Meltdown & Spectre vulnerabilities - Simply Explained

Подписаться 468 тыс.

Просмотров 104 тыс.

50% 1

Two huge security issues found in almost all modern processors. How do they work and what can we do about it? Let's find out!
Make sure that you install all the latest patches for your operating system & software!
🌍 Social
Twitter: / savjee
Facebook: / savjee
Blog: savjee.be
❤️ Become a Simply Explained member: / @simplyexplained
📚 Sources can be found on my website:
www.savjee.be/videos/simply-e...

Наука

Опубликовано:

14 янв 2018

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 78

@jameth13 5 лет назад

You never actually told us how Spectre works...

@jameth13 5 лет назад

@@dm1x Thank you!

@edirwin8784 4 года назад

...or Meltdown...js

@Roberts536 5 лет назад

Great explanation, thanks. I spent 20 minutes reading one of ARM's brochures about this and got nowhere, so thank you for providing the clarity!

@gabriellapugno9919 3 года назад

Very good explanation, thanks for your work!

@adventurer2395 11 месяцев назад

So how does spectre actually work? You explained meltdown so well.

@justalonelypoteto 5 месяцев назад

it's a general concept that works, unlike Meltdown which is specific. Essentially it's a paper showing the following: 1. you can train a branch predictor (the thing that guesses where an if statement will go) to reliably miss, this can be used to force speculative execution of the malicious read without it crashing as that's the wrong path, yet it still takes place 2. it is possible to accurately time access latency, this reveals if something is on cache or not 3. you can exploit the JIT compilers used for JavaScript to do this stuff this is to be tailored to the victim machine, unlike Meltdown, and is harder to patch. It also proposes using other side effects of the CPU, Wikipedia for example lists bus arbitration latency aka how long it takes your instruction to get allowed to use the main data bus and a number of other "features" of modern processor design

@chuckworthy1 2 года назад

Thanks for the easy-to-understand explanation!!

@avalanchas336 6 лет назад

Really great first half of the video, the code example finally made it click for me, thanks so much. But why did you not make a similar example for spectre? Video is missing some depth at the end

@superdahoho 2 года назад

meltdown and spectre are very smiliar. the difference is that meltdown works between different programs and specture is access different data within the same program.

@peterwan小P 10 месяцев назад

thank you! you have explained the issue sound and clearly. really! thanks!

@pankajkumarsingh8355 6 лет назад

Keep up the good work!

@gouravjamakhandi6530 6 лет назад

Love ur videos ♥

@harishb884 6 лет назад

Thanks Savjee ! Requesting you to please make a video on how to upgrade AWS AMI with their latest version and what security steps should be taken with EC2 instances so to prevent such security issues.

@KhaldoonMasud 6 лет назад

your videos are so good. keep up the good work.

@rohanshinde4327 6 лет назад

Your videos are amazingly explained for everyone, be it beginners or experts....

@Molloy07 Год назад

Great video!

@Rees3901Gmail 6 лет назад

concise. that's why i've subscribed

@sukumaar357 3 года назад

great explanation :-)

@ChristophSchindlerOfAwesome 6 лет назад

Great Video! How do you make the icons?

@Karter315 3 года назад

Thank you.

@botsm5858 6 лет назад

As always.....Awsome! Amazing ! Level 10.

@goldiemusic8394 4 года назад

so much work for my WiFi password ...

@VivekYadav-ds8oz 3 года назад

And your credit card info, and your photos, or encryption keys, which can be used to man-in-the-middle and trick you into talking with the attacker when you think you're talking with a legitimate website (talking as in loading a web page or some content etc.).

@matthewpopescu1220 6 лет назад

Also, meltdown does not leverage speculative execution like you are describing. (SPEC)tre does that. Meltdown leverages "Out-of-order" execution.

@repairstudio4940 Год назад

Thanks I was actually thinking this as it moves forward executions in its registars ... I'll translate that in case some "New Gen" gets lost on the web and ends up here ... CPU: "Bruh I got a million things going on psssh I don't need to ask Amy what she wants on her sandwhich she gets it the same everyday I'ma go on a make it" 😝 ish

@thatoneguy99100 5 лет назад

Great video- one thing though... "issue's" in the description should be changed to "issues" as the former is possessive and grammatically incorrect.

@thisprojecthasbeendisconti8265 3 года назад

o_o

@berg.worldNow Год назад

Congratulations

@Torrleite 6 лет назад

Make a Raiblocks and a Hashgraph video!

@hem89180 6 лет назад

Love ur videos

@C0SMIKtv 6 лет назад

Great ! 🇫🇷

@uriyasimon 6 лет назад

great video, can you please explain stellar?

@genuwhine6782 4 года назад

So you have to visit a website for meltdown/spectre to be used or am I stupid? If I dont have meldown and spectre and just play games am I at risk?

@Microcontrollerslab 5 лет назад

No process can access memory address outside its memory space because each process has a page table in memory which contains both process space and kernel space. This process can not event access kernel space of its own page table. If it do so, operating system will generate an exception which will surely kill the process so how it is possible to read address of from other unprivileged memory space. If you are taking about reading from process own memory space then what is use of spectre? one more thing memory privileged level are already define and user application has lowest privileged level so how it is possible ? Can you please explain it?

@pythontutor9069 5 лет назад

"No process can access memory address outside its memory space" this is correct but spectre is doing it by bypassing this mechanism. The speculative execution doesn't check for who's instruction it's speculating and who gave that instruction. It just checks what could be executed afterwards. The attacker could use this to make unauthorized changes in decisions that CPU makes. so the attacker doesn't lose time working against the kernel, instead he uses the permission the kernel gave to him.

