Members of the Colgate Community,
You may have seen recent news reports about security flaws recently discovered in the microprocessors of computers, tablets and other digital devices. Typically when we hear about security flaws they’re software based. A simple update often fixes everything. This security flaw is unique in that it’s “hard wired” into devices, so the “fix” is more complex. Software updates will go a long way, but the real repair will come over months and years as manufacturers like Intel, Apple, Dell and HP replace their hardware.
With all the media coverage, we wanted to make sure you were aware of how we’re handling the issue at Colgate. We’re writing to provide this information along with some suggestions that may be helpful as you seek to secure your personally owned devices.
On University-Owned Computers
These vulnerabilities can affect personal computers, mobile devices, and cloud services. Colgate ITS is applying software updates to university-owned devices as the updates become available. In virtually every case the updates will be applied automatically.
If you have a university-owned computer that’s been at rest for a while, we would ask that you turn it on and allow a day or two for the university’s update servers to send software updates.
Does This Impact Servers Here? What About in the Cloud?
It does. In fact just about every modern device is hard wired with this newly discovered vulnerability. Our service providers, such as Google, have already begun to apply their security updates to mitigate these risks and ensure our data remains secure.
ITS is in the process of updating our on-campus servers to guard against these hardware-based vulnerabilities as updates become available. However hardware and software manufacturers are still developing security updates, which can take some time. Occasionally applying a software update will require a brief service outage. We’ll keep you posted on any scheduled outages and coordinate with users in advance to minimize inconvenience.
What About My Home Computer?
The best thing you can do is make sure you’re keeping up to date on security updates issued by the maker of your devices (HP, Dell, Lenovo, Apple, etc.) and your operating system (for most, by using Windows update or Apple Software Update).
In addition, all of the usual security suggestions apply. Avoid using the same password on multiple services, and stick to secure websites (look for https:// and the lock symbol at the top of your web browser)
For More Information – The Flaw in Layperson’s Terms
The vulnerabilities have been referred to by the security community as “Meltdown” and “Spectre.” What we write here refers specifically to these vulnerabilities, but also applies broadly to any security flaw that is “hardware-based” or hard-wired into a device.
Computers can do many tasks simultaneously. Normally a computer does a good job of keeping the data being used by one program, for example a document in a word processor, isolated from the data in another program, for example a table in a spreadsheet. These sorts of vulnerabilities enable programs to breach that barrier. Normally that’s not an issue; most software doesn’t try to breach the barrier. However, if your computer or device is using software that, unbeknownst to you, tries to break the barrier, it’s possible that the software could capture sensitive information.
As we discover new and pertinent information we will post it on the ITS blog. Should you have any questions regarding these updates, please don’t hesitate to contact the ITS Service Desk at 315-228-7111 or itshelp@colgate.edu.
Regards,
Ahmad
