Meltdown and Spectre are recently announced vulnerabilities that exploit modern processors. To help you sort through all the info surrounding these vulnerabilities, we’ve compiled a summary of how they affect you and what Firespring is doing to proactively remedy them. Here's what you need to know:
Who’s at risk? Pretty much everyone—almost every system is affected by Spectre: desktops, laptops, cloud servers and smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. Desktop, laptop and cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995.
What can happen? Under certain circumstances, these vulnerabilities can allow an attacker to steal sensitive information, bypass security restrictions and gain elevated privileges to client and server software.
Who has been affected? No one, yet. The good news is that there have been no actual attacks in the wild using these vulnerabilities, so our efforts are currently proactive in nature and this issue should be resolved quickly and quietly soon.
So what’s the issue? Basically, a chink in the armor was discovered in all of the chips and computers listed above. So far, no one has tried to break into anyone else’s computer by exploiting this chink, but now that it's been discovered, people may start to attempt to do so.
What’s Firespring doing about this? Because we follow emerging security trends, our engineering team has been hard at work securing our infrastructures in the past weeks and continues to monitor security updates and releases as they are announced to ensure that our clients are protected. Given that these are complex processor vulnerabilities that require patches at many levels and from many companies, we are still working on completely resolving them, as is the rest of the IT world.
What we can tell you at this time is that we are aware of the vulnerabilities and are actively monitoring status updates regarding patches and mitigations. We are also monitoring and working with each of our hosting partners to ensure that their underlying infrastructures have been patched and are as protected as possible.
Okay, what else do I need to know? Meltdown and Spectre affect every single web hosting provider. If you happen to be hosting your site elsewhere, please be sure to check with them to confirm that they are deploying the proper patches to deal with these issues. If you find that they are not, please reach out to us at email@example.com and let us talk to you about creating a website or software application with a company that has your back and lets you sleep better at night!