About Meltdown and Spectre

Once again, cybersecurity is in the news. And, as usual, any cybersecurity news is bad news. This time is a little different from previous occurrences, as the latest announcement concerns a hardware bug in virtually all of the chips that act as central processors (CPUs) in computers, tablets, phones and other smart devices. This bug has been present in CPU chips manufactured for at least the past 20 years!

The impact is that this bug can bypass the barriers between memory stores, allowing one program to have unauthorized access to data in other programs, including sensitive data, encryption keys and passwords. The good news is that exploiting the bug requires already having access to the system being attacked. This means that as long as you are practicing good cyber hygiene to keep intruders off of your system (by keeping software up to date, taking care when clicking links and browsing the Internet), the new bug does not present a situation requiring an emergency response.

Patches are being issued for all operating systems and web browsers. They will be applied to lab-managed computers and other devices as appropriate (although the patches are actually workarounds, since the bug is actually present in the hardware). Please cooperate with this patching, especially if computer reboots are required. If you or your home institution manages your computer or other device, please make sure that patches are applied. If you don’t know who manages your system, the Service Desk  can help you determine whether your device is lab-managed or not.

For more information and latest developments, please visit the Cybersecurity Awareness website at http://securityawareness.fnal.gov.