Spectre and Meltdown: New security fixes for our servers but users should take action, too!
Many of you will have heard about the two new security exploits known as 'Meltdown' and 'Spectre', which were revealed a couple of days ago. The fact that they have their origin in bugs that sit directly in the hardware architecture of practically all modern CPUs makes them particularly dangerous and difficult to fix. This also means that in principle, all modern operating systems are vulnerable, including Microsoft Windows, Apple Macintosh OSX or iOS, or Linux, Android, etc. It also doesn’t matter if the computer is a server in a data centre or a private PC at home. There are different attack scenarios, the impact of which can be very serious.
In theory, simply browsing the Internet with any browser software can make a system vulnerable to attacks that aim at retrieving sensitive data, such as credit card numbers or the login credentials for any kind of account, including bank accounts.
We cannot describe the full technical background of Spectre and Meltdown within the space of this blog article but have a look at https://meltdownattack.com for a quick introduction. More technical details and information about the browser attack scenario are given in the following articles:
http://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.html
http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html
Security patches are in the making or have been released already for many operating systems such as Microsoft Windows, Apple OSX, and different Linux distributions.
Important for users: System and application updates!
We strongly recommend every user pays attention to the latest updates provided for their operating systems and applications including browser software (e.g., Firefox, Chrome, Internet Explorer, etc.). It is important to make sure everything is kept up-to-date as far as possible.
mailbox.org has been implementing the latest security patches
The team at mailbox.org is working hard to ensure that the software versions of anything running on our servers are up-to-date. We are also applying security patches that have been released by the various Linux distributors.
We expect this to be an ongoing process as Meltdown and Spectre will be around for a while and probably require additional safeguards and fixes to be installed on systems. We can assure all users that we will implement any relevant updates as soon as possible after they become available.