GDPR

GDPR for Schools Q&A

Spectre

What are Meltdown and Spectre?

Fundamentally Meltdown and Spectre are two flaws that have been discovered to be present within the processors that are built-in to almost every computer. (Including Intel, AMD and Apple processors)

The Meltdown flaw allows a program to be run that makes sensitive user data, (Such as passwords stored on a browser, photos, emails and documents) that is usually enforced by the hardware accessible, by “Melting Down” the security boundaries. This is due to the attack being on the memory, which holds all the vital information from all the programs currently running through it. Therefore allowing for the extraction of this data.

 

Spectre breaks down the isolation between different applications. It allows an attacker to trick one application into sharing it’s data with them, although this method is much harder to exploit, it’s also harder to protect against. This exploits a processor technique called “Speculative Execution” (hence the name Spectre) which is where a processor makes a prediction about what is about to happen next, in aid of speeding up processing.

 

 

 

Am I affected by the vulnerability?

Unfortunately, yes.

How come I’m vulnerable?

Due to the nature of the issue it affects anything with a process, this includes PC, Laptops, Cloud Storage and Mobile Devices.

How will I know if I’ve been attacked?

You won’t, The exploitation does not leave any traces in traditional log files.

So how do I keep myself safe?

Fortunately, there are patches against Meltdown for Windows, OS X and Linux. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

How do I apply this?

Luckily the patch comes with the latest Windows/Apple updates. So it’s very important to run windows updates to keep yourself safe.

for more info and guidance email info@tpsystems.org.uk

Phishing Advice