Security message from Digital Ocean - Printable Version +- LiveCloud Forums (https://forums.livecloud.io) +-- Forum: General (https://forums.livecloud.io/forumdisplay.php?fid=1) +--- Forum: Announcements (https://forums.livecloud.io/forumdisplay.php?fid=2) +--- Thread: Security message from Digital Ocean (/showthread.php?tid=374)

Security message from Digital Ocean - mark_talluto - 03-11-2020 Hi Everyone. When we receive security updates from our data center providers, in this case, Digital Ocean, we want to pass the information to you. If you have any questions, please let us know. The quick takeaway is that Digital Ocean is on top of the recent security threats to datacenters and that we all benefit from their diligent efforts. We wanted to provide some detail around three new security vulnerabilities and how they could impact your Droplets. These include the Load Value Injection vulnerability, also referred to as LVI, TRRespass, a Rowhammer-type vulnerability, and Snoop-assisted L1 Data Sampling, a L1TF-type vulnerability. Load Value Injection. This vulnerability could allow data stored in an Intel SGX enclave to be leaked. Fortunately, DigitalOcean does not use SGX in our production environment. Our infrastructure is not affected, and there is no action required to protect your Droplets. TRRespass. This vulnerability could potentially allow attackers to gain privileged access to certain systems using DDR4 memory, though targeting a specific system is very difficult in cloud environments. We are currently working with our hardware manufacturers to evaluate the scope of this vulnerability in our infrastructure and will provide updates if any action is required on your end. Snoop-assisted L1 Data Sampling. This is similar to other L1TFvulnerabilities we’ve seen previously. The mitigations we already have in place sufficiently address this vulnerability, and no further action is required to protect your Droplets. [size=undefined] Additionally, we’re excited to share that we have finished deploying the mitigations across our fleet for the two Processors Data Leakage security vulnerabilities recently disclosed by Intel. As a reminder, there is no action required from users to protect their Droplets from these two vulnerabilities.  The security of our platform and your data is our highest priority. Thank you for being a DigitalOcean customer and if you have any questions please open a ticket with our Support Team.  Thanks,  Team DigitalOcean  [/size]