Wildcat Press Xpress

The Ghost that is Melting the World

Victor H., Staff Writer

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






 

Screenshot captured by Victor H.

All students on the Westminster campus are in the possession of at least one device that is able to be exploited and have personal information stolen via two recently announced bugs.

On January 3, 5 p.m. EST, every bit of research regarding Spectre and Meltdown was released one week before the planned date. It’s hard to judge the impact of this early announcement; both impact all modern processors with Meltdown being able to effect processors made after 1995. They are also incredibly hard to detect with anti-viruses.

The original planned date, January 9, matched with Microsoft’s update cycle and fell in the middle of the Consumer Electronics Show (CES).

With the sudden embargo lift, patches were frantically pushed out. Intel fixes caused unexpected restarts while AMD’s left some computers unbootable.

It also left many cloud servers out in the open. Google’s cloud and Amazon’s Web Services were stranded along with many others. Hackers may have been able to access private information by using either exploit.

Despite all the publicity, many still don’t know about it, and almost nobody has done anything about it. A middle school survey shows that only 13.5 percent of students know about Spectre and Meltdown.

Of the 10 people who know about either, only three have done something to protect against them. What’s even more surprising is that five people know somebody who has had their information compromised by malware.

According to Scott Johnson, in IT services, “Messaging to students will come in a variety of ways depending on discussions we have with each division.”

Though, students were left in the dark until February 9 when the knowledge bar sent an email out informing everybody. Luke W., an eighth grader, said: “Yes, I would protect my information more. It was a lack of information, I didn’t know there was something I had to install.”

It is important for students to be informed about these exploits so that they can take actions. Mr. Johnson said, “Another thing that we are doing is preparing packages to update all of Westminster’s devices-so, computers, iPads, and iPhones. The self service item is one way we are updating computers. Some of them will go over the air, some of them will be initiated by users.”

Though, everybody should remain calm. Mr. Johnson said, “Westminster’s web filter is constantly updated to block malicious websites as they emerge and as they are reported. We do have filters through google for incoming emails. Like other security protections, Google’s filters are also constantly updated.”

Teachers have gotten the patches. Mr. Johnson said, “Emails have gone out to faculty and staff, our efforts to protect employee computers are proceeding very well.”

A more technical explanation: Meltdown (CVE-2017-5754) or rogue data cache load breaks the system that keeps applications for accessing arbitrary system memory.

Spectre is a name for two exploration techniques CVE-2017-5753 or bounds check bypass and CVE-2017-5715 or branch target injection. Spectre tricks applications into prematurely accessing arbitrary system memory. A malicious website can run a JavaScript script allowing it to access private information.

Both take advantage of a process called speculative execution which allows the processor to predict what the user will do allowing it to accomplish tasks quicker. Speculative execution was implemented with a good intent which made it all the more unexpected when researchers discovered the exploits.

Print Friendly, PDF & Email

Leave a Comment

Comments are closed.

The news site of The Westminster Schools
The Ghost that is Melting the World