Some of you may already be aware, but we figure it’s likely best to still put this piece of news out there. Arguably the largest security breaches ever affecting electronic devices were reported last week, on Jan. 2nd. Labeled as Meltdown and Spectre, these similar but slightly different security loopholes take advantage of security vulnerabilities in CPUs (central processing units) with hackers becoming allowed to access systems and read / copy highly-sensitive and private data, like passwords and more.
Here at 4GoodHosting, we believe that part of what makes us a premier Canadian web hosting provider is the level of accountability we have towards the wellbeing of our customers in as far as their online interests are concerned. That said, we understand that each of you are also everyday people using digital technologies to make your life better just like anyone else and so we make an effort to share information like this with you.
It seems that the consensus among web security experts is that these 2 security flaws are encompassing a new realm in security flaws, and may be indicative of worse things to come in the future. That’s not really cause for more concern than necessary, however, as the struggle between hackers and those charges with implementing effective protective measures has been going on for decades now.
It’s jus that it may mean a need to dig a little deeper in the pushback this time. Let’s get into the specifics of Meltdown and Spectre.
We’ll start by saying that as of 3 days ago there are no reported cases of this vulnerability being exploited on a large scale.
Facts on Meltdown and Spectre
To put it simply, meltdown is a hole in programming that allows unauthorized access to the memory of an operating system like Windows, iOS, macOS, Linux etc., as well as the programs that run on it. History, passwords and other sensitive information can be accessed and taken.
Spectre makes it possible for hackers to pass through the security walls separating different applications. The most pressing concern here is that the greater number of security measures in place, the greater amount of potential access points there are. This equation makes it a much more difficult problem to address effectively.
Here’s a list of devices and programs that are affected:
- Devices like post—2006 model iPhones, iPads, and Macs
- Android phones
- Operating systems: Microsoft Windows, Linux, iOS and macOS
- Browsers: Google Chrome, Mozilla Firefox, Safari
- Processors: Intel, AMD most notably, and others (Meltdown)
Specific Concerns for Canadians Regarding Both
It’s a fact that the majority of personal computing devices run on Intel or AMD processors This includes your smartphone in the same way it does you computer or tablet.
At present, patches are being created (or have already been put into place). Apple has offered up patches for iOS 11.2, and macOS 10.32.2 to protect against Meltdown. An effective Safari patch is apparently on its way in the coming days.
Amazon is keeping pace, having already released the Meltdown patch for its AWS cloud computing services, which brings up another issue that should be seriously concerning – many are finding that these patches seem to cut processing speed.
Most of you are going to be displeased at the prospect of slower performance by 5% to 30% for certain tasks across patched devices and programs, and that’s what we’re being told to expect by more than few reputable sources. Of course, all of this is conjecture at this point.
Suggested Protective Measures
Most Canadian web hosting providers are always active with patching their servers as necessary, and as you’d expect that includes us here at 4GoodHosting. For anyone responsible for such measures on their own, we recommend a full kernel update and system reboot. Advanced system administrators can see to this by logging in to your Linux server via command line (SSH) and entering the following commands on CentOS and CloudLinux 6 and 7 operating systems:
- yum update -y
Other Ways to Stay Safe
Safeguard yourself more effectively against these new major security flaws by:
- Making sure that you enable system updates on your devices and for all installed programs, even if that means checking any programs that do not feature the ability to enable auto-updates. Plus, check for updates daily over the next month or so.
- Enable two-factor authentications (2FA) whenever possible on your devices, plus for password protected application.
- Create new passwords immediately, and do so semi-regularly for the next 6 months. Password managers such as Lastpass can help make this much easier for you.
Happy to make you aware if you weren’t already, and we hope the storm passed quickly as it usually does. Until then, onwards and upwards with the continued day-to-day we say.
Feel free to ask us any questions you may have.