Meltdown and Spectre: A Massive Security Flaw affects nearly all devices on the planet!

One of the largest (quite possibly the largest ever) security issues affecting electronic devices was reported on Jan 2^nd, 2018. Labeled as Meltdown and Spectre, these related but separate security loopholes exploit vulnerabilities in computer hardware components known as central processing units (CPUs) by allowing hackers with basic access to a system to read highly-privileged data such as passwords and other sensitive information.

What makes these vulnerabilities of such concern is not only how wide ranging they are, but also that these weaknesses have been around for approximately 20 years!

While there is reason for concern, there's no reason to panic. Meltdown and Spectre have only recently been made public by security specialists and as of January 7 and there are no reported cases of this vulnerability being exploited on a large scale.

Meltdown and Spectre: The Facts

Meltdown

A hole in programing that allows access to the memory of an operating system (e.g. Windows, iOS, macOS, Linux) and the programs that run on it. Meaning that, history, passwords and other sensitive information can be viewed and stolen.

Spectre

Allows hackers to pass through the security walls between different applications. Scariest is that the more security measures in place, the greater the amount of potential access points, making this serious problem harder to solve.

What devices and programs are affected:

• Devices such as Android Phones, Apple products after 2006 (iPhones, iPads, Apple computers)
• Operating systems such as Microsoft Windows, Linux, iOS and macOS
• Browsers such as Google Chrome, Mozilla Firefox, Safari
• Processors such as Intel and AMD
• And many more

How Meltdown and Spectre Affects Canadians

Since most computers, whether a gigantic server or a tiny smartphone, run on Intel or AMD processors (including Apple products) it is extremely likely that this development directly concerns you.

Currently, patches are being created (or have already been deployed). For instance, Apple has released patches for iOS 11.2, macOS 10.32.2 to protect against Meltdown and reported that it will have a Safari patch in the coming days.

Amazon has already released the Meltdown patch for its cloud computing services (AWS), bringing to light another issue that is of real concern: the patches seem to cut processing speed. Early estimates predict slower performance by 5% to 30% for certain tasks, across patched devices and programs.

For the moment, no one can say with certainty how much performance will be lost or for how long.

How Web Hosting Canada is Protecting you against Meltdown & Spectre

Web Hosting Canada security engineers have been working hard to get your systems patched over the last few days, and will continue doing so until all our infrastructure is protected.

At the time of writing, all web hosting and Cloud infrastructure has been fully patched. Dedicated servers are actively being patched, and the process is expected to complete by January 15.

While Dedicated servers are already protected with rebootless KernelCare technology, because of the unique nature of this vulnerability, WHC recommends a full kernel update and system reboot. For advanced system administrators, this can be accomplished by logging in to your Linux server via command line (SSH) and running the following commands on CentOS and CloudLinux 6 and 7 operating systems:

yum update -y
reboot

WHC will be performing these reboots on client servers if they have not already been performed, which may result in a few minutes of downtime while the machines are restarted.

Clients may stay up-to-date on developments by checking our server status page.

What Can You Do to Keep Yourself Safe?

Obviously, everyone wants to stay as safe as possible when something of this magnitude is discovered. Here is what you can do:

• Make sure that you enable system updates on your devices, on all programs. Regrettably, this may mean checking any programs that does not have auto-update enabled manually. As patches are being created as this very moment, ensure to check for updates daily.
• Where possible, enable two-factor authentications on your devices and password protected application.
• For extra security, change all your passwords immediately, and keep changing your password regularly (every 6 months). Password managers such as Lastpass can help you do this efficiently.

Questions, concerns or comments? Share them with us in the comments section below, or get in touch with our support team.