Meltdown/Spectre

13 January 2018Security0 Comments

CategoriesVirus/Worm/Trojan

Of course this would come up, as it is currently in the news. I find that most media outlets have a severely limited understanding of how things work.

These were discovered mid 2017, so there has been time to research and try to mitigate this as much as possible. In addition to keeping your defenses high as in the book, I also added some sites that allows you to get the “real scoop”. After finishing this post, I checked in to trend micro (one of the sites from the book). They have a good way of wording this.

What Meltdown/Spectre do:
“The vulnerability can allow an attacker to steal information such as passwords, encryption keys, or essentially anything…” -Trend Micro

Detecting:
It seems there is no way to detect these currently.

How to fix it:
Since this is hardware based, system firmware updates are needed. There are also operating system updates out already. Apple is purported to have fixed this in a December 2017 update. Microsoft also has updates available.

There is no need to panic. “end of the world” incidents occur in the cyberworld more often than most know. They are all put down. The best use of your time is to make sure that you follow what the industry calls “best practices”. In the book, I cover updates and various basic software tools you need. Make sure you adhere to these practices. Not only do you need to make sure you have protective software, but it is of extreme importance this software is up to date. There are limited exceptions which I also cover.

The bottom line:
I update software/hardware with all the latest security updates. If I have an operating system update or software update that fixes something I don’t use or I have no problem with, I don’t install. That said, The general recommendation for non-security professionals is to automate your updates. Each individual best knows their abilities and lack of in this area, so there is no cookie cutter approach that covers 100% of end users needs and habits.

 

Ref.:

http://blog.trendmicro.com/trendlabs-security-intelligence/speculation-risky-understanding-meltdown-spectre/

 

Topics