Meltdown and Spectre. How can they affect you?
Breaking News: Meltdown and Spectre. How can they affect you?
First, what are they? Both Meltdown and Spectre are attacks that exploit vulnerabilities in computer processors. They break down barriers between two parts of your system (user applications and the operating system) and between different processes that are running on it, so that another malicious program could potentially access memory that it normally shouldn’t be able to touch. It’s your memory that is the goal and the problem: passwords, personal photos, emails, instant messages and even critical documents. Memory equals data, and after the Equifax disaster we all know how very fragile data is!
Meltdown breaks down the barrier between user applications and the operating system kernel. This allows a rogue program to access the memory, and thus also the secrets, of other programs and the operating system. Spectre, on the other hand, breaks the isolation between different applications, allowing a malicious program to trick your programs into spilling their secrets. Between the two, they can make every aspect of your system vulnerable, and they are both tools that allow a hacker access to your information.
Good news and bad news. The way the joke goes is, “What do you want to hear first, the good news or the bad news?” I’m always partial to the good news. Which is that, for right now, the word “potentially” is very important. Although many systems have been affected, these side-channel attacks have not yet been exploited on a grand scale. Also, Microsoft and other firms have already developed patches for both Meltdown and Spectre to handle the problem. That gives you a little time, so don’t panic: CrafTech has solutions for you and is prepared to put them into place immediately.
The bad news is that both Meltdown and Spectre affect any system that runs on an Intel processor, and they can attack not only personal computers but cell phones and the cloud, so the liability is something that you have to consider as both a business owner and an individual. If you have done your homework, you might also be aware that the patches that protect your operating system could possibly slow down performance since they exploit precisely those processes that are designed to speed it up.
Did I say good news? In fact, the best news is that CrafTech is insuring that all our clients have the latest security updates installed on their computer systems and firewalls. CrafTech is on top of the vulnerability and implements security updates as they are released by the manufacturer. If you are a CrafTech client, we are already monitoring it. And as the situation develops, you can be assured that we will continue to shield you from threats even before you’re aware of them!
Written by: Susan Palmer