PurpleJelly Security Bulletin January 2018 – Spectre and Meltdown exploits
Happy New Year!
I’m sure it has been a happy new year for most of us, unless of course you are Intel, AMD or ARM (The worlds leading CPU manufacturers).
If you are not up to speed with your tech news, on 3rd January news was leaked that CPU’s (your computer or laptop’s brain) that have been supplied at any point within the last five years could potentially be exploited and in extreme cases data can be extracted. The exploits (there are two of them) are called Spectre and Meltdown.
Rather than blind you all with science, it makes much more sense for Intel etc to explain the situation to you directly and so a full breakdown of the exploits can be found via these links. If you don’t want to be geek’d out, skip the links.
Are you affected and should you be worried?
The answer to this is almost certainly ‘Yes’ you will be affected (and that goes even you MAC users). Should you be worried? Well, yes maybe a little.
It’s absolutely key at this point to remember that the exploits were carried out by security experts whilst in front of their own test subjects, not in a remote environment. So, as long as Bert your mild-mannered janitor isn’t in fact a super hacker, the perimeter firewalls we supply and manage for you should keep you safe from these exploits like they have from all the other exploits that you haven’t been affected by in the past.
However… as always, you and your colleagues should take care when browsing the internet and opening emails so that you don’t inadvertently allow someone access to your computer and subsequently the rest of the network.
If a website prompts for odd requests, or an email has a different attachment to what you are used to, close your browser and delete the email. It’s as simple as that. If you are worried that you’ve opened an email/attachment/website that you shouldn’t and have compromised your device, simply pick up the phone and call us.
What are PurpleJelly doing about it?
Whilst we can’t magically wave a magic wand and make the whole thing disappear, the way we have configured your network means that any security patches should be deployed to your desktops and laptops automatically. You may be prompted to restart your computer once it has been deployed.
If you are a MAC user or just want us to check that the exploit update has been applied, please either call us on 01252 856230 (opt 2) or email the helpdesk at [email protected] and we will arrange a remote session for you.
It is prudent to help re-assure and end this message with the following statement from Intel;
“The (security) researchers demonstrated a proof of concept (of the exploits), and Intel was able to replicate the findings. (However) Intel is not currently aware of any malware based on these exploits. However, end users and systems administrators should apply any available updates as soon as practical, and follow good security practices in general”
PurpleJelly are your single point of contact regarding IT Support and are happy to help with any technical query you may have. Please contact us if you have any worries regarding this bulletin or indeed anything else.