Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Meltdown and Spectre in 10 mins

Avatar for Stephen Best Stephen Best
January 11, 2018
Technology
0
160

Meltdown and Spectre in 10 mins

A simplified explanation of how these attacks work along with some advice on staying safe.

Avatar for Stephen Best

Stephen Best

January 11, 2018
Tweet

More Decks by Stephen Best

See All by Stephen Best
Practical dependency injection for Ruby
Avatar for Stephen Best bestie
1
120
Improve your (Ruby) code with dependency injection
Avatar for Stephen Best bestie
6
480
Tastebuds Radio - a rapidly developed Ember.js app
Avatar for Stephen Best bestie
2
640

Other Decks in Technology

See All in Technology
ECS_EKS以外の選択肢_ROSA入門_.pdf
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
0
110
ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素
Avatar for Tech Leverages leveragestech
0
270
Building Serverless AI Memory with Mastra × AWS
Avatar for vvatanabe vvatanabe
0
630
MariaDB Connector/C のcaching_sha2_passwordプラグインの仕様について
Avatar for kubo ayumu boro1234
0
1.1k
2025-12-27 Claude CodeでPRレビュー対応を効率化する@機械学習社会実装勉強会第54回
Avatar for Naka Masato nakamasato
4
1.2k
技術選定、下から見るか?横から見るか?
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
0
110
Cloud WAN MCP Serverから考える新しいネットワーク運用 / 20251228 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
0
110
20251219 OpenIDファウンデーション・ジャパン紹介 / OpenID Foundation Japan Intro
Avatar for OpenID Foundation Japan oidfj
0
520
Claude Skillsの テスト業務での活用事例
Avatar for Sammy(MoritaMasami) moritamasami
1
110
テストセンター受験、オンライン受験、どっちなんだい?
Avatar for Yuuki Yamashita yama3133
0
180
半年で、AIゼロ知識から AI中心開発組織の変革担当に至るまで
Avatar for ryu rfdnxbro
0
150
2025年のデザインシステムとAI 活用を振り返る
Avatar for Tech Leverages leveragestech
0
360

Featured

See All Featured
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
115
94k
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
9
35k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
0
770
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.3k
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
220k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
1.8k
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
0
1.8M
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
130
Scaling GitHub
Avatar for Zach Holman holman
464
140k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
410

Transcript

  1. None

  2. @thebestie // Karnov Group 2018 Coolest thing ever to happen

    to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever

  3. @thebestie // Karnov Group 2018 Allows unprivileged programs to read

    the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure

  4. @thebestie // Karnov Group 2018 More limited in scope Spectre

    More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory

  5. @thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal

    all the information in my browser!

  6. @thebestie // Karnov Group 2018 What’s at risk? Spectre Your

    cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks

  7. @thebestie // Karnov Group 2018 Update your operating system What

    can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out

  8. Cool story. @thebestie // Karnov Group 2018 How does it

    work?

  9. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2

  10. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet

  11. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is where the magic happens

  12. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 This is an array I made earlier, I can read/write

  13. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7

  14. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 But that was illegal An exception was raised State is rolled back

  15. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  16. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  17. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  18. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster

  19. @thebestie // Karnov Group 2018 Repeat 1.048.576 times You now

    have 1 MB of data

  20. @thebestie // Karnov Group 2018