The Lessons Of Meltdown And Spectre
The discovery of the twin flaws Meltdown and Spectre and the events related to the information leak that followed carry a huge message: we all need to do something to regain control of our digital identity. Blockchain technology is the most compelling option.
A few days back we wrote about the computer chip flaws named Meltdown and Spectre found largely in Intel and AMD products. The discovery of these flaws leaked into public hands leading to a possible public relations mess if not disaster for the worlds largest chip fabricators as well as Microsoft.
The PR Template
The history of public relations has formulated a strategy that calls for the affected company CEO to issue an apology and offer the promise of a quick and reliable solution.
On Monday January 7 Intel CEO Brian Krzanich announced an update all of Intel’s products within a week covering 90% or more with the balance available by month end. This sounds reassuring until you get a closer look. After that everything quickly breaks down.
The updates only cover products introduced in the past five years. What about the rest of the user base? There are uncountable data centers in existence with equipment dating back to 2013 and before. My still totally awesome iMac was build in 2011.Five years is not all that long.
The Meltdown and Sprectre flaws affect every computer, server and mobile devices since the dawn of the digital age. Since there is no known fix for Spectre, we must assume the update only covers Meltdown.
Opening The Door
Krzanich stuck to the company line that the updates would not drastically affect computer performance for the average user. The operative word here is “average user”. But even this claim contradicts Microsoft CEO Satya Nadella who warned their Meltdown fix would result in processing speeds 20%-30% slower than normal.
Before updates and security fixes are in place, bad actors have some valuable time to do their deeds. The Intel release insures that every hacker will have his or her very own guide to both Meltdown and Spectre.
Intel even attached the security researchers released documentation of critical vulnerabilities of Meltdown and Spectre. Only GPS could have been better.
Protecting Your Digital Identity
Just for fun, I opened the Apple Store and into the search window I typed “Passwords”. Immediately I was presented with 10 different categories so I picked “Password Manager”. There were no fewer than 75 apps to hide your passwords.
In addition there is Apples own Keychain and Google Passwords so we are getting closer to 80 in total. Conclusion: if anyone was all that good there would hardly be a need for this many.
Can All 80 Apps Be Wrong?
It didn’t take long to realize the “raison d’ etre” for so many password managers offered nothing to do with superior performance. They just created another layer of usernames and passwords. These days when we forget a password it sets in motion a whole chain reaction that includes changing and manually resetting everything in the password manager.
We have all been through this massively frustrating process that never seems to change. Is our personal data safer with almost 80 password managers to choose from? Obviously not just look at the data breech at Equifax or Target Corp.
The answer as to why nothing has basically changed since the days of the dialup Internet is that the possession and control has shifted from over 315 million Americans and billions more elsewhere to a handful of corporate controllers.
Frequent and well-publicized breeches prove that the controllers of our identity never really protected our privacy. They simply did a good job convincing us they had our backs.
Guarded By The Phantom
This phantom layer of security was breaking down long ago when data storage companies began popping up across the country. But in many cases they kept data spread over several different locations.
This is until the birth of cloud storage when two things changed. The entirety of corporate data could be centralized making it rich bounty for hackers. Then for server efficiency multiple corporate client data was loaded onto a single server. Yum, this is like a Thanksgiving feast.
Weaknesses from centralization of data go beyond cloud storage. Look no further than the security vulnerabilities in Meltdown and Spectre.
If ever there was a good reason for government to protect its citizens, this is one of them. Unfortunately the problem is too big for a mere regulation or two to do the full job.
Using blockchain technology for digital identity holds the power to regain ownership of our data. It has the power to create a new model of online data management. The fact that it frees companies from the liability of data ownership should make for a receptive audience. And of course the cost savings is an added bonus.
The Benefits of Ownership
When the ownership of our digital identity returns to the hands of individuals, you will have the power to decide who has access, under what conditions and for how long. Proponents of this idea believe it creates an incorruptible digital record and can be used for virtually any peer-to-peer transfer of any asset.
Pronouncing anything incorruptible or totally secure is foolish especially given overwhelming evidence to the contrary. Security has always and will always be a comparative state. There are no absolutes. It is true however that the decentralized architecture of blockchains make for much less interesting prey for hackers compared to those big cloud storage facilities.
Featured image courtesy of Shutterstock.