@mSantsnj 9 месяцев назад

Wow.. I was just in a BlackBerry forum and people were talking about how unsecure they were and someone mentioned the last security patch was in 2018 and took care of this, Krack and maybe Heartbleed? Damn… if I wanted to get a BB, what would you recommend I DONT do on it (other than banking) or better yet, what precautions could I take to make it a little safer? Like just don’t have it to auto download emails and not click sketchy links, connect to public wifi etc? Would love to hear someone chime in!

@mystmuffin3600 3 года назад

Are you trying to say the CPU always speculates to true for "S" because previous (authorized) accesses to that location in memory resulted in "S"? Does a lot of previous accesses to that location result in greater probability of speculating to true? Can the attacker increase this probabaility? Can the permission of the user be a factor in finding this probability as this could be step in solving the issue?

@atenkalcoatl6581 6 лет назад

i love this channel ;=)

@TheKillerZmile 4 года назад

so its safe to disable this

@repairstudio4940 Год назад

This is how the RGH hack skirts the Xbox's hypervisor 😎

@raintzrandmaa9829 5 лет назад

L oooo L, in the middle of watching Avast popped up with message "You are protected", thank god! But that scared me

@teechmehowtohack3507 5 лет назад

ok?

@lintu2007 6 лет назад

What does it mean CPU is speculating?

@marcello1601 6 лет назад

so whats actually the worst meltdown or spectre

@simplyexplained 6 лет назад

Spectre. Much harder to patch and affecting almost all processors.

@ayscope5970 6 лет назад

5:35 fatal laugh

@lenn939 6 лет назад

5:30 They actually called it SPECtre because it exploits SPECulative execution.

@TheHerobrineFactor 6 лет назад

I thought you need to replace your entire CPU with a redesigned one.

@bufalo037 6 лет назад

But speculative execution doesn't always succeed, so it's name: speculative. If the processor is lucky to find the right branch of execution this could work. How is giving this correct info based on the fact that the processor might fail guessing what will happen next?

@Harryw007 5 лет назад

It’s because the program using the exploit can do it really fast. As said in the video, it can guess 500kb/s, that’s 8000000 characters guessed per second. You see where this is going? It can guess a password and get it right character by character really quickly.

@Harryw007 5 лет назад

Sorry I meant 4000000 characters guessed per second* some simple math error on my part

@LagMasterSam 5 лет назад

It only fails if it chooses the wrong branch in the code. If only one branch is possible it won't fail.

@stevin47 2 года назад

its very suspect that AMD CPU'S get a threat from the SPECTRE V2 and AMD'S fix will reduce performance on all CPU'S right before new launch of next gen. CPU'S this fall . betting it wont effect those .

@mannyc6649 4 года назад

I know this is supposed to be simplified, but the logic doesn't work out. If the CPU speculates on whether readMemory(182379) === 'S', the fact that readPixel(1) is executed does not give you any information on what was the value of readMemory(182379).

@nevanmasterson46 2 года назад

I know I'm very slow to the punch on this one, but I thought I'd explain for anyone else confused. An attacker isn't interested in the result of readPixel(1), but rather how fast it occurs. Another process will run in the background of the protected memory access that will time how long it takes for readPixel(1) to be executed AFTER the comparison has been speculatively executed. What we're interested in is whether the pixel is already in cache or not; if we read the pixel very quickly then we know it must be in cache and the first letter of the password must therefore be 'S', but if it takes a long while then the pixel must still be in memory. If it's not in cache then we can deduce that the first letter of the password isn't 'S', as if it were, readPixel(1) would have been executed speculatively. Hope this is explained well for anyone else who stumbles across this, have a good day! 😊

@MaryMary-sh5ge 2 месяца назад

Wikipedia..... erto che google che vuol correggere spectr con reptoline la dice lunga 😮 pazzesco

@gkarkalis 6 лет назад

My pc after bios update acts weird and slow.mouse lags windows lags and delay open apps.!!!Asus z170-a i5-6500k. 3 times windows 10 setup and the same unresponsiveness!well done intel!

@nightsoulblackps 6 лет назад

Georgios G same in 2 dell laptops it sucks

@pseudorightful2406 6 лет назад

I KNOW HOW TO FIX IT. Look up 'InSpectre' on google and download it. Run it as administrator and click 'Disable Spectre Protection' then restart your computer. Your pc is gonna be hella fast after that.

@Megadeth1983Fan 5 лет назад

@@pseudorightful2406 And vulnerable.

@sulemanhanif2687 3 года назад

4:41

@hemanth6951 6 лет назад

China mobile phone won't give updates on security paths

@RomanLeBg 6 лет назад

my phone contain a risk

@timothyjholloway 4 года назад

Do you think it makes a lot of sense to post these videos in 60fps formats? I can do 720p but not at 60fps. It's not really a problem, of course, but looking at this video, there's not a lot of use for a specifically higher frame rate, is there? And something tells me by the first comment below that you didn't actually keep your promise and explain Spectre like your title suggests. Maybe if you were a bit more thoughtful about something so serious, you wouldn't waste so much time.

@simplyexplained 4 года назад

30 or 60fps is no additional work for me. It's just an export option in my animation program & editor. As for the rest: I tried my best at explaining both in simple terms. It doesn't always workout great for everyone.

@timothyjholloway 4 года назад

@@simplyexplained I've had trouble getting a straight answer from anyone, really. My expectations were probably a bit high.

@ericb6048 5 лет назад

Sooooo.....why is your avatar a stolen logo from Allegorithmic ? why is your avatar a stolen logo from Allegorithmic ? why is your avatar a stolen logo from Allegorithmic ? why is your avatar a stolen logo from Allegorithmic ?