Why are Spectre and Meltdown So Dangerous?
Vložit
- čas přidán 30. 04. 2018
- Squarespace link: Visit squarespace.com/techquickie and use offer code TECHQUICKIE to save 10% off your first order.
Spectre and Meltdown are security flaws that, between them, affect nearly all of the world's PCs and smartphones! How did this happen, and what makes these bugs so sinister?
Techquickie Merch Store: www.designbyhumans.com/shop/L...
Techquickie Movie Poster: shop.crowdmade.com/collection...
Follow: / linustech
Leave a reply with your requests for future episodes, or tweet them here: / jmart604
Join the community: linustechtips.com
Intro Theme: Showdown by F.O.O.L from Monstercat - Best of 2016
Video Link: • Monstercat - Best of 2...
iTunes Download Link: itunes.apple.com/us/album/mon...
Listen on Spotify: open.spotify.com/album/5Zt1P3... - Věda a technologie
Why do vulnerabilities always get such cool names?
there was once a worm called "conficker". in german, "ficker" means "fucker" :)
Like aids?
And why did they get such pretty logos?
Probably the same reason as why storms get Human names. Easy to remember
Yeah, CVE-2018-7600 is a really cool name.
It's a good thing my bank account is always empty
1stfloorguy I feel ya
fucking steam
Dr Megaman more like fucking mundaine life shit to buy
Lou D yeah, I said Steam because I thought that'd be funnier but it really is amazing how much little random stuff adds up
That is normal. (For ~8/10 Americans -Dave Ramsey)
Meltdown and Spectre can also attack your phone processor
Me : *laugh in nokia 3310*
I hope they wont attack it cause that would cause a megagalactic explosion!!! Nokia 3310 is a serious weapon!
nokia 3310 = the halo array
dont do it, were all gonna die
Plz don't drop it
@@the_danksmith134 No kidding little known fact they powered both DeathStars
@@JohnSmith-xq1pz linus shouldn't carry it
Wow, someone finally actually explained what the fucking bugs do. Thank you. I was getting tired of people just saying "Oh it's bad" and not actually caring about what it really does
you are more likely to encounter a dinosaur than a meltdown or spectre exploit
@@m3talgame20 how do you know?
@@m3talgame20 can you explain how
@@m3talgame20 *Last Online 3 years ago*
@@VeryBigExplosion hmm old video it seems. I'd be more worried about china
You didn't give enough ram to chrome, ffs Linus!
He closed the tabs in chrome's task manager
Chrome 💕 RAM
And the internet Tabs get super tiny with no text, so I'll never leave Firefox.
Good thing my school uses MacBooks *AND CHROME* and the teachers are always wondering why the laptops are so slow
matthigast that’s every teacher but they only have 2gigs of ram XD
what the heck is specter and meltdown ?
TechQuickie: “These affect almost every Intel CPU”
Me at around 1:00 : “ah good thing I use AMD”
TechQuickie 5 seconds later: “It also affects AMD CPUs”
Me: NOOOOOO
Progamerz 18 saaaaame
Meltdown doesn't affect AMD CPUs
and 3000 series Ryzen CPUs include hardware mitigations against Spectre
Yes but it's spectre. You're safe from meltdown
Me: Haha Im on my phone!!!
Techquickie 1 second later: ...and even Qualcomm CPUs
Me: FUUUUUUUUU....
Good to update regularly if theres windows update available and read it first before update
Fun fact!: Early Intel Atom processors (the ones in netbooks from 2008-2010, like the n270 and n450) don't support speculative execution and therefore aren't vulnerable to Spectre/Meltdown.
when its so bad that virus wont even bother to infect it
Security through lack of features
The best CPUs ever made
@@ZaHandle lol good one
This was probably the best Techquickie video. I actually learned something instead of just getting a lot superficial knowledge
I think this is still superficial knowledge
I learned more about how the exploits work, but nothing to change my mind about how useless it is to obsess about them. Fact is we're screwed if anyone truly talented decides to come after our info. Vulnerabilities >>> Fixes for them
Really, because this was the most useless video I've watched yet.
What does knowing how these work do for anyone that isn't working to fix them?
I'd much rather learn all the discrepancies between file types than how a bug that will never effect 99% of people works.
