Spectre and Meltdown: Processing Problems

You may have heard recently that many of Intel’s Central Processing Units (CPUs) have a design flaw that could allow malicious attackers to steal private information.  Passwords, emails, etc. could be stolen because of “kernel memory areas” in the CPUs.

However, even though the focus is on Intel’s screw-up, it’s believed that CPUs sold by other vendors may have the same problems. Intel is just taking the heat because they’re the biggest and most reputable name.

What is a CPU?

processor

If you’ve ever seen a CPU (above) – also casually known as a processor – you would know it’s probably the strangest-looking part of a computer.  It’s relatively inconspicuous, but it is regarded as the “brain” of the computer, because pretty much everything needs to run through the CPU.  That’s why keeping the CPU at a low temp takes a lot of work, but is very important (if your computer is overheating it will probably shut down to protect the CPU).

What are the security flaws?

The two main “vulnerabilities” have cool names: Spectre and Meltdown.  They both can be exploited by malicious programs on your computer to get secret information from your currently running programs (password managers, emails).  The nitty-gritty details of it are complicated but the gist of it is pretty simple.

Your processor wants to act quickly and it makes information readily available, in an attempt to give you a faster and more fluid user experience so you don’t need to wait for the information.  These flaws take advantage of that optimization and the software patches to fix it might affect that.

Okay cool, it’s being fixed.

The initial reports from PC Mag were saying that the software fix would be a big problem, and that it could potentially slow down your computer up to 30%.  Intel has pushed back at that statement saying “any performance impacts are workload-dependent, and, for the average computer user, should not be significant”.

So, if you’re a really intensive computer user you might notice your machine slowing down every now and then, but hopefully you won’t.

The Moral: Nobody is Perfect

Everything seems like it can be hacked. The Equifax security breachthe Showtime cryptocurrency mining scandalthe OTHER Equifax security breachKRACK attacksRansomware… there’s a lot of bad hacking-related issues lately and it seems like it might not get better.

Unfortunately, this is just the age we live in right now. We can just stick with our personal best practices. Use a virus removal you trust, keep an eye out for phishing attempts, and update your software frequently.

The Basics: What is Phishing?

Phishing is just the term for people trying to lure others to give up their secure information through emails.   People hopefully aren’t falling for the Nigerian Prince bit anymore, but it’s a good representation of the basic idea.

Nowadays, people don’t typically ask for you to directly send them money – instead they try to get sensitive information (often CC info, or your login information for your bank/PayPal) or they might just want you to click their link to download malware onto your computer.  In general, it’s all bad and you could lose valuable information and money.  Or your time and patience while you try to get it back.

An Example of Phishing

I’ve attached an email below that we got that isn’t quite as obvious.  It has many errors in it, but they aren’t too noticeable, and on first glance it seems like it might be a legitimate email from PayPal.  I have to respond/handle legitimate emails like this pretty regularly, so it’s not hard to believe that someone could get tricked.  Catch someone before their first cup of coffee and they might just fall for it completely!  Here is the unedited email in question:

As you can see, this email is impersonating PayPal, saying you need to click the link to verify your account because some illegal activity has been going on in your account.  At first glance, this looks fine, like something PayPal might send out.  However, there are several mistakes/signs that this email isn’t correct.

The Errors

There are actually many small errors throughout the email that should tip you off that something is wrong, on top of the fact that the URL the link will take you isn’t PayPal.  Let’s go through them.

  • The logo is wrong.
    • PayPal uses mainly two versions of their logo, one of which looks a lot like this, but it is slightly different. I didn’t notice this at first, so if you didn’t, don’t feel bad.
  • Broken English
    • “…from different country followed by some illegals buys . we think that you’re not who do that, so we have suspended your account.”
      • When you look closely, it becomes pretty obvious that this is written in broken English. Notice that the last bit “so we have suspended your account” is perfect though, so if you just skimmed the email you could totally miss that.
  • “We will give you 1 Day to update your informations or we will suspend your account forever.”
    • More broken English. But suspend my account FOREVER? Okay well Paypal wouldn’t do that… that just doesn’t make sense.  But if you don’t pause to think about it, you could get spurred to action.
  • Lastly, the link doesn’t go to PayPal.
    • You can highlight the link they want you to click and see where it’s going to take you. It’s not Paypal, so wrap it up and call it a day.  The email is fake.  I don’t know if they wanted you to just click the link and it would download malware, or if they wanted you to input your Paypal information so they could get access. It doesn’t matter, don’t click the link.

Why do Phishing emails have errors?  Are they not trying hard enough?

The assumption is that for most scammers, English is not their first language so there’s a greater chance of typos and improper grammar. However, there is speculation that emails like this are typed a little poorly on purpose to get specifically the uneducated/lazy/tired individuals that are less likely to make a big fuss if they give up their information.

This is why we all laugh at the old “Nigerian Prince” scam, but it was/is moderately successful! We all think “who falls for this stuff…” but it’s because they want to get the gullible and uneducated to work with them.  They don’t want everyone to respond to the emails, because that would be a waste of time for them.  They only want people who are likely to actually fall for their tricks – thus poor grammar and spelling are very common. People who will overlook the obvious issues in the email are more likely to just give their information without questioning it.

Now I know everything about Phishing and will never get got by it!

Well, no.  Unfortunately, being cautious is pretty much the best advice we can give you on how to protect yourself, but it’s impossible for us to guarantee that that will keep you completely protected.  However, as long as you are careful, potential hackers/scammers won’t want to waste their time with you.