Date: Wed, 17 Jan 2018 00:00:00 +0000
<p>Bringing you a special second episode this week with Matt Linton and Paul Turner sharing insights with <a href="https://twitter.com/Neurotic">Mark</a> and <a href="https://twitter.com/nyghtowl">Melanie</a> about the CPU vulnerabilities, Spectre & Meltdown, and how Google coordinated and managed security with the broader community. We talked about how there has been minimal to no performance impact for GCP users and GCP’s Live Migration helped deploy patches and mitigations without requiring maintenance downtime.</p> <p>Due to the special nature, no cool things or question included on this podcast.</p> <h5 id="about-matt-linton">About Matt Linton</h5> <p>Matt is an Incident Manager (aka Chaos Specialists) for Google, which means his team is on-call to handle suspected security incidents and other major urgent issues.</p> <h5 id="about-paul-turner">About Paul Turner</h5> <p>Paul is a Software Engineer specializing in operating systems, concurrency, and performance.</p> <h5 id="interview">Interview</h5> <ul> <li>Protecting our Google Cloud customers from new vulnerabilities without impacting performance <a href="https://www.blog.google/topics/google-cloud/protecting-our-google-cloud-customers-new-vulnerabilities-without-impacting-performance/"> blog</a></li> <li>What Google Cloud, G Suite and Chrome customers need to know about the CPU vulnerability <a href="https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/"> blog</a></li> <li>Google Security Blog, Today’s CPU vulnerability: what you need to know <a href="https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"> blog</a></li> <li>ProjectZero News and Updates by Yann Horn <a href="https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"> blog</a></li> <li>Spectre Attack <a href="https://spectreattack.com/spectre.pdf">paper</a></li> <li>Meltdown Paper <a href="https://meltdownattack.com/meltdown.pdf">paper</a></li> <li>Intel Security Center <a href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr"> site</a></li> <li>Intel Analysis of Speculative Side Channels <a href="https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf"> site</a></li> <li>An Update on AMD Processor Security: <a href="http://www.amd.com/en/corporate/speculative-execution">site</a></li> <li>ARM Processor Security Update <a href="https://developer.arm.com/support/security-update">site</a></li> <li>GCP Compute Engine Live Migration <a href="https://cloud.google.com/compute/docs/instances/live-migration">docs</a></li> <li>GCP Security Overview <a href="https://cloud.google.com/security/">site</a></li> </ul> <p><em>Patch your operating systems and all the things. Keep updated.</em></p>