1 00:00:00,030 --> 00:00:05,160 thanks for watching Techquickie click the subscribe button then enable 2 00:00:03,210 --> 00:00:10,400 notifications with the Bell icon so you won't miss any future videos when 3 00:00:07,680 --> 00:00:15,630 Spector and meltdown first made headlines you'd have been 4 00:00:13,170 --> 00:00:20,939 forgiven for thinking that dr. no found a way to cause mayhem at a nuclear power 5 00:00:18,029 --> 00:00:25,560 plant somewhere but while thankfully that isn't what happened The Spectre and 6 00:00:23,189 --> 00:00:30,929 meltdown security bugs have the potential to inflict ma'am on nearly 7 00:00:27,689 --> 00:00:33,960 every computer in the world between them 8 00:00:30,929 --> 00:00:36,480 you see most software bugs and viruses 9 00:00:33,960 --> 00:00:42,149 affect systems by trying to exploit some weakness in the code of a particular 10 00:00:38,820 --> 00:00:44,309 program or operating system meaning that 11 00:00:42,149 --> 00:00:49,649 they can't hurt a system they weren't designed to run on what makes spectre 12 00:00:46,890 --> 00:00:55,500 and meltdown so dangerous is that they function on a level that is much closer 13 00:00:52,110 --> 00:00:58,559 to the actual hardware meaning that they 14 00:00:55,500 --> 00:01:02,100 can exploit tons of different CPU models 15 00:00:58,559 --> 00:01:04,979 and operating systems in fact meltdown 16 00:01:02,100 --> 00:01:13,049 affects nearly every Intel CPU manufactured since 1995 and specter 17 00:01:09,060 --> 00:01:13,640 effects these and most AMD processors as 18 00:01:13,049 --> 00:01:18,360 well Spectre clasp vulnerabilities can even 19 00:01:16,470 --> 00:01:27,240 successfully attack a number of smartphone CPUs holy crap so what 20 00:01:23,520 --> 00:01:28,700 happened why exactly are these bugs so 21 00:01:27,240 --> 00:01:34,650 widespread well it boils down to a feature present 22 00:01:32,310 --> 00:01:41,130 on virtually all modern processors called speculative execution which is a 23 00:01:37,829 --> 00:01:43,829 key way that CPU significantly boosts 24 00:01:41,130 --> 00:01:50,100 their performance thanks to speculative execution when a CPU is carrying out 25 00:01:46,560 --> 00:01:51,960 program instructions it can guess which 26 00:01:50,100 --> 00:01:58,500 instructions it might have to process next allowing a modern processor to read 27 00:01:55,680 --> 00:02:03,540 ahead on the page so to speak processing data that it thinks it will need shortly 28 00:02:00,570 --> 00:02:10,289 and then storing it on the very fast CPU cache memory one way that CPUs read 29 00:02:07,170 --> 00:02:13,180 ahead is by starting to process the data 30 00:02:10,289 --> 00:02:17,500 in memory as soon program asks for it rather than first checking to see if 31 00:02:15,519 --> 00:02:22,330 that program is even allowed to access that data you see whenever you have more 32 00:02:20,080 --> 00:02:27,510 than one program running your CPU will separate your system RAM into different 33 00:02:25,030 --> 00:02:33,280 chunks that can only be accessed by one program to keep other ones including 34 00:02:30,700 --> 00:02:38,410 malicious programs from seeing data that they shouldn't so let's say then that 35 00:02:35,590 --> 00:02:44,530 program a asks to see some data from program B's memory space the CPU will 36 00:02:41,290 --> 00:02:46,959 say no but only after it starts to read 37 00:02:44,530 --> 00:02:52,390 that memory and whatever was in that memory space is already in the CPUs 38 00:02:49,420 --> 00:02:58,090 cache now although the CPU won't directly pass that data at a program a 39 00:02:54,900 --> 00:03:01,329 meltdown can figure out what the data is 40 00:02:58,090 --> 00:03:03,970 by tricking the CPU instead of just 41 00:03:01,329 --> 00:03:09,760 asking for the data directly meltdown will ask the CPU to add the value being 42 00:03:07,329 --> 00:03:16,090 held in cache to some arbitrary number which will correspond to a certain 43 00:03:12,190 --> 00:03:18,430 memory location or address the CPU still 44 00:03:16,090 --> 00:03:23,730 won't reveal the information at that memory address to meltdown directly but 45 00:03:20,980 --> 00:03:28,959 the data will still be cached beforehand so I know this is pretty technical here 46 00:03:25,989 --> 00:03:34,389 but stick with me for its next trick meltdown will ask the CPU to read more 47 00:03:31,930 --> 00:03:38,349 memory addresses noting the one that loads more quickly than the others 48 00:03:36,519 --> 00:03:44,319 because it was stored in the high-speed cache in the previous step rather than 49 00:03:41,139 --> 00:03:47,169 the slower system RAM this process 50 00:03:44,319 --> 00:03:52,510 allows meltdown to figure out what data was in the address it initially asked 51 00:03:49,750 --> 00:03:57,400 for as the cached address will just be whatever the arbitrary number that 52 00:03:54,400 --> 00:03:59,430 meltdown picked plus the actual value 53 00:03:57,400 --> 00:04:04,299 the system was trying to keep hidden was let's move on to Spector now although 54 00:04:02,049 --> 