What’s going on guys Mitesh here So it’s been a crazy start to 2018 so far in which we found two major vulnerabilities in CPU architecture called meltdown and Spectre and There’s been so much news out there about it that I thought I should make a video trying to explain it trying to make it A little bit easier to understand and tell you guys a little bit about what it is and what you can do about it So let’s get started by explaining a little bit about how the vulnerabilities work. So all modern CPUs do something called speculative execution In which they go ahead and try to go ahead and execute some instructions that haven’t been asked for yet And may not be asked for, so when a program asks for them They’re already done, so it’s a way of maximizing performance So if a program asks for those instructions to be done, great They’re already done. If not they just go ahead and throw those away Just go ahead and actually execute what it’s supposed to do and they inherently this isn’t wrong because it really helps in cutting down the CPU time but Well Researchers have found is that though this doesn’t actually change how the program works at all it does however change the processor state and changes the timings on it in a predictable way so that malicious programs could get in and Infer what other programs data is supposed to be it’s a little it’s very complicated. It’s not just a little complicated So this is an extremely complicated stuff the researchers figured out how to do and the thing is right now It’s a little hard for criminals to do but with time This is something that criminals will be going after and it’s just gonna get easier and once they figure out how to do it So next up is a question does this affect me? and the answer is almost without doubt yes So if you’re watching this video you are almost definitely affected at first it was reported that Intel is pretty much the one one affected by this and that’s sort of food for meltdown meltdown effects Intel and high-end ARM chips But specter effects basically any modern CPU so if you’re watching this video you are affected by this So finally the question is what can I do about this so really the biggest thing you can do is keep everything up to date Including your os’s and your browser so browsers such as chrome Chrome 64 which is coming out January 23rd has protection built-in for this Firefox 53 I’m pretty sure has protection for this um links down below to all this stuff, so I’ll leave it on the description Safari Apple is that they’re gonna update safaris to also have a patch for this and then of course Apple will also send out updates to iOS and Mac OS to deal with these things And I know apples broken faith with a lot of people because of the fact that they’ve slowed down iPhones But trust me you want to update you need this to make sure your system You’re not vulnerable if people can’t steal your passwords and things Windows has a specific update out. It’s um I can’t remember the name It’s in the description though it starts with KB something or there But that’s the update that you need to install to make sure you were safe from this Intel has a detection tool out which I’ll link to down below too and With that you can see if that there just needs to be a firmware patch from Intel, and they also have the link I’ll have a link down below to where you can download the firmware patch, too So these are the basic things you can do to keep yourself safe And that’s pretty much all you really need to know about this You don’t need to panic all you have to do is just make sure all the inner software is up today And if you do this shouldn’t affect you on your personal computer at all now on a side note You will take a little bit of performances when you apply these patches but it’s well worth it to keep your information safe right and Most likely if you have any modern CPU that’s not more than like five years old it’s got the Headroom You can afford to take a little bit of a hit off Clemens to keep yourself safe So hopefully that helped you guys understand the problem a little bit better and to know what you can do about it And if you did, and if you liked it go ahead and hit that thumbs up button And if you guys want to see more videos like this hopefully on more positive topics jump into the subscribe button, and I’ll catch you guys the next one but

Meltdown and Spectre – Biggest CPU Exploits Found So Far – Explained!
Tagged on:                                                                                                         

One thought on “Meltdown and Spectre – Biggest CPU Exploits Found So Far – Explained!

  • January 11, 2018 at 4:12 pm
    Permalink

    UPDATE
    So windows put out some guidance for how processors will be effected by the patch for Meltdown and Spectre :
    – With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
    – With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
    – With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
    – Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

    So for those of you, like me(Intel i5-2500k), who are running some older CPUs will feel the slowdown. It's making me really consider upgrading my PC, but also mad that likely Intel or AMD will profit off of this bug that's in their hardware. 😠

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *