And a happy new year! BREAKING NEWS: Security researchers have just discovered two major flaws that affect ALL computers. Their little names: Meltdown Spectre. So what’s this about? Well, imagine a vulnerability that allows hackers to steal the entire memory contents of your computer, your smartphone or your cloud hosting server. Yeah, that’s pretty bad… But wait there’s more!
An industry scrambling news…
A few months ago, the KRACK attack was bad enough, opening a breach in WiFi networks’ security. But this is much worse. Because these flaws break some fundamental protections computers promise. And almost every device in the world is exposed, at a hardware level. Indeed, both flaws are found in the most popular microprocessors: Intel, AMD and ARM.
Quick reminder: Intel and AMD are world leaders in the manufacturing of microprocessors. And they represent 97% of the chips market… So, no matter if you’re on Windows, Mac or Linux. The flaws are there, ready to be exploited by malicious people.
How bad is it? These vulnerabilities have existed for more than 20 years. And we hadn’t make a big deal of it. But the game changer is that most people and companies store their data in the cloud. And these hardware bugs allow programs to steal data that are processed on the servers.
Hackers could rent space on a cloud service, just like any other customer. And they could exploit the flaws to grab information like passwords from the other customers on the server… They’d be like kids in a candy store, with a huge mountain of data available!
PCs (Windows, Mac and Linux) are also vulnerable… However, it’s not that easy for hackers. Because you would need to have downloaded a malware before anyone could steal your data. But it’s far from impossible. They could lure you to install an app with amazing benefits… Free VPNs, I’m looking at you!
Finally, news of the Meltdown Spectre flaws leaked earlier than researchers had planned, on The Register and other news sites. So the industry didn’t have much time to prepare and face the new threats from hackers taking advantage of these vulnerabilities.
Is your browser exposed to Spectre?
If you have doubts about your browser’s vulnerability, you can use the Spectre Check, a tool from Tencent’s Xuanwu Lab. And click on the Click to Check button, you’ll get the answer instantly. I’m all good, fortunately:
Meltdown Spectre: No easy fix
This is the worse part… These two major flaws are going to be tough to correct. While Apple didn’t share any news yet about fixing Meltdown, Microsoft and Linux are already rolling out security patches. But there’s a catch: Your device could be hit with significant slowdowns… Indeed, fixing the issue could slow down your computer by as much as 30 percent!
And researchers say it’s impossible to solve the Spectre issue with a software patch… And they’re talking about redesigning the microprocessors. So we would need to wait for a new generation of chips to get it fixed…
Protect your data from Meltdown and Spectre flaws
I’ll give you below a few steps to keep your data safe from these critical flaws. Feel free to buzz me if I forget to mention anything useful. And if in doubt, use common sense…
- Keep your operating system up to date
- Update your browser to avoid web-based attacks
- Change your password for cloud hosting regularly, until your provider confirms the servers are patched
- Don’t install fishy apps and software
- Don’t click on suspicious links in emails or on websites