The impromptu Slack war room where ‘Net companies unite to fight Spectre-Meltdown

Enlarge / The early disclosure of Meltdown and Spectre by Google and the fumbled responses by hardware vendors left cloud companies scrambling to react. So they united to fight the dumpster fire of poor communication and bad patches. (credit: US Air Force)

Meltdown and Spectre created something of a meltdown in the cloud computing world. And by translation, the flaws found in the processors at the heart of much of the world's computing infrastructure have had a direct or indirect effect on the interconnected services driving today's Internet. That is especially true for one variant of the Spectre vulnerability revealed abruptly by Google on January 3, since this particular vulnerability could allow malware running in one user's virtual machine or other "sandboxed" environment to read data from another-or, from the host server itself.

In June 2017, Intel learned of these threats from researchers who kept the information under wraps so hardware and operating system vendors could furiously work on fixes. But while places like Amazon, Google, and Microsoft were clued in early because of their "Tier 1" nature, most smaller infrastructure companies and data center operators were left in the dark until the news broke on January 3. This sent many organizations immediately scrambling: no warning of the exploits came before proof-of-concept code for exploiting them was already public.

Tory Kulick, director of operations and security at the hosting company Linode, described this as chaos. "How could something this big be disclosed like this without any proper warning? We were feeling out of the loop, like 'What did we miss? Which of the POCs [proofs of concept of the vulnerabilities] are out there now?' All that was going through my mind."

Read 50 remaining paragraphs | Comments