When You Hear About Meltdown & Spectre – DON’T PANIC! They have been around for years.
The fact is, the main chip in most modern computers has a hardware bug. Meltdown and Spectre are two related families of hardware flaws that are capable of negatively impacting the Central Processing Unit (CPU) of any computer. Both have been around for years but not everyone is familiar with them. They are only now becoming potential targets for attack.
The simple explanation of the problems that each creates are as follows:
- Meltdown breaks down the separation between what you are doing (user app) and what the computer is doing (Operating System), enabling the app to steal data that it should be unable to access.
- Spectre is more insidious, breaking the connection between different concurrently running apps to reach the same end.
By exploiting these vulnerabilities, hackers can gain access to passwords, emails, instant messages, and business-critical documents by reading data used by other programs operating concurrently Devices impacted by Meltdown and Spectre include desktop computers, personal computers, mobile devices, and the cloud.
This silent information thief cannot be detected by the average user and it is unlikely that traditional anti-virus software will detect the intrusion.
But, DON’T PANIC. There are patches against Meltdown for Linux, Windows, and OS X. Additionally, there is ongoing research to harden software against Spectre. The best route to take is to update and patch all machines on the computer network while educating all operators in the network to be vigilant and thinking before clicking.