When you Accidentally Compromise every CPU on Earth

Поділитися
Вставка

КОМЕНТАРІ • 1,7 тис.

  • @DanielBoctor
    @DanielBoctor  8 місяців тому +155

    THANKS FOR WATCHING ❤
    Try CodeCrafters today with 40% off! 👉 app.codecrafters.io/join?via=daniel-boctor
    JOIN THE DISCORD! 👉 discord.gg/WYqqp7DXbm
    **UPDATE**
    A few commenters have been asking if spectre was ever used in any real attacks. To my knowledge, the answer is no. Using spectre to pull something off in the real world is incredibly complex and difficult. Kaspersky has a great article outlining the theoretical impacts the bugs could have:
    www.kaspersky.com/blog/spectre-meltdown-in-practice/43525/
    **UPDATE v2**
    At 12:07, I said that the operating system would notice when trying to access out of bounds data. A few commenters have pointed out that it's the MMU (hardware level) that would raise a fault in response to access violations, not the OS. The OS gets notified afterwards. My apologies for the mistake. Thanks to those who pointed it out!
    **UPDATE v3**
    A few people were interested in the audio side channel for fingerprint reconstruction. I'm no expert, but I'll link the source in case any of y'all wanted to take a further look.
    here's an article that discusses it:
    www.tomshardware.com/tech-industry/cyber-security/your-fingerprints-can-be-recreated-from-the-sounds-made-when-you-swipe-on-a-touchscreen-researchers-new-side-channel-attack-can-reproduce-partial-fingerprints-to-enable-attacks
    and here's the underlying paper:
    www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf
    👇 Let me know what topics you would like to see next! 👇
    Thank you for all of the support, I love all of you

    • @BillAnt
      @BillAnt 8 місяців тому +6

      The Doctor Boctor has done it again. :) Thank you for this great video showing the concepts of these vulnerabilities in an easily understandable format.

    • @angeltensey
      @angeltensey 8 місяців тому +3

      meltdown and spectre are essentially ways to gaslight your computer.

    • @jasonkhanlar9520
      @jasonkhanlar9520 8 місяців тому +2

      2:30 "process" is mispronunced. maybe human maybe not human generated voice using human live sampling, not sure, either way, the pronunciation is wrong, whether intentional or unintentional

    • @SailorRob
      @SailorRob 8 місяців тому +8

      ​@@jasonkhanlar9520, it's his real voice, and his accent is common to certain parts of the US and Canada.
      Separately, I was going to comment that I enjoyed the pace and format of his narration:
      1. It's to the point.
      2. Quickly gives the relevant information.
      3. Clearly said and easy to understand.
      Despite the northern accent, he gets high marks from me for efficiency.

    • @simonj.k.pedersen81
      @simonj.k.pedersen81 8 місяців тому +2

      Great explanation

  • @SambinoDev
    @SambinoDev 8 місяців тому +4273

    30 seconds in I thought Frank from Domino's was going to be the one responsible for compromising 80 billion CPUs

    • @akk2766
      @akk2766 8 місяців тому +56

      I was thinking that too - 🤣. Like the anesthetist who created BFS - en.wikipedia.org/wiki/Con_Kolivas

    • @dsandoval9396
      @dsandoval9396 8 місяців тому +119

      Same.
      First couple of minutes I really was thinking Frank must've been a PC savant that came up with that exploit at home. While managing Domino's Pizza store.🤦

    • @yyyy-uv3po
      @yyyy-uv3po 8 місяців тому +33

      @@dsandoval9396 Gustavo Fring nerd version

    • @StefTechSurfer
      @StefTechSurfer 7 місяців тому +12

      The perfect cover.

    • @rossr6616
      @rossr6616 7 місяців тому +8

      pepperoni in the clean room!

  • @dr.robertnick9599
    @dr.robertnick9599 8 місяців тому +6278

    That Pizza order thing is a great way to explain what side channel attacks are.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +404

      aha, I was hoping it would be! Glad you thought so 😊

    • @Krono159
      @Krono159 8 місяців тому +87

      not only a great way, but the best one

    • @Batwam0
      @Batwam0 8 місяців тому +72

      When you explained the attack at 15:10, I realised why you have mentioned the pizza story at the beginning and understood the attack method right a way. It was perfect 👌

    • @ahndeux
      @ahndeux 8 місяців тому +26

      Now if we can only correlate donut and coffee orders to police incidents.

    • @RikuRicardo
      @RikuRicardo 8 місяців тому +1

      For real! That makes so much sense

  • @Jack-lr3dn
    @Jack-lr3dn 8 місяців тому +4338

    Insane they figured out a way to effectively gaslight a cpu

    • @iraniansuperhacker4382
      @iraniansuperhacker4382 8 місяців тому +284

      Ive been having conversations with people recently about how vulnerable airliners are to electronic attack/hacking and people are generally under the assumption it would literally be impossible to hack an airplane and bring it down. I tried to explain to them attacks or rouge engineers sneaking something into the tool chain they use to build the software. Ive spent more then a few years learning how to program and how computers work, they tell me I watch too many movies and they try to give me some wild half assed technical reason as to why they are right. Im for sure going to use this video as a reference in the future.

