Paul's Cool and Helpful Meltdown Analogy - The Verge
https://www.theverge.com/2018/1/6/16854668/meltdown-spectre-hack-explained-bank-heist-analogy
My analogy is best applied to Meltdown, but there are similarities in both exploits that may become apparent. If you've been following the recent updates on Meltdown and Spectre, you'll notice the word "serialize" popping up. The idea is that for certain sensitive actions, the CPU will serialize those...
Spectre & Meltdown Explained in Analogy - YouTube
https://www.youtube.com/watch?v=M9eQVJ5sXpA
It's quite a rush job, sorry for the poor quality. I don't have much time to edit and rerecord things before these bugs are obscured by time.I hope the analogy...
caching - What are the differences between Meltdown and Spectre?
https://stackoverflow.com/questions/48200753/what-are-the-differences-between-meltdown-and-spectre
The Spectre attack has two flavors. The most dangerous flavor of Spectre uses branch misprediction and cache side effects to read any byte in current Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the...
Spectre and Meltdown explained: A comprehensive... - TechRepublic
https://www.techrepublic.com/article/spectre-and-meltdown-explained-a-comprehensive-guide-for-professionals/
Spectre and Meltdown individually represent classes of hardware vulnerabilities, each with a number of variants dependent on specific silicon-level functionality. Understanding of Spectre and Meltdown has increased significantly since the initial disclosure, and security researchers continue to study...
Now for the Spectre and Meltdown attacks | Medium
https://medium.com/@danielabloom/covert-channels-demystified-4b1f406a76e3
Recently as a result of the release of the Spectre and Meltdown vulnerabilities/attacks as well as the new As such — much like in my Spectre and Meltdown article — I will be explaining Covert Channel attacks as a concept as well as a few major examples of them through easy-to-understand analogies!
Here's how 'Meltdown' and 'Spectre' got those terrifying names
https://mashable.com/2018/01/05/meltdown-spectre-names-cpu-bug/?europe=true
Spectre, and Meltdown. The two vulnerabilities, both affecting computer processors across the globe, were disclosed on Jan. 3 and in the process sent manufactures scrambling to answer whether or not "The bug basically 'melts' the border between programs and the operating system," Schwarz explained.
Meltdown, Spectre and Ubuntu: What you need to know | Ubuntu
https://ubuntu.com/blog/meltdown-spectre-and-ubuntu-what-you-need-to-know
As details of the Meltdown and Spectre vulnerabilities1 have become clearer a number of statements have been published by the multiple vendors affected; Canonical has issued advisories and updates on fixes and mitigations, the latest of which includes a first round of Spectre mitigations.
What are Meltdown and Spectre? Here's what you need to know.
https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-heres-what-you-need-know
Taking the analogy one step further, suppose the baristas know the customer's name, and they like to In Meltdown, a carefully crafted branch of code first arranges to execute some attack code One of the biggest problems posed by this second part of Spectre is its potential to exploit the boundary...
Meltdown and Spectre: The Simple-English guide to the most...
https://www.firstpost.com/tech/news-analysis/meltdown-and-spectre-the-simple-english-guide-to-the-most-worrying-cpu-security-flaw-in-decades-4290347.html
The same analogy applies to Spectre and Meltdown. Spectre is a more widespread issue that breaks the isolation between programs. It basically affects every CPU made in the last two decades, including those from AMD and even IBM.
Understanding Meltdown & Spectre: What To Know About New...
https://www.anandtech.com/show/12214/understanding-meltdown-and-spectre
Meltdown and Spectre can be mitigated in software: Because the root issues at the heart of Meltdown and Spectre are at the hardware level, ideally, that hardware needs to be replaced. It's not clear just what the full security ramifications of Spectre are: While Meltdown is the more immediate threat, how...
Spectre and Meltdown: Insecurity at the heart of modern CPU... | ZDNet
https://www.zdnet.com/article/spectre-and-meltdown-insecurity-at-the-heart-of-modern-cpu-design/
Meltdown and Spectre are examples of one of technology's most common trade-offs: performance versus security. Before digging into the details, an analogy may help. Let's say you want to know whether the Vatican archives contain a certain book, the existence of which is denied.
