|title||Security threat that could possibly affect some of the Kantara community. Click here to read more ...|
Hello Kantara participants
Our cloud service provider Digital Ocean, has advised us of a threat that could possibly affect some of the Kantara community.
Intel has discovered a security vulnerability called L1 Terminal Fault. Red Hat has a good video explaining it here . Digital Ocean uses Intel processors. The video explains a vulnerability where a malicious application in another cloud server that is running on the same processor core could conceivably read memory from our cloud server. While the attacker would not be able to target Kantara specifically, it could conceivably be randomly assigned a shared processor core whereby possibly personal data from pages in Confluence and/or Mailman with restricted access could be in the processor's memory. Intel and Digital Ocean are working diligently on the issue and will advise us of progress, so we can advise you. Please note that some of the fixes for this issue may significantly slow down our server infrastructure temporarily (the need to turn off hyper-threading). Thanks for your forbearance.
Kind regards, Kantara Staff
The Kantara Initiative is the global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice.
Join. Innovate. Trust.
Few, if any, organisations can succeed at all of stages of digital transformation in isolation.
Kantara Initiative brings together the right thought leaders and industry representation - vendors, adopters, governments, standards bodies - to address all transformation stages.
Our Mission: To grow and fulfil the market for trustworthy use of identity and personal data.
Our Vision: To see equitable and transparent exchange of identity and personal data for mutual value
Kantara Initiative is a unique global ‘commons’ that operates conformity assessment, assurance and grant of Trust Marks against de-jure standards under its Trust Framework program whilst in parallel nurturing ‘beyond-the-state-of-the-art’ ideas and developing specifications to transform the state of digital identity and personal data agency domains.