Category: News

Everything You Need To Know About Meltdown And Spectre

Everything You Need To Know About Meltdown And Spectre

Unless you’ve been living under a rock this past week, you’ve probably heard something about Meltdown and Spectre. These cyber attacks look to exploit a serious flaw embedded in just about all modern processors. Unfortunately, this flaw isn’t limited to personal computers. Smartphones as well as other smart devices are also at risk.

In order to understand how Meltdown and Spectre exploit your system’s processor, you must first understand a key function of modern CPUs: speculative execution. Without going into technical detail, speculative execution can improve CPU performance by predicting the route in which information will travel. This allows the CPU to execute a command in any order it sees fit. This avoids potential bottlenecks that would otherwise increase processing time. In the event that the processor fails to predict the correct route, the command will be rolled back in a way that is invisible to applications. These attacks exploit this function, allowing them to extract information from the CPU’s memory cache. Like a reverse phone number lookup, Meltdown and Spectre can access an unprecedented amount of sensitive information.

Meltdown And Spectre Vulnerabilities

While both of these attacks exploit the same processor flaw, the Meltdown attack causes the greatest amount of concern. This is because Meltdown allows the attacker to access information from the computer’s “kernel” (the central part of the operating system). The kernel essentially acts as a bridge between the computer’s applications and the processing unit. By peering into this location, Meltdown can extract the most sensitive information on a given device. As you can probably tell, an attack that can penetrate this deep into a computer system poses a massive security risk. For that reason, just about every major tech company and manufacturer has issued a patch to address this vulnerability.

Spectre, while still a significant security threat, is a far more difficult attack to execute than Meltdown. Unfortunately, this also makes Spectre more resilient to patches that otherwise address Meltdown. Some researchers believe software updates will not be enough to completely protect our systems from Spectre. Only by developing new hardware without speculative execution can we completely eliminate the threat of Spectre. That being said, it may take years before CPU manufacturers can develop such a chip. Until then, Spectre will continue to haunt our processors.

Another issue regarding these exploits is that no single company can fix either on their own. In order to address these vulnerabilities, processor companies (Intel, AMD), operating system companies, (Microsoft, Apple) and cloud service companies (SAP, IBM) have to work in tandem. So far the efforts of these companies have successfully created a working patch for the Meltdown attack (while still addressing Spectre in some ways).

The Impact Of Meltdown And Spectre

Everything You Need To Know About Meltdown And Spectre
Everything from personal devices to computer servers are at risk

Even though fixes for Meltdown (and in some ways, Spectre) have been released by most major manufacturers, some devices have yet to be patched. For those devices that have fixes available, installing the patches can slow down your computer by upwards of 30%. While the typical user might not notice a slowdown, the same cannot be said for everyone. In fact, many systems that rely on cloud computing are having trouble. For instance, Epic Games, the creator behind the popular shooting game “Fortnite” has had numerous reports of login failure and server downtime since the patches went publicThe company has since revealed that a third-party cloud service, responsible for handling the game’s influx of players, is at fault for the issues.

If you happen to be running an AMD chip however, a 30% slowdown is the least of your worries. Many AMD users who have installed Microsoft’s Meltdown and Spectre patch have bricked their entire system. Microsoft seems to be working on a fix for this issue. So we’ll be sure to update this blog when the fix arrives. In the mean time, if you happen to own a device with an AMD chip in it, make sure you disable the Windows auto update feature. Hopefully, as developers learn more about these vulnerabilities, more efficient ways to address Meltdown and Spectre will be found. For now however, we’ll have to settle for slower processing speeds and failed login attempts.

Related: Cryptojacking And How It Can Put Your Computer At Risk

 

Critical Security Flaw Discovered In MacOS High Sierra

Critical Security Flaw Discovered In MacOS High Sierra

If you’re a regular here on Digital Security World, then you already know how much we stress the need for strong password protection. Even if this is your first time here, you probably know something about password security and its importance. That being said, what could possibly be worse for account security than having a weak password? How about having no password at all. Incredibly, this was the state of all Mac devices running the macOS High Sierra 10.13.1 software last week. This coming from one of the most prominent tech companies in the world, a company which prides itself on the security of its devices.

