Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Meltdown and Spectre in 10 mins
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Stephen Best
January 11, 2018
Technology
180
0
Share
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
More Decks by Stephen Best
See All by Stephen Best
Practical dependency injection for Ruby
bestie
1
130
Improve your (Ruby) code with dependency injection
bestie
6
500
Tastebuds Radio - a rapidly developed Ember.js app
bestie
2
650
Other Decks in Technology
See All in Technology
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
5
1.8k
データ基盤をDataformで整えた話 〜 開発環境を添えて 〜
takapy
0
110
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development with AI-DLC
yoshidashingo
0
130
Agentic ERPをどう設計するか ー 受発注エージェントを動かす、現場の知見と設計思想ー
recerqainc
1
1.4k
ポスター発表&デモと総括 / Poster Presentations & Demonstrations and Summary
ks91
PRO
0
190
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
shogogg
1
240
[モダンアプリ勉強会]今更聞けないGit/GitHub入門
tsukuboshi
0
240
そのPoC、何を検証したつもりでしたか? AIプロダクトの価値検証で陥った落とし穴
techtekt
PRO
0
140
MIERUNE JCT 発表資料「宇宙から伊能忠敬ごっこ」
syuchimu
0
170
AIプラットフォームを運用し続けるための可観測性
tanimuyk
4
1.1k
「気づいたら仕事が終わっている」バクラクAIエージェント本番運用の裏側 / layerx-bakuraku-aie2026
yuya4
18
9.7k
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
710
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.9k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
530
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Building AI with AI
inesmontani
PRO
1
1k
GraphQLとの向き合い方2022年版
quramy
50
15k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
390
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
22k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
360
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
550
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
280
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
520
How to build a perfect <img>
jonoalderson
1
5.6k
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018
SiteGround - Reliable hosting with speed, security, and support you can count on.
bestie
oracle4engineer
takapy
yoshidashingo
recerqainc
ks91
shogogg
tsukuboshi
techtekt
syuchimu
tanimuyk
yuya4
s27watanabe
reverentgeek
honzajavorek
sonatard
inesmontani
quramy
codingconduct
panda_program
tmiket
portentint
techseoconnect
marktimemedia
jonoalderson