@@jeffbrownstain You obviously didn't understand the video then.
mcrsit Year old video dude gtfo
i aint afraid of no ghost
aR0ttenBANANA96 GHOSTBUSTERS
aR0ttenBANANA96 I ain't afraid of no sleep
I ain't afraid of no bed
My server doesn't have this vulnerability, but my Gaming PC does :(
Banking on server
Fapping on battlestation
Not that hard
Who you gonna call...
2:30 Google Chrome is inacurate it needs like THE WHOLE DAM BAR!
I confirm as a Google Chrome user
@Revali Which is a Chromium-based browser xD
I think Firefox and Safari are the only ones that aren't Chromium now.
For me, who is using google chrome *with two tabs open*, I have discovered that google chrome uses up around a fat 780 mb of ram.
I cant relate to not having enough RAM for my browser, I use Edge.
somehow Microsoft did something right
CPU: I can predict your next move.
Spectre, Meltdown: Omae wa mou shindeiru
CPU: *NANI?!*
*Rather loud melting sounds*
One important thing that was not mentioned: Meltdown (Intel specific) allows a program to read memory from anywhere on the CPU, included protected system memory. The 2 main spectre vulnerabilities can only read from the currently executing program or another program running in userspace (not system).
As I expected Modern Technology is dangerous, nothing beats my old but realiable Abacus
Franz Tinuviel how bout them space probes orbiting jupiter?
Comet Streak
Probably just trash we found in space
Yeah but can it run Crysis
It is dangerous. Depends on acceleration.
Abacus is a bit advanced for me
*4:26** the barking cpu, I'm dead.* 😂
normie
BlackHat Visions REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
I'm not sure what's going on, but: REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEST IN PEACE.
BlackHat Visions REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEST IN PEACE.
BlackHat Visions
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
So, the CPUs are like:
"Your next line will be..."
Oh ho
@@deki9827 josef joster
There's a hole in your T-shirt Linus :/
Or a stray piece of potato chip or some other food item.
Technically, all shirts have holes in them.
mind blown
I think that’s his microphone
Well duh that’s where his head, arms and body go in
It’s not the same without tunnelbear
GerardoMjr what happened to tunnelbear
RayZr search we broke up.. linustechtips! he will tell you!
fcukin old fukin news!
lets keep it here
mcafee bought tunnelbear
that should say enough
goddamn mcafee
6:01 Speaking of plugging holes.....buttplu.....ahem....tunnel bear!! Wanna plug the holes where your ISP can peek at your data? Use a vpn to plug your data holes.
LMAO!
Russ Orler tunnelbear was bought by mcafee so no more tunnelbear ads lol
Dadda Purple speaking of no more ads..... ADVERTISEMENT HERE!
its all pia ads now.
Although I've started using IPVanish and am comfy.
This is one of the best readers digest explanations of the Spectre and Meltdown exploits I've seen so far. Bravo, Linus and the Techquickie team!
As a guy who just had a subject dedicated to building processors from scratch, all of these terms seem very familiar to me, and I loved how well described the problems are in this video, just as always, Techquickie delivers!
Lol, my name really is Jeff and I live in N.Y. I own an i7 4770k though, not an i5 4670k.😋
Sure it’s not Rémi?
Qyndryx
Yeah because my Surname would be *Rooms* ...
My name jeff
Hands down, this was pretty amazing. Great job, Linus.
Cant expect an assembly spectre exploit in a 10 min vid
The whole schematic to explain the vulnerabilities is very well put together. Nice work!
Checked my steam like 10 times whilst watching this video
Could you enlighten me? Also have Steam, just be online there once a month for new games.
And then just single player rpg, as I am married 😂
Have no clue why someone even would go online on steam once a day...
@@EREMIT-DE Because they play a lot of games?
@@NobbsAndVagene
Cool answer, so they play a lot of games
and that is why they checking steam 10 times a day instead of playing a lot of games...
so... if someone has a real answer... still no clue ^^ are you watching comments on games or have some forums I still not know about...?
@@EREMIT-DE because the video had a lot of sound effects similar to that of which steam uses.
bro i have no steam friends i dont have such weaknesses
Solution: USE A INTEL i386 processor! (iT'S MADE BEFORE 1995 RIGHT? Or am I dumb? =/)
386 came out in late 1985. 1995 was Pentium Pro.
