Latest Intel CPU security flaw – what to do about it

In the past few days news has come out that a major flaw inside every computing chip (CPUs or Central Processing Unit) produced by Intel since 2011 contains a major security flaw that would allow hackers to gain access to even the most security-essential data inside your machine (eg; passwords and security certificates you probably don’t even know about, even less think about) without leaving a trace.

The article at https://lifehacker.com/how-to-protect-your-pc-right-now-from-intels-latest-vul-1834779884 explains the flaw and how to avoid falling victim to it – actually just upgrade your devices as every OS supplier has already “fixed” the vulnerability in code. The article provides instructions how to upgrade all the “mainstream” operating systems (the author obviously finds Linux too baffling). As ever, the article includes links that will eventually lead you back to the PR release issued by Intel that in usual fashion confesses their sins.

To anyone running Linux – good news: Linux was updated long before this flaw became public knowledge but just to be safe and sure that you are up-to-date, open a terminal window or command line and enter the command depending on your distribution:

For Debian based versions (eg; Ubuntu, Mint …)

sudo apt update && sudo apt upgrade

then press [Enter] and enter your usual login password when prompted.

For older RHEL (Redhat) based versions (eg; RHEL, Centos less than v7)

sudo yum -y update

then enter the root password when asked – which will ensure everything is up-to-date without further prompting. Wait until the process is finished (command prompt reappears). All is now well.

For newer RHEL (Redhat) based versions (eg; RHEL 7, Centos 7, Fedora)

sudo dnf -y update

then enter the root password when asked – which will ensure everything is up-to-date without further prompting. Wait until the process is finished (command prompt reappears). All is now well.

On all the RHEL based releases if you are unsure of the operating system version in use no harm will come from trying the yum or dnf commands – either the correct command will be automatically substituted or you will get a command not found message – so just use the other version.

Important reminder

To everyone – as ever, don’t click links in emails (even from people you know) unless you know the links destination is somewhere safe – note that I never send a link like this but always like this (https://www.google.co.uk) because the first form obfuscates the link destination (hint: hovering a mouse over it should reveal the link URL in a proper email client but good luck trying to reveal where it leads if using a mobile phone or tablet) – while the second form displays a link in plain sight. If in doubt (you probably shouldn’t use the ink anyway but if you feel you must – eg; the link is in an email purportedly from your bank and you want to check all is well) either load the desired page by typing the normal, known home page URL into your browser and finding the supposed link page or copy the displayed text … not the link and paste that into your browser to see if the page exists on the real site.

BUT the basic remains true DO NOT CLICK any link unless you can trust the source 100% – because I can present a link like this https://www.google.co.uk which actually takes you somewhere entirely different (don’t worry – my example is safe – I have no ill intents on your computer or data – but ask yourself every time you see a link from someone who might not be so benevolent – especially if it looks oh so enticing).

Stay safe out there, people!