Our Response to Meltdown and Spectre

No doubt you’ve heard about two recent cybersecurity issues, referred to as Meltdown and Spectre. Both allow “low-privilege” users to access sensitive data, and could potentially enable hackers to access account data, passwords, and other information. The vulnerabilities affect laptops, desktops, cloud-based computers, and even some smartphones, tablets, and other internet-connected devices.

The issue is actually present in the hardware – specifically the central processing unit – of the device. Meltdown affects most Intel processors, which are present in a majority of PCs and over 90 percent of computer servers. Spectre also affects Intel processors, as well as those made by AMD and other manufacturers.

Fortunately, all major processor manufacturers, as well as Microsoft, Apple, and other software developers, are issuing patches to address both issues. Keeping your software up-to-date, including operating systems and all browsers, is crucial.

At Backstop, we recommend using the latest version of the Firefox browser. If you prefer to use the Chrome browser, we recommend installing an interim repair feature, known as Site Isolation, which you can learn more about here. (Google has announced plans to release a permanent repair on January 23rd.)

Since the earliest notifications of these security breaches, the Backstop technology team has been diligently working with our own software providers to install solutions and ensure all client data is protected. Our cloud service providers are also in the process of upgrading their equipment.

If you’d like to learn more, additional information about Meltdown and Spectre is available from the SANS Institute.

Update as of February 14, 2018:

Backstop has been rolling out patches for the variants of Spectre and Meltdown that have passed our testing process.  Unfortunately, not every variant has a fix available for it:
Some patches also have been causing severe issues and users are warned to not use them: https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/



Related Posts

SOC 2 Report Verifies Backstop Solutions’ Robust Security

The evolving dynamics of the institutional investment industry form a complex dance. Everything adds to the...
Read More

For Alt Investment Firms To Thrive, They Must Focus The Business

To survive as a business, an alternative investment management firm must have a repeatable, predictable,...
Read More