Smith College Technology And Resource Adviser
Smith College Admission Academics Student Life About Smith news Offices
  Home > Offices > Information Technology Services > TARA > TARA > Welcome  
   Reset Password     Smith Directory    Smith Portal   Server Status  Smith Software
 
       
 


Accounts &
Passwords

Computers &
Mobile Devices

Google Apps

Moodle

Network Storage

Network & WiFi

Printing

Security

Smith Portal

Software

Telephones

Training

Web Development

25Live Scheduling
 

SPECTRE AND MELTDOWN VULNERABILITIES

ITS will continue to review the developing threat and work with our vendors and IT support staff to address the risks.

What happened?

A vulnerability has been discovered in most modern processors found in desktops, laptops, servers, phones and tablets. They have optimizations that let them preload bits of data associated with data currently in use. While this speeds up the processing, security researchers discovered that this preloaded data can be accessed by malicious code. 

What is the Risk?

Spectre and Meltdown are two methods of peeking at a processor's preloaded data. In short, if an attacker is able to run code on a device, they can use these exploits to read data they wouldn't ordinarily be able to see, including passwords or security certificates.

What is Smith Doing?

The risks and response options related to these vulnerabilities is evolving constantly.  This overview describes in part what ITS is doing in response to these risks.

Client systems:  we are monitoring for patches to major computer and client systems: Windows, Mac, iOS, Android;   and reviewing and testing for potential incompatibilities with common or Smith supported applications and supported services.

Smith Data Center / Central IT:   as security updates are released by vendors and 3rd party support providers that pertain to Smith’s central servers and core infrastructure, they are tested and applied on a rolling basis to ensure that we maintain both service availability as well as system security.   These are standard procedures in place for security updates and identified vulnerability response processes.

Smith network:   similar to the process for data center systems, appropriate network related updates will be reviewed and applied.

Additional security controls:   there is a continuing effort by both product vendors and the information security community to provide ways to identify and block active exploits from achieving their goals.  As these monitoring and blocking resources become available, they will be implemented by ITS staff to help reduce the risks associated with these vulnerabilities to Smith IT services and the Smith community. 

 

What can You Do?

Apply updates as they become available on your devices. Operating system and software updates are being developed and released to address these issues. Do not put them off, install the latest updates and patches as soon as possible.

*If you use third-party antivirus software on Windows, make sure to keep that up to date as well. Out-of-date antiviurs software could interfere with Windows patches.

Learn More

Spectre and Meltdown website

For additional information, please contact infosecurity@smith.edu

Seelye Hall B8 | Northampton, MA 01063 | 413.585.4487
Questions or comments? Send us an email

Copyright © 2015 Smith College Information Technology Services  |  Last updated January 10, 2018
DirectoryCalendarCampus MapVirtual TourContact UsSite A-Z