    • @freedustin
      @freedustin 8 місяців тому +242

      Not really. People need to quit thinking computers are smart, they are not. They blindly follow every order that makes it to the CPU.

    • @ahndeux
      @ahndeux 8 місяців тому +147

      @@iraniansuperhacker4382 Wrong and lots of bad information in your post. Its not that software can't be hacked, but most source codes have CRC checks to verify against non-approved changes. Most flight level software has multiple level of checks against malicious code. Its not written by one rogue programmer. There are teams of people and verifications on software code. Can code written incorrectly and compromised? Of course. However, you have no clue to the level of verification is needed in software on critical systems. It's not what you think.

    • @iraniansuperhacker4382
      @iraniansuperhacker4382 8 місяців тому +19

      @@ahndeux Are you a programmer?

    • @jasonfyk
      @jasonfyk 8 місяців тому +7

      wrong
      @@ahndeux

  • @mushroomsamba82
    @mushroomsamba82 8 місяців тому +2499

    all the pentagon would have to do to avoid the side channel attack is throw a pizza party on a random day every month

    • @gamagama69
      @gamagama69 8 місяців тому +201

      and utilize different places, assuming that groups are placing people in resturants to track this

    • @consumerextraordinaire8209
      @consumerextraordinaire8209 8 місяців тому +174

      bean counters: "hmmm, sounds expensive..."

    • @tondekoddar7837
      @tondekoddar7837 8 місяців тому +65

      Exactly. Also, order taxis, drivers, cancel drivers free time, electricity usage (remember what kind of lights you use makes different waveforms in the nearby network) umm no need to track me, 3-letter Sir, I'm just a newborn from halfway across the world, no the GOOD PART... :)

    • @DavidTriphon
      @DavidTriphon 8 місяців тому

      @@gamagama69you can find average wait times on google. After the Russian Wagner group leader died (or maybe some other recent Russian war event, I might not be remembering correctly), anyone who could use google maps for finding restaurants could see that wait times had spiked throughout the Washington DC area. Thanks to google, the DC pizza index is public globally.

    • @johnridout6540
      @johnridout6540 8 місяців тому +110

      That's still not secure. You'd need to throw pizza parties at random intervals irrespective of months.

  • @exzld
    @exzld 8 місяців тому +1908

    "lets not get ahead of ourselves" that was an unintended pun

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +311

      I didn't even realize that lol

    • @raylopez99
      @raylopez99 8 місяців тому +65

      I predict this comment will blow up with likes...

    • @exzld
      @exzld 8 місяців тому +83

      ​@@raylopez99nah it will probably just get rolled back...

    • @pedroandrade8194
      @pedroandrade8194 8 місяців тому +28

      ​@@exzld you might roll back... ill still be a hit

    • @yay-r6j
      @yay-r6j 8 місяців тому

      xD ​@@pedroandrade8194

  • @rog2224
    @rog2224 8 місяців тому +891

    In the 70s, security forces in the UK used a milk bottle metric to predict riots - a dip in returns of empty milk bottles in certain places meant there was going to be serious trouble in the next two-three days.

    • @chaferweed
      @chaferweed 8 місяців тому +7

      Why so?

    • @Zorro9129
      @Zorro9129 8 місяців тому +260

      @@chaferweed The bottles could be used for molotov cocktails.

    • @jtnachos16
      @jtnachos16 7 місяців тому +233

      @@Zorro9129 Also, the lack of people going about daily chores and staying home/out of sight instead would indicate tensions and concerns amongst the populace.
      If you've ever hung around a bad neighborhood before, you know when the druggies and other locals suddenly disappear from the streets, you should be disappearing too. You get the same effect in the widlerness too. If the normal noises of the environment suddenly stop, something is wrong.

    • @dirtydan3029
      @dirtydan3029 7 місяців тому +16

      Im too young to remember milk being in glass bottles

    • @maid1452
      @maid1452 7 місяців тому +14

      @@jtnachos16 That's a good way to put it.

  • @milk-dog
    @milk-dog 8 місяців тому +504

    The timing of this video could not have been better. The GoFetch exploit on M1 and M2 silicon was just discovered as a side channel attack, and your explanation helped understand it a lot better. Thanks.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +120

      I know, it's a crazy coincidence. I started working on this video about a month ago too. Glad you liked it!

    • @ben_car_8115
      @ben_car_8115 8 місяців тому +19

      @@DanielBoctorI honestly thought this was released because of the exploit when I first clicked on it. Sometimes thing just line up so well

    • @tondekoddar7837
      @tondekoddar7837 8 місяців тому +1

      @@DanielBoctorDo you keep any videos for a while just to wait for a thing to happen ? Crazy good video, ty.

