WPA2, Meltdown & Spectre Flaws: We are ALL at Risk
Happy New Year to you all! While I hope everyone’s holiday season was joyous and stress free, malicious computer hackers and researchers were hard at work ensuring that our 2018 is much less enjoyable.
In October of last year, news started coming out about a vulnerability in WPA2 wireless security that affects the majority of wireless networks in use today. In short, if an attacker is within a few miles of your network, he or she can manipulate the encryption key used to secure your wireless communication and then decrypt most, if not all, of that communication between your device and the wireless access point/router. According to https://www.krackattacks.com, a website set up by the researchers who discovered the flaw, both the access points/routers and the wireless clients (computers, smartphones and other devices that you use) need to be patched. While this vulnerability is not yet widely or easily exploited, it will be in the future, now that the details have been published online. I have been waiting for firmware updates to be released and tested before beginning the patching process for my clients. It is now time to patch.
Last month, details were published about another even more ubiquitous vulnerability that affects the hardware of a computer, namely the CPU or Processor. Intel, AMD and ARM are affected within various operating systems. The microcode affected by this vulnerability was written into the CPUs to speed up our computers. That’s why you’ve heard so much in the news about people who are afraid the patches will slow their computers down. While testing has shown a little slowing under different test scenarios, the effects are probably not noticeable under most conditions. The patches to this flaw must be addressed on multiple fronts. Antivirus, operating systems and firmware must all be patched.
That’s always the tradeoff with security: it slows down our productivity and increases the hoops we must jump through to get our jobs done without handing out confidential information to the wrong people. But that’s the world we live in. Most of these typical risks can be mitigated with basic methods, such as quality, up to date antivirus software, regular software and operating system updates, hardware or firmware updates, and a little user education. Some, though, require what Microsoft refers to as “Out of Band” updates or special case situations that call for specific attention out of the normal updating schedule. Both of these vulnerabilities fall into that type of category.
Relia IT will be contacting our normal customers over the coming days to discuss their particular needs in relation to these recent risks. If, however, your business is not contacted or you have other questions, please call our office at 256-415-7001.