Security Update: Meltdown & Spectre

by Woven Agency on Friday January 5, 2018 @ 05:45PM

You may have seen in the news this week that a recently discovered flaw in the design of computer chips could enable access to sensitive information such as passwords on virtually any computer, smartphone or tablet without the user knowing. The web servers where your website/services are hosted are also potentially affected.

The flaws, known as “Meltdown” and “Spectre”, can affect computer chips manufactured as far back as 1995. Specifically, “Spectre” could allow a hacker to trick applications into giving up secret information and affects all computer processors. “Meltdown” on the other hand could allow hackers access to the computer’s core memory and is thought to only impact Intel chips.

What are we doing to protect your website?

We are actively working with our hosting partners to thoroughly investigate the impact on your website. The major manufacturers of computer chips (Intel, AMD and ARM) are working with the operating system vendors to release patches to make computers more secure. In turn, along with our hosting partners we are fully committed to validating and applying these patches as matter of urgency.

Based on the information available so far, we believe it may be necessary to reboot some web services. If this is the case, and if we expect your website to be offline for any significant time, we’ll notify you.

Some experts are advising that due to the nature of the fixes there is a possibility that, once applied, computer performance could slow by as much as 30%. From our initial investigations, we feel the vast majority of customers won’t see a significant change in the performance of their website – however, we will continue to investigate once the vendors provide more details.

What about your other computers?

We would strongly recommend you apply the latest software security updates as soon as possible – patches for Windows and Linux have already been released. Some Android devices running the latest security update are already protected but others will need to wait for the updates to be released. Apple have advised that there are “no known exploits impacting customers” running the latest versions of their operating systems.