The following devices are compatible with MacOS High Sierra software:

  • iMac
  • MacBook
  • iMac Pro
  • Mac Pro
  • MacBook Pro
  • MacBook Air
  • Mac Mini
  • MacBook Retina

The High Sierra Vulnerability

Critical Security Flaw Discovered In MacOS High Sierra
The “root” vulnerability affects every Apple device running the macOS 10.13.1 High Sierra software.

First reported by developer Lemi Orhan Ergin, the vulnerability in the 10.13.1 version of High Sierra gives anyone access to the above devices without having to know the login information. Simply typing the word “root” into the username field while leaving the password field blank will award full access to the computer. Even worse, accessing the device in this way will grant the user administrator status. This is relevant because a user with administrator status can easily access any file or location on the computer, including areas that a standard user would not have access to. For example, if you happen to have your iPhone synced to your Mac or iCloud, an intruder could spy on your text messages.

While it’s easy to see the massive security risk associated with this particular vulnerability, Apple was able to put out a quick patch to address the issue (MacOS 10.13.2 High Sierra). Unfortunately, some users have noted an issue with updating from the base version of High Sierra (MacOS 10.13) to the latest update. So if you happened to skip the MacOS 10.13.1 update, just make sure you reapply the latest version and restart your computer afterward. This will fix the root vulnerability.

Were any of your devices affected by the root vulnerability? Have a question regarding High Sierra? If so, leave a comment below.

You May Also Like: Does The iPhone X Face ID Pose A Security Threat?

How To Protect Your Devices From The Latest WiFi Vulnerability

How To Protect Your Devices From The Latest WiFi Vulnerability

How To Protect Your Devices From The Latest WiFi Vulnerability

Earlier this week, a major WiFi vulnerability was found to exist in the WPA2 (WiFi Protected Access 2) encryption protocol. Prior to the discovery of this vulnerability, WPA2 was hailed as the most secure method of protecting your WiFi network. It’s been estimated that WPA2’s Advanced Encryption Standard (AES) would take millions of years for even the most advanced supercomputers to break through its encryption process. Unfortunately, the latest attack does not have to break through any form of encryption. Instead it exploits a serious weakness found in WPA2’s framework.

The KRACK WiFi Vulnerability

Key Re-installation Attack (KRACK for short) can completely bypass WPA2’s security. The attack works by tricking the WiFi network into believing that the hacker has the correct credentials to access the network. Once inside, the hacker can monitor every piece of information flowing into and out of the WiFi network. All kinds of personal information, such as credit cards, social security numbers, usernames, and passwords are at risk of being stolen. If you believe your information may have been stolen, try running a background check on yourself to determine if someone has been using your information.

Certain operating systems are more susceptible to KRACK (such as Android 6.0 or higher and Linux OS). It’s important to note that all devices operating off of WiFi networks are vulnerable. This includes PCs, laptops, smartphones, and even IoT devices (such as digital home assistants and smart TVs).

How To Protect Your WiFi Network

Mathy Vanhoef, the security researcher who discovered WPA2’s vulnerability to key re-installation based attacks, has published both a research paper as well as a website that goes into further detail on subject. However, if you’re not into the more technical aspects of the attack, and are only concerned with how you can protect yourself from this new threat, we’ve got you covered.

Update All Devices On Your Network

How To Protect Your Devices From The Latest WiFi Vulnerability
Keeping your devices up-to-date is essential for both functionality as well as security

Updating any WiFi connected device is by far the most important thing you can do to protect your network. In this particular case, your number one priority should be updating your router’s firmware. While updating firmware usually requires some additional steps, the process is simple enough that anyone can do it.

Once you’ve updated the firmware on your router, your next priority is the software on the rest of your devices. Most major manufacturers have already developed patches for the KRACK vulnerability. However, there are still some manufacturers who have yet to release an update for their devices. If you’re unsure about whether your device’s manufacturer has already provided a patch for this WiFi vulnerability, take a look at this list.

