Spectre and Meltdown impact on our clients' sites: None, really.

Robert Mohns, UX Researcher
Jeff Turcotte, Director of Engineering
Posted on Jan 12, 2018

Two very serious vulnerabilities, named "Meltdown" and "Spectre", were disclosed last week which exist in almost every computer manufactured in the last 20 years. The issue is with hardware, but there are software patches which provide protection.

If you host your website with Imarc, your website remains safe and secure

Imarc's client hosting services are run on Amazon's EC2 platform which has applied requisite patches to mitigate the most serious threats. Additionally, Imarc is in the process of updating our underlying server images on each of our clients' instances to incorporate the latest patches from Debian GNU/Linux.

Other Web Hosting Providers

Two popular business-grade Wordpress and Drupal hosting providers are Patheon and Acquia:

Personal Devices

Your personal PCs, phones and tablets are arguably more susceptible, as they run untrusted remote code from virtually every website (JavaScript). This all sounds really bad (and it is) but in practice, it would be extremely difficult for a malicious party to successfully pull off an attack.

Security fixes are coming, or have already landed. (In security jargon, these are called "patches", because they "patch" a security "hole".) Be sure you've updated your computer/phone and your web browsers recently.

What are Meltdown and Spectre?

These two exploits take advantage of a modern performance feature in virtually all desktop and phone CPUs. CloudFlare has written a good non-technical overview of how Meltdown and Spectre work.

You can learn more by searching CVE-2017-5754 and CVE-2017-5753.

(Sadly, Spectre has nothing at all to do with 007. Xkcd probably has the best take on Internet security in light of Meltdown and Spectre.)

How do websites get hacked, anyway?

We're glad you asked! Imarc Innovation Engineer Kevin Hamer wrote a guide to How Websites Get Hacked.