Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Meltdown and Spectre in 10 mins
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Stephen Best
January 11, 2018
Technology
190
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
More Decks by Stephen Best
See All by Stephen Best
Practical dependency injection for Ruby
bestie
1
130
Improve your (Ruby) code with dependency injection
bestie
6
500
Tastebuds Radio - a rapidly developed Ember.js app
bestie
2
650
Other Decks in Technology
See All in Technology
飲食店もAIで。レジ締めやハンディシステムをつくってる話 / Using AI for restaurant management
vtryo
0
190
螺旋型キャリアの生存戦略 / kinoko-conf2026
rakus_dev
1
1k
AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ~
yoshimi0227
0
900
時期が悪い!それでもRaspberry Piを買って遊んで活用するには / 20260627-osc26do-rpi-jikigawarui
akkiesoft
1
850
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
330
2026年6月23日 Syncable Tech + Start Python Club にて
hamukazu
0
150
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」紹介資料
laysakura
2
7.6k
AIチャット検索改善の3週間
kworkdev
PRO
2
190
GitHub Copilot 最新アップデート – 「一歩先」の実践活用術
moulongzhang
5
2k
技術・能力を向上する原理原則 #きのこセッションa #きのこ2026
bash0c7
0
130
アラート調査向けAIエージェントの本番導入とその後/AI Agents for Alert Investigation: Production Deployment and After
taddy_919
1
170
2026 AI Memory Architecture
nagatsu
0
390
Featured
See All Featured
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
210
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.6k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
Designing for humans not robots
tammielis
254
26k
The browser strikes back
jonoalderson
0
1.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
450
Game over? The fight for quality and originality in the time of robots
wayneb77
1
200
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
200
Git: the NoSQL Database
bkeepers
PRO
432
67k
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018