This is the eleventh in a series of 12 tips to help you improve your online safety.
We’re just seeing details emerge of the Meltdown and Spectre vulnerabilities in most CPUs powering mainstream computers and phones.
CERT’s official recommendation is that the only way to guard against this particular problem is to replace your CPU with one that isn’t affected but that’s probably not an avenue most of us will take, so watch out for patches and updates.
Why does this make computers vulnerable?
It’s all to do with “speculative execution”, where the good folks of Twitter again help us with explanations and analogies involving sandwiches:
Explaining #Meltdown to non-technical spouse.
“You know how we finish each other’s…”
“Sandwiches?”
“No, sentences. But you guessed ‘sandwiches’ and it was in your mind for an instant. And it was a password. And someone stole it while it was there, fleeting.”
“Oh, that IS bad.”— Scott Hanselman 🌮 (@shanselman) January 5, 2018
Before moving on to a fluorescent-marker analogy:
Speculative execution: When my 5-year-old son asks me if he can draw on paper with a yellow fluorescent marker, and I'm distracted, he plays with it for a bit while waiting for my answer. If I answer "no", then I take the scribbled paper away and put it in the bin.
— David Eccles 🌻🇵🇸6x🩹🛡️ (@gringene_bio) January 4, 2018
What should I do?
If you hold $24 million in Intel stock, are on the board, and are aware of the flaw, consider whether now is a great time to sell
For the rest of us,
- apply updates for operating systems and browsers
If you’re a system administrator, more information is available in the Register’s article.