Ah, 33Mhz.
@@DJMavis should be enough for the rtx 3070
Since Spectre must ask the CPU repeatedly to execute the instructions, the CPU could take notice of this. It could then stop executing the instructions, investigate which program is doing so, and then delete Spectre.
It should use windows defender to notice it
@@stellanstafford6025 most OS don't have windows defender
Thanks man, you have no idea how helpful your AFAP videos are. Cheers!
This is the best explanation of these vulnerabilities I have heard! Nice job!
I was watching this on my newly bought Sceptre monitor and freaking out until I realized it's just an anagram.
a bit late, Linus
better than never
i think he is laying it out on Jump St for those who keep asking him what the exploits instead of googling it for themselves lol
But at least his descriptions of the vulnerabilities are more detailed than in some other CZcamsrs' videos.
More like a byte
Cavey Manta
No one is better then ComputerPhile
+
There are mistakes in what CPU are vul ... go and read the sec paper or visit the website they layout the vul easily and you would know
At 4:22, “This guy really likes x+y” LOL! And the barking CPU
Good job, can't imagine how hard this was to make, simplifying and compressing technical information like this is truly impressive. Give my regards to the script writer.
"Knock knock!"
*Branch prediction*
"Who's there?"
Great work guys....keep it up...
Big fan!!!
Excellent informative video! Thanks Linus (& Co)!
Great video, it really breaks down the whole issue in a simple way.
Could you talk about the Cambridge analytica scandal?
Bas 7 its more a political topic than anything else
We have all known about facebook selling our personal info for years, yet only now do people seem to care...
It's just Facebook, Twitter selling data to a company that then does shit.. Thats what I understood 🙂
nigga what yeah that's true
T.S that’s not the issue, it’s the fact that Cambridge will also take your friends info and sell it. It’s like your friend had sex with a skank and you got their aids as well. It’s probably worth for them but not for you
Great explanation!
I love these videos, they answer so many of my tech questions!
The tech quickie intro is so good. I forgot about it, since I've been watching all vids in Floatplane
"Why are Spectre and Meltdown so dangerous?"
Mindustry players: indeed they are
Dont say the forbidden names!
laughs in meltdown wall
laughs in infinite wall health
You say I'll notice when my bank account is empty, but that's my secret. My bank account is *always* empty.
Really good video. Thanks for explaining in such a detailed way.
Thank you for actually explaining what it does in detail.
The power of christ compels you - spectre the ghost flys out of pc -
Who thought their *Steam* was going off during this video? xD
me :(
Great video, this is a perfect topic for tech quickie, complex but broken down easily and now I am both better for understanding it, (and sad that I do)
Wow. Thanks for the info! Linus, didn't regret subscribing! Learned a lot from you. 😎
Thank you for developing meltdown and spectre, NSA
4:21 Who else checked Steam??
2:10 i checked steam xD
It's not really the same Sound
Change your name asshole
@@DacLMK no I don't think I will
@@V0TION Change it, it disrupts scrolling on the page
It is so clever to figure this bug out. So much fun understanding Meltdown!
Wow that was a very complicated subject made simple, thank you Linus. 😄
One consolation about Spectre & Meltdown. We've been hearing (a lot) about these vulns that will end life as we know it, but so far, (as far as I know), there has not been a single malicious example used in the wild, anywhere, any time, by anyone against anyone. The Y2K bug was lot more real and present and easy to demonstrate...
I'm not saying they can't be used in the wild, but we've heard a hell of a lot about them, but after 4 or 5 months, there's still not been a single case of anyone catching gonorrhoea off a toilet seat.
"[Spectre] will dump the information the attacker wants into cache"
Cache as well as cash $$$ 😬
My comp is protected by Drax! His reflexes are so fast nothing would go over his head!
4:20
I think I've done this before. Right after my PC turns on, if i try to open explorer, it won't open immediately because it just turned on. But, if I try to open it again, it immediately opens 2 windows of it. I'm not sure if this would fall into this "pattern" category, but It's something I noticed.
that's just lag. you hit the button twice, so it will open two windows. if you hit it once, and wait, it will only open once.
after you turn on your pc. your disk usage will reach about 100% that's because windows memory management, cache, and all that stuff to keep your windows running. because of that, you cant access your windows explorer immediately, there's alot of data to process. here's a tip : Replace your current hdd with ssd, this will solve your problem.
