Meltdown and Spectre sound like the bad characters from the new animated feature film but there is nothing comical about them.
These flaws, called Meltdown and Spectre, could allow hackers to lift passwords, photos, documents and other data from smartphones, PCs and the cloud computing services that many businesses rely on. -NYTimes
Intel put out a notice to all its partners who make operating systems and software such as Google, Apple, and Microsoft and to thousands of smaller players indicating a flaw in the processor’s chip design that could let hackers access privileged information such as passwords and sensitive data. Intel has set up a products details page –Facts about The New Security Research Findings and Intel Products
How does this flaw help a hacker?
“These hardware bugs allow programs to steal data which [is] currently processed on the computer,” reads a description of the attacks on a website the researchers created. If you are interested to know more and follow this research go to https://meltdownattack.com/
Quote from the FAQ section on the researcher’s website:
So what is Meltdown?
The bug basically melts security boundaries which are normally enforced by the hardware.
And why is it called Spectre?
The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.
What do you need to do as a consumer to keep your data safe?
Software companies such as Microsoft, Apple, and Google are preparing or already pushed several security updates. As a consumer, you can make sure you are able to receive these updates and keep your devices updated. Below are three things you can do to make sure you are protected.
- Be aware of emails and websites you open and make sure not to click on suspicious links.
- Keep your Antivirus (AV) updated or install an AV that is capable of defending you against Malware, Spyware, and Ransomware. Check out this article for an Enterprise-grade Free AV article.
- Make sure are keeping your devices updated with the latest security patches.
Final thoughts on being safe and protected
End users and systems administrators should check with their operating system vendors and system manufacturers, and apply any available updates as soon as practical. Following good security practices protect against malware, in general, will also help to protect against possible exploitation of these analysis methods.
These are a few things one can do to be better prepared:
- Maintain control of your computing environment
- Regularly check for and apply available firmware/driver updates / Security Patches and Keep your software updated.
- Use hardware and software firewalls( example, Turn On the Microsoft Firewall and turn On the firewall on your home/office router. )
- Turn off unused services. (Uninstall unnecessary programs, check for any programs that are suspicious and uninstall them)
- Maintain appropriate user privileges (Make sure your programs, users and files have proper permissions applied to them)
- Keep security software up to date.
- Avoid clicking on unknown links
- Avoid re-using passwords across sites
For specific Operating Systems and Hardware Manufacturers Advice/ support on this vulnerability, visit:
- Google: Googles Product FAQ page https://support.google.com/faqs/answer/7622138
- Apple: Apple’s Support Page https://support.apple.com/en-us/HT208394
- Microsoft: Microsoft’s Knowledge Base Support Page https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
- Intel: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
- AMD: https://www.amd.com/en/corporate/speculative-execution
For security best practices and other explanations, visit:
- 5 Signs you have received a Phishing Email: http://www.scamstercentral.com/5-signs-you-may-have-received-a-phishing-email/
- How To Explain Meltdown And Spectre To Your C-Level and employees https://blog.knowbe4.com/how-to-explain-meltdown-and-spectre-to-your-c-level-and-end-users
- Stop.Think.Connect: https://www.dhs.gov/stopthinkconnect
- National Cyber Security Alliance: https://staysafeonline.org/stay-safe-online/
Knowledge & Awareness Are Your Only Defense