Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Meltdown and Spectre in 10 mins
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Stephen Best
January 11, 2018
Technology
0
170
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
Tweet
Share
More Decks by Stephen Best
See All by Stephen Best
Practical dependency injection for Ruby
bestie
1
120
Improve your (Ruby) code with dependency injection
bestie
6
490
Tastebuds Radio - a rapidly developed Ember.js app
bestie
2
640
Other Decks in Technology
See All in Technology
意志を実装するアーキテクチャモダナイゼーション
nwiizo
3
1.2k
Exadata Fleet Update
oracle4engineer
PRO
0
1.2k
Kubernetes環境周りの責任範囲をいい機会なので考える / Taking the Opportunity to Clarify Kubernetes Responsibilities
kohbis
1
110
技術選定 したい人 したくない人
shirayanagiryuji
0
230
Goで実現する堅牢なアーキテクチャ:DDD、gRPC-connect、そしてAI協調開発の実践
fujidomoe
3
530
意外と知ってそうでしらない、Reserved Instances の世界
mappie_kochi
0
170
フルスタックGoでスコア改ざんを防いだ話
ponyo877
0
480
横断SREがSRE社内留学制度 / Enablingになぜ踏み切ったのか
rvirus0817
0
300
自律型コーディングエージェントでどこまで出来るかやってみる~ Claude Code vs GitHub Copilot(Agent mode) ~ / How Far Can Autonomous Coding Agents Go? ~Claude Code vs GitHub Copilot (Agent Mode)~
jnymyk
0
160
生成AIの研究活用_AILab2025研修
cyberagentdevelopers
PRO
11
5.6k
なぜAIは チーム開発を 速くしないのか
tan_go238
8
3.2k
AITuberKit+Bedrock AgentCoreで作る 3Dキャラクターエージェント
yokomachi
2
1.4k
Featured
See All Featured
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
73
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2k
Tell your own story through comics
letsgokoyo
1
820
Docker and Python
trallard
47
3.7k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
180
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.7k
Are puppies a ranking factor?
jonoalderson
1
3k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.3k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
120
The browser strikes back
jonoalderson
0
720
Designing Powerful Visuals for Engaging Learning
tmiket
0
250
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
62
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018
bestie
nwiizo
oracle4engineer
kohbis
shirayanagiryuji
fujidomoe
mappie_kochi
ponyo877
rvirus0817
jnymyk
cyberagentdevelopers
tan_go238
yokomachi
davidcarrasco
inesmontani
letsgokoyo
trallard
frankvandijk
jnunemaker
jonoalderson
tammyeverts
mkilby
tmiket
akademiya2063