    • @fredwupkensoppel8949
      @fredwupkensoppel8949 8 місяців тому +32

      Yeah I was reading about GoFetch the other day and went "wait, isn't that just Spectre all over again"? If you're designing a CPU, shouldn't "could this lead to the resurgence of the worst microarchitecture-based security flaw ever" be a question that gets occasionally asked?

    • @AJ3000_
      @AJ3000_ 8 місяців тому

      @@DanielBoctornailed it

  • @wernerviehhauser94
    @wernerviehhauser94 8 місяців тому +1419

    Why you should always consider to generate some garbage on the side channels...... even if that means bying free pizza for your facility management at night.

    • @lordfrz9339
      @lordfrz9339 8 місяців тому +158

      They now make sure to order small batches of pizza from several different venders. And they buy pizza regularly, not just on big days. So even when the amount of pizza spikes, it just seems like a normal order to each pizza place.

    • @ryelor123
      @ryelor123 8 місяців тому

      @@lordfrz9339A spy could just see how many pizza deliveries occur visually.

    • @josephkanowitz6875
      @josephkanowitz6875 8 місяців тому +6

      ב''ה, but then they'd think Americans still rely on food

    • @corvusnocturne
      @corvusnocturne 8 місяців тому

      wait, people in other countries dont need to eat?@@josephkanowitz6875

    • @BudgiePanic
      @BudgiePanic 8 місяців тому +34

      I heard they stopped ordering pizza entirely from the guy who originally published it

  • @lbgstzockt8493
    @lbgstzockt8493 8 місяців тому +1720

    The people finding hardware vulnurabilities are genuine gigabrains. How do you even come up with this?

    • @GiveThemHorns
      @GiveThemHorns 8 місяців тому +255

      While I understand and appreciate the seemingly impossible nature of finding an exploit like this, it doesn't require a 'gigabrain'. It's just a matter of having the right knowledge with the right set of skills (which can be learned). A good, and common, example of where this type of thinking is regularly used is with SDETs. SDETs use their knowledge of the system combined with the experience and know-how of performing technical analysis in order to identify potential flaws and test for them.

    • @raylopez99
      @raylopez99 8 місяців тому +191

      @@GiveThemHorns Still, the hackers were gigabrains. I mean even designing a keyboard logger is hard to do. As an amateur coder I tried in C# to design a keyboard logger than was a TSR program and could not (of course C# has a keyboard library but not persistent after you stop using the program). But these low level language hackers could do it and also make the program tiny to avoid detection, as well as having a randomly changing signature to avoid anti-virus. Gigachads indeed.

    • @IamFrancoisDillinger
      @IamFrancoisDillinger 8 місяців тому +87

      Agreed. I took a cloud security course in undergrad and I remember learning about these attacks (though I've forgotten most of it) and reset attacks on TPMs and all I could think was "These people are crazy...just how?" I wish I had the knack for such things.

    • @Bug_Abuse
      @Bug_Abuse 8 місяців тому +67

      For some it's a hobby. I learned to break systems when I was a teenager by exploiting games. You just have to think outside the box. I learned to exploit before I starting coding. It makes more sense as a coder how you can't think of every possible edge case over time.

    • @GiveThemHorns
      @GiveThemHorns 8 місяців тому +34

      @@Bug_AbuseCoders don't think of every possible edge case, not even close.

  • @pianowhizz
    @pianowhizz 8 місяців тому +477

    The funny thing was, the speculative execution feature was a known security risk back in the 1990s. It’s not something new.

    • @Zaraaashiigal
      @Zaraaashiigal 8 місяців тому +46

      People always find ways to gaslight and exaggerate. It's common on youtube. I wish more people would realize this.

    • @ChrisM-tn3hx
      @ChrisM-tn3hx 8 місяців тому +60

      Most current methods are very similar to those used back in the 80s and 90s. Take SQL injection for example. One of the oldest and still most common forms of attack. Still works.

    • @Munenushi
      @Munenushi 7 місяців тому +18

      @@Zaraaashiigal youtube is becoming like those commercials where a person - for example - would just dump a bowl of popcorn and then someone would dump a bowl of chips and a voice says "HAVING PROBLEMS WITH BOWLS??" and then the ad begins for a 'new bowl' that has arms attached that go on your thighs when you sit down, so that the bowl doesn't spill as easily.... YT is becoming the "before" (where people just dump bowls stupidly) as the title of the videos here, and then when you click on the video and watch it, it becomes the "after" (where the solution of the new bowl type is shown) - all just clickbait to get people to watch... like the "YOU are doing ______ wrong!" trope lol

    • @MarcosAlexandre-no3qx
      @MarcosAlexandre-no3qx 7 місяців тому +7

      I heard about it, but it was not from the companies if i remember right, but the nsa and the cia would know about this exploit and not inform because they could use it to gather information on people of their interest.

    • @Zaraaashiigal
      @Zaraaashiigal 7 місяців тому

      @@MarcosAlexandre-no3qx You lost me at "The NSA and the CIA".

