It is amazing how quickly we go from hearing about security vulnerabilities to information overload about them.
That's what's happening right now with Meltdown and Spectre, which could allow secret access to bad actors through your computer's CPU.
So, here is a resource guide of where to turn for updates:
- At first, it sounded like only Intel chips are affected. The company disputed that: "Recent reports that these exploits are caused by a 'bug' or a 'flaw' and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits." This is accurate.
- US-CERT verifies how widespread the vulnerability is:
- You can read the US-CERT advisory on Meltdown and Spectre here, but you may not like their ultimate solution to the problem:
- Meltdown and Spectre have their own combined website now, explaining what each vulnerability does, with video of the exploits and a list of resources. CERT pointed to this site as a resource: https://meltdownattack.com/
- Industry updates: Intel News, Microsoft Advisory, Azure Update, Amazon Update, Google Update, AMD Update
We'll continue to post resources to this page as we discover them. But we thought AMD summed things up rather nicely:
"Total protection from all possible attacks remains an elusive goal..."
Indeed it does.