You may have heard of two security issues that will impact everyone in the news lately. These are referred to as Meltdown and Spectre. These will actually impact everyone, just how is yet to be determined.
The short version of meltdown and spectre is that we want our computers to be fast. In order to make computers faster, they “guess” what you may want next and make that available. One way to think of this is the Boss from The Devil Wears Prada. The Boss is going to want coffee or tea first thing. The assistant (the computer for our analogy), doesn’t know which one the Boss will want, so the assistant gets both ready. Whichever one the Boss wants is delivered, the other discarded. (This is predictive computing. The computer “predicts” what you will want next and takes those actions. That way, you don’t have to wait for the actions to occur.) However, when the computer does this, it opens up a security vulnerability.
Let’s take a look what they are and how it will impact you.
Meltdown is a security issue at the processor level. Nearly all processors are affected. Basically, meltdown loads things into memory before containing how much memory it will use. This means that other applications can read that same memory. This is especially important to note on shared computers. (Since nearly all web site run on shared computers, this has the potential to be devastating for all of us).
There are actually three different aspects for Spectre. Specter is named, in part, for speculative processing. Again, this is the result of trying to “speed things up” for end users. The scary thing about Spectre is that it is theoretically possible to implement from just visiting a web site. This would require the user (i.e. you) to do nothing special, it would not be necessary to click “install”, click “OK”, nothing, to start the process.
Many companies have known about this issue for a few months. Many have issued patches. (Although this is at the processor level, it appears as though it will need to be fixed at the application level). Unfortunately, the fix can slow your computer experience down. Some estimates indicate that the fix could slow your computer down by 5-30%.
Most major suppliers (Apple and MicroSoft) have already issued patches which address some of the issues. Future patches will address more of them.
Our team is making sure that the district computers are patched and up to date. You may notice your computer taking a bit longer upon start up (this should only be once). We also take several other steps to keep the district safe (including limiting the installation of software). We have a lot of hardware to update (fortunately, we do this regularly). Some of the patches are not yet available.
You should make sure that all of your home and personal devices are up to date with the latest patches. These are crucial. Naturally, you should always follow good digital hygiene.
Also, be very aware of “phishing” scams. This may be an opportunity for the bad guys to try to get you to click on a link. Always think at least twice before clicking “Install” or “Accept”. Be extremely cautious with emails or web sites that ask you to enter your credentials (user name and password).
Interested in more information?
Here are some resources if you want to know more: