Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Meltdown and Spectre in 10 mins

Avatar for Stephen Best Stephen Best
January 11, 2018
Technology
0
140

Meltdown and Spectre in 10 mins

A simplified explanation of how these attacks work along with some advice on staying safe.

Avatar for Stephen Best

Stephen Best

January 11, 2018
Tweet

More Decks by Stephen Best

See All by Stephen Best
Practical dependency injection for Ruby
Avatar for Stephen Best bestie
1
97
Improve your (Ruby) code with dependency injection
Avatar for Stephen Best bestie
6
460
Tastebuds Radio - a rapidly developed Ember.js app
Avatar for Stephen Best bestie
2
630

Other Decks in Technology

See All in Technology
2025新卒研修・HTML/CSS #弁護士ドットコム
Avatar for 弁護士ドットコム bengo4com
3
13k
AIエージェントを現場で使う / 2025.08.07 著者陣に聞く!現場で活用するためのAIエージェント実践入門(Findyランチセッション)
Avatar for Shumpei Miyawaki smiyawaki0820
6
1.1k
生成AIによるデータサイエンスの変革
Avatar for Takaaki Yayoi taka_aki
0
3k
生成AIによるソフトウェア開発の収束地点 - Hack Fes 2025
Avatar for vaaaaanquish vaaaaanquish
29
13k
Google Agentspaceを実際に導入した効果と今後の展望
Avatar for MIXI ENGINEERS mixi_engineers
PRO
3
700
Amazon Q と『音楽』-ゲーム音楽もAmazonQで作成してみた感想-
Avatar for いのうえ senseofunity129
0
140
ZOZOTOWNの大規模マーケティングメール配信を支えるアーキテクチャ
Avatar for ZOZO Developers zozotech
PRO
0
330
AI関数が早くなったので試してみよう
Avatar for kumakura koki kumakura
0
290
相互運用可能な学修歴クレデンシャルに向けた標準技術と国際動向
Avatar for Naohiro Fujie fujie
0
250
開発 × 生成AI × コミュニケーション:GENDAの開発現場で感じたコミュニケーションの変化 / GENDA Tech Talk #1
Avatar for GENDA genda
0
220
Nx × AI によるモノレポ活用 〜コードジェネレーター編〜
Avatar for puku0x puku0x
0
570
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
Avatar for BrainPad brainpadpr
2
480

Featured

See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
8
450
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
880
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
56
5.8k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
33
8.8k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.7k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.3k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
36
2.5k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
278
23k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.4k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
46
7.6k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.2k

Transcript

  1. None

  2. @thebestie // Karnov Group 2018 Coolest thing ever to happen

    to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever

  3. @thebestie // Karnov Group 2018 Allows unprivileged programs to read

    the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure

  4. @thebestie // Karnov Group 2018 More limited in scope Spectre

    More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory

  5. @thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal

    all the information in my browser!

  6. @thebestie // Karnov Group 2018 What’s at risk? Spectre Your

    cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks

  7. @thebestie // Karnov Group 2018 Update your operating system What

    can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out

  8. Cool story. @thebestie // Karnov Group 2018 How does it

    work?

  9. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2

  10. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet

  11. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is where the magic happens

  12. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 This is an array I made earlier, I can read/write

  13. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7

  14. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 But that was illegal An exception was raised State is rolled back

  15. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  16. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  17. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  18. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster

  19. @thebestie // Karnov Group 2018 Repeat 1.048.576 times You now

    have 1 MB of data

  20. @thebestie // Karnov Group 2018