Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Meltdown and Spectre in 10 mins
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Stephen Best
January 11, 2018
Technology
190
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
More Decks by Stephen Best
See All by Stephen Best
Practical dependency injection for Ruby
bestie
1
130
Improve your (Ruby) code with dependency injection
bestie
6
500
Tastebuds Radio - a rapidly developed Ember.js app
bestie
2
650
Other Decks in Technology
See All in Technology
螺旋型キャリアの生存戦略 / kinoko-conf2026
rakus_dev
1
1k
AWS Security Hub CSPMの成功・失敗体験
cmusudakeisuke
0
560
AIチャット検索改善の3週間
kworkdev
PRO
2
190
【FinOps】データドリブンな意思決定を目指して
z63d
2
390
サイバーエージェントにおけるAI推進戦略と変革への取り組み
shotatsuge
0
570
スタートアップにAmazon EKSは早すぎる? マルチプロダクト戦略を加速する Platform Engineeringの実践 / Is Amazon EKS Too Soon for Startups? Practical Platform Engineering to Accelerate a Multi-Product Strategy
elmodev09
1
1.8k
Lightning近況報告
kozy4324
0
220
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」紹介資料
laysakura
2
7.6k
Oracle Cloud Infrastructure:2026年6月度サービス・アップデート
oracle4engineer
PRO
0
340
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
130
【2026年版】 ベクトル検索とEmbedding最前線
mocobeta
24
7.6k
2026-06-24_人とAIの責務分離に基づく開発プロセスの提案.pdf
takahiromatsui
0
190
Featured
See All Featured
Ethics towards AI in product and experience design
skipperchong
2
310
The Cult of Friendly URLs
andyhume
79
6.9k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
The agentic SEO stack - context over prompts
schlessera
0
820
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.7k
Crafting Experiences
bethany
1
190
Documentation Writing (for coders)
carmenintech
77
5.4k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
Optimising Largest Contentful Paint
csswizardry
37
3.7k
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018