  • @petersmythe6462
    @petersmythe6462 8 місяців тому +985

    "accessing main memory is incredibly slow"
    "Like a five millionth of a second."

    • @vampir753
      @vampir753 8 місяців тому +200

      Better go and get a coffee in the meantime, this will take a while.

    • @DanLivings
      @DanLivings 8 місяців тому +110

      @@vampir753You could probably drink a couple of trillion caffeine molecules in that time

    • @charliekahn4205
      @charliekahn4205 8 місяців тому +89

      Your average RISC instruction takes around four clock cycles. If your clock is 1GHz, one cycle is 1ns. That means you can perform 50 instructions in the time it takes to access one byte on an 8-bit bus.

    • @kevinjohnston8399
      @kevinjohnston8399 8 місяців тому +61

      @@charliekahn4205 Actually that's not quite correct. Each individual instruction requires four cycles, but after one cycle of one instruction, a new instruction starts its own first cycle. Most of the time there are 4 instructions all in progress at the same time. Each one starts and finishes one cycle after the previous. So in 200ns the CPU can start 200 instructions, and finish 197 of them. (The last 3 are in different stages of "not finished yet", but they all finish in the next 3 cycles.)

    • @AG3n3ricHuman
      @AG3n3ricHuman 8 місяців тому +58

      @@kevinjohnston8399 Actually that's not quite correct. Modern CPUs are superscalar and can start multiple instructions at once, even in a different order than they are in the running program (which is called "out-of-order" execution).

  • @VivBrodock
    @VivBrodock 8 місяців тому +272

    putting out this video a couple days after a side channel attack was found on M1 chips is *_wild_* timing

    • @SeekingTheLoveThatGodMeans7648
      @SeekingTheLoveThatGodMeans7648 8 місяців тому +14

      Perhaps the You Tube algorithm also helped by noticing the intersection of topics with a trending thing. This could have been mad obscure, otherwise.
      At any rate, due to vulnerabilities like this, various speculative executions, due to not wanting to go hog wild due to errors incurred during them if they are wrong, can tap out data that should never have been visible to you.
      Truly serious security in the face of this sounds like it means never letting anything that could be hostile run on your secure computer at any level. Not even websites. As burglar alarms and burglar proof doors get better, data burglars get more clever.

    • @leogama3422
      @leogama3422 8 місяців тому +92

      he speculativelly recorded it

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +73

      Underrated comment lol. In all honesty it was a coincidence. These videos take a very long time to make - I actually started working on this about a month ago. I'm just as surprised as you guys are 🤯

    • @l33tninja1
      @l33tninja1 7 місяців тому

      ​@@SeekingTheLoveThatGodMeans7648 honostly i dont think we shoild have the internet linked to anything vital like our ships, food production and security. Should be as separated from the web as we can manage and the controls should always be on site only.

    • @devonwilliams2423
      @devonwilliams2423 7 місяців тому

      @@DanielBoctorsure bro, can you stay in town one more day? Boeing lawyers have a few more questions
      Oh and good news! They booked you a nice hotel with an incredible parking lot 🎉

  • @DerSolinski
    @DerSolinski 8 місяців тому +868

    Why is there a expense claim for 200 pizzas labeled "security measure"?
    To prevent a side channel attack Sir.
    So this has nothing to do with several complaints about a "obnoxious party" from the locals?
    Absolutely not, Sir.

    • @rightwingsafetysquad9872
      @rightwingsafetysquad9872 8 місяців тому +130

      If we have an obnoxious party every night, the data miners can't figure out which ones mean we're going to war.

    • @skop6321
      @skop6321 8 місяців тому +17

      @@rightwingsafetysquad9872 oh yea its bigbrain time

    • @IanBPPK
      @IanBPPK 8 місяців тому +9

      ​@@VelocifyerThey do now to obfuscate, initially it was from a very short list of places.

    • @tutacat
      @tutacat 8 місяців тому +4

      "Don't give your real address"
      "I. P. Freely"

    • @bb5242
      @bb5242 7 місяців тому +5

      Just randomly hold Pentagon pizza nights.

  • @nobobo2401
    @nobobo2401 7 місяців тому +22

    This reminds me of modern warfare 2 (original one on 360). If you spam click matchmaking and back out right before it gets to 100% about 10 times then quickly load into a private lobby, it will load a bunch of randoms into your private game. That game was so full of bugs but the most fun COD ever.

  • @filker0
    @filker0 8 місяців тому +94

    There are some CPUs that have speculative execution and branch prediction but don't access memory that is not accessible by the thread. Instead, they note the exception when the address isn't in the active page table and, if the branch isn't taken, raises the exception. These include many power pc flavors.

    • @rufmeister
      @rufmeister 8 місяців тому +11

      Unfortunately, not the M1/M2, it seems.

    • @filker0
      @filker0 8 місяців тому +7

      @@rufmeister Not a PPC, ARM followed the Intel memory management model.

