Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Meltdown and Spectre in 10 mins
Search
Stephen Best
January 11, 2018
Technology
0
110
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
Tweet
Share
More Decks by Stephen Best
See All by Stephen Best
Practical dependency injection for Ruby
bestie
1
86
Improve your (Ruby) code with dependency injection
bestie
6
430
Tastebuds Radio - a rapidly developed Ember.js app
bestie
2
590
Other Decks in Technology
See All in Technology
国土交通省 データコンペ参加者向け勉強会
takehikohashimoto
0
400
Spring Frameworkの新標準!? ~ RestClientとHTTPインターフェース入門 ~
ogiwarat
2
260
Microsoft Fabric OneLake の実体について
ryomaru0825
0
190
フロントエンド メタフレームワーク 選定の際に考えたこと
yuppeeng
0
590
20241108_CS_LLMMT
shigashiyama
0
250
What to do after `laravel new`
mattstauffer
0
140
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
170
組み込みLinuxの時系列
puhitaku
4
1k
SREの組織類型に応じた リーダシップの考察
kenta_hi
PRO
1
620
地理情報データをデータベースに格納しよう~ GPUを活用した爆速データベース PG-Stromの紹介 ~
sakaik
1
110
データの信頼性を支える仕組みと技術
chanyou0311
6
1.6k
福岡新卒エンジニアの会
teba_eleven
1
190
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
The Language of Interfaces
destraynor
154
24k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
It's Worth the Effort
3n
183
27k
Designing for Performance
lara
604
68k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.2k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
820
The World Runs on Bad Software
bkeepers
PRO
65
11k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018