The latest security threat to rattle the industry has done so with some poignant timing - most of us had not even taken down the Christmas decorations when the year's first major security crisis came upon us.
The year has not just kicked off with any security threat though. The grim emergence of Meltdown and Spectre represent some of the most significant threats of recent times, with far-reaching consequences and almost every modern computer involved.
What is Meltdown and Spectre?
The UK's National Cyber Security Centre (NCSC) states that Meltdown and Spectre are two related, side-channel attacks against modern CPU microprocessors that can result in unprivileged code reading data it should not be able to. Most devices - from smartphones to hardware in datacentres - may be vulnerable to some extent.
Processors in most devices employ a range of techniques to speed up their operation, states the NCSC. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused, in order to obtain information about areas of memory not normally visible to an attacker. This could include secret keys or other sensitive data.
Meltdown affects laptops, desktop computers and internet servers with Intel chips, while Spectre affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD.
"In essence, the vulnerabilities provide ways that an attacker could extract information from privileged memory locations that should be inaccessible and secure," said Nigel Houlden, head of technology policy at the Information Commissioner's office.
"The potential attacks are only limited by what is being stored in the privileged memory locations - depending on the specific circumstances an attacker could gain access to encryption keys, passwords for any service being run on the machine, or session cookies for active sessions within a browser.
"One variant of the attacks could allow for an administrative user in a guest virtual machine to read the host server's kernel memory. This could include the memory assigned to other guest virtual machines," said Houlden.
The industry reaction
The Meltdown and Spectre vulnerabilities continue to develop. The true extent of the potential damage and efforts needed to prevent these are very much a work in progress. However, resellers and the industry at large have already started to size up the impact of the flaws.
"From an information and security point of view, it is horrendous," said Jason Holloway, managing director at security VAR Bridgeway Security Solutions. "The security issues go to the very heart of all modern hardware. Recovering from these issues will take a decade or more until these devices are eventually replaced by modern equivalents that do not have these issues.
"It will be an extremely expensive and painful process for organisations to swap this out. Hence, the only realistic alternative is to work around these issues with the patches the various manufacturers are putting in place."
Holloway said this "workaround" still does not fix the underlying issue which means that how systems are built will need to be revisited, with security in mind from the start.
Continues on next page...
Vendor giant fires love arrow at New Signature and SAP partner Edenhouse
CEO Klaus Schlichtherle says 'sizeable' deal close to being inked as distributor chases €1bn turnover
Deloitte has been appointed as administrator for the struggling distie
It's been announced that billionaire tech pioneer Paul Allen died on Monday from non-Hodgkin lymphoma