It seems like not a month goes by without another code vulnerability being discovered. One only hopes that the people who find the vulnerabilities are good guys. This time it is an L1 Terminal Fault (L1TF) in the Intel chip that it used by web hosts running virtual machines. That includes Digital Ocean, the web host that we use.
The vulnerability exposes data to anyone running on the same processor core as another domain’s data. It’s like one tenant in an apartment block being able to look in on the next apartment.
Thankfully, Intel has learned from its earlier mistake of keep its problems to itself. Instead, it shared information about the problem with web hosts and that means that Digital Ocean has already started working on a fix.
They say that it’s going to take a few weeks to complete the work, but they do not anticipate any downtime for their users (Quillcards, in our case) as a result of their efforts to fix the problem.
What I do expect is that they will share any information about anyone who actually has used the vulnerability to look where they shouldn’t.