Intel said the chips are working as designed though
It is ABOUT to be patched.
Yes, they are working perfectly to NSA's specifications...
in a sense they are
the exploit is a result of a feature of all modern Cpu's, issue was that intel prefered ot leave ppl in the dark when they knew the issue was now exploitable
Welp, time to bust out the old 486!
"Here's what you won't get on your 486!"
glad i learned more about assembly and internal operations of a CPU. all of this makes a ton of sense. it's a way of deducting data at a memory address instead of asking for it directly (which will give a segmentation fault because the memory address it's asking for is outside of the program's "virtual memory", basically its partitioned area / sandbox that it plays in). seems to exploit cpu registers, wouldn't surprise me if this video explains it a little off just so that it's easier to explain. it'd be hard to write an assembly-level bug that utilizes any kind of inference of data, but then again it could probably be done in C, but i doubt it would be
Wow I'm impressed, this video actually got down into pretty technical subjects
photoshop using less ram than chrome? 🤣
Intel failed hard, it was funny of them trying to pull AMD in when they were much less affected.
TomaCukor doesn’t matter there both dumbasses and bad companies for not protecting customers
TomaCukor amd is much less affected because intel holds more than half the CPU market.
They're still affected.
dude you can't just magically "protect costumers".. sure, they can remove speculative execution from their CPUs, but that will slow down your processor (and implicitly your entire system) by I would guess somewhere around half
Lightn0x Your right. They tried it at first on a handful of chips and the results were so drastic, some people couldnt run their systems for the purpose of what the built them for. Gamers found their systems having trouble running any games for instance.
Actual question here: how do specter and meltdown know how fast certain data from certain memory addresses get loaded in if they don't have access to the data in the first place, and so, don't know when they would otherwise get it?
Thank you for this Linus. Very helpful.
I am not vulnerable to meltdown, but I'm for sure vulnerable to spectre, despite me downloading the microcode updates to mitigate spectre. My CPU is a Haswell i7 4700hq btw.
Moses Jonson IIRC there are 2 Spectre updates. The Microsoft microcode update is for variant 2. To patch Spectre fully, your motherboard manufacturer needs to release a patched BIOS.
FYI If your laptop is MSI, then drop them a support ticket and they will work on a fix upon request.
"microcode updates"
Are you a Linux user?
Support ticket to get patches.. Pfff. MSI straight up said they wont patch anything older then 2 gens back, and if they changed their policy, this has certainly not been communicated to the owners of motherboards, or laptops from them. Not that it's much different for anyone else, regardless of brand.
Second that you need BIOS update ^^^^ Happy that Asrock is on top of this for my z97 as I thought they were going to ignore me
Impressive. Most other brands haven't updated that far back. And wont.
Spectre meltdown fix. Remove Internet lol
No just use nokia 3310
This video was brilliantly easy to understand. Thx for clearly explaining how it works... ive read quite a few articles on these things still didn’t really “get it”. Tho you should have mentioned that in order to exploit amd needs local physical access to the machine
Very good explanation. The animation was good too ^_^. It's a shame the video kept stopping on me every few seconds, but I got through it!
Linussponspertips
sponsor*
Sponsored by who? Neither intel nor amd would brag about security holes in their cpu-s...
Brought to you by the good folks at the NSA (and the University of Wisconsin). A feature, not a bug.
Linus during the video:😐🙂
Linus during ads: 😄😁
Thanks for those explanations !
2:26 this is totally unreasonable Linus! You're a tech person, I wouldn't thing that you of all people would make this mistake!!
1 ram stick per google chrome tab
Could those exploits be used on game consoles to run homebrew?
Yes, but it would require some customization.
no... that's not how any of this works... this is reading memory, not running an os
Only if you are connected to the internet.
i love how he manages to squish add in the end :D
Those noises from the viruses are enough to give me nightmares and make me not download anything off the web again...
I'm still wondering why my name was used for a security bug.
Cus it sound cool
Sam Wansitdabet that's why I picked it
CommanderRE I also have an AMD processor. Coincidence?
SpectreFour I think not.
