Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Meltdown and Spectre in 10 mins

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Stephen Best Stephen Best
January 11, 2018
Technology
170
0

Meltdown and Spectre in 10 mins

A simplified explanation of how these attacks work along with some advice on staying safe.

Avatar for Stephen Best

Stephen Best

January 11, 2018

More Decks by Stephen Best

See All by Stephen Best
Practical dependency injection for Ruby
Avatar for Stephen Best bestie
1
130
Improve your (Ruby) code with dependency injection
Avatar for Stephen Best bestie
6
490
Tastebuds Radio - a rapidly developed Ember.js app
Avatar for Stephen Best bestie
2
650

Other Decks in Technology

See All in Technology
BFCacheを活用して無限スクロールのUX を改善した話
Avatar for Ryuya Yanagi apple_yagi
0
140
Tour of Agent Protocols: MCP, A2A, AG-UI, A2UI with ADK
Avatar for Mete Atamel meteatamel
0
170
Oracle Cloud Infrastructure:2026年3月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
0
270
パワポ作るマンをMCP Apps化してみた
Avatar for iwamot iwamot
PRO
0
260
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
4
1.3k
「できない」のアウトプット 同人誌『精神を壊してからの』シリーズ出版を 通して得られたこと
Avatar for comi comi190327
3
490
OpenClawでPM業務を自動化
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
2
360
Navigation APIと見るSvelteKitのWeb標準志向
Avatar for Okuto Oyama yamanoku
2
140
FlutterでPiP再生を実装した話
Avatar for 白井翔大 s9a17
0
240
Babylon.js を使って試した色々な内容 / Various things I tried using Babylon.js / Babylon.js 勉強会 vol.5
Avatar for you(@youtoy) you
PRO
0
130
CloudFrontのHost Header転送設定でパケットの中身はどう変わるのか?
Avatar for nagisa_53 nagisa53
1
230
非同期・イベント駆動処理の分散トレーシングの繋げ方
Avatar for Ken ichikawaken
1
250

Featured

See All Featured
Mind Mapping
Avatar for Hélio Medeiros helmedeiros
PRO
1
140
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.6k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
199
73k
Scaling GitHub
Avatar for Zach Holman holman
464
140k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.6k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
260
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.8k
Visualization
Avatar for Eitan Lees eitanlees
150
17k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
300
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.8k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
150

Transcript

  1. None

  2. @thebestie // Karnov Group 2018 Coolest thing ever to happen

    to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever

  3. @thebestie // Karnov Group 2018 Allows unprivileged programs to read

    the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure

  4. @thebestie // Karnov Group 2018 More limited in scope Spectre

    More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory

  5. @thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal

    all the information in my browser!

  6. @thebestie // Karnov Group 2018 What’s at risk? Spectre Your

    cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks

  7. @thebestie // Karnov Group 2018 Update your operating system What

    can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out

  8. Cool story. @thebestie // Karnov Group 2018 How does it

    work?

  9. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2

  10. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet

  11. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is where the magic happens

  12. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 This is an array I made earlier, I can read/write

  13. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7

  14. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 But that was illegal An exception was raised State is rolled back

  15. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  16. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  17. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  18. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster

  19. @thebestie // Karnov Group 2018 Repeat 1.048.576 times You now

    have 1 MB of data

  20. @thebestie // Karnov Group 2018