Within the past day, you may have heard news about Spectre and Meltdown. These two hardware bugs have been exploited in nearly every modern computer. This includes your personal computer, phone, and cloud servers around the world.
What do Spectre and Meltdown mean for my hosted website?
At ThirdSide, security is one of our top priorities. Within a few hours, the company we hired to manage our server began mitigation work to prevent these exploitations on websites hosted and managed by ThirdSide.
Their memo to us is as follows:
Earlier this week, multiple vulnerabilities were released that affect nearly every modern server and desktop computer. These are being known by the monikers as “Meltdown” and “Spectre”. These vulnerabilities affect your server and many other service providers. Since becoming aware of these vulnerabilities, we have been working diligently to plan and implement the best resolution for our customers. Our security and development teams have been working with our vendors to deploy the required updates to mitigate vulnerabilities.
So, what are these vulnerabilities? They are both hardware bugs that allow information being processed on a computer, or server, to be obtained by non-privileged programs. Normally, programs are prohibited from reading data in use by other programs. However, when exploited, “Meltdown” and “Spectre” allow this normally secret information to be read by any software that’s asking for it. “Meltdown” breaks the isolation between programs and the underlying operating system, while “Spectre” breaks the isolation between running programs.
Many modern operating systems have already announced or released patches to mitigate the risks of these vulnerabilities. Based on the requirements of many, if not all, of these patches, it will be required to reboot affected customers’ servers. We will be scheduling these reboots, and updating affected customers prior to them taking place.
Presently, we are continuing to monitor the situation for further information and will be updating our customers as more information becomes available. Our customers’ security and environments are a top priority, and we can assure you we have the best team working feverishly to fix these vulnerabilities in the least impactful manner.
Should any further updates be necessary, we will update this post. If you are a current ThirdSide client and have questions specific to your website, please contact us via our contact page or your client portal.
For more information about Spectre and Meltdown, including whitepapers, please visit https://meltdownattack.com/