Meltdown and Spectre – New Year, New Exploits

Meltdown and Spectre – What are they?

Both these names have been attached to a computer processor bug which has come to light publically in the last few days. Basically, the vulnerability allows an attacker to steal information stored within your computer/server’s inner workings. This can mean passwords, credit card information, private keys etc can be stolen if you are hit with this attack. Overall, this is an exploit which poses extreme risk to unpatched computers or servers and must be addressed as soon as possible.

Important/useful points to note:

1 – Your anti-virus program will not patch or fix this bug. Some work-arounds are being implemented, but these are only workarounds (so far)

2 – If you are using windows on your PC/device – make sure you keep up to date. Same goes for Android/ioS etc. Patches are being released daily.

3 – If you are using Firefox – ensure you have version 57 installed (Click Help – About Firefox)

4 – If you are using Chrome as your browser, make sure it’s up to date but also:

  1. Open a new tab
  2. Paste in: chrome://flags/#enable-site-per-process
  3. Click Enable beside the first option on the list.

5 – LetsHost operates many servers, all effected by this new exploit. We have already started working with our vendors (Windows / Linux etc) to ensure all servers are patched. We will need to schedule reboots for these to take effect. This process started last night 04-01-18 but continues.

For the most part, these reboots will be quick but if you notice downtime on your site over the next few days, this is most likely related. Security is of paramount importance so we will be acting as fast as is possible to patch remaining servers.

6 – This exploit has not been seen “in the wild” as of yet, i.e, hackers have not yet weaponized computer code to be able to exploit this. As such, time is on your side to make sure your own devices are fully up to date – but don’t delay.

Happy new year and best wishes to all of our fellow systems admin teams around the world dealing with this latest exploit.