Use An Alternative Connection To WiFi

How To Protect Your Devices From The Latest WiFi Vulnerability
Every WiFi enabled device is susceptible to key re-installation attacks, so consider using some alternatives until your devices are patched

What if the majority of your devices have not been properly patched? In that case, the next best thing you can do is disable your router’s WiFi and use an alternative connection. While not every device has a built in ethernet port available, some of the more data sensitive devices, such as PCs and laptops, are sure to have one. Consider utilizing these ethernet connections on your important devices until a proper fix has been publicly released.

In addition to PCs and laptops, smartphones also contain a ton of sensitive information. Unfortunately, many of these devices are at an elevated risk (Android devices in particular). In order to protect your smartphone from this WiFi vulnerability, try using your smartphone’s data instead of connecting to the WiFi, especially if you find yourself in a public place.

If there’s one thing you take away from this article, it’s that you should always keep your devices updated. Most modern devices come standard with some sort of auto-update feature. Enabling this feature can help secure your devices from potential vulnerabilities in the future. For those devices that require manual updates (such as router firmware), remain vigilant and keep a lookout for future updates.

If you found this article helpful, or have any additional tips, please let us know in the comment section below!

Related Article: How To Secure Your Connected Devices And Personal Information

Update (11/8/2017): Google has released a new security patch for Android devices (versions 5.0.2 Lollipop to 8.0 Oreo) that addresses the KRACK WiFi vulnerability. There are multiple patches available for November, however the 2017-11-06 patch is the one to look out.

Your Financial Security Is At Stake: Why Digital Funds Are Safer Than Cash

Your Financial Security Is At Stake: Why Digital Funds Are Safer Than Cash

Your Financial Security Is At Stake: Why Digital Funds Are Safer Than Cash

Cash transactions are becoming more and more obsolete with time. An increasing number of retailers are beginning to accept digital payments like Apple Pay or credit cards with chip technology and are stocking their registers as minimally as possible. This is done for convenience as well as concern for health. CNN reported recently that there are 100+ different types of bacteria swarming all over the currency circulating New York City alone. Imagine how much more can be found throughout the state, country, or even world? It’s unsanitary and the reason food handlers have requirements for wearing and changing their gloves during cash transactions. 

Consumers realize this. It’s a major source of the switch from physical bills to digital payments. Of course, it’s also so much easier to carry your wallet around on your phone. For men and women alike, carrying around cash is bulky and irritating to deal with. Minimalism is the new trend, including reduction of personal items on your actual person. Especially for travelers, this is the safest way, since cash is easier to steal and makes you more of a target for thieves and scammers.

Digital funds have even taken over the personal transaction market, with apps like Venmo that allow you to instantly transfer money from your bank account or Venmo reserve to friends via only your mobile device. No need for cash, a credit card to upload funds, or even to meet in person. You can send money to someone that lives halfway around the world in an instant if you want or need to.

Your Financial Security Is At Stake: Why Digital Funds Are Safer Than Cash

Now, Venmo is expanding its reach by venturing into the retail environment. Soon, users everywhere will be able to use a Venmo debit card in their favorite stores. This practice will use your reserve of Venmo funds as if Venmo itself is your bank. This way, if a friend pays you through the app, instead of having to transfer the money back into your bank account or use it to pay someone else in the future, you can use your debit card to make a transaction directly from your account.

How else do digital transactions protect us?

When your funds are entirely digital, it’s not only easier to spend money, but it’s easier to keep track of your payments. There are apps to track your spending, like Mint or GoodBudget, as well as financial planning software you can download to your computer. They will even analyze the data for you to help you spend and budget most efficiently. Look around to find the best program for you. Check out reviews of Intuit Quickbooks, for example, before taking the plunge. Many of these softwares are for the business owner and individual alike.

Your Financial Security Is At Stake: Why Digital Funds Are Safer Than Cash

Although digital currency like Bitcoin has done extremely well in terms of its value over the past few years, it has yet to catch on as the popular mode of spending (although its use is widely accepted by online retailers and marketplaces). However, given the trend towards digitizing our purchasing power, there’s no doubt that we will see an entirely computerized world–money and all.

