Meltdown and Spectre vulnerabilities – what to do?

Meltdown and Spectre are two vulnerabilities present in hardware making it potentially possible for programs to steal information, like passwords etc.

Meltdown affects only Intel processors while Spectre, which is more complex, also partly affects AMD and ARM based processors.

It is not yet known if these vulnerabilities has been exploited by anone. It can affect personal computers, servers, tablets and mobile phones, i.e. more or less any device containing a processor.

More information on: https://spectreattack.com/

What can you do?

  • Check your operating system for updates the upcoming weeks (this is normal good security practice, but make sure you do it frequently)
  • Install and update your virus protection. Even if the antivirus program can’t protect you from the attack it might be able to inform you that your device has got malicious code onboard

You can find security bulletins, security advisorys, faq:s etc for your operating system here: https://meltdownattack.com/#faq-advisory

Find out what real code a php eval(gzinflate(base64_decode contains

When you are dealing with a hacked or otherwise compromised website where someone has installed a backdoor or other kinds of malicious code you will often find php files with code packed into non-readable format using php eval, like eval(gzinflate(base64_decode.

To find out what the code does, copy the entire eval code (including “eval(“) into this site: http://ddecode.com/phpdecoder/

You will in the end get a human readable version of the code. Usually nasty stuff.

My mobile phone has been stolen – how do I find it?

Track and find a stolen mobile phone is often done in vain. If you forgot it somewhere there is a chance to locate it, but if it was stolen for example by a pick pocket, they usually know to turn it off immediately and then wipe it before it has a chance to report it’s location. But it is worth a try.

Apart from that, call your provider to lock your SIM card and the phone IMEI numer (makes it unusable with other SIM cards). Change passwords for all the apps you had installed, like Facebook, email etc.

Android: Use Android Device Manager and login using the same Google account you used to initially set up the phone. Click on Locate device.

iPhone: Use iCloud and login using your Apple ID. Can be used to find your missing Mac, iPhone or iPad.

Windows phone: Use Microsoft and login using your Microsoft Account (former Windows Live ID). Go to Find my device.

Windows XP users should immediately upgrade Adobe Flash plugin

Microsoft has sent out an urgent message encouraging all Windows XP users to upgrade their Adobe Flash plugins immediately due to a security issue. This includes users of both 32 and 64 bit Windows XP and both SP2 and SP3. The current version of Adobe Flash plugin is version 10.0.42.34.

The latest version of Adobe Flash plugin can be downloaded here.

Internet related threats

On http://www.cromwell-intl.com/security/ you will find a number of articles related to Computer System and Network security. It covers chryptography, privacy tools, computer forensics, authentication, intrusion detection and network monitoring.

GRC Shields Up! tests your firewall from the outside and reports what you are exposing to the Internet.

At CERT, Computer Emergency Response Team, you will find up to date information about security related issues like newly discovered vulnerabilities. Stay updated!