  • @JohnUsp
    @JohnUsp 7 місяців тому +27

    In Brazil happened that same in the '60s, when suddenly a bakery in a rural area received a huge order of hundreds of breads, they "followed the bread" and discovered the camping of a guerrilla army.

  • @kayakMike1000
    @kayakMike1000 8 місяців тому +141

    Its NOT just the OS that detects you're out of bounds. There's hardware called an MMU that sets an exception or interrupt for an access fault. The OS just initializes this when it sets up an adress space. In smaller micrcontroller systems, you MIGHT have a rudimentary MPU, but not a full MMU

    • @BillAnt
      @BillAnt 8 місяців тому +29

      Right, a well designed MMU should not allows leaking of data into the cache on out-of-bounds memory calls. The problem is likely with the CPU's speculative processing then backtracking on failure without clearing the cache.

    • @kreuner11
      @kreuner11 8 місяців тому +1

      ​@@BillAntyes

    • @kayakMike1000
      @kayakMike1000 8 місяців тому +6

      @@BillAnt yup, you're correct. I was vomiting up an angry comment when he just said something about the OS emitting a segfault. I just really get wound up when people minimize the hardware.

    • @__christopher__
      @__christopher__ 8 місяців тому +2

      ​@@BillAntif ir would catch the illegal access during speculative execution and simply stop the speculative execution in that case, the indexing with the restricted data would not be executed even speculatively, and thus there would not be any cache change In accessible memory that you might run your timing attack on.

    • @MRL8770
      @MRL8770 8 місяців тому +4

      I believe the confusion might've arosen from the fact that the UNIX-like kernels emit the SEGFAULT signal to a process that caused it (which is in fact irrelevant to memory protection as contrary to what Daniel said, the process can still run and access data after receiving that signal), but as you said, the actual segmentation fault comes directly from the MMU as an interrupt.

  • @Knyllahsyhn
    @Knyllahsyhn 8 місяців тому +114

    I already heard about this from an interview with the researchers that found the vulnerability, but you sure did one hell of a job to visualize and break it down. Funnily, code remaining in some part of some memory has been used in higher-level attacks, like the famous Tweezer Attack on the Wii. Crazy how since the early days of computing, more and more layers have been added, leading to similar problems on lower levels.

    • @raven4k998
      @raven4k998 Місяць тому

      well shit now we need an entirely NEW cpu architecture to get around this problem🤣🤣🤣🤣🤣

  • @Amir_404
    @Amir_404 8 місяців тому +170

    An important thing to note is that there was *probably* no cases of Spectre leaking data in the wild. It was a new class of possible exploits so experts freaked out because nobody know what could come of it , however(by shear luck) nobody ever found a usable attack using Spectre. The fastest leak found was 60 bits/hour, and it would take a theoretical unrelated exploit to find what memory address had the data you wanted to steal.

    • @KiraSlith
      @KiraSlith 8 місяців тому +14

      In an optimal setup with a small cache and RAM pool, it could be used to retrieve otherwise inaccessible/secret encryption keys. Technically it'd be easier to just bung whatever app you're trying to steal keys from into a compromised virtual machine engine (FOSS hypervisors like KVM are easy to exfiltrate data from) or exploit DMA devices (like the ethernet controllers on most motherboards) to dump system memory in pages until you find the desired keys. [Edit: Typos]

    • @saddish2816
      @saddish2816 8 місяців тому +13

      nation states will have known about this before it was made public and would have used it, unless they had better methods of achieving the same thing

    • @_BangDroid_
      @_BangDroid_ 8 місяців тому +18

      @@saddish2816 And which APT groups are we talking about? Considering even now after everyone knows the technical details there are still no valid exploits for vulnerable silicone, your assertion is entirely speculative.

    • @ABaumstumpf
      @ABaumstumpf 8 місяців тому +18

      "The fastest leak found was 60 bits/hour" !?!?!
      WTF? Why are you lying about this? It was demonstrated to be fast enough for video transmission even.

    • @Mavendow
      @Mavendow 8 місяців тому +28

      ​@@ABaumstumpf The initial research showed what he says, but you're right, later research did find a far better method. He's not lying, just plain wrong.

  • @vishipsherrah
    @vishipsherrah 8 місяців тому +277

    I expected you to talk about that shady intel management thing that has unlimited control over cpu and runs mysterious code that only intel knows what it does

    • @BrandonFifer
      @BrandonFifer 8 місяців тому +81

      The Intel Management Engine?

    • @shinobuoshino5066
      @shinobuoshino5066 8 місяців тому

      Probably because you're sub-68IQ cretin who has been on 4chan for too long and spent a total of 0 seconds researching how it works, when used as intended, if you knew intended use and actually put your time into tinkering with it, you may or may not have figured out how it works just like many people did who know what it does because reverse engineering even a total black box is trivial.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +123

      Can you link to what you're referring to? Could be a topic for a future video 👀
      EDIT: seems like it is Intel Management Engine. Going to look into this.

