From 3e21c6c50c8762d032b19be27be3ec7bbbde6d3f Mon Sep 17 00:00:00 2001 From: georgeowell Date: Fri, 12 Jan 2018 15:24:09 +0000 Subject: [PATCH] Fix article --- src/_posts/2018-01-11-spectre-and-meltdown.md | 53 ++++++++++--------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/src/_posts/2018-01-11-spectre-and-meltdown.md b/src/_posts/2018-01-11-spectre-and-meltdown.md index cd742fd..68c3638 100644 --- a/src/_posts/2018-01-11-spectre-and-meltdown.md +++ b/src/_posts/2018-01-11-spectre-and-meltdown.md @@ -13,7 +13,8 @@ vulnerabilities. Our upstream providers have also confirmed that they have patched their infrastructure. We will monitor the situation as it develops. We are currently super busy with clients so we decided to repost the -excellent security bulletin from out friends over at Rise Up. All credit +excellent security bulletin from out friends over at [Rise Up](https://riseup.net/) +which goes into detail oh how to update various operating systems. All credit to them for the rest of this blog post. ## The Facts @@ -36,10 +37,10 @@ much less likely. You should take *both* these steps now, for all your devices: -1. Upgrade your web browser (see below). These fixes make the new +* Upgrade your web browser (see below). These fixes make the new attacks against CPUs more much difficult. -2. Upgrade your operating system. There are updates available for +* Upgrade your operating system. There are updates available for Windows, macOS, and GNU/Linux that fix the Meltdown vulnerability for Intel CPUs and provide some mitigations for Spectre. Additionally, new releases of iOS and Android have mitigations for Spectre. @@ -52,8 +53,8 @@ By updating your browser, you can make it significantly harder for an attacker to steal secrets off your computer using Javascript loaded from a web site you visit. -Firefox version 57.0.4 and later includes mitigation measures [against -Spectre attack] [1]. +Firefox version 57.0.4 and later [includes mitigation measures](https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/) +against Spectre attack. Edge has been updated to include Spectre migitations. When you apply the latest Windows update, you will get the new version of Edge. @@ -63,37 +64,46 @@ Store updates. Chrome will include Spectre mitigations starting with version 64, to be released Jan 23. In the mean time, you can change your configuration to -greatly mitigate against the Spectre vulnerability by enabling "site -isolation" [https://support.google.com/chrome/answer/7623121?hl=en] +greatly mitigate [against the Spectre vulnerability by enabling](https://support.google.com/chrome/answer/7623121?hl=en) + "site isolation." -Additionally, please see [https://riseup.net/en/better-web-browsing] for +Additionally, please see [Rise Up's better browsing guide](https://riseup.net/en/better-web-browsing) for instructions on best practices for securing your web experience (which will also help mitigate against these new attacks). ## Windows For Windows 10, you must first upgrade any anti-virus software before -upgrading Windows. Failure to do so may make your computer stop working. -[2] +upgrading Windows. [Failure to do so may make your computer stop working](http://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/). To upgrade Windows 10: -> Select the Start button, and then go to Settings > Update & security > Windows Update, and select Check for updates. +``` +Select the Start button, and then go to Settings > Update & security > Windows Update, and select Check for updates. +``` Now is a good time to enable automatic updates: -> Select the "Start" button, then select "Settings" > "Update & security" > "Windows Update" > "Advanced options" and then under "Choose how updates are installed", select "Automatic (recommended)". +``` +Select the "Start" button, then select "Settings" > "Update & security" > "Windows Update" > "Advanced options" +and then under "Choose how updates are installed", select "Automatic (recommended)". +``` If you are running Windows 7 or 8, an update is also available. ## macOS -If you already have macOS version 10.13.2 then you are [protected against -Meltdown] [3]. Otherwise, to upgrade macOS: +If you already have macOS version 10.13.2 then you are [protected against Meltdown](https://support.apple.com/en-us/HT208394). +Otherwise, to upgrade macOS: -> Open the App Store app on your Mac. Click "Updates" in the App Store toolbar, then use the "Update" buttons to download and install any updates listed. +``` +Open the App Store app on your Mac. Click "Updates" in the App Store toolbar, then use the "Update" buttons +to download and install any updates listed. +``` Now is a good time to check enable automatic updates: -> Select the Apple menu, then select "System Preferences" > "App Store" > "Automatically check for updates". +``` +Select the Apple menu, then select "System Preferences" > "App Store" > "Automatically check for updates". +``` Apple plans to soon release an update to Safari browser to provide some mitigation against Spectre. @@ -101,9 +111,9 @@ mitigation against Spectre. ## iOS Apple has said that iOS is affected by Spectre, and an update to mitigate against most of the new attacks has been released. If you have -iOS version 11.2 or later, [then you are good] [3]. +iOS version 11.2 or later, [then you are good](https://support.apple.com/en-us/HT208394). -To check for new updates, go to Settings > General > Software Update. +To check for new updates, go to `Settings > General > Software Update.` ## Android The bad news is that Android is vulnerable to Spectre and unless you @@ -116,8 +126,7 @@ Yeah? There is one thing you can do now to make your Android device more safe against these new CPU attacks: -* Turn on "site isolation" in Chrome: -https://support.google.com/chrome/answer/7623121?hl=en +* Turn on ["site isolation" in Chrome](https://support.google.com/chrome/answer/7623121?hl=en) * Upgrade Chrome Browser after Jan 23. * Alternately, use Firefox for Android. @@ -139,7 +148,3 @@ Open a terminal and type: sudo dnf --refresh update kernel sudo reboot ``` - -[1] [https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/] -[2] [http://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/] -[3] [https://support.apple.com/en-us/HT208394]