New week, new punching bag: this time, Intel returns to the spotlight with yet another flaw in its CPUs, up to and including the most recent 9th generation processors as well as going back as far as ones produced in 2008. This week has been absolutely bananas for technology issues so I’m going to keep the literary gymnastics to a minimum. Truth be told, I’m still trying to wrap my head around the technical details of this latest exploit, but here’s a simplified explanation of what I understand so far.
What this means for you: apply updates and stay patched!
Two independent groups of researchers as well as Intel themselves have been quietly working on identifying a new, serious exploit in how Intel CPUs operate. Unlike typical security flaws that can be patched with software, vulnerabilities like this one, dubbed RIDL, Fallout, or MDS (depending on who you talk to) are a result of how the CPU was designed to operate. This new flaw, along side the two previously announced Spectre (2017) and Fallout (2018) vulnerabilities, fall into a class of exploits that are based on a core design of Intel architecture originally built to help computers run faster. Put as simply, predictive processing guesses what the CPU is going to be asked to do next and have the necessary code or data already loaded into nearby caches. Previous exploits looked at the predictions, and the latest basically looks at the guesses that turned out to be wrong or unused. Each discarded guess only contains a few bytes of data, but given a focused attack repeated thousands or millions of times, the leaked data can eventually be amassed into a significant security breach.
Interestingly enough, Intel has known about this particular flaw for an undisclosed amount of time, and has already been working with major industry players like Microsoft, Google, Apple and the usual Windows PC manufacturers to patch or mitigate the vulnerability, which may or may not already be applied to your equipment. At this point, unless you really like reading technical bulletins like this one, I’d recommend paying close attention to update notifications from your computer’s manufacturer as well as applying security patches to your various devices, regardless of their business or personal focus. As with the previous two vulnerabilities, Intel and manufacturers are being cagey about pointing out exactly which updates might be addressing this particular issue, or even if they’ve already been fixed (as many manufacturers will assert), and Intel itself is downplaying the severity of the flaw, despite differing opinions from the independent research groups. Intel discounts the severity based upon the relative sophistication required to exploit the flaw, but researchers rightly point out that though the flaw may be hard to exploit, the data it exposes is highly sensitive and previously thought completely secure.
In case you haven’t been keeping up on your popular internet news, Applebees has stumbled into the hornet’s nest known as the “Internet backlash” following the termination of food server Chelsea Welch. Ms. Welch posted a receipt she received from a customer who wrote a decidedly controversial message on the bill, refusing to pay the restaurant-suggested tip that Applebees (not the food server!) adds for serving large parties. Being of the digital age, Ms. Welch did what many do (right or wrong) when something offends them: they share it on the internet. And as things sometimes do on the internet, outrage happens.
Here’s where the fun begins. Instead of circling the lawyers around the Applebee’s camp and running some professional damage control, someone with control over Applebee’s Facebook page took it upon themselves to argue with the entire internet. They did it poorly and clearly without “adult supervision.”
Rule #1 of the internet: “Don’t get into an argument on the internet.”
Rule #2 of the internet: “Don’t post in anger.”
What this means for you:
If you are in business, and your business has an online component: Facebook page, Twitter account, G+ presence, etc., how you use that account is possibly one of the most powerful brand management tools in your arsenal. As a famous superhero is known to say, “With great power comes great responsibility.” Part of that responsibility is understanding exactly what impact your status update, tweet, post, etc. can have. In the case of Ms. Welch, she didn’t have a large audience to start with. I’m sure she shared the photo with only a handful of friends…who then went on to share with their friends…and so on, and so on. You get the picture. Also keep in mind that if you have employees, make sure they understand the responsibility they have in representing your company’s brand on the internet, officially, or informally. You don’t need to police their Twitter postings and friend them on Facebook, but it doesn’t hurt to gently remind them that if they are representing themselves as employees of your firm, that representation doesn’t end the minute they clock out at work, especially if they clearly (and proudly) display you as their employer on their social media profiles.