THANKS FOR WATCHING ❤ Try CodeCrafters today with 40% off! 👉 app.codecrafters.io/join?via=daniel-boctor JOIN THE DISCORD! 👉 discord.gg/WYqqp7DXbm **UPDATE** A few commenters have been asking if spectre was ever used in any real attacks. To my knowledge, the answer is no. Using spectre to pull something off in the real world is incredibly complex and difficult. Kaspersky has a great article outlining the theoretical impacts the bugs could have: www.kaspersky.com/blog/spectre-meltdown-in-practice/43525/ **UPDATE v2** At 12:07, I said that the operating system would notice when trying to access out of bounds data. A few commenters have pointed out that it's the MMU (hardware level) that would raise a fault in response to access violations, not the OS. The OS gets notified afterwards. My apologies for the mistake. Thanks to those who pointed it out! **UPDATE v3** A few people were interested in the audio side channel for fingerprint reconstruction. I'm no expert, but I'll link the source in case any of y'all wanted to take a further look. here's an article that discusses it: www.tomshardware.com/tech-industry/cyber-security/your-fingerprints-can-be-recreated-from-the-sounds-made-when-you-swipe-on-a-touchscreen-researchers-new-side-channel-attack-can-reproduce-partial-fingerprints-to-enable-attacks and here's the underlying paper: www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf 👇 Let me know what topics you would like to see next! 👇 Thank you for all of the support, I love all of you

30 seconds in I thought Frank from Domino's was going to be the one responsible for compromising 80 billion CPUs

That Pizza order thing is a great way to explain what side channel attacks are.

"lets not get ahead of ourselves" that was an unintended pun

all the pentagon would have to do to avoid the side channel attack is throw a pizza party on a random day every month

In the 70s, security forces in the UK used a milk bottle metric to predict riots - a dip in returns of empty milk bottles in certain places meant there was going to be serious trouble in the next two-three days.

Insane they figured out a way to effectively gaslight a cpu

The timing of this video could not have been better. The GoFetch exploit on M1 and M2 silicon was just discovered as a side channel attack, and your explanation helped understand it a lot better. Thanks.

Why you should always consider to generate some garbage on the side channels...... even if that means bying free pizza for your facility management at night.

"accessing main memory is incredibly slow" "Like a five millionth of a second."

The funny thing was, the speculative execution feature was a known security risk back in the 1990s. It’s not something new.

The people finding hardware vulnurabilities are genuine gigabrains. How do you even come up with this?

putting out this video a couple days after a side channel attack was found on M1 chips is *_wild_* timing

Why is there a expense claim for 200 pizzas labeled "security measure"? To prevent a side channel attack Sir. So this has nothing to do with several complaints about a "obnoxious party" from the locals? Absolutely not, Sir.

There are some CPUs that have speculative execution and branch prediction but don't access memory that is not accessible by the thread. Instead, they note the exception when the address isn't in the active page table and, if the branch isn't taken, raises the exception. These include many power pc flavors.

I already heard about this from an interview with the researchers that found the vulnerability, but you sure did one hell of a job to visualize and break it down. Funnily, code remaining in some part of some memory has been used in higher-level attacks, like the famous Tweezer Attack on the Wii. Crazy how since the early days of computing, more and more layers have been added, leading to similar problems on lower levels.

This was insanely well explained. Great Video!

The best explanation of this vulnerability hands down! Fantastically done!!

Nice explanation! I remember when this broke originally all the news coverage just handwaved over the actual cache extraction part, so I was never clear on how the timing attack actually determined the specific value. That array indexing trick is nifty.

Its NOT just the OS that detects you're out of bounds. There's hardware called an MMU that sets an exception or interrupt for an access fault. The OS just initializes this when it sets up an adress space. In smaller micrcontroller systems, you MIGHT have a rudimentary MPU, but not a full MMU

i know nothing about computer vulnerabilities but you made it incredibly digestible to understand. nice work!

I expected you to talk about that shady intel management thing that has unlimited control over cpu and runs mysterious code that only intel knows what it does

An important thing to note is that there was *probably* no cases of Spectre leaking data in the wild. It was a new class of possible exploits so experts freaked out because nobody know what could come of it , however(by shear luck) nobody ever found a usable attack using Spectre. The fastest leak found was 60 bits/hour, and it would take a theoretical unrelated exploit to find what memory address had the data you wanted to steal.

In Brazil happened that same in the '60s, when suddenly a bakery in a rural area received a huge order of hundreds of breads, they "followed the bread" and discovered the camping of a guerrilla army.

