Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Meltdown and Spectre in 10 mins

Avatar for Stephen Best Stephen Best
January 11, 2018
Technology
0
150

Meltdown and Spectre in 10 mins

A simplified explanation of how these attacks work along with some advice on staying safe.

Avatar for Stephen Best

Stephen Best

January 11, 2018
Tweet

More Decks by Stephen Best

See All by Stephen Best
Practical dependency injection for Ruby
Avatar for Stephen Best bestie
1
100
Improve your (Ruby) code with dependency injection
Avatar for Stephen Best bestie
6
460
Tastebuds Radio - a rapidly developed Ember.js app
Avatar for Stephen Best bestie
2
630

Other Decks in Technology

See All in Technology
そのJavaScript、V8が泣いてます。V8の気持ちを理解して書くパフォーマンス最適化
Avatar for Riya Amemiya riyaamemiya
17
6.3k
CTFのためのKubernetes入門
Avatar for Kyohei Mizumoto kyohmizu
2
720
#普通の文系サラリーマンチャレンジ  自分でアプリ開発と電子工作を続けたら人生が変わった
Avatar for tatsuya1970 tatsuya1970
0
340
金融サービスの成長を支える
“本人確認フロー” の改善と取り巻く環境の変化 / iOSDC Japan 2025
Avatar for nakamuuu nakamuuu
1
120
RailsのPostgreSQL 18対応
Avatar for Yasuo Honda yahonda
0
540
Goのビルドシステムの変遷 / The history of Go's build system
Avatar for ymotongpoo ymotongpoo
12
2.3k
Rust In Python
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
3
330
施策が均質化する採用市場で何を捨て 何を大事にしていくかを考える
Avatar for akyun akyun
0
200
DEFCON CHV CTF 2025 Write-up
Avatar for bata_24 bata_24
0
150
非同期処理実行基盤 Delayed脱出 → Solid Queue完全移行への旅路。
Avatar for Shohei Kobayashi srockstyle
1
400
爆速でプロダクトをリリースしようと思ったらマイクロフロントエンドを選んでいた
Avatar for KAKEHASHI kakehashi
PRO
4
1.1k
テストコードすら書けなかったレガシーアプリがAIと上手に協働できるようになるまでの軌跡
Avatar for ディップ株式会社 dip_tech
PRO
0
250

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
368
20k
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.8k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
600
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
330
21k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
339
57k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
1.1k
How GitHub (no longer) Works
Avatar for Zach Holman holman
315
140k
It's Worth the Effort
Avatar for 3n 3n
187
28k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k

Transcript

  1. None

  2. @thebestie // Karnov Group 2018 Coolest thing ever to happen

    to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever

  3. @thebestie // Karnov Group 2018 Allows unprivileged programs to read

    the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure

  4. @thebestie // Karnov Group 2018 More limited in scope Spectre

    More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory

  5. @thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal

    all the information in my browser!

  6. @thebestie // Karnov Group 2018 What’s at risk? Spectre Your

    cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks

  7. @thebestie // Karnov Group 2018 Update your operating system What

    can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out

  8. Cool story. @thebestie // Karnov Group 2018 How does it

    work?

  9. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2

  10. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet

  11. 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

    @thebestie // Karnov Group 2018 This is where the magic happens

  12. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 This is an array I made earlier, I can read/write

  13. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7

  14. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 But that was illegal An exception was raised State is rolled back

  15. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  16. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  17. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 Something was left over . . . When iterating something strange happens

  18. @thebestie // Karnov Group 2018 0 1 2 3 4

    5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster

  19. @thebestie // Karnov Group 2018 Repeat 1.048.576 times You now

    have 1 MB of data

  20. @thebestie // Karnov Group 2018