The Friday Five is a weekly Red Hat® blog post with 5 of the week's top news items and ideas from or about Red Hat and the technology industry. Consider it your weekly digest of things that caught our eye.
L1 Terminal Fault (L1TF) is a security vulnerability that allows unauthorized users to access information from Intel processor based servers including deployments in cloud environments. This 3-minute video provides a high-level primer on what L1TF is and how it works.
IN THE NEWS:
The Register - Three more data-leaking security holes found in Intel chips as designers swap security for speed
Intel disclosed three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memory. In the pursuit of ever-increasing performance, defenses to protect people's data became optional.
The L1TF (L1 Terminal Fault) Intel processor vulnerability is complex and in some cases requires specific actions by customers to effect a complete mitigation. Red Hat and our partners have been working to prepare for the public coordinated disclosure, and to prepare patches, documentation, training, and other materials necessary to help keep our customers and their data safe.
L1 Terminal Fault, an unwelcome addition to the Spectre and Meltdown family tree, has just been announced, providing a serious new wrinkle to modern IT security efforts. What does it do? Where did it come from? And how do you fix it? Hear about the deeper technical details of L1 Terminal Fault (and the related Foreshadow vulnerability) from Red Hat's Jon Masters.
In the world of information security, we have a few tools to help us make informed decisions. When looking at potential problems we think of them in terms of potential risks that could happen that would impact our business. First, when we need to understand what could possibly happen, we look at the impact of a potential threat.
About the author
Red Hat is the world’s leading provider of enterprise open source solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies.