Internet Performance Delivered right to your inbox

Oracle Dyn Response: Meltdown & Spectre

The Meltdown and Spectre vulnerabilities impact various microprocesses and enable a class of exploits, namely timing attacks against cached memory. A complete fix, in most cases, is only possible by updating firmware or moving to a non-vulnerable chipset.

At the time of the disclosure, we assessed the impact to Oracle Dyn infrastructure and found minimal exposure that was resolved with updates as patches became available.

Oracle Dyn is committed to protecting its clients from emerging threats. Our assessment shows that the Spectre exploit can manifest in the browser if a user allows for an attack script to execute (by visiting a compromised site or through a malicious ad). Essentially, this could allow one browsing session to access sensitive data from another tab, within the same browser. There are steps that browser and site developers are taking to prevent this kind of attack. It is recommended that users enable site isolation as an additional measure.

As an in-line security control, the Oracle Dyn WAF keeps sites secure from various attacks, including those that might lead to compromise and used for watering hole-type attacks.

For additional information, see Spectre Side-Channel Attacks Enabled by JavaScript in Browsers.

Share Now

Whois: Nick Deshpande

Nick Deshpande is a Principal Product Strategist at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.