09/01/2018
Potential flaws create security threats in some computer processors (UK)
‘Meltdown’ and ‘Spectre’ are the less than reassuring names given to potential flaws discovered in some computer processors that could make devices ranging from smartphones through home computers to cloud-based data centre hardware vulnerable to hostile attempts to obtain access to areas of memory not normally visible to attackers.
Meltdown and Spectre are hardware vulnerabilities that could be exploited by a malicious programme to steal data stored in the memory of other running programmes. Unlike other flaws, they also have an alarming potential to make all platforms vulnerable, rather than just one or two.
More reassuringly, the government’s National Cyber Security Centre reports that – at the time of writing this – there “is no evidence of any malicious exploitation”. The major equipment providers have either already released – or are working on – patches to mitigate the issue and the NCSC also stresses the need to apply the patches as soon as possible.
Meltdown and Spectre are classed as ‘side channel attacks’, which are defined in Wikipedia as “any attack based on information gained from the physical implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs)”.
According to Wired UK magazine, (‘Triple Meltdown: How so many researchers found a 20 year old chip flaw at the same time’) “with their attack, any hacker who could run code on a target computer could break the isolation around that low-privilege program to access secrets buried in the computer’s kernel like private files, passwords, or cryptographic keys.”
Wired also reports that, “perhaps most troubling of all”, the flaw had been introduced into Intel chips in the mid-90s so the attack had somehow remained possible, but apparently undiscovered, for decades.
NCSC is monitoring the situation and will report any developments in a dedicated ”Meltdown’ and ‘Spectre’ guidance’ section, which is pitched at readers with a fair degree of technical knowledge.
In addition to explaining what users should do to protect themselves and their organisations, it updates the situation in relation to
- cloud services
- data centres/servers
- end user devices
- applications and software
It also includes the warning that some CPUs are more affected than others and users should check with their processor’s manufacturer to identify the full extent of the vulnerabilities.
‘Home user guidance to manage processor vulnerabilities ‘Meltdown’ and ‘Spectre’ explains the issues and provides practical advice on the steps to take in much simpler terms and will also report on any developments.
Both pages also provide direct links to information on the steps that major equipment suppliers are taking to tackle the problem.
The Credit Protection Association is a credit management company established in 1914. If you supply goods or services on credit then we can help you!
Keep up to date with the latest news by following us on social media:-
Watch the video to find out how CPA can help you!
Read our blog – Debt collection agency
Read our Cash Flow Advice
Read about our overdue account recovery service
Read our blog – What is credit management?
Read our blog -What is a credit management company?
Read our blog -Credit Management that works!
Read our blog – How to select a debt collection agency
click to see read about our successes
Please call us on 0330 053 9263 to discuss how CPA can help your cashflow. Alternatively, either email us or use our contact form.