Difference between revisions of "Welcome to regify wiki"
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
<p style="font-size: 40px; text-align: center; background:#EEEEEE; padding: 20px; color:#505050; text-shadow: -1px -1px 0px #202020, 1px 1px 0px #fff; border-bottom: 2px solid #AAAAAA">[[File:Logo.png|RTENOTITLE]] Welcome to the regify wiki pages.</p> | <p style="font-size: 40px; text-align: center; background:#EEEEEE; padding: 20px; color:#505050; text-shadow: -1px -1px 0px #202020, 1px 1px 0px #fff; border-bottom: 2px solid #AAAAAA">[[File:Logo.png|RTENOTITLE]] Welcome to the regify wiki pages.</p> | ||
| − | <p style="color: white; background-color: # | + | <p style="color: white; background-color: #885555; border: 2px solid #330000; padding: 10px; font-size: 90%;"> |
| − | + | A note regarding '''Spectre''' and '''Meltdown''' attacks (January 2018).<br> | |
<br> | <br> | ||
We investigated the impact of the currently discussed security flaws CVE-2017-5753 (Spectre 1, Bounds Check Bypass), CVE-2017-5715 (Spectre 2, Branch Target Injection) and CVE-2017-5754 (Meltdown, Rogue Data Cache Load). In order to attack a system using these flaws, a rogue executable has to be copied to the affected server system and then executed. For the '''regify provider appliance''', the '''regigate appliance''' and other servers of the regify infrastructure, this is not possible by default. The only way to do this would be a serious data breach on the platform. And if this happened, the attacker does not need to utilize one of these flaws to get data or create serious damage. Due to this, the systems are neither more or less secure than before.<br> | We investigated the impact of the currently discussed security flaws CVE-2017-5753 (Spectre 1, Bounds Check Bypass), CVE-2017-5715 (Spectre 2, Branch Target Injection) and CVE-2017-5754 (Meltdown, Rogue Data Cache Load). In order to attack a system using these flaws, a rogue executable has to be copied to the affected server system and then executed. For the '''regify provider appliance''', the '''regigate appliance''' and other servers of the regify infrastructure, this is not possible by default. The only way to do this would be a serious data breach on the platform. And if this happened, the attacker does not need to utilize one of these flaws to get data or create serious damage. Due to this, the systems are neither more or less secure than before.<br> | ||
Revision as of 12:44, 11 January 2018
Welcome to the regify wiki pages.
A note regarding Spectre and Meltdown attacks (January 2018).
We investigated the impact of the currently discussed security flaws CVE-2017-5753 (Spectre 1, Bounds Check Bypass), CVE-2017-5715 (Spectre 2, Branch Target Injection) and CVE-2017-5754 (Meltdown, Rogue Data Cache Load). In order to attack a system using these flaws, a rogue executable has to be copied to the affected server system and then executed. For the regify provider appliance, the regigate appliance and other servers of the regify infrastructure, this is not possible by default. The only way to do this would be a serious data breach on the platform. And if this happened, the attacker does not need to utilize one of these flaws to get data or create serious damage. Due to this, the systems are neither more or less secure than before.
Of course, the next patch updates of your regify appliances will contain the respecting kernel patches anyway.
From what we know today, your regify client software is not affected, as these are hardware related issues and the fixes have to be applied by the Operating System or Web-Browsers. Please keep your systems up to date.
The target audience for this wiki are administrators of regify providers and technical interested persons who want to get extra information on regify software and technology.
If you have any further technical questions about regify technology, please contact us at support (AT) regify.com.
product information
regify-providerThe current regify-provider changelog (history) Information about the regify Provider Appliance Find information about regify-provider hardware requirements |
regify clientThe current regify-client changelog (history) |
regipay |
regimail |
regibill |
Mobile clients |
regibox |
regigate |
troubleshooting
Client Software
regify account and Web-Portal
Other
technical articles
other information
list of all authentication levels
Answers to different security questions (professionals only)
Installation hints for provider-setup (Outdated! Only for Windows)
