By now you’ve probably heard about Meltdown and Spectre – the two critical CPU design flaws that render a large proportion of the world’s computer processors susceptible to hackers. But what, exactly, is going on — and what can you do to protect yourself?
What are Meltdown and Spectre?
Meltdown and Spectre are the names given to some serious security flaws found to have been present in CPU chip designs for over 20 years. The flaws affect a number of companies’ processors and a huge number of devices, from desktops and laptops to web servers and smartphones. In particular, those devices with Intel, AMD or ARM processors.
Exploiting the Meltdown and Spectre vulnerabilities could allow an attacker to gain access to data otherwise protected in a system’s memory such as passwords, encryption keys, business-critical documents, private information from open applications or potentially data from other virtual systems on the same server.
What are the differences between Meltdown and Spectre?
The full technical details of the Meltdown and Spectre vulnerabilities can be found in this blog post from the Project Zero team at Google and in these academic papers published on Meltdown and Spectre. The website https://meltdownattack.com gives the following definitions and provides further details.
“Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.”
“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.”
What can you do to protect yourself from Meltdown and Spectre?
The latest advice on how to protect yourself from Meltdown and Spectre is to make sure your system is up to date. Download any and all patches for your operating system and browser of choice, and be on the lookout for any and all future security releases and make sure to install them immediately.
Should you decide to recycle any of your old IT and telecommunications equipment, let us know. TXO Systems are experts in the responsible collection, treatment, recovery and disposal of high volume, high grade e-waste. We specialise in WEEE category 3: IT and telecommunications equipment and can handle all types of telecoms and data equipment such as base stations (BTS), desktop computers, peripherals, circuit boards and components including storage media and hard disk drive destruction. Please give us a call, submit your enquiry online or email us at firstname.lastname@example.org. Our team will respond to all enquiries within 1 business day.