EXPLAINED: 'Meltdown' and 'Spectre' — the massive...
https://finance.yahoo.com/news/explained-apos-meltdown-apos-apos-024151789.html
Meltdown and Spectre, which take advantage of the same basic security vulnerability in those chips, could hypothetically be used by malicious actors to "read To use a "Star Wars" analogy, Google inspected the Death Star plans and found an exploitable weakness in a small thermal exhaust port.
What Do I Need to Do About Spectre and Meltdown? - Ask Leo!
https://askleo.com/need-spectre-meltdown/
Spectre and Meltdown are two exceptionally complex, esoteric side effects of how modern CPUs try to run software as fast as is possible. And to be clear: every analogy is flawed. Almost by definition, trying to come up with a simple analogy to a complex situation leaves information out.
Meltdown and Spectre
https://meltdownattack.com/
Meltdown and Spectre. Vulnerabilities in modern computers leak passwords and sensitive data. Meltdown and Spectre exploit critical vulnerabilities in modern processors . These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.
Let's Talk Intel, Meltdown, And Spectre | Hackaday
https://hackaday.com/2018/01/05/lets-talk-intel-meltdown-and-spectre/
Meltdown and Spectre in a Nutshell. These two attacks are similar. Update: Check Alan Hightower's explanation of the Meltdown exploit left as a comment below. But his analogy says that you ask for a book whose title starts with the same letter as the first letter on the first page of the restricted document.
Spectre and Meltdown processor security flaws... | The Guardian
https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer
What are Meltdown and Spectre? Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users Meltdown was independently discovered and reported by three teams, including Jann Horn from Google's Project Zero, Werner Haas and Thomas...
An Explanation of the Meltdown/Spectre Bugs for a Non-Technical...
https://blog.cloudflare.com/meltdown-spectre-non-technical/
They've been dubbed Meltdown and Spectre. These bugs take advantage of very technical systems that modern CPUs have implemented to make computers extremely fast. Even highly technical people can find it difficult to wrap their heads around how these bugs work. But, using some analogies, it's...
What are Spectre and Meltdown CPU vulnerabilities and are you...
https://www.thewindowsclub.com/what-is-spectre-and-meltdown-vulnerabilities
Spectre & Meltdown are two vulnerabilities found in CPU chips by Intel, AMD, ARM. Which devices are affected & what can you do to stay safe? Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and...
Spectre and Meltdown Difference - Linux Hint
https://linuxhint.com/spectre-meltdown-difference/
The Spectre and Meltdown vulnerabilities are exposed due to the complex interaction of these ideas. Spectre is considered a harder threat to solve than Meltdown. The most likely use of Spectre would be using JavaScript to access data about browser sessions keys, passwords etc.
Implications of Meltdown and Spectre : Part 1 - Linaro
https://www.linaro.org/blog/meltdown-spectre/
The basis of the Meltdown and Spectre attacks is to make use of speculative execution, out-of-order execution, branch predictors and caches, all If that execution does not happen in practice, then we will just throw the results away. As an analogy you can compare this with when you as a programmer...
Technical Analysis of Spectre & Meltdown : Amd
https://www.reddit.com/r/Amd/comments/7o2i91/technical_analysis_of_spectre_meltdown/
Meltdown: "Rogue Data Cache Load". The CPU is tricked into speculatively loading data which is in the L1 D-cache, but which is marked as unreadable in the You'll notice in the main post, I specifically mentioned JIT compilers as a plausible attack vector for Spectre v1. Spectre v2 and Meltdown...
List of Meltdown and Spectre Vulnerability Advisories, Patches...
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
Two new vulnerabilities called Meltdown and Spectre, or speculative execution side-channel vulnerabilities, have been discovered in modern processors that allow malicious programs to steal information from the memory of other programs.
Meltdown, Spectre, and the State of Technology - Stratechery by Ben...
https://stratechery.com/2018/meltdown-spectre-and-the-state-of-technology/
I already said that the analogy was falling apart; it is now in complete tatters but this, in broad-strokes, is Meltdown: the processor will speculatively Spectre is something else entirely: this is the processor acting as designed. Computers do basic calculations unfathomably quickly, but take forever to get the...