Digital wallets are the most effective method of spending while traveling, too, for safety purposes. If you’re interested in learning more about protecting yourself and your devices from theft while on vacation, check out our related post: 6 Safety Tips For The Tech-Savvy Traveler

You Are Being Watched: How Harvard Used Social Media Monitoring To Rescind 10 Student Admissions

You Are Being Watched: How Harvard Used Social Media Monitoring To Rescind 10 Student Admissions

You Are Being Watched: How Harvard Used Social Media Monitoring To Rescind 10 Student Admissions

Social media sites like Facebook and Twitter can be a great outlet for sharing things with your friends and family, making connections, and reading interesting articles (like this one!). However, it’s not all fun and games. Despite monitoring your friends list, nothing you post to social media is ever truly private. Many people have learned this the hard way over the years. Employers are firing employees over inappropriate posts. Human resources departments are scouring profiles to judge the potential character of job applicants and candidates. Now, even colleges are turning to social media monitoring to keep tabs on their students, both current and prospective.

In fact, repercussions for inappropriate actions on social media have gotten worse. Most recently is the news of Harvard rescinding the admission of 10 newly admitted students after they engaged in lewd conversation and meme-sharing in a Harvard admitted students Facebook group. What the students believed to be a private, friendly banter in an attempt to impress their peers ended up turning their dreams into nightmares. After going through the exciting process of announcing their acceptance to a top Ivy League college, maybe even combing through financial software reviews to help stay on top of their impending tuition payments, they then had to bear the shame of being rejected before even setting foot on campus.

It has been disclosed that their group chat within the Facebook page included instances of racism, anti-semitism, and general bigotry. Little did they know, the school officials were watching and taking action.

 You Are Being Watched: How Harvard Used Social Media Monitoring To Rescind 10 Student Admissions

This is not the only instance of colleges rejecting students based on their interactions on social media. If you aren’t careful with what you post, share, like, and follow, you just might end up in a similar situation.

Social media isn’t the only source that’s being monitored. Your entire online presence is vulnerable to judgment, from your book review blog to the heart rate statistics you uploaded from your Fitbit last week. Everything you do has the potential of landing in the public eye, so be mindful online no matter which digital platform you’re using.

 

To learn more about protecting your internet presence, read our related post:
4 Things That Can Affect Your Online Reputation.

The Importance Of Updating Your Phone Software: Why You Need To Regularly Update Your Apple or Android Device

The Importance Of Updating Your Phone Software: Why You Need To Regularly Update Your Apple or Android Device

The Importance Of Updating Your Phone Software- Why You Need To Regularly Update Your Apple or Android Device | Digital Security World

A recent study on mobile device threats shows that 98% of Android users and more than 35% of iOS users do not update their phones to the latest available software version as frequently as they should.

 

Are you one of those people? If so, then you are compromising the health of your phone and the safety of your valuable data and information!

 

Here is why you need to regularly update your Apple or Android phone software:

 

The #1 reason to update is SECURITY.

 

With every software update comes change(s) that will improve the performance of your product by fixing minor issues that have been found and deemed possibly penetrable by threats. Hackers thrive off their ability to enter any system weaknesses in an effort to take advantage of the data and information they can receive from it.

 

The Importance Of Updating Your Phone Software- Why You Need To Regularly Update Your Apple or Android Device | Digital Security World
This woman sending a text message to somebody via her iPhone may not be safe is she’s sending an iMessage on an outdated software!

 

For example, this Refinery29 article shares how “researchers discovered a flaw in Apple’s encryption scheme” which leaves iMessage senders vulnerable to attackers. By not updating your phone as regularly as the software is updated, you are ultimately risking the security of your device even by sending a text to somebody.

 

How do you solve this issue? Turn on automatic updates for your apps. Install an antivirus software that will protect your phone. Stay up to date on viruses, scams, and other digital threats that are currently circulating the web by reading news articles and blogs. Whether you receive that annoying notification telling you that a new version of your iOS software is available for update or you receive a popup that indicates there’s an Instagram or Facebook update solely with “improvements or bug fixes,” don’t wait — update!

 

Stay safe out there on your phones, and be sure to come back to Digital Security World for more cybersecurity news and tips soon.

 

Related Post: How To Safely Browse The Internet (INFOGRAPHIC)