Dropbox Security Response to Meltdown and Spectre

in #dropbox7 years ago

So I was interested how Cloud Services responds to Meltdown and Spectre, because I store quite a bit data there which is not too private but somewhat important for me. Google leaded my to the dropbox forum (https://www.dropboxforum.com/t5/Space/Meltdown-and-Spectre-on-Intel-servers/m-p/259328)

Here is their response:

We’ve been closely tracking the Meltdown and Spectre vulnerabilities since they were announced. We want to assure you that user data stored in Dropbox is safe and that Dropbox was built to protect against these types of issues.

To exploit the vulnerabilities associated with Meltdown and Spectre, a bad actor would have to access Dropbox’s systems. Our services, however, were specifically designed to defend against malicious access. We run primarily on our own infrastructure, which is not multi-tenant, and we have robust controls to prevent unauthorized access. Where we do use AWS, we use mostly dedicated instances to isolate our data from exactly this type of attack. Additionally, AWS has completed patching that resolves any remaining vulnerabilities from shared instances.

User trust and the security of our users data are our top priorities.

Actually Im not sure what i should think of it, because it seems reasonable and plausible, however once someone gains access to their server. It's a huge problem...
From what I know/read is that there is actually a software solution which would have serious performance impact (30% slower (https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/)) or a hardware exchange which is impractical and expensive...
the real solution is to replace the system’s CPU with one that does not show the vulnerability