SOC 2 is an audit framework that gives organisations a trusted way to verify their controls for protecting, securing and utilizing data. Increasingly, cloud computing companies that want to attract business need to demonstrate SOC 2 certification. (If you’ve never heard of SOC 2 and want the full lowdown, check out our whitepaper here.)
Everyone has heard of Zombieload. Recently made known to the public, Zombieload is a Microarchitectural Data Sampling (MDS) attack that can reveal private data by breaking the privacy borders between apps. A lot of people were (rightfully) worried about Zombieload, and in the middle of May it was big news.
One day, we received a report from our client that he faced 403 Forbidden error during KernelCare package setup. We started to investigate the issue and found that we need to improve KernelCare package setup logic.
Everyone has heard of Zombieload. Recently made known to the public, Zombieload is a Microarchitectural Data Sampling (MDS) attack that reveals private data by breaking the privacy borders that exist between apps. Zombieload targets the load, store, and line fill buffers, used by the CPU for fast reads/writes of internal data. In mid-May, the discovery of Zombieload was big news.
But: Zombieload isn’t the only MDS-related side channel attack that you should be worried about. There are actually three such threats, all constituting weaknesses in Intel x86 microprocessors that leak data across protection boundaries that are architecturally supposed to be secure.
Fallout is another hardware vulnerability of this kind. It exploits a weakness in Intel CPUs to cause leakages in store buffers, which are used by the processor’s pipeline to hold data.
Compared to proprietary embedded operating systems, Linux is low cost; it allows for multiple suppliers of software, development and support; it has a stable kernel; and it facilitates the ability to read, modify and redistribute the source code. For these reasons and more, Linux has become the go-to option for embedded systems.
At KernelCare, we've known about SOC 2 for some time. We've had customers tell us that our Linux kernel live patching product helped them with their compliance certification efforts. Although KernelCare doesn't handle customer data, we thought we should follow the good example set by our SOC 2-certified customers and become compliant. We would get to know our customers' use-cases better, and improve as a company.
So, I'm excited, and a little nervous, to share with you the start of our own SOC 2 compliance journey. I will share more as we progress.
An embedded system is a small computer that lives within a larger structure that isn’t itself a computer. It is a bundle of computing hardware and software, designed for a specific function, that lives within a larger physical system. Rooted in a microprocessor or microcontroller, embedded systems are controlled by a real-time operating system, run on a limited amount of power and memory, and range widely in size and UI complexity. Embedded systems are all around us, existing within a vast array of consumer, industrial, medical, and military technologies.
Kernel patching is a never-ending job. Why? Because Linux is king of the OSes. But it is very, very complicated. The master branch of the Linux kernel git repository contains more than 20,000,000 lines of human-written code. This complexity makes vulnerabilities inevitable. There are hundreds every year, some of them very serious.