00:04:08,680 Spector also takes advantage of speculative execution it works a little 55 00:04:06,639 --> 00:04:13,660 bit differently by exploiting a CPUs branch predictor this processor 56 00:04:11,260 --> 00:04:18,729 component watches for patterns in program execution so if it sees a 57 00:04:15,940 --> 00:04:23,620 particular function over and over again the CPU will eventually pick up on it 58 00:04:21,459 --> 00:04:26,710 and start to process this function on its own repeatedly 59 00:04:25,180 --> 00:04:32,560 like how you can train your pet to do tricks by giving it food every time so 60 00:04:29,650 --> 00:04:36,699 Spectre trains your CPU by telling it over and over to execute instructions 61 00:04:35,050 --> 00:04:42,370 that will dump the information the attacker wants into cash after this 62 00:04:39,660 --> 00:04:47,860 Specter can access the information by using various timing tricks to work out 63 00:04:44,860 --> 00:04:50,350 exactly what the data contains sometimes 64 00:04:47,860 --> 00:04:55,270 by asking the CPU to use the data located at a certain memory address in a 65 00:04:52,930 --> 00:04:59,789 different function similarly to meltdown and getting back to why this problem is 66 00:04:58,570 --> 00:05:05,110 so widespread Spectre is a whole class of attacks 67 00:05:02,800 --> 00:05:09,310 which means combined with the fact that branch prediction is incredibly 68 00:05:07,330 --> 00:05:15,509 important for performance in nearly all modern CPUs means that there isn't a 69 00:05:12,729 --> 00:05:20,770 quick fix for every variation of it meltdown by contrast is a somewhat 70 00:05:18,310 --> 00:05:27,099 easier fix that involves more thoroughly separating different memory spaces but 71 00:05:23,620 --> 00:05:29,349 since the patches also cut into a CPUs 72 00:05:27,099 --> 00:05:34,150 ability to read ahead as we described earlier the fixes can result in serious 73 00:05:32,110 --> 00:05:39,340 slowdowns for processor intensive programs as current CPUs have actually 74 00:05:36,940 --> 00:05:45,490 gotten really good at predicting what they'll need to do next a sad irony now 75 00:05:42,940 --> 00:05:50,020 both Intel and AMD are working to fix the vulnerabilities on a hardware level 76 00:05:47,680 --> 00:05:55,690 in their future chips which is certainly good news but because speculative 77 00:05:53,199 --> 00:06:01,389 execution is so fundamental to modern CPU design only time will tell if even 78 00:05:58,960 --> 00:06:07,330 brand-new processors can actually plug these holes for good and obviously that 79 00:06:05,380 --> 00:06:14,199 solution isn't going to do anything for the literally billions of CPUs that are 80 00:06:11,080 --> 00:06:16,840 already out in the wild so yes this 81 00:06:14,199 --> 00:06:22,780 means you Jeff from New York proud owner of an overclocked 46 70 K unless you 82 00:06:19,990 --> 00:06:26,949 want to go buy new hardware all you can really do is be careful what you click 83 00:06:24,370 --> 00:06:31,060 on out there a cleverly designed attack that takes advantage of specter warm 84 00:06:28,870 --> 00:06:35,110 meltdown wouldn't leave any trace on your PC so you may not even find out 85 00:06:33,370 --> 00:06:39,520 about it until your bank accounts have been emptied and you have a little 86 00:06:36,610 --> 00:06:41,910 meltdown of your own speaking of your own have you ever wanted to build your 87 00:06:40,960 --> 00:06:45,430 own website Squarespace is the place to go to do it 88 00:06:44,199 --> 00:06:49,810 you just pick one of their gorgeous templates and start filling in your own 89 00:06:47,770 --> 00:06:53,740 text your own pictures you don't even have to do anything complicated if you 90 00:06:51,669 --> 00:06:58,060 don't want to their cover pages feature lets you set up a beautiful one-page 91 00:06:55,510 --> 00:07:02,320 online presence in minutes and if you're finding anything about Squarespace 92 00:06:59,530 --> 00:07:06,760 complicated they've got 24/7 support via live chat and email every template 93 00:07:05,050 --> 00:07:10,870 features responsive design to your website looks great on any device a 94 00:07:08,740 --> 00:07:15,010 commerce module so you can use their free online store to sell things and 95 00:07:12,789 --> 00:07:18,460 they've got all kinds of new tools that they're adding all the time like their 96 00:07:16,660 --> 00:07:23,289 conversion metrics that track button clicks form submissions and more so you 97 00:07:21,070 --> 00:07:27,160 can watch trends over time so start a trial with no credit card required and 98 00:07:25,180 --> 00:07:30,370 start building your website today then when you decide to sign up for 99 00:07:28,330 --> 00:07:35,650 Squarespace it's just 12 bucks a month use offer code tech to get 10% off your 100 00:07:33,639 --> 00:07:38,410 first purchase so thanks for watching guys like dislike check out our other 101 00:07:37,240 --> 00:07:44,340 channels leave a comment with video suggestions and don't forget to subscribe so you don't miss any future 102 00:07:41,080 --> 00:07:44,340 fast as possible