Don't [KERNAL] Panic...
Much of the news of Meltdown and Spectre are alarming - but the truth is there's really not much reason to panic. As long as you are practicing good general security hygiene, and you understand that essentially nothing on the internet is private, you will be fine.
Not exactly sure what Meltdown and Spectre are or how they impact you? Well let's take a brief look. Meltdown and Spectre are two huge bugs that affect almost every computer and device out on the market. It has been discovered that these "bugs" circumvent system protections which expose any data that the infected device processes. This data includes passwords, prioprietary information, or encrypted communications. Meltdown and Spectre affect your device differently to access data. You can read the differences between them on a recent article by techcrunch.com.
Here's five things to keep in mind about Meltdown and Spectre:
- Don't panic. The vulnerabilities are very difficult for bad guys to use, and no hacks have been developed that are using them - yet.
- Don't rush out and buy new devices. With the exception of very old devices (like an iPhone 4), there's nothing to be gained by buying new devices. Even if you did buy a new device, it's too early - there aren't solutions in place for these problems. But be sure your device is being updated by the vendor -if you're not sure, ask (see #5 below).
- Do install updates. This is something you should be doing regardless - so if you haven't been, start now. And if you are, great! Install system updates on all of your devices as soon as they become available. Good vendors (such as Apple iOS, Mac OS, Windows, and some Android manufacturers) typically push updates to you automatically. When they do, install the update. Some others don't push updates automatically - in which case you should contact your provider and ask them about the best way to get updates for your devices.
- Do pay attention. Watch the news to see if there are updates about the vulnerabilities, if there are any new hacks taking advantage of the vulnerabilities, and what the security experts say you should be doing.
- Ask. If you have a device that you aren't sure about, check if your provider has published any documentation or notices about what you can expect for updates. If you can't find anything, reach out to them and ask. Many devices (Linux, Windows) have already been updated or will be updated very soon, and we should expect for all modern devices to expect an update in the coming weeks.
If you'd like to learn more about what these vulnerabilities are, here are some excellent resources:
Website Audit: Is this a new craze or worthy investment?