Meltdown and Spectre, and Moodle…Meltdown and Spectre are the names of two serious security flaws that have recently been found within computer processors. They could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995.
Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected. Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.
So how might this affect Moodle?
Well, it affects Moodle in the same way as any other server application. The most obvious security risk being that usernames and passwords could (in theory) be stolen. However, as Intel announced, there is no evidence of anyone exploiting this security issue so far.
But the important thing is that it reminds us how vitally important it is that Moodle administrators keep their servers up to date.
In a world where anyone can freely download and install Moodle, and run a server, there are many Moodle administrators that are ‘keen enthusiasts’ but who do not have a deep server admin background, for whom server security is a black art. These are the people and sites most at risk.