AnsweredAssumed Answered

How is it possible for RSA Nw HW to be unaffected by meltdown/spectre?

Question asked by Marinos Roussos on Jan 16, 2018
Latest reply on Jan 16, 2018 by Amy Blackshaw

This morning I saw a security "advisory" from RSA, claiming that their Security Analytics/NetWitness hardware is not affected when nearly every device with a processor made in the last decade is vulnerable.  Is this a typo mistake?

 

This is from your hardware provider claiming otherwise.

http://www.dell.com/support/article/jm/en/jmbsdt1/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en

 

This is from your CPU manufacturer again claiming otherwise.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

 

In security industry, the common terminology used is vulnerable and exploitable.

RSA chose to use the non security industry standard word "impacted" in their advisory which does not allow the reader to understand what they mean.

 

Are you saying that your hardware is not vulnerable when your vendors say that it is?

Or implying that since there is no easy exploit for it therefore you are not vulnerable?

Outcomes