CERN Computer Security Announcements

(Previous announcements are here.)

Advisory on Spectre & Meltdown

The beginning-of-the-year has been dominated by the security vulnerabilities known as "Meltdown" and "Spectre". "Meltdown" breaks down the boundary that separates user applications from accessing privileged system memory space. This vulnerability is confirmed to exist in all Intel processors since 1995, except for Intel Itanium and Intel Atom before 2013. This includes computers by popular vendors such as Apple, Microsoft, Dell, HP, and Lenovo. "Spectre" is similar but allows an attacker to utilize a CPU's cache channel to read arbitrary memory from a running process. Unlike Meltdown, Spectre is confirmed to affect Intel, AMD, and ARM processors. This includes computers, tablets and smartphones made by popular vendors such as Apple, Microsoft, Dell, HP, Google, and Lenovo. The relatively good news is that Spectre is much more difficult to successfully exploit as its the attack surface is limited to user space processes, e.g. web browsers, desktop applications. Also, while there are proof-of-concepts out in the wild, there has been no systematic exploitation of either Spectre or Meltdown reported yet. Still, we recommend to all users to keep their systems up-to-date using the standard (automatic) update mechanisms of their Windows, Linux, Mac, Android or iOS devices.

(Details can be found here)

Security needs you

"Academic freedom is a valuable thing, but like any kind of freedom, it comes with responsibility... It is the responsibility of all of us, not just the experts in the IT Department, to protect our IT infrastructure while striking the right balance between security, academic freedom and the unfettered operation of our facilities... At CERN, security is not complete without you."

(Read more in the CERN Bulletin)

Overview

At CERN, due to its unique academic environment and the associated academic freedom, computer security has been delegated to CERN's users:

At CERN, the individual users are in first instance responsible for securing their computers, networks, data, systems & services.

The Computer Security Team - and the IT department - are ready to help users assuming this responsibility assist you in this. On this Web site, you can find

  • The CERN Computing Rules, i.e. the "Dos" and "Don'ts" for using CERN's computing facilities;
  • Recommendations, i.e. tips, hints & best practises intended to helping you to properly assume this responsibility;
  • Training courses and material for starters & experts;
  • Security Services provided for you by the Computer Security Team; and
  • Reports & Presentations featuring monthly reports, theses, reports from conferences, dedicated presentations & much more.