You know what's really funny is I remember hearing a lot about this at the time, but it wasn't until just a few days ago that I finally found a video that made it click for me how this worked... and now you come out with this one which does an even better job of explaining it. Also, just to note, I believe that most of the vulnerabilities are not capable of accessing the memory of other processes at all. The biggest concern has been programs like browsers, where code is all running inside the same process, and you have cookies, passwords, credit card numbers, etc which could all potentially be accessed. It seems like for a permanent hardware fix, either they need to evict the data from the cache, or have a separate, speculative cache which is then later committed to the main cache.

Dude. I love your videos, you choose very interesting topics and explain them BEAUTIFULLY.

This reminds me of modern warfare 2 (original one on 360). If you spam click matchmaking and back out right before it gets to 100% about 10 times then quickly load into a private lobby, it will load a bunch of randoms into your private game. That game was so full of bugs but the most fun COD ever.

This is one of the best explainer video I've seen. You simplify something very complex, and yet do not skip anything. All within a very short time frame.

This was a great video, thanks for explaining the exploit in detail. In my computer architecture class, the professor mentioned these attacks but never actually explained how they worked. I never realized that speculative execution would mess up with the cache!

this was the first video ive seen that actually showed this exploit in a very easy to digest manner (I'm a computer science major, so I already understood the technical details, but this reinforced it in a way that makes way more sense than I originally had thought)

Feels very rare that a channel makes content this cogent and well organized. Great job!

This is so well explained. So many tech channels flounder when they try to explain the actual mechanisms at hand, but you clearly have a truly excellent understanding. Thank you for making this.

This was fascinating and really well explained. Great video

Side channel attack is like gravity or dark matter. You see the effects even though you don't know what's happening. Going to have to do a deep dive to get up to speed.

Fantastic video, instant sub 💞

There are a lot of videos talking about computing exploits but the way you wrote and described this one is super approachable and made it really easy to understand.

great vid, gj with the editing and analogies, keep doing what u do

An extremely complex topic explained in an extremely simple way. True hallmark of an expert. Keep this up. Subscribed 👍

A side channel attack is a way of deriving information simply by observing the function of a system. Usually its info you shouldnt normally beable to derive.

12:03 AFAIK, the attack is not possible as described. It's not possible to read another process' memory by reading out of bounds because processes exist in different virtual address spaces. A segment register needs to have another selector in it to read another process' memory -- which can never happen when executing code for the current process, speculatively or not.

Government needs to start baking their own in house pizza before someone poisons them all lol

Quite a nice hook you have there. It starts out with an interesting, seemingly unrelated topic, which is a military group wanting to know when air raids will occur. Then you mentioned an extraordinary, very unexpected way to do so. Pizza! At the end, you tied the hook with the topic at hand by explaining that the Pizza index being used to indirectly access confidential information is a side channel attack. You also implied that the computer bugs talked about in this video uses the same thing. I think your introduction is well made. I rarely like videos, but if I had to, this one would be on the almost empty list. Great job!

Absolutely fascinating video, and very well made & explained!

Wow, I usually have trouble focusing on technical videos like this, but you presented this beautifully. It's fascinating stuff too which certainly helps, but you explained it in an impressively digestible way. Thank you very much!

Nice opening shots of USS Makin Island (LHD-8). She wasn’t in service during Desert Storm. Back then we were riding on Tarawa Class like LHA-3 Belleau Wood. 😊

This was a wonderfully executed video in all aspects. Having these explained to me like this actually blew my mind. The final conclusion was satisfying and brought everything you talked about together beautifully. Well done

Whoa. Just goes to show how hard security really is. If not truly possible.

Computer Scientist and Senior Programmer/Analyst here, you've done a great job covering branch prediction and the problem of thrashing the cache here. Minimizing your bottleneck to main memory is one of my favorite architectural problems and I use it all the time to illustrate architectural principals to juniors.

The last time I tried programming something was a TV remote 3 decades ago. That being said this was fascinating! Well done.

thank you i just got this randomly recommended and your explanation was easily digestible enough so that i with no understanding in coding was able to enjoy this video

Wow. Great explanation. I knew about this before but never has it been so well explained

Very easy to follow and cleverly illustrated explanation. Nice video!

10/10 video subbed. nice visuals direct and clear excplanations

A comprehensive explanation, not excessively technical, with excellent visual aids to boot. BRILLIANT VIDEO!

1:47 We can figure out your fingerprint by the audio of your fingerprint, swiping the screen? I don’t know that sounds like that would be really inaccurate. I get that there are technologies that the public isn’t privy to, but I’m sure there is a good amount of posturing and bluffing. To make the government sound more powerful, where they might actually be more inept, and given too much credit.

Mission Impossible’s next film: CPU Gaslight protocol

Thanks to you, I finally understood it!

Wow. You explain very complex algorithms so freaking well that it's captivating.

This is really well explained. Thank you!

