As you may have heard, most computers, mobile devices, and servers are affected by a serious exploit called Meltdown/Spectre that went public on Jan 3, 2018.
What is Meltdown/Spectre?
"Meltdown and Spectre get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." - Graz University of Technology
Am I affected?
Most certainly, yes. While Meltdown is more severe and specific to Intel processors; Spectre affects almost every modern processor. Intel, AMD, ARM, Microsoft and Apple have all confirmed their devices are affected.
What You Can Do
Keep up to date with software updates for your operating system and applications. Most providers have immediate hotfixes and longer term fixes upcoming. Follow best practices by running only trustworthy applications and visiting trustworthy websites. Change your passwords regularly, especially this month.
What We've Done and Plan To Do
Blueprint's local devices and third party hosting providers are also affected. In addition to following our own recommendations, we are in contact with our hosting providers so the issue is resolved in a timely manner. Our servers may require downtime for emergency maintenance with no notice. In the upcoming days, we are on high alert and will also regularly monitor our servers for any suspicious activity.
Jan 8 Update: We've contacted our hosting providers and any available hotfixes have been applied. There was an emergency reboot of servers to apply hotfixes on Fri Jan 5 around 10pm MST. As longer term fixes are still upcoming, we will remain on high alert and are monitoring servers regularly.
Jan 11 Update: Our main hosting provider has informed us that at least two separate upcoming maintenance windows will be required to fully mitigate the Meltdown/Spectre vulnerabilities. Due to the severity, our hosting provider will assign windows to us with short notice and cannot be changed. If these windows fall under regular hours of 8am-8pm, we will inform those affected immediately. Until the issue is resolved, we will remain on high alert and are continuing to monitor the situation.
Jan 22 Update: At this time, we have applied all available updates to mitigate Meltdown/Spectre for both our local and third party infrastructure. Our daily monitoring has also confirmed there has been no unauthorized access to our servers. This concludes our regular emails until further actions become available; it is our understanding that there will be related software updates in future. We strongly urge everyone to keep your software updated and change your passwords regularly.
April 20 Update: Additional updates are now available and we are applying them shortly. Blueprint and our server providers will be completing these updates within the next three weeks. We will be following up with exact times via email.