If you have not heard already, there’s some bad news for the IT industry as a whole.
The way modern processors (the brain of the machine) are optimised means they are vulnerable to carefully constructed attacks.
These attacks potentially can steal data from other processes running on your machine (effectively eavesdropping on other stuff on your computer).
The problem is in the hardware design so other than throwing the machine away or replacing the central processor (unlikely at present) you have to use mitigation techniques to work around the problems. To some extent this sort of attack affects all modern PCs, Macs, Phones and Tablets.
Currently (Jan 11th 2018) this is being done by browser site isolation (for the Spectre bug) and operating system patching (for the Meltdown bug).
Not all the operating system patches are released as yet. One that has been released has broken some machines (some AMD systems, we believe the patching is all a bit hasty at the moment).
Current advice.
Install the latest and change the site isolation settings for Firefox and Chome don’t use other browsers until they are patched by their manufacturers.
Make a system recovery point on windows machines (start-ControlPanel- system- SystemProtection).
Backup your data and continue to do so storing this backup separately from the main system.
Look out for the operating system patches and install them once they’ve been tested in the wild (some systems e.g. apple, win 10, android will install these automatically, we will be testing windows patches before release see our twitter ).
Note: Patches released so far may have problems with other programs (like anti-virus programs). Example here.
The above is hopefully a plain speaking explanation, glossing over detail, if you want more details and the technicalities start here or search for Meltdown or Spectre vulnerabilities and read the (mostly justified) hysteria.
Phil’s view.
This feels just like the millennium bug and as signatories to Pledge 2000 we’ve seen this sort of problem before. Now the world is very different to year 2000 and because we all use connected devices all the time its a much bigger risk. But the problem probably will be mitigated by switching off features in an operating system relating to the processor prediction methods. Hopefully we won’t have to replace every hardware platform like what happened to mission critical equipment in 1999.
The main problem is that this may not be the first set of such vulnerabilities, these have been hiding for 20 years and are fundamental to how chips are accelerated. That’s worrying.
I’ll be keeping up to date on developments on our twitter feed.