Meltdown and Spectre in 10 mins

Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

@thebestie // Karnov Group 2018 Coolest thing ever to happen to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever

Slide 3

Slide 3 text

@thebestie // Karnov Group 2018 Allows unprivileged programs to read the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure

Slide 4

Slide 4 text

@thebestie // Karnov Group 2018 More limited in scope Spectre More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory

Slide 5

Slide 5 text

@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal all the information in my browser!

Slide 6

Slide 6 text

@thebestie // Karnov Group 2018 What’s at risk? Spectre Your cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks

Slide 7

Slide 7 text

@thebestie // Karnov Group 2018 Update your operating system What can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out

Slide 8

Slide 8 text

Cool story. @thebestie // Karnov Group 2018 How does it work?

Slide 9

Slide 9 text

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y); @thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2

Slide 10

Slide 10 text

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y); @thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet

Slide 11

Slide 11 text

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y); @thebestie // Karnov Group 2018 This is where the magic happens

Slide 12

Slide 12 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 This is an array I made earlier, I can read/write

Slide 13

Slide 13 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7

Slide 14

Slide 14 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 But that was illegal An exception was raised State is rolled back

Slide 15

Slide 15 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 Something was left over . . . When iterating something strange happens

Slide 16

Slide 16 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 Something was left over . . . When iterating something strange happens

Slide 17

Slide 17 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 Something was left over . . . When iterating something strange happens

Slide 18

Slide 18 text

@thebestie // Karnov Group 2018 0 1 2 3 4 5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster

Slide 19

Slide 19 text

@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now have 1 MB of data

Slide 20

Slide 20 text

@thebestie // Karnov Group 2018