Recently we've had customers enquire about our operational security and how we safeguard customer data. Sharing with you our GDPR compliance earlier this month answered some of the questions about how we store and process data while respecting data privacy laws.

But another question raised has been if and how we are affected by the Meltdown and Spectre vulnerabilities. As a website that accepts sensitive customer information including login credentials, payment information and ip address data there is potential for user information to be read from our various servers operating memory if we used shared computing resources that haven't been patched against Meltdown and Spectre.

Whilst the computer processors we use are affected by these bugs (as are all modern processors to some degree) our infrastructure as a whole is not affected as we do not use shared computing resources and have never done so for our cluster architecture. We have only ever used shared resources for honeypots which have never and will never contain customer information or any other potentially sensitive information.

As part of our GDPR compliance we are bound to continuously evaluate potential threats to our infrastructure. So as soon as the Meltdown and Spectre news broke we read all of the information available starting with the linux kernel patches and comments from AMD right through to the disclosures from the researchers who discovered the processor flaws, Google's announcement and Intel's press release.

We came to the conclusion almost immediately that our infrastructure was not in danger due to our use of bare metal servers that we either purchased, built and deployed ourselves or rent from major data centers. Due to the way the attacks work you would need to be running malicious code from an attacker on your server or be sharing a physical server with an adversary.

So to sum up, we were aware of Meltdown and Spectre on the very first day the news broke and we did a risk assessment immediately at that time and determined we were not affected due to decisions made during our infrastructure building.

Thanks for reading and have a great weekend.