Please help us to help you and your organization: Be EXTRA vigilant with your computer activities!
Computer researchers have recently found out that the main chip in most modern computers—the CPU—has two hardware bugs. They are really design flaws in the hardware that has been there for years. This is a big deal because it affects almost every computer and device that has been available for the last 10 years or so.
These hardware bugs can allow malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. These hardware bugs can allow malware to break that isolation.
More Information about Meltdown and Spectre
The bottom of this page lists links to official info/security advisories from many hardware and software companies
Graz University of Technology
So, if the bad guys are able to get malicious software running on your computer, it may be possible for them to then get access to your private data (including passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents.)
What do we need to do about this?
We need to update and patch all machines on the network. This is going to take some time with several layers of patches required, and most of the patches are not even available yet.
In the meantime, we need you to be extra vigilant, with security foremost in your mind and Think Before You Click.
Which devices are affected?
This is not yet confirmed, but it seems that just about every device manufactured in the last 10 years is. This may include virtually every computer, tablet and smart phone.
Can’t my antivirus program protect me?
While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.
Is it safe to continue using my computer?
It is currently as safe as we can make it, so yes, you should continue using your computer and devices.
Has my computer already been infected by Meltdown or Spectre?
There are no documented cases of these vulnerabilities being exploited, but since they would not leave any traces, it is not possible to be sure.
What is the difference between Meltdown and Spectre?
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder for a hacker to exploit than Meltdown, but it is also harder to mitigate.
Is this the end of the world as we know it?
No. Since these vulnerabilities are so deeply rooted in the kernels of our devices, it will take a long time to completely solve them. In the mean time, we can Keep Calm and Carry On… but do so carefully.
We will continue to monitor this situation and keep you updated.
If you have questions about this, please let us know and we will be happy to assist you.