Two very serious vulnerabilities, named "Meltdown" and "Spectre", were disclosed last week which exist in almost every computer manufactured in the last 20 years. The issue is with hardware, but there are software patches which provide protection.
If you host your website with Imarc, your website remains safe and secure
Imarc's client hosting services are run on Amazon's EC2 platform which has applied requisite patches to mitigate the most serious threats. Additionally, Imarc is in the process of updating our underlying server images on each of our clients' instances to incorporate the latest patches from Debian GNU/Linux.
Other Web Hosting Providers
Two popular business-grade Wordpress and Drupal hosting providers are Patheon and Acquia:
- Pantheon has updated its servers.
- Acquia will update its servers over the next few weeks, and is focusing on Meltdown as a higher risk than Spectre.
Security fixes are coming, or have already landed. (In security jargon, these are called "patches", because they "patch" a security "hole".) Be sure you've updated your computer/phone and your web browsers recently.
- Apple has patched macOS (High Sierra and Sierra), iOS 11, tvOS, and Safari; Safari for El Capitan is also patched
- Microsoft has patched Windows and IE for PCs which use Intel CPUs; a patch for PCs using older AMD CPUs coming soon
- Google has made temporary modifications to Chrome to mitigate the attack, with a fuller patch for Chrome coming in late January
- Mozilla has patched Firefox
- Google has patched Android, just in case (most Android devices aren't vulnerable to these two attacks)
What are Meltdown and Spectre?
These two exploits take advantage of a modern performance feature in virtually all desktop and phone CPUs. CloudFlare has written a good non-technical overview of how Meltdown and Spectre work.
(Sadly, Spectre has nothing at all to do with 007. Xkcd probably has the best take on Internet security in light of Meltdown and Spectre.)
How do websites get hacked, anyway?
We're glad you asked! Imarc Innovation Engineer Kevin Hamer wrote a guide to How Websites Get Hacked.