Meltdown and Spectre are two hardware bugs that potentially affect the overwhelming majority of computing devices. Given how most of us use so many computers, mobile devices, and connected hardware, pretty much everyone is at risk.
These vulnerabilities are similar, yet work differently. But what is of the greatest concern is how they can be used to bypass security and encryption to directly read data from the processors in your machines.
Am I affected by the bug?
Most certainly, yes.
- Graz University of Technology, meltdownattack.com
The video below is a startling demonstration of how dangerous this can be. Before you watch it, understand the background. This is an actual demo of how Meltdown works. Pay close attention to the white text on the right side of the screen in the video. That’s actual data, bypassing any security or encryption. Passwords, credit card numbers…nothing is safe!
What Should You Do About Meltdown and Spectre?
We rate this as a HIGH IMPACT, MEDIUM RISK vulnerability. Clearly the impact of this could be devastating on businesses and consumers. To be objective, no one knows if Meltdown and Spectre have been exploited in the real world. Since there are no indications of actual attacks, some experts are classifying this as a low risk. However, these vulnerabilities have generated a lot of press and shares of Intel have lost over $11 billion in value. All this publicity has no doubt prompted interest in the hacking community to find profitable exploits.
In view of this, we’re are rating this as a medium risk and are recommending that our clients follow the direction of the Department of Homeland Security US-CERT, Microsoft, Google, and other vendors. This basically involves immediate action to:
- Update ALL operating systems.
- Update ALL browsers.
- Update ALL firmware.
We have already been contacting clients that are most at risk and will be issuing a newsletter with additional specifics. If you’re not already a subscriber, consider signing up at: http://t2d.la/signup
Remember, WE HATE SPAM.
Learn About Meltdown and Spectre
There’s a lot of technical and general press about this major vulnerability. One of the best explanations for non-technical people (as in most of those affected) can be found in this article:
Nearly Every Computer Made Since 1995 Is Dangerously Flawed. Here’s What You Need to Know.
Short URL: http://t2d.la/a032
One-Minute BBC Video
And here’s a one-minute video. It’s not as explanatory as the article above, but it is a very brief, yet useful overview:
The full article can be found at:
http://www.bbc.com/news/technology-42564461
Short URL: http://t2d.la/a033
Need Help?
Click the Help Button below if you need help:
Need to make sure your computers and devices are updated? Schedule an appointment now:
Additional Resources
Official Meltdown and Spectre Site
by Graz University of Technology
Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
CERT Vulnerability Notes Database. With technical information and links to official vendor statements.
https://www.kb.cert.org/vuls/id/584653
ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
Microsoft Security Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Today’s CPU vulnerability: what you need to know
The Google Security Blog post that initially disclosed the vulnerabilities to the public.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
About speculative execution vulnerabilities in ARM-based and Intel CPUs
Apple’s Official Statement
https://support.apple.com/en-us/HT208394
Mitigations landing for new class of timing attack
Mozilla Firefox Security Blog
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Leave a Reply