Save 37% off PRO during our
Black Friday Sale! »
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Meltdown and Spectre in 10 mins
Stephen Best
January 11, 2018
Technology
0
90
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
Tweet
Share
More Decks by Stephen Best
See All by Stephen Best
bestie
1
54
bestie
6
410
bestie
2
380
Other Decks in Technology
See All in Technology
timeseriesfr
0
160
karabish
0
250
koike91
0
380
kavisha
0
230
chisaton
0
210
tohae
1
190
yamanoku
3
640
tsubasa_umeuchi
2
600
eller86
2
860
ritou
1
200
meow_noisy
0
290
sadashi
1
330
Featured
See All Featured
matthewcrist
73
7.7k
kneath
224
15k
jensimmons
210
11k
speakerdeck
PRO
2
470
bryan
35
3.9k
myddelton
110
11k
chrisshort
6
28k
chriscoyier
147
20k
dougneiner
123
8.3k
philnash
23
1.2k
davidbonilla
75
3.8k
soudai
21
10k
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018
bestie
timeseriesfr
karabish
koike91
kavisha
chisaton
tohae
yamanoku
tsubasa_umeuchi
eller86
ritou
meow_noisy
sadashi
matthewcrist
kneath
jensimmons
speakerdeck
bryan
myddelton
chrisshort
chriscoyier
dougneiner
philnash
davidbonilla
soudai
