Why are Spectre and Meltdown So Dangerous?

thanks for watching the tech quickie, hit the subscribe button and then enable notifications with the bell icon so you don't miss any future videos when Spector and Meldown first made headlines. You would have been forgiven for thinking that dr. There was a way to cause chaos at a nuclear power plant somewhere, but fortunately that's not what happened. The Specter and Meldown security bugs have the potential to inflict damage on almost every computer in the world. Among them, most software errors are seen. and viruses affect systems by trying to exploit some weakness in the code of a particular program or operating system, meaning that they cannot harm a system for which they were not designed.

What makes Specter and Meldown so

dangerous

is that they operate at a level that is much closer to real hardware, meaning they can exploit tons of different CPU models and operating systems; In fact, the

meltdown

affects almost all Intel CPUs made since 1995, and spectrum effects also affect these and most AMD processors. Spectrum closure vulnerabilities can even be successfully attacked. a lot of smartphone CPUs, shit, so what happened? Why exactly are these errors so widespread? It boils down to a feature present in virtually all modern processors called speculative execution, which is a key way the CPU significantly increases its performance thanks to speculative execution.

When a CPU is executing program instructions, it can guess which instructions it might have to process next, allowing a modern processor to read the page ahead of time, so to speak, processing data that it thinks it will need shortly and then storing it in the CPU's cache, which is very fast. One way CPUs read ahead is by starting to process data in memory as soon as the program requests it, rather than first checking to see if that program has permission to access that data. You will see this whenever you have more than one program running on your CPU. separate your system RAM into different chunks that only one program can access to prevent others, including malicious programs, from seeing data they shouldn't, so let's say program A requests to see some data from the program's memory space B let the CPU say no, but only after it starts reading that memory and whatever is in that memory space is already in the CPU cache now, although the CPU won't pass that data directly to a program, a fusion can find out what the data is by tricking the CPU, instead of just requesting the data directly, fusion will ask the CPU to add the value being kept in the cache to some arbitrary number that will correspond to a certain memory location or address, the CPU will not yet reveal the information at that memory address.

Meldown directly, but the data will still be cached beforehand, so I know this is pretty technical here, but stay with me for his next trick. Meltdown will ask the CPU to read more addresses from memory and see which one loads faster than the others because it was stored. into the high-speed cache in the previous step instead of the slower system RAM, this process allows Meltdown to determine what data was at the address it initially requested, since the cached address will be whatever the arbitrary number is. that Meltdown chose more the actual direction. The value that the system was trying to keep hidden was let's now move on to Spector, although Spector also takes advantage of speculative execution, it works a little differently by exploiting a CPU branch predictor, this component of the processor looks for patterns in program execution, so if you see a function over and over again, the CPU will eventually detect it and start processing this function on its own repeatedly, like you can train your pet to do tricks by giving it food every time, so Specter trains your CPU telling you over and over again. to execute instructions that will dump the information the attacker wants into cash after this.

Specter can access information using various synchronization tricks to determine exactly what the data contains, sometimes asking the CPU to use data located at a certain memory address in a different function similar to merging and returning to why this problem is so widespread Specter is a whole class of attacks, which means that, combined with the fact that branch prediction is incredibly important to performance on almost all modern CPUs, it means that there is no quick fix. By contrast, for each variation, merging is a somewhat easier solution that involves more completely separating different memory spaces, but since patches also reduce the CPU's ability to read forward, as we described above, the fixes They can result in serious slowdowns for processor-intensive programs, such as Current CPUs have become really good at predicting what they will need to do next.

It's a sad irony that both Intel and AMD are now working to fix hardware-level vulnerabilities in their future chips, which is certainly good news, but because speculative execution is so fundamental to modern CPU design, only Time will tell if even new processors can plug these holes for good, and obviously that solution won't do anything for the literally billions of CPUs already available, so yes, this means You, Jeff, from New York, proud owner of an overclocked 46 70K, unless you want to buy new hardware, all you can really do is be careful what you click on. A cleverly designed attack that takes advantage of the specter of warm fusion wouldn't let you down. any trace on your PC, so you might not even know about it until your bank accounts have been emptied and you have a bit of a

meltdown

.

Speaking for yourself, have you ever wanted to create your own website? Squarespace is the place to go. Do it, just choose one of their gorgeous templates and start filling in your own text, your own images, you don't even have to do anything complicated if you don't want to, the cover feature allows you to set up a beautiful page online presence in minutes and if you find something tricky about Squarespace, they have 24/7 support via live chat and email. Each template features a responsive design for your website. Looks great on any device. A commerce module so you can use your website for free. store to sell things and they have all kinds of new tools they add all the time, like their conversion metrics that track button clicks, submissions, and more, so you can watch trends over time, so get started a trial without the need for a credit card. and start building your website today, then when you decide to sign up for Squarespace, it'll cost you just $12 a month.

Use offer code technology to get 10% off your first purchase, so thanks for watching guys like I don't like it, check out our other channels, leave a comment with a video. suggestions and don't forget to subscribe so you don't miss any future as soon as possible