Posts

Meltdown and Spectre vulnerabilities – what to do?

Meltdown and Spectre are two vulnerabilities present in hardware making it potentially possible for programs to steal information, like passwords etc.

Meltdown affects only Intel processors while Spectre, which is more complex, also partly affects AMD and ARM based processors.

It is not yet known if these vulnerabilities has been exploited by anone. It can affect personal computers, servers, tablets and mobile phones, i.e. more or less any device containing a processor.

More information on: https://spectreattack.com/

What can you do?

  • Check your operating system for updates the upcoming weeks (this is normal good security practice, but make sure you do it frequently)
  • Install and update your virus protection. Even if the antivirus program can’t protect you from the attack it might be able to inform you that your device has got malicious code onboard

You can find security bulletins, security advisorys, faq:s etc for your operating system here: https://meltdownattack.com/#faq-advisory

Siemens Gigaset WLAN camera vulnerability

The Siemens Gigaset WLAN camera is vulnerable for unauthorized users to gain access through telnet and ftp by logging in as the user root. The user can log in without any password. When logged in, it is possible to view the cameras configuration file where the administrator password is stored in clear text.

The vulnerability is verified to exist in firmware version 1.27 but might be present in other versions too. At present time there are no updates available from Siemens later than version 1.27.

It is therefore a recommendation to maintain the Siemens Gigaset WLAN camera only on a private network or behind a firewall and to use an administrator password that is not used anywhere else.

See also the Siemens web page for Gigaset WLAN camera.