The Mother of All Exploits Just Hit - Advice to Keep your wallets safe and cold!
Huge security implications for many systems
You may have noticed that your machine has been installing lots of updates recently (or if it hasn't - then I really encourage you to do a reset!)
This is because news of Spectre and Meltdown , pernicious and unseen exploits which affect Intel, AMD and ARM chips and could allow hackers access to your machine. As I understand it can read anything in the memory, so about as bad as it gets. A single open untrusted browser window could listen to your typing, for example.
Meltdown is Intel specific , but Spectre affects almost all modern CPUS. I find it interesting that in the bug world, the cooler the name, the worse the bug! Patches have been released, but annoyingly, these could lower performance slightly. AMD powered systems are likely not affected as badly, as they have submitted a kernel patch to bypass the mitigation patch for their CPUs.
The upshot of all this is you need to be very careful for the next few weeks about what you download, and also even browse on Javascript enabled sites. It should go without saying but encrypt every digital file that contains seeds/mnemonics/passwords etc. Try to set up 2 Factor Authorisation (2fa) wherever possible, and especially on exchanges.
Despite cryptocurrencies marching us into a brave new future of magical internet money, decentralised by its very nature, we have to remember that ultimately you are responsible for the safety of your coins. The best safest way to protect your investment is still a cold wallet: pen and (laminated) paper, stamped metal, tattoos on the necks of your infant children, are some of the safest ways to keep your seeds. It looks like hardware wallets like Ledger and Trezor are likely not affected (as much?) as low power processors in general don't have out of order designs and use separate secure processors.
Ultimately, however, we have to remember that these exploits are no doubt intended for something much bigger than attacking individual users. For example, why steal an individual login when you can compromise the exchange itself. Think of all the targets that are higher up on a hackers list than speculative fishing on individual machines, and even the entire crypto scene.
One thing is sure, the Digital Security staff of every large organisations are having a very busy end to their week!
Could someone borrow me their baby for tattooing as I don’t have my own? Also, what does one do if the baby is really fast and runs away when you need the password?
I could lend you one but she's very accident prone and quite speedy for a toddler.
You'd do better getting a dog or cat, strategically shaving it, then the fur would quickly grow back to cover the tattoo and no-one would be any the wiser...
So informative and scary in the same way, thanks for sharing. Now i am using 2fa on all my exchanges
cheers @sroka87
Nice post sroka
Sounds scary, but I would be surprised if I wasn’t scared.
That’s why I use my pc for addresses I only know.
Resteemed!