Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Meltdown and Spectre in 10 mins
Search
Stephen Best
January 11, 2018
Technology
0
110
Meltdown and Spectre in 10 mins
A simplified explanation of how these attacks work along with some advice on staying safe.
Stephen Best
January 11, 2018
Tweet
Share
More Decks by Stephen Best
See All by Stephen Best
Practical dependency injection for Ruby
bestie
1
79
Improve your (Ruby) code with dependency injection
bestie
6
430
Tastebuds Radio - a rapidly developed Ember.js app
bestie
2
550
Other Decks in Technology
See All in Technology
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
0
200
AWS パートナー企業でテクニカルサポートに従事して2年経ったので思うところをまとめてみた
kazzpapa3
3
1.3k
シン・Kafka / shin-kafka
oracle4engineer
PRO
6
2.7k
社内勉強会運営のコツ
senoo
6
1.1k
【SORACOM UG】(2024年度版) SIMってなんだ? ~セルラー通信がつながる仕組み、解説します~
soracom
PRO
0
220
強みを伸ばすキャリアデザイン
yug1224
0
200
〜小さく始めて大きく育てる〜データ分析基盤の開発から活用まで
kniino
0
2k
「共通基盤」を超えよ! 今、Platform Engineeringに取り組むべき理由
jacopen
25
5.7k
OpenTelemetry を使ったトレースエグザンプラーの活用 / otel-trace-exemplar
k6s4i53rx
2
630
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
3
1.8k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs (QCon London)
inesmontani
PRO
0
150
Tebiki株式会社 エンジニア採用資料
tebiki
0
4.1k
Featured
See All Featured
Faster Mobile Websites
deanohume
296
30k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
Happy Clients
brianwarren
91
6.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
Building Applications with DynamoDB
mza
88
5.6k
YesSQL, Process and Tooling at Scale
rocio
162
13k
Code Reviewing Like a Champion
maltzj
513
39k
Writing Fast Ruby
sferik
619
60k
VelocityConf: Rendering Performance Case Studies
addyosmani
319
23k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
153
14k
Designing for humans not robots
tammielis
247
25k
RailsConf 2023
tenderlove
1
530
Transcript
None
@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever
@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure
@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory
@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!
@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks
@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out
Cool story. @thebestie // Karnov Group 2018 How does it
work?
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet
1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is where the magic happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 But that was illegal An exception was raised State is rolled back
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 Something was left over . . . When iterating something strange happens
@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster
@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data
@thebestie // Karnov Group 2018