. You, like many people, may be asking how to best protect your computers and your Agile PLM systems. Let’s break down these threats individually as each is unique and requires a different response.
Meltdown is a vulnerability that affects CPU chips and breaks the fence between user applications and the CPU. If you want to know more details about Meltdown, there are many good resources on the web and I recommend the Security Now podcast by Steve Gibson, episodes 645 and 646, available at Security Now. So, what do you do about Meltdown? Keep your system updated using your vendor's operating system patches. This includes iOS, OS X, Microsoft Windows and Linux. The fixes from vendors appear to be very effective at mitigating Meltdown. Remember to ALWAYS test updates before deploying them on any production servers, but do it quickly in this case.
I read a statistic the other day that said companies, on average, take 193 days to deploy patches. That is too long and should be reviewed if your company is one of those. The trigger is that as soon as a patch is released, bad actors begin working on exploits knowing that not everyone will patch their systems.
Spectre is more difficult as it is a vulnerability in the actual chip. Operating system patch upgrades can mitigate some of the Spectre vulnerability but not fix it completely. For that, you need a BIOS (or firmware) update from your hardware manufacturer. These types of updates may not be provided for older chip technologies or older hardware. So, you may not be able to fully mitigate against Spectre without replacing hardware. That is the bad news. The good news is that your risk from Spectre, unless you are responsible for a data center or server farm, is relatively low. Exploitation is difficult and yields small amounts of data. The risk to individuals is small but the risk to servers is larger. Unfortunately, you will have to rely on your IT staff to perform BIOS updates. To make this even worse, it has been revealed that in many cases, the BIOS firmware patches being rolled out have a very negative impact on your system causing random reboots and shutdowns. So be very careful.
Bitcoin WebLogic exploits
Less mentioned in the news has been the Bitcoin exploitation on WebLogic servers. It is most prevalent in WebLogic servers exposed directly to the Internet and that are running EBBS or PeopleSoft. The vulnerability is a general access vulnerability that has been used to mine Bitcoin but is not limited to that. Data is at risk as well as system stability. The really good news is that Oracle patched this vulnerability back in October with the October Patch Set for WebLogic. The patch is also included in the January 2018 Patch set. Once again, the maxim of keeping your systems updated holds very true. Keep your test cycles as short as possible (be aggressive testing updates) and get your WebLogic updated as soon as possible.
Bob McDuffee, Certified Ethical Hacker (CEH), has over 30 years experience and is a System Engineer for Zero Wait-State. He is responsible for installing software for clients and overseeing hosted and virtual environments. He provides configuration information for customers and debugs hardware issues both for clients and the company internally. His experience includes implementing, troubleshooting and upgrading PDM systems on Linux, Solaris and Windows servers utilizing both WebLogic and Oracle Application Server.