Meltdown & Spectre
So, 2018 has started with disclosure of two huge cybersecurity vulnerabilities, called “Meltdown” and “Spectre”. These are not like most of the “exploits” that hackers use. They affect almost all modern computers.
Sites like MeltdownAttack.com and Defiant.com (previously “WordFence”) have covered the tech details well. So, here’s a simplified summary of what non-techies need to know.
Why You Should Care About Meltdown & Spectre
Most vulnerabilities affect software. Meltdown and Spectre affect CPUs — the core computer chips — mostly those built by Intel since 1995. So they don’t just affect PCs, or Windows, or Macs, or Linux. They affect computers, regardless of what software or operating systems you use. In short — yes, this affects your computer(s) and phone(s). It even affects cloud computers.
So, what do they do?
Put simply, Meltdown lets programs access parts of your computer that should be inaccessible to them. That includes areas of memory that contain sensitive information. Spectre lets programs access other programs in ways that they shouldn’t. That could let a hacker trick a well-written, normally secure, program into sharing sensitive information.
Not good, right?
What Can You Do About This?
First, understand that neither anti-malware programs (e.g. anti-virus systems or firewalls) nor well-programmed software can help much directly. However, keeping these up to date will limit the ways an attack could reach your machine.
Still, software patches can mitigate some of the effects of these exploits. Operating System vendors are releasing patches for Windows, Macs (OSX) and Linux through the usual channels. These mostly affect Meltdown. Spectre is harder to exploit, but harder to fix. Software patches for that may be ongoing for some time.
In Conclusion
Keep your Operating System, software and anti-malware programs up to date. That will reduce the risk of attacks based on Meltdown or Spectre affecting you.
Still, the risk will remain on all systems that use the affected chips. It’s early days yet, but if you process sensitive information, you may need to switch to computers and phones that use less vulnerable chips. Check MeltdownAttack.com for more detailed information on this.