Already a customer?
Log a ticket
Menu
Meltdown and Spectre

Meltdown And Spectre – The Computer Flaws That Affect Practically Everyone

Share on facebook
Share on twitter
Share on linkedin
Share on google
Share on email

People are calling them the worst computer flaws to be discovered for decades. But what do Meltdown and Spectre mean for you?

Two fundamental flaws have been discovered in computer processors that will affect the vast majority of businesses and consumers around the world. Dubbed Meltdown and Spectre, they make it possible for hackers to gain access to private information, including passwords, stored in temporary memory.

News of Meltdown, which affects practically every Intel processor made since 1995, was first broken by tech blog the Register. The very next day, Spectre had joined the fray, with chips from AMD and Arm also affected. And as if that wasn’t enough, it turns out many big technology companies have known about these weaknesses for months, but were hoping to release a fix before they became public. Right now, the horse has well and truly bolted, and technology companies worldwide are scrambling to find fixes or workarounds.

What Are Meltdown And Spectre?

Processor - Meltdown and Spectre - TMB IT Support & Solutions
Essentially the brains of every computer, central processing units will need a major redesign

 

Essentially, Meltdown and Spectre are bugs that mean secret information on a computer can be accessed and read, when it should be hidden away. When you type a password into a web browser form, for example, it’s stored in temporary memory (RAM), but what you type shouldn’t be directly accessible to users of that computer. Thanks to these bugs, though, that’s not the case. Would-be hackers could see exactly what you’re typing as you’re typing it, making a mockery of modern cyber security measures. As Graz University of Technology explains:

“These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”

The phrase ‘hardware bugs’ is of particular importance. These aren’t software flaws, like a problem with, say, how Windows has been programmed; these are intrinsic to the physical architecture of central processing units (aka chips, processors or CPUs). It’s like finding out one day that the electrical wiring in your house or office was done using the wrong kind of cables – the only way to be really sure it’s safe is to rip it out and start again.

And because all the major chip designers have been affected, it doesn’t matter whether you’re using a desktop PC, a server, a laptop, a tablet or a smartphone. If it has a processor in it, then it’s likely to be vulnerable to one or both of these bugs. Indeed, that includes other smart devices and IoT (Internet of Things) devices, illustrating just how wide-reaching this issue is.

The only real positive to come out of this story so far is that, to date, there have been no reports of these flaws being exploited. With it now in the public sphere, however, that might not remain the case for long.

What’s Being Done About It?

As we speak, hardware and software developers are doing their best to come up with patches to keep customers safe. To protect against Meltdown, that means changing the very way operating systems and other software interact with processors – an action that could lead to reduced computing performance of  up to 30% for many users.

Slowdown dial - Meltdown and Spectre - TMB IT Support & Services
Patches are being created to mitigate the problem of Meltdown, but experts are predicting potential slowdowns for some users

Spectre, meanwhile, is a much bigger problem. Not only does it affect a wider range of chips, it’s said to be a more complex flaw, and so far no fixes or patches have been released. On the plus side, it’s also more difficult to exploit, which might be enough to put off many hackers.

What Can You Do?

Barring a miracle, the road ahead for computer users everywhere is going to be rocky. According to some, these flaws could be with us for decades. At the moment, the best thing to do is to keep your software and computers up to date. Make sure you install all the latest security patches for Windows, Mac OS, Chrome, Android, iOS and so on. Basically, if it can be updated, update it.

Beyond that, there’s little else you can do (although regular, effective backups are even more advisable than ever). The best minds in the technology world will be working hard in the coming months to find solutions, and software patches will be an important stop-gap along the way. Ultimately, the only thing that’s likely to provide a permanent fix, though, is a complete rethink about how processors work and how they interact with other components, but patches should hopefully minimise the risk to users – albeit at the expense of performance.

Eventually, chip manufacturers will have to come up with designs that aren’t vulnerable to Meltdown and Spectre. That will no doubt mean spending billions on R&D. Then, when these products are released, businesses and consumers will have to invest in new computers and devices to be 100% safe.

Unfortunately, this will all take time and money, and there will be very few winners as a result.

Leave a Comment

Your email address will not be published. Required fields are marked *

Categories
Archives

TMB Privacy Policy

Why do we hold personal data?

Like any business, TMB Group has to keep personal data about staff, clients and potential customers. When you fill in the contact form on our website, for example, we need to keep a record so we can get back to you. Data is also held so we can deliver our services and so we can provide useful information, such as security update news.

What data do we keep?
Depending on our relationship with you, we’ll hold information such as your first and last names, your email address, your phone number and your postal address. We will also possibly have details about your business and those who work for you. If you’re a customer, then we may have some of your banking detail so we’re able to accept payments for the services we provide.

How is your data stored?

As a responsible IT company, TMB stores personal data on secured computer systems. Anything that is archived will be placed on encrypted drives.

We do use third-party customer management software, Autotask, which means data may be stored on their servers, but only the data we need to deliver our services. The same goes for the Microsoft services we use, such as Word, Excel and PowerPoint, which store information on Microsoft’s cloud servers. We also use Mailchimp for marketing purposes: to send emails and to manage subscriber lists.

These third parties are not permitted to share your data or to use it for marketing purposes. You can find Autotask’s privacy policy here: https://www.autotask.com/privacy-policy. Microsoft’s privacy policy for Office 365 is here: https://www.microsoft.com/online/legal/v2/?docid=43. Mailchimp’s policy is here: https://mailchimp.com/legal/privacy.

How long do we keep your data?

We will keep your data in our systems until it is no longer relevant to our business, but you can request that we remove or update it at any time. We will also inform any relevant third parties of your request.

Access to your information

The key thing to remember is that your data belongs to you. That means you can request copies of your personal data any time you like, or to access and update it. You also have the right to be forgotten, so if you ask that we delete your data, we will do so or provide a valid reason why we are unable to. We will, of course, require proof of your identity before addressing any such request.

Depending on your request, your information may be provided to you electronically. In such cases, it will be provided in a commonly used format.

Unsubscribing and deletion

Unsubscribing is not the same as a request for us to delete personal data. If, for example, you unsubscribe from a mailing list, it is necessary to keep your email address on record to prevent marketing email from being sent to you. If we were to delete that information, we would have no way to tell if you have unsubscribed. Nevertheless, you still have the right to request erasure of your personal data.

Your right to complain

If, for any reason, you are unhappy with the way your personal data is treated by us, you have the right to complain to a supervisory authority. In the UK, that would be the Information Commissioner’s Office (ICO).

Website analytics

Anyone who visits our website will automatically have data about them collected via Google Analytics. This gives us broad information about what people are doing on our website and which pages they are looking at. It does not provide us with personal information that could be used to identify individuals.

Cookies

Cookies are small text files that web browsers receive from websites. They are stored on your computer, and they enable sites to do things like remember if you’ve visited before, if you’re a customer, what your preferences are and so on. You are entitled to view our website without them, but you may lose this kind of functionality if you do so.

International data transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

Data controllers and processors

TMB is the controller for marketing activity and personal data/special category data we hold on our own employees, but we are the processor when processing our customers’ personal data (e.g. buying a licence for a named individual).  We  may use sub-processors for processing data given to us by customers.

What we won’t ever do is sell your data. And if you sign up to our mailing list, you’ll only receive marketing material from TMB as a result – no one else.

For any questions regarding your data, contact TMB’s technical director, Richard Shuker, at info@tmb.co.uk or write to us at A1 Endeavour Business Park, Penner Road, Havant, Hampshire, PO9 1QN..