A CPA’s Guide to Address Spectre & Meltdown

person with multiple devices on their desk
Rocky89_istock_datasecurity

The technology world has been abuzz thus far in 2018 about two major security flaws which were recently discovered in almost every computer, smartphone, and web browser produced in the last years. 

These vulnerabilities, referred to as “Spectre” (CVE-2017-5715 and CVE-2017-5753) and “Meltdown” (CVE-2017-5754), make it possible for a malicious script run by hackers to gain access to data such as passwords, encryption keys, and other sensitive data which is normally not accessible.  The flaws have existed in computer chips which were manufactured as far back as 1995 and were discovered in 2017 by multiple security researchers.

These flaws have software publishers and hardware manufacturers working overtime to update their software for these security issues. I have implemented the fixes on a variety of computers, and the update process for your computers will likely require updates to your web browsers, your computer’s operating system, and possibly your hardware’s BIOS and other firmware. 

While it is essential that you install these updates to protect the confidential information you have on your computer (including your usernames, passwords, and encryption keys), some sources also report that these patches will make changes that could slow your computer down by as much as 20% on some computers, and other sources report that the patches caused unexpected reboots on other computers. 

The Spectre and Meltdown patches are plentiful and it will be some work for you and/or your IT professional to apply these updates. I have four Windows computers and two Linux computers which I use on a regular basis, and the update process has been very time consuming. 

My Microsoft Surface Book was probably the easiest one to update, since Microsoft pushed out the firmware and operating system updates through Windows Update. My second laptop, a Dell Latitude E7270, required a BIOS update from the Dell website and I am in the process of updating a desktop computer and a server as I write this article. 

Please Login or Register to read the full article

To access all of the content on our site, register (it's free!) or login to your existing account.

BONUS: If you register now you can opt to receive a digital copy of "Transform!" , Richard Francis' new book for growing firms [US/Canada ONLY].

About Brian Tankersley, CPA, CITP

Brian Tankersley

Brian Tankersley CPA CITP is a technology consultant, educator, writer and serves as Director of Strategic Relationships for K2 Enterprises, where he works with vendors serving the industry to understand their existing and new offerings.

Replies

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.