In early January 2018, most of the world become aware of two new computer based exploits, Meltdown and Spectre, that would rock the industry. You may think that's an extreme view, but at the very least, these exploits will require changes to the way computers retrieve information.
What makes these different from other vulnerabilities? These two exploits could take advantage of the way a computer's hardware works and abuse that process to steal information like passwords. That being said, these vulnerabilities were discovered in lab-like settings by a few researchers and have not been seen used in the wild yet, as far as we know (as of January 2018).
How Do These Work?
Computers' processors and memory use something called 'Speculative Processing' and 'Caching' to help computers run faster. Speculative processing basically means the computer makes guesses about what you're going to do next based on what you've done and pre-loads that information into memory in case you need it. Caching is when your computer stores information you use, so it can be ready to use again quickly the next time. Simply put, Meltdown and Spectre could take advantage of the process in which data is retrieved and exploit it to capture important information. The exploits, if they were being used, would likely be delivered through malware. Meltdown primarily affects Intel micro processors, whereas Spectre can affect Intel, AMD and ARM microprocessors and possibly more.
Since these exploits are on a hardware level, and not a software level, this creates a bigger issue than just a simple software fix. Not all hardware is affected the same way, but this will certainly lead to changes in computer processors and memory design to help remove the flaws. There are software fixes being applied to try to change the way in which your computer/device retrieves information. These fixes may create a minor slowdown in processing certain requests, but that is likely to go unnoticed by most users.
What Should You Do?
While these technical descriptions of these exploits may sound daunting, much of the advice is quite simple and probably something you have heard before.
- Take care of your pc/device and keep your system updated with patches
- Patches have already been released and will continue to be released addressing new found issues.
- If you use a device and/or operating system that is no longer supported, then it will not receive crucial updates. Consider upgrading.
- Don't visit questionable sites
- If the site you're visiting offers less-than-ethical services/information, don't expect them to be ethical with their visitors. Additionally, if you visit a site that pops up screens that say "You must download the new Flash Player", "You just won!" or "You've been infected!", etc, that's usually a good sign that you don't need to be there.
- Watch out for phishy (phishing) emails
- If you don't recognize the company or person sending the email, or if the message seems out of place, just leave it alone. Don't display the images and certainly don't click on the link, no matter how tempting the offer.
In addition to these best practices, here's one you may not know about.
- Open sensitive content in its own separate browser session, and not just in a new tab. This would be any website with a login. This keeps the information from that session apart from other less-sensitive sessions.
Where do we go from here?
The Meltdown and Spectre exploits can sound scary, yet there's no reason to toss your computer out. You should expect new patches to address some of the issues, and web browsers will receive updates to help avoid some of the issues.
Eventually, new microprocessors will be released and included in all new devices to prevent the same type of exploit from occurring again. Until then, just use common sense and keep your systems updated.