After the “Meltdown,” How Can You Protect Your Database?

What Data Scientists should know about Meltdown and Spectre viruses and how to protect the potentially affected databases. The most important thing is to prevent outside parties from executing local Javascript code on your machine.

By Julia Cook, iDatalabs.

Meltdown Virus

As a data scientist, you might be responsible not just for solving problems with data, but for the security of that data—especially in smaller organizations.  You’ve likely watched with dread as Google researchers at Project Zero unveiled a series of kernel flaws that affect all Intel systems, and laid out two potential attacks on those flaws: “Meltdown,” and “Spectre.”  You’re not alone.  In the fallout since Wednesday three class-action lawsuits have been filed against Intel, and their stock has posted an $11 billion loss.  This is a problem, over twenty years in the making, that will affect individuals and their companies unless proper measures are put in place.

Wired outlined the implications of Meltdown and Spectre on Wednesday, and here you’ll find a list of the systems affected.  Predictably, machines uploading work to the cloud pose a higher risk, as server information can come flooding from that crack—where privileged and basic security permissions were once separate, they’re now mixed in the deluge.  And our old friend memory cache can collect them for hackers’ use.

So if you haven’t already, make sure site isolation is turned on in your browser.
Here are the instructions for:

Luckily, Microsoft and Apple have already issued a patch for their machines to plug the proverbial crack in the wall, but be sure to enable auto-updates on your PC, and even your phone.  This may slow down your PC, but don’t fret.  A report published by TechSpot Thursday detailed the true loss of performance in the online gaming sphere—the results were mostly negligible, with 7-zip compression and decompression unaffected, but 4K read performance was indeed slower.  Now that we’ve all had a deep breath, let’s examine what this means for your database, whether it’s mostly Kaggle competitions or your whole department’s CRM.

What can be done at the cloud and server level? 

Google and Amazon have already claimed that their products are largely unaffected, already patched, or required just a little additional action from the user.  This is a problem over twenty years in the making, they say, and they’re not wrong.  Since the Microsoft patch extends to Windows 10 (a patch for older systems will be available Tuesday, they say.) plus 11.2, 10.13.2 and tvOS 11.2 for Apple, it’s best to transfer privileged data to an external hard drive, clear your cache, make sure you’re not running any third party antivirus software, and update your PC.  The most important thing, should you attempt to tackle the problem yourself, is to prevent outside parties from executing local Javascript code on your machine.  Now may be a good time to test the password randomizer you’ve been working on.

Bio: Julia Cook is a Marketing Manager at iDatalabs.