Spectre and Meltdown: I'll explain like you're 5 (This is Important~!)

in #hacking7 years ago

Stop everything you are doing you fool and listen! Shush! This is the most important security tip you're going to get for a while and if you're a hapless noob or a seasoned investor, this is your equalizer.

Okay let's cut right to the chase: Every computer on Earth is for the moment unfixable and wide open to attack! OS won't save you. Encryption won't save you. Any password or private key you saved in some file can be viewed if it passes through your data stream. That core part of the CPU, the kernel, that stuff ain't encrypted! Its like the core of the Death Star and somebody just found a way to hit your exhaust port.

Huh? Y2K time? Maybe...

Okay don't panic! Let's back up.

Rewinding to months and months ago! Someone discovered a way to hack the protective barrier around the core processor of every major brand, Intel, AMD, you name it, going back to maybe 1995! Then some schmuck reporter leaked this critical info before they were done fixing it. Ugh! So... If you don't have a way to store all your stuff on a ledger / trezor, what do you do?

OPTION 1: Downgrade. Put all your private keys on a really old computer with an old ass motherboard, offline, we're talking floppies. Then, shred the old data.

OPTION 2: Have your private keys and seeds written down, etched in clay, something old school. Then, shred the old data.

OPTION 3: Just don't look at them. What? Yeah, just don't fucking look at them! Don't type in a password that opens a wallet or your cloud data or anything. Just don't put that input through your memory or a data stream. Don't do a search. Don't do jack. Don't let your computer touch itself. Total private key abstinence! DMZ. Keep off the grass!

OPTION 4: Mess up your data. Come up with a manual encryption method. For example: 1 becomes ! and e becomes ê. Something, anything, to keep automated copy-pasta bots from hackin' your smack! This is probably a lot of work, but honestly, probably the safest and most non-intrusive approach you could take. Obviously, don't make it THIS easy to figure out. But you know, not so complex you forget it yourself.

For more details about the technical nitty gritty just Google this. Its going to affect EVERYONE. It might get really bad. Hide yo kids, hide yo wife, hide yo passwords.