Originally presented Friday, February 16th, 2018. As a developer evangelist, you will often be called upon to speak at a variety of events from hackathons to meetups to company all-hands calls to large conferences. An invaluable skill in the evangelist’s toolbox is the ability to quickly learn a technical topic and then teach/explain it to audiences of varying technical expertise. Security researchers recently found and disclosed details about a chip flaw present in most modern CPUs. Explain Meltdown and Spectre: what are they, how are they different, how do they work, and why are they scary? You can choose any format you’d like: PowerPoint deck, rap lyrics, whiteboard coding, no slides whatsoever, it’s completely up to you. A stellar presentation will address the widest possible audience: everyone from a non-technical salesperson or your grandmother to a senior engineering director or CTO. Notes from slides can be found on my website: https://fvcproductions.com.

12. applies to Intel processors
takes advantage of privilege escalation flaw
that allows memory access from user space
private memory available to any user able to
execute code on the system

27. applies to Intel, ARM and AMD
processors
tricks processors into executing instructions
they should not have been able to
grants access to sensitive information from
cached memory

30. if (admin) {
grantAccess();
} else {
doNotGrantAccess();
}

33. • Impacts mostly Intel CPUs
• Attacker can access all physical
memory, including kernel
memory which results in
privilege escalation
• Mitigated through patches but
this can reduce performance for
certain workloads
• Impacts Intel, AMD and ARM CPUs
• Uses speculative execution to trick
other applications into accessing
arbitrary locations in memory
• Patched with so!ware updates but
difficult to remediate and
extremely pervasive

34. • Impact Intel chips
• Take advantage of speculative execution
• Remedies have bad side effects

36. Existing
Remedies

39. Manually replace all computer chips by hand
Go back in time and not buy this computer
Accept my fate

48. Thank You!

50. • https://hackernoon.com/tech-evangelists-reveal-the-secrets-to-attracting-great-developers-75398a5be6d8
• https://speakerdeck.com/bestie/meltdown-and-spectre-in-10-mins
• https://github.com/IAIK/meltdown
• https://www.linkedin.com/pulse/meltdown-spectre-bugs-explained-what-you-can-do-chuck-r-fields/
• https://www.quora.com/How-did-Google-detect-the-vulnerability-in-Intel-chips-and-did-it-receive-anything-in-return-for-telling-Intel-
about-what-they-had-found#
• https://www.quora.com/Is-speculative-execution-a-fundamentally-flawed-processor-feature
• https://www.quora.com/What-do-you-think-of-Linus-Torvalds-reaction-to-Intels-Meltdown-Spectre-fix-as-complete-and-utter-garbage
• https://www.theverge.com/2018/1/6/16854668/meltdown-spectre-hack-explained-bank-heist-analogy
• http://www.zdnet.com/article/spectre-and-meltdown-linux-creator-linus-torvalds-criticises-intels-garbage-patches/
• https://lkml.org/lkml/2018/1/21/192
• https://meltdownattack.com/
• https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html
• https://www.engadget.com/2018/02/15/meltdownprime-spectreprime-research/
• https://www.quora.com/How-do-the-Meltdown-and-Spectre-attacks-work
• https://blog.cloudflare.com/meltdown-spectre-non-technical/
• https://www.slideshare.net/Qualys/avoid-meltdown-from-the-spectre?qid=2feb2d24-0ead-48b4-
b7f8-8a90c7dc439f&v=&b=&from_search=8