Update all of your devices now
Why?
On January 3rd, security researchers from Google announced two large problems (dubbed Meltdown and Spectre) with Intel chips made in the last 10 years where attackers can steal your passwords as well as other data. It gets worse. Malware from ads in your browser (malvertising) can exploit this to steal data from your machine.
While your devices are at risk, computers that multiple users log into (virtual web hosting, virtual servers) are at the highest risk.
 |
| Obligatory xkcd |
Am I affected?
YES
If you have a phone, tablet, computer, laptop, or video game system made in the last 10 years you're affected. One article I read said,"Intel is by far the biggest CPU maker out there, and Meltdown affects every processor produced by the company since 1995."https://thenextweb.com/security/2018/01/04/spectre-and-meltdown-are-as-bad-as-you-think/
How this fits into context
There are 323.1 million people in America as of 2016 according to the Census Bureau, which are probably spread out over 125.82 million households (again in 2016). According to Pew Research, 1/3 of all US households have 3 or more internet connected devices. So we're talking about at least 125.8 million devices. To put this in context, the Equifax breach was roughly 143 million Americans.
The good news
There was an embargo on these vulnerabilities; Intel has known about this since June 2017, and the major cloud providers (Amazon AWS, Microsoft Azure, Google) have known about this for a while and have already updated.
Why is this different than every other problem?
- Unlike most other vulnerabilities where you might be affected, I can pretty much guarantee that you are with this one (see Am I affected)
- Meltdown "melts' the security line between privileged and unprivileged processes on your computer, and Spectre allows one program to steal information from another. Putting these together is very bad.
What you should do (good for this, good for everyday too)
Update all of your devices now
Your computer, your phone, your tablet, video game system, and anything else. Some chips aren't affected by this, but most things are. If a device of yours can't take an update (e.g. older phones, tablets, etc) I *highly* suggest not using it for anything remotely important.
Run an adblocker
Enable page isolation in your browser
Page isolation gives each tab it's own process, which will help keep one site from stealing information from another. Stay tuned for a post on ads that contain malware aka malvertising.
Chrome
Enable Site Isolation
Firefox
- Open Firefox
- In the address bar, type about:config
- In the search bar, type privacy.firstparty.isolate
- If it's not true
- Double Click on it (it should go bold and turn to true)
- Close the tab
- Quit Firefox (⌘Q on Mac)
Safari
Ensure you're running Safari 11.0.2
References
*Sorry for the poor formatting, blogger doesn't really allow for this easily.
Original blog post
Readable yet approachable article that goes in more depth
Obligatory xkcd (image above)
Official Website, with update statuses from different vendors
Interesting write up
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Population of the United States (Retrieved via Google, 2018-01-09)
https://www.google.com/search?q=population+of+the+united+states&oq=population+of+the+un
Pew research on smartphones
http://www.pewresearch.org/fact-tank/2017/05/25/a-third-of-americans-live-in-a-household-with-three-or-more-smartphones/
Pew Research on Internet connected devices
http://www.pewresearch.org/fact-tank/2014/09/19/census-computer-ownership-internet-connection-varies-widely-across-u-s/
Number of Households in US 2016
https://www.statista.com/statistics/183635/number-of-households-in-the-us/
https://www.theatlantic.com/business/archive/2017/09/equifax-cybersecurity-breach/539178/
https://thenextweb.com/security/2018/01/04/spectre-and-meltdown-are-as-bad-as-you-think/
Population of the United States (Retrieved via Google, 2018-01-09)
https://www.google.com/search?q=population+of+the+united+states&oq=population+of+the+un
Pew research on smartphones
http://www.pewresearch.org/fact-tank/2017/05/25/a-third-of-americans-live-in-a-household-with-three-or-more-smartphones/
Pew Research on Internet connected devices
http://www.pewresearch.org/fact-tank/2014/09/19/census-computer-ownership-internet-connection-varies-widely-across-u-s/
Number of Households in US 2016
https://www.statista.com/statistics/183635/number-of-households-in-the-us/
https://www.theatlantic.com/business/archive/2017/09/equifax-cybersecurity-breach/539178/
https://thenextweb.com/security/2018/01/04/spectre-and-meltdown-are-as-bad-as-you-think/
No comments:
Post a Comment