    • @ryansullivan3085
      @ryansullivan3085 8 місяців тому +43

      Ah that's a comforting thing for an Intel CPU user to hear

    • @TheSensationalMr.Science
      @TheSensationalMr.Science 8 місяців тому +13

      from what I could find I heard it runs a modified version of minix to run microcode [CPU code] on the CPU microcontroller.
      though I don't know if that is true or not... haven't cut open a CPU or tried debugging it their way to get there.
      though it would be interesting learning more about it, so that we can understand *WHAT* it does, and how like this explanation did.
      [also he probably can't... UA-cam hates links] just search *intel management engine* and you'll find a wiki and the intel page about it... though I don't know about any vulnerabilities using it though.
      Hope you have a great day & Safe travels!

  • @SlightlyNasty
    @SlightlyNasty 8 місяців тому +25

    Nice explanation! I remember when this broke originally all the news coverage just handwaved over the actual cache extraction part, so I was never clear on how the timing attack actually determined the specific value. That array indexing trick is nifty.

    • @robertsmith2956
      @robertsmith2956 7 місяців тому

      I never got an answer about the Pentium math bug. Which way did it fail? Should I use it to do my taxes?

  • @whamer100
    @whamer100 8 місяців тому +45

    this was the first video ive seen that actually showed this exploit in a very easy to digest manner (I'm a computer science major, so I already understood the technical details, but this reinforced it in a way that makes way more sense than I originally had thought)

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +6

      That's pretty awesome, glad it was able to help! Thanks for the support ❤️

    • @snorman1911
      @snorman1911 6 місяців тому

      Look everyone, we got a computer science major over here!

  • @macksii
    @macksii 8 місяців тому +25

    i know nothing about computer vulnerabilities but you made it incredibly digestible to understand. nice work!

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +3

      Thanks for the kind words! Keep on doing what you're doing 😊

  • @glitchy_weasel
    @glitchy_weasel 8 місяців тому +108

    The best explanation of this vulnerability hands down! Fantastically done!!

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +11

      I'm honoured, thank you!

    • @davidvelasco4423
      @davidvelasco4423 8 місяців тому

      What would you know about that? You're a furry.

  • @juliangi8169
    @juliangi8169 8 місяців тому +83

    This was insanely well explained. Great Video!

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +6

      Thank you!! Glad you liked it 😊

  • @jacob_90s
    @jacob_90s 8 місяців тому +9

    You know what's really funny is I remember hearing a lot about this at the time, but it wasn't until just a few days ago that I finally found a video that made it click for me how this worked... and now you come out with this one which does an even better job of explaining it.
    Also, just to note, I believe that most of the vulnerabilities are not capable of accessing the memory of other processes at all. The biggest concern has been programs like browsers, where code is all running inside the same process, and you have cookies, passwords, credit card numbers, etc which could all potentially be accessed.
    It seems like for a permanent hardware fix, either they need to evict the data from the cache, or have a separate, speculative cache which is then later committed to the main cache.

    • @robertsmith2956
      @robertsmith2956 7 місяців тому

      speculative memory should be flushed if it is wrong, and locked down till it knows if it was wrong.

  • @MertonDingle1111
    @MertonDingle1111 5 місяців тому +5

    This is one of the best explainer video I've seen.
    You simplify something very complex, and yet do not skip anything.
    All within a very short time frame.

    • @DanielBoctor
      @DanielBoctor  5 місяців тому +2

      thank you for this. I appreciate the support

    • @MertonDingle1111
      @MertonDingle1111 5 місяців тому

      @@DanielBoctor You very much deserve it!

  • @MrMCMaxLP
    @MrMCMaxLP 8 місяців тому +5

    This was a great video, thanks for explaining the exploit in detail. In my computer architecture class, the professor mentioned these attacks but never actually explained how they worked. I never realized that speculative execution would mess up with the cache!

  • @ethanlewis1453
    @ethanlewis1453 6 місяців тому +3

    @2:20 "they're the worst computer bugs in history" I thought they were showing a bug flying around the computer for effect but it was actually a fruit fly on my own monitor 🤣

  • @gregs6403
    @gregs6403 6 місяців тому +2

    This is so well explained. So many tech channels flounder when they try to explain the actual mechanisms at hand, but you clearly have a truly excellent understanding. Thank you for making this.

    • @DanielBoctor
      @DanielBoctor  6 місяців тому +3

      thank you for the feedback! I appreciate it. I'm glad you thought so

  • @darkguardian1314
    @darkguardian1314 7 місяців тому +3

    Side channel attack is like gravity or dark matter.
    You see the effects even though you don't know what's happening.
    Going to have to do a deep dive to get up to speed.

  • @ryangrogan6839
    @ryangrogan6839 8 місяців тому +36

    A side channel attack is a way of deriving information simply by observing the function of a system. Usually its info you shouldnt normally beable to derive.

