Why are Spectre and Meltdown So Dangerous?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

I honestly don't even give this shit the time of day. I was a little curious as to it at first, what with its edgy as fuck naming scheme designed to bait you into some good ol fashioned fear mongering but then I realized I honestly couldn't care less.

Either an attacker will be sucessful or he won't. At this level there's not much I can do and huddling myself in a ball of fear until its patched won't change anything.

👍︎︎ 4 👤︎︎ u/onestephiki 📅︎︎ May 02 2018 🗫︎ replies

Thanks, nice video

👍︎︎ 1 👤︎︎ u/DoombotBL 📅︎︎ May 02 2018 🗫︎ replies

Captions

thanks for watching tech quickie click the subscribe button then enable notifications with the Bell icon so you won't miss any future videos when Spector and meltdown first made headlines you'd have been forgiven for thinking that dr. no found a way to cause mayhem at a nuclear power plant somewhere but while thankfully that isn't what happened The Spectre and meltdown security bugs have the potential to inflict ma'am on nearly every computer in the world between them you see most software bugs and viruses affect systems by trying to exploit some weakness in the code of a particular program or operating system meaning that they can't hurt a system they weren't designed to run on what makes spectre and meltdown so dangerous is that they function on a level that is much closer to the actual hardware meaning that they can exploit tons of different CPU models and operating systems in fact meltdown affects nearly every Intel CPU manufactured since 1995 and specter effects these and most AMD processors as well Spectre clasp vulnerabilities can even successfully attack a number of smartphone CPUs holy crap so what happened why exactly are these bugs so widespread well it boils down to a feature present on virtually all modern processors called speculative execution which is a key way that CPU significantly boosts their performance thanks to speculative execution when a CPU is carrying out program instructions it can guess which instructions it might have to process next allowing a modern processor to read ahead on the page so to speak processing data that it thinks it will need shortly and then storing it on the very fast CPU cache memory one way that CPUs read ahead is by starting to process the data in memory as soon program asks for it rather than first checking to see if that program is even allowed to access that data you see whenever you have more than one program running your CPU will separate your system ram into different chunks that can only be accessed by one program to keep other ones including malicious programs from seeing data that they shouldn't so let's say then that program a asks to see some data from program B's memory space the CPU will say no but only after it starts to read that memory and whatever was in that memory space is already in the CPUs cache now although the CPU won't directly pass that data at a program a meltdown can figure out what the data is by tricking the CPU instead of just asking for the data directly meltdown will ask the CPU to add the value being held in cache to some arbitrary number which will correspond to a certain memory location or address the CPU still won't reveal the information at that memory address to meltdown directly but the data will still be cached beforehand so I know this is pretty technical here but stick with me for its next trick meltdown will ask the CPU to read more memory addresses noting the one that loads more quickly than the others because it was stored in the high-speed cache in the previous step rather than the slower system Ram this process allows meltdown to figure out what data was in the address it initially asked for as the cached address will just be whatever the arbitrary number that meltdown picked plus the actual value the system was trying to keep hidden was let's move on to Spector now although Spector also takes advantage of speculative execution it works a little bit differently by exploiting a CPUs branch predictor this processor component watches for patterns in program execution so if it sees a particular function over and over again the CPU will eventually pick up on it and start to process this function on its own repeatedly like how you can train your pet to do tricks by giving it food every time so Spectre trains your CPU by telling it over and over to execute instructions that will dump the information the attacker wants into cash after this Specter can access the information by using various timing tricks to work out exactly what the data contains sometimes by asking the CPU to use the data located at a certain memory address in a different function similarly to meltdown and getting back to why this problem is so widespread Spectre is a whole class of attacks which means combined with the fact that branch prediction is incredibly important for performance in nearly all modern CPUs means that there isn't a quick fix for every variation of it meltdown by contrast is a somewhat easier fix that involves more thoroughly separating different memory spaces but since the patches also cut into a CPUs ability to read ahead as we described earlier the fixes can result in serious slowdowns for processor intensive programs as current CPUs have actually gotten really good at predicting what they'll need to do next a sad irony now both Intel and AMD are working to fix the vulnerabilities on a hardware level in their future chips which is certainly good news but because speculative execution is so fundamental to modern CPU design only time will tell if even brand-new processors can actually plug these holes for good and obviously that solution isn't going to do anything for the literally billions of CPUs that are already out in the wild so yes this means you Jeff from New York proud owner of an overclocked 46 70 K unless you want to go buy new hardware all you can really do is be careful what you click on out there a cleverly designed attack that takes advantage of specter warm meltdown wouldn't leave any trace on your PC so you may not even find out about it until your bank accounts have been emptied and you have a little meltdown of your own speaking of your own have you ever wanted to build your own website Squarespace is the place to go to do it you just pick one of their gorgeous templates and start filling in your own text your own pictures you don't even have to do anything complicated if you don't want to their cover pages feature lets you set up a beautiful one-page online presence in minutes and if you're finding anything about Squarespace complicated they've got 24/7 support via live chat and email every template features responsive design to your website looks great on any device a commerce module so you can use their free online store to sell things and they've got all kinds of new tools that they're adding all the time like their conversion metrics that track button clicks form submissions and more so you can watch trends over time so start a trial with no credit card required and start building your website today then when you decide to sign up for Squarespace it's just 12 bucks a month use offer code tech to get 10% off your first purchase so thanks for watching guys like dislike check out our other channels leave a comment with video suggestions and don't forget to subscribe so you don't miss any future fast as possible

Info

Channel: Techquickie

Views: 1,101,209

Rating: 4.9348989 out of 5

Keywords: spectre, meltdown, bug, security, vulnerability, cpu, processor, intel, amd, arm, qualcomm, soc, x86, branch, prediction, speculative, execution, cache, timing, attack, side-channel, slowdown, memory, ram, malware

Id: NArwG6yaWJ8

Channel Id: undefined

Length: 7min 43sec (463 seconds)

Published: Tue May 01 2018