Spectre and meltdown have never been used in the wild. They were discovered by three different cyber security research labs. Somebody might have taken advantage of it, but I doubt anybody made anything that complicated this fast.
or nobody wants to use these vulnerabilities because it could fuck up everyones computer.
Precisely. 3 different security researchers. And the possibility of Branching Exploits have been mentioned in the relevant literature for more than a decade. Its not that unlikely that these have been previously discovered by malicious individuals.
I think it's pretty likely that the exploit is being used in extreme international espionage applications, but it's unlikely that the hacker who just wants your bank info has developed a program yet. I wouldn't be surprised if spectre and meltdown were used by at least one government for years, even decades. Luckily that shouldn't affect us though lol
EpicReplayMC I actually remember a article that mentioned there was a issue with the Xbox 360 around with this and used it for a bug fix or something. But didn't really know what that it could be done maliciously or didn't go to far into it.
randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/
Danielle Spargo there is now a proof of concept release for privileged writes to kernel memory resulting in privilege escalation on windows.
blog.xpnsec.com/total-meltdown-cve-2018-1038/
There were already pocs that read protected memory via JavaScript but thankfully Chrome and Firefox were swift to patch.
Great visual presentation. Bravo!
People who made these are literally mad genius.
Only one of you were first.
First
First
Galvatron I said it for a joke here
*Blue shell*
This was kinda a late video.
Well then... I guess I'll add this to the list of things that keep me up at night...
That's scary and scarier AF after you explained it, thanks good way
Who the hell cares about someone being the first of a video
[number]st/nd/rd/th
6:41 you can see he's ridiculously proud of the segway he just came up with.
Spectre is incredibly impractical to exploit. It can really only be used effectively against task-specific machines since the standard home user machine has so much junk data. This supposedly makes it a very useful exploit to steal hashing addresses and wipe out crypto wallets though. Enterprise servers that process payments are ripe targets as well.
time to change my passwords to some 10 word sentences
Don't say that or attackers will know the method to crack you.
Dominik Goslawski Problem is they get cached anyway...
*Laughs in AMD*
Marcuss2 AMD master race
AMD budget race
*cries in coffee lake*
Hans Von Witzland that's still 50% less major vulnerability issues than intel
Laughs in RYZEN
You may have done this already, but if not: I'd really love to see a vlog or WAN Show segment regarding these vulns. Aside from wanting your personal opinion(s) on the whole spectacle, I want to know if you've any tips for us, because I'm sure I'm not alone in having less-than-savvy relatives and friends who are damn near guaranteed to achieve said meltdown in record time, and I really don't know how to begin explaining this to them.
Watching this after taran said he gave the malwares their own "personalities"...great touch :)
Wow thank goodness I don't have those!
Supadudesvidsaxb Pro You definitely have Spectre, though.
How?
First somehow the first viewer.
Wrote a paper on this, so it's interesting to understand what he's talking about in this case. These flaws are game-changing for microarchitecture design.
Wasn't quite sure of the scope, whether it meant fishing with half a chance, or if it could target particular data.
One thing that seems clear, the two vulnerabilities will not help to gain access initially, but could be used by malware that has already entered, or by a malicious user on a shared system
First
to like my comment
Fredy I fucking hate you
Second
21st
Step 1: Use Linux for anything important and sensitive.
Step 2: Stick to open source stuff as much as possible.
Step 3: Keep OS and Browsers fully updated, and Bios too if manufacturer released patches.
Don't use Windows, except for gaming.
This exploit is not windows only so just an os switch wont help
Yes but with Linux you have almost no worries of getting meltdown/spectre malware. Windows on the other hand even if you are fully patched, it only takes modifying the setting in the registry to disable meltdown/spectre patches for a malware.
"use Linux" bla bla bla... Just dont download shit or click stuff that looks fishy...
TheRareGamer Most of the world’s dangerous virus’ are self propagating, and make use of hacks to enter your computer without you realising.
You don’t need to click on a page to get a virus, as some of them just found your computer online and went essentially: “Look, computer! Let’s take a look at those files!”
Or, just use your common sense. How about not downloading fortnite ESPs? And also, Linux is not more secure. Do some CVE hunting and you will realise how there are WAY more vulns and exploits for linux than for windows.
I couldn't stop staring at the shiny spec on Linus' shirt.
woah this video is far better than the rest on this channel (I want to see more videos like this)