  • @tiredpotato5539
    @tiredpotato5539 8 місяців тому +31

    Dude. I love your videos, you choose very interesting topics and explain them BEAUTIFULLY.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +3

      Glad you think so! Thank you for the support Tired Potato ❤

  • @theideaofevil
    @theideaofevil 7 місяців тому

    Computer Scientist and Senior Programmer/Analyst here, you've done a great job covering branch prediction and the problem of thrashing the cache here. Minimizing your bottleneck to main memory is one of my favorite architectural problems and I use it all the time to illustrate architectural principals to juniors.

  • @chasebrower7816
    @chasebrower7816 8 місяців тому +3

    Feels very rare that a channel makes content this cogent and well organized. Great job!

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +1

      wow, I'm honoured to receive such a comment. thank you for the support!

  • @floodtheinbox
    @floodtheinbox 7 місяців тому

    There are a lot of videos talking about computing exploits but the way you wrote and described this one is super approachable and made it really easy to understand.

  • @tripplefives1402
    @tripplefives1402 8 місяців тому +8

    In the video you said that the operating system prevents your program from accessing memory of other programs, this is not so. The operating system loads in the page table in each core for the current process running on that core (each process is a page table from the CPU hardware point of view, each thread is a stack) every time is does a context switch invoked by the system timer interrupt handler. It's the actual CPU hardware itself that does the privilege check on memory access according to flags set in the page table entries for that address being accessed. If flags don't allow it or if the address is not present then it invokes a page fault interrupt handler from which the OS can spawn a dialog box process and kill process or it can sleep the process and notify the hard drive driver to read in the virtual memory for the missing page entry.
    So on the event that you access memory you are not allowed to get the CPU will see the flags in the page table and invoke the interupt handler for page faults. The kernel ISR then just populates a log entry with the values stored in registers, puts the bad process to sleep, and quickly exits. The kernel process then sees that log entry and does the work of unloading the stopped process (stopped being just a flag in a data structure that the system timer ISR sees to know not to switch in the page table for the stopped process).

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +1

      This is very interesting, thanks for pointing it out! I didn't realize this at the time. Thanks for sharing all this info. I went ahead and updated my pinned comment. Thanks again!

    • @BSOD.Enjoyer
      @BSOD.Enjoyer 7 місяців тому

      @@DanielBoctor 2:27 can spectre really allow user to access virtual memory from other processes? each process has their own address space
      if mspaint.exe calls ptr=malloc(1), chrome.exe won't have a virtual address that translates to same physical address as what ptr inside mspaint.exe translates to
      whatever out of bound array access chrome.exe is doing, it wont access ptr inside mspaint.exe
      based on your description of spectre, i dont see how reading virtual memory from other process is possible

  • @darkguardian1314
    @darkguardian1314 8 місяців тому +3

    Nice opening shots of USS Makin Island (LHD-8).
    She wasn’t in service during Desert Storm.
    Back then we were riding on Tarawa Class like LHA-3 Belleau Wood. 😊

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +2

      haha, you got me there! cool to know

    • @darkguardian1314
      @darkguardian1314 7 місяців тому +1

      @@DanielBoctor This beats CNN effect covering the attack as it happened. Iraq just had to watch CNN for info.
      We complained about too much information being put out during an active assualt.
      That continued with the second war with embedded reporters like Geraldo Rivera drawing maps in the sand that got him kicked out of the field. 😆

  • @oscarcharliezulu
    @oscarcharliezulu 8 місяців тому +4

    Whoa. Just goes to show how hard security really is. If not truly possible.

  • @soacespacestation8556
    @soacespacestation8556 Місяць тому

    Quite a nice hook you have there. It starts out with an interesting, seemingly unrelated topic, which is a military group wanting to know when air raids will occur.
    Then you mentioned an extraordinary, very unexpected way to do so. Pizza!
    At the end, you tied the hook with the topic at hand by explaining that the Pizza index being used to indirectly access confidential information is a side channel attack. You also implied that the computer bugs talked about in this video uses the same thing.
    I think your introduction is well made. I rarely like videos, but if I had to, this one would be on the almost empty list. Great job!

    • @DanielBoctor
      @DanielBoctor  26 днів тому

      thank you! I really appreciate this comment, haha. I'm honored :)

  • @geraldfisher7460
    @geraldfisher7460 8 місяців тому +3

    The last time I tried programming something was a TV remote 3 decades ago. That being said this was fascinating! Well done.

  • @JohnSmith-of2gu
    @JohnSmith-of2gu 8 місяців тому

    A comprehensive explanation, not excessively technical, with excellent visual aids to boot. BRILLIANT VIDEO!

  • @scootsmcgoots1
    @scootsmcgoots1 8 місяців тому +3

    This was fascinating and really well explained. Great video

  • @SIPEROTH
    @SIPEROTH 8 місяців тому

    I am far away from understanding coding and detail CPU ways of operation but I got the essence of what happens here.
    You are doing a good job explaining things in relatively uncomplicated way.

