Meltdown and Spectre: What you Need to Know to Stay Safe
Two critical security flaws were found, named “Meltdown” and “Spectre” which affect virtually all processors on the market.
Nicole Perlroth, a New York Times cybersecurity writer, does a tremendous job of explaining the security flaws in this article. You can additionally read her Twitter thread below if you prefer.
Essentially, this breaks down to one issue (Meltdown) which affects all Intel microprocessors, and another issue (Spectre) which affects all processors on the market (this includes AMD and ARM).
The flaws allow hackers to steal the entire memory contents of computers, cell phones, and servers that run in cloud-computing networks. It’s important to note that there has yet to be any signs of actual hacking activity due to these flaws.
What’s Being Done to Fix This?
Since it is virtually impossible to replace every device’s processor with a new, unaffected processor, the fix will come via many software patches and updates. The software patch expected to eliminate the Meltdown flaw will slow down computers by as much as 30 percent.
As for Spectre? There is no fix, according to Google but Intel recently announced that a new software update will make its processors “immune” from Spectre vulnerabilities by next week. We will update this post when more information become available.
What Should You Do Now?
Update your software – right now and always.
It’s important to note that these software patches and updates will not all be released at once. This means always checking for new ones and updating your devices as soon as they are rolled out.
The importance of updating software was discussed in our article about improving security practices at work, and for good reason. Software updates keep your machines running quickly and securely.
Change your passwords.
If you don’t use a password manager, get one. Then let it generate new passwords for your accounts in one-click, ensuring passwords that are complex and unique for each account. Using reused or weak passwords is one of the easiest way to get hacked.
If you do have a password manager, it may be worthwhile to update the passwords on your most sensitive accounts with password changer or by using a password generator.
If you want to take additional precaution, those who use a password manager can update their master password. We suggest writing that new master password down somewhere safe to start, until it’s committed to memory.
If you are a Dashlane user and want to take extra precaution by updating your master password, follow these simple instructions and make sure you don’t forget your new one!