Authentic8 Blog Author: Kevin Lund

Kevin is Chief Technology Officer at Authentic8.

Company Statement on Meltdown and Spectre

The Meltdown and Spectre attacks have recently been publicized, revealing vulnerabilities in all systems using modern microprocessors. Authentic8 systems share these vulnerabilities.

While there have been no publicized practical in-the-wild exploits of these vulnerabilities, we are applying system patches as they become available. Patches have been released for Meltdown on some platforms, with more expected; Spectre does not appear to be patchable in software and may require physical CPU revisions.

Authentic8 uses third-party cloud virtualization platforms for a minority of our services. These services (Amazon AWS, Google Compute) have patched their underlying software against the Meltdown attack. We are preparing kernel patches for our own systems and will provide updates as they are processed through QA and deployed.

The Authentic8 architecture in many ways mitigates against these types of attacks. Our browser isolation does not rely on hypervisors, so exploits designed to access data across virtual machines do not apply to us. Sensitive customer data is kept encrypted at rest and only