As you may be aware, two significant technical vulnerabilities have been discovered and were publicly announced yesterday.
They are called Meltdown and Spectre.
Unlike most technical vulnerabilities, which are caused by poorly written software, Meltdown and Spectre are caused by the way computer chips work. In other words, they aren’t code mistakes; they reside in the actual brain of the computer. So they are very widespread and much harder to fix.
Using these vulnerabilities, an attacker with access to a computer or server (including remote access) can read information used by other programs on the computer or server. This could include very sensitive information that should and usually is protected.
As you can imagine, this is a first class disaster for computers around the world and is something we are paying very close attention to.
One bright spot (if we can call it that): the problem is mitigated by the fact that you must already have access to a computer in order to exploit the vulnerability. So, while technologists are working to respond to these problems, we are May First can take a few steps.
At May First/People Link, our greatest threat is via compromised web sites and user accounts. These compromises can be used by an outsider to get access to the server your site is on and, once they have that, they can exploit the vulnerabilities. The best steps you can take to help are:
If you have any questions, please don’t hesitate to contact us at firstname.lastname@example.org. Our techies are happy to answer any query however small.
If you would like more information - below are two excellent articles.
The Guardian has a simple, non-technical explanation.
For a more technical explanation, see the Arstechnica article.