Meltdown and Spectre: Recent flaws in the architecture of many processors built over the past two decades are the latest crisis security breach that hit the IT industry.
The phenomenon Meltdown and Specter once again came to confirm what many know but find it difficult to admit: no one should think of their system as safe. It is much more likely to recognize a system as "stable" and of course as potentially unsafe.
This means thinking about security as a continuous process and not as an end point.
Specter and Meltdown flaws are present in most Intel CPUs by 1995, and other chip manufacturers are affected.
To many it may seem inconceivable that such serious vulnerabilities remain without updates for so many years (the joy of the NSA). However, it is simply a function of the incredible complexity of the systems we all use. A long time ago, there was another one: Remember Heartbleed? The loophole in the OpenSSL cryptographic library released with his logo και έσπειρε τον πανικό στους IT σε παγκόσμιο επίπεδο. Θυμάστε το Shellshock; Το ransomware WannaCry;
Security is a utopia and believing that your systems are absolutely safe you are living a very dangerous illusion. Just suppose your systems are precarious, and you'll start making better decisions.
Security ceased to exist upon his arrival Internet, but many of us don't seem to have realized it. Specter and Meltdown are two good examples because they can affect everything from the PC on your desk and the smartphone in your pocket to the cloud service you use to store your data. No matter how good you are at "security", today you rely on the constellation of service providers and their various partners.
Any software, operating system, or firmware code shipped by vendors is inevitably imperfect, so there will always be updates. Applying these fixes is considered a tedious and thankless job by many IT people. Especially in corporate environments, where each update should be vetted by IT to make sure it won't cause problems when implemented. So many times the updates are not even though they should be the first priority. The WannaCry ransomware was released last year, although Microsoft had released a patch.
Of course this is what hackers know. Updates exist, but there are also systems that are not up to date.
So, what is security?
If you assume there is no security, you will have a greater chance of getting online and going safely. The aim of the article is to be suspicious.
There are no companies that can protect you, and if they promise they lie. Security means knowing that it does not exist, which prepares you for the worst scenarios.