I’m 100% going to steal the example of pizzas to explain side-channel attacks to junior developers!

~13:00 kinda sounds like AI. Have computers been using AI to speed up tasks for some 20 years ?

I loved this video! ❤ Finally got an explanation for this surprisingly simple exploit. I will say, I would have loved a section on spectre mitigations instead of ending the video on an unfinished note

We made rocks think with electricity and maths, and look where we are. Industrial society, and so on.

This was an amazing explanation, thank you very much for deepening our understanding about the exploit, I still remember reading about the exploit but couldn't understand the significance of the danger that the systems were facing

Good stuff, clear explanation

FANTASTIC video! makes the attack super understandable and now I'm going to use that side-channel example everywhere

@2:20 "they're the worst computer bugs in history" I thought they were showing a bug flying around the computer for effect but it was actually a fruit fly on my own monitor 🤣

Wow, that was the most simple and straightforward explanations of this attack that I've heard!

explain starts at 10:50

This is absoulutely fantastic. You make all this very easy to follow and understand. I finally get how these exploits basically work. Really well done!

So I guess they "fixed" this bug now using microcode updates on some older CPUs now? Or are there still billions of CPUs that are silently leaking data?

Finally, I found another vulnerability explaining channel! Instant sub.

Interesting this came out when they've just found there's a side-channel exploit in the M series chips used in apple computers.

the pictures representing words and the whole video is so easy to follow and understand. well done with the editing. just had to comment and say.

How did they try to patch it?

This was just pure gold, Subscribed ! Keep going man.

i do like how the headlines for the hot fixes for these were like 20% performance decrease!!!! When in real-time the difference is near unnoticeable.

1:22 I’m only this far and I already love it. That is one of the best and most intuitive explanations of a side channel attack I’ve ever seen!!!!!!

You ever think about the fact that we are only one exploit away from being forced back to the 80s in terms of technology?

Awesome explanation. So clear! Made me think about how our central nervous system runs this kind of speculative execution on sensory inputs and can even act directly before brain (CPU) processing. If you touch a very hot surface, your CNS will jerk your hand back long before your brain has evaluated the full sensory input and come up with your 'real' response.

6:44 The Von Newman bottle-neck is an absurd way to operate. As John Backus said back in the day, the way we made programming languages and hardware is totally insane and backwards, it worked for simpler machines but it was basically a bodge, and he tried to refuse his Turing award, but was talked out of it. That's how wrong our programming languages and hardware is. That was more than 50 years ago, and people keep venerating Unix, C and VonNewman CPU like a cult or church, like perfection, but that's barely a start. We should do better. Well, this field is very young, and there's much to do to have a perfect cathedral.

An explanation smooth and straight as they come. Perfect. Thank you!

Spectre and meltdown in smartphones? 😮

Ngl that’s absolutely crazy. Also nice timing with the M1 thingy even tough you didn’t know about it yet :)

Wait, so how can modern CPUs do this securely?

I already knew what a side channel attack was, but this is the most elegant description of it I've ever heard. Great work!

These are not vulnerabilities or accidents, they are deliberate and demanded by the unintelligence agencies.

Oh my gosh that was such a perfect breakdown! I actually feel like I fully understand the exploit enough that I could implement it myself (which I might try, depending on how complicated any glossed-over details are). I've only vaguely known that the exploit involved speculative execution and a timing attack against the cache, but now I actually understand how elegant the exploit actually is.

To explain Specter and Meltdown, imagine a bus that arrives every 0.35 seconds. That bus runs you over, despite the bus working properly and being driven by a licensed driver. … No? Two of you thought this was funny.

The fact that you were able to something insane so so simply is insane. Great video

First 🎉 nice video

These prediction rollbacks not reverting the cache could also explain how we often get defects (usually crashes) on a piece of code, but then when you run it with the debugger turned on (which executes instruction by instruction, without speculations) then it all works fine.

I am far away from understanding coding and detail CPU ways of operation but I got the essence of what happens here. You are doing a good job explaining things in relatively uncomplicated way.

This is byfar the best explanation I've seen on Spectre and Meltdown. My compliments!

0:53 - I drove past the Defense Mapping Agency building in Reston, Virgina, (now National Geospatial Agency) on my way to work every morning. You knew something was up when the lights were on in the building at 6AM and the parking lot was full. They've sense built a parking garage out of sight from the main highway...

Excellent explanation. Loved the pizza story, it helped a lot

The caught Pablo like this as well. He ordered too many taco's for delivery all at once.

This video was absolutely amazing! Thanks for taking the effort to make it.

Who remembers when the "Strava" Fitbit maps were revealing the locations "secret" military installations?

Awesome, well edited video that breaksdown a high level topic simply. Your content is KZbin at it's best.