Information is beginning to circulate on the internet about the latest possible cyber attack called Meltdown.
The basic attack is that a modern computer receives a list of instructions but doesn’t perform them in the order it is given them. It hands the results back in order though. On Intel computers without the patch, this opens a loophole to access data that should be inaccessible to an attacker.
An attacker exploits this by inserting an impossible request in a list of requests for data they shouldn’t have access to. The computer fetches the data the attacker shouldn’t have access to and holds on to it while it temporarily stalls on the impossible request.
The attackers knows that the computer has fetched this data but the computer won’t give it to them until it checks to see if they are allowed to have that data.
The flaw is that while the computer is stalled on the impossible request, the attacker submits a parallel request that asks a question involving the data that was fetched earlier but not handed over. The attacker uses these parallel questions to determine the contents of the data the computer is holding on to.
The computer finishes dealing with the impossible request, realizes the attacker isn’t supposed to access the data it fetched and cancels the request by not handing over the data.
This sequence keeps being repeated by the attacker until they get all the data they were searching for.
On Site Services is doing its very best to keep our customers protected from attacks like this, if you have any questions or concerns please contact us today through our contact page and we would be happy to help you out.