  • @TheLexikitty
    @TheLexikitty 8 місяців тому +3

    Fantastic video, instant sub 💞

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +2

      Glad you liked it! Thanks for the sub

  • @jafaremir1403
    @jafaremir1403 8 місяців тому +1

    Mission Impossible’s next film: CPU Gaslight protocol

  • @anythingbenz4005
    @anythingbenz4005 8 місяців тому +3

    Government needs to start baking their own in house pizza before someone poisons them all lol

  • @icannotbeseen
    @icannotbeseen 8 місяців тому +1

    I worked tech support for a virtualisation company while this was current and I’m feeling the nostalgia 😭

  • @Luzum
    @Luzum 8 місяців тому +4

    great vid, gj with the editing and analogies, keep doing what u do

  • @cleoh3
    @cleoh3 8 місяців тому +2

    Wow, I usually have trouble focusing on technical videos like this, but you presented this beautifully. It's fascinating stuff too which certainly helps, but you explained it in an impressively digestible way. Thank you very much!

  • @YeloPartyHat
    @YeloPartyHat 8 місяців тому +3

    Wow. Great explanation. I knew about this before but never has it been so well explained

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +1

      haha, I'm honoured you think so ❤

  • @Redsmeg68
    @Redsmeg68 7 місяців тому +1

    The people that figure this stuff out are geniuses

  • @exildur
    @exildur 8 місяців тому +5

    Absolutely fascinating video, and very well made & explained!

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +1

      Glad you liked it! Thanks for the comment

  • @3rdalbum
    @3rdalbum 3 місяці тому

    I already knew what a side channel attack was, but this is the most elegant description of it I've ever heard. Great work!

  • @YellowDice
    @YellowDice 8 місяців тому +10

    i do like how the headlines for the hot fixes for these were like 20% performance decrease!!!! When in real-time the difference is near unnoticeable.

    • @Bialy_1
      @Bialy_1 8 місяців тому +7

      Because 20% performance decrease in real-time is near to unnoticeable...

    • @Blox117
      @Blox117 7 місяців тому +2

      unnoticeable if all you use your computer for is minecraft, fortnite, and tiktok

  • @rustycherkas8229
    @rustycherkas8229 8 місяців тому +2

    Who remembers when the "Strava" Fitbit maps were revealing the locations "secret" military installations?

  • @Originalimoc
    @Originalimoc 8 місяців тому +3

    explain starts at 10:50

  • @pranaypallavtripathi2460
    @pranaypallavtripathi2460 7 місяців тому +2

    An extremely complex topic explained in an extremely simple way. True hallmark of an expert. Keep this up. Subscribed 👍

  • @aeaeaeaeoaeaeaeaeae
    @aeaeaeaeoaeaeaeaeae 8 місяців тому +4

    Wait, so how can modern CPUs do this securely?

    • @stargazer7644
      @stargazer7644 7 місяців тому +4

      you make sure to roll back ALL changes, including flushing the cache

  • @4u2nvinmtl
    @4u2nvinmtl 6 місяців тому +1

    The caught Pablo like this as well. He ordered too many taco's for delivery all at once.

  • @Dreamer66617
    @Dreamer66617 8 місяців тому +2

    10/10 video subbed. nice visuals direct and clear excplanations

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +1

      Thanks! Glad you have you apart of the community

  • @Ahsan_Fazal
    @Ahsan_Fazal 7 місяців тому +1

    I’m 100% going to steal the example of pizzas to explain side-channel attacks to junior developers!

  • @narayanbandodker5482
    @narayanbandodker5482 8 місяців тому +16

    So I guess they "fixed" this bug now using microcode updates on some older CPUs now? Or are there still billions of CPUs that are silently leaking data?

    • @polinskitom2277
      @polinskitom2277 8 місяців тому +7

      still some leaking data, i.e, i3-2xxx to i5-6xxx are still unpatched to this day, amd put more effort into patching older CPUs than intel, with the only ones being unpatchable are cpus older than 2006

    • @Ocastia
      @Ocastia 8 місяців тому +1

      To be fair Skylake is now over 8 years old so whilst this isn't great I doubt that it matters too much.

    • @Momi_V
      @Momi_V 8 місяців тому +9

      There are workarounds in modern OS-Kernels. They don't fix the underlying issue, but are more careful when switching around between different processes and memory accesses. This mostly works, but has a performance overhead that can be significant (>10%) in some workloads. Some people insist on booting Linux with mitigations=off to get back that bit of extra performance, but make themselves vulnerable to those "fixed" attacks in the process.

    • @rightwingsafetysquad9872
      @rightwingsafetysquad9872 8 місяців тому +2

      @@polinskitom2277 Maybe I'm wrong, but if the 7th gen chips were patched, I'd imagine the 6th gen were as well because they're the same architecture. Half-way through the 8th generation hardware fixes were introduced. Unfortunately the only reliable way to determine if a particular 8th gen chip has fixes is to look up the model number. 9th gen and newer should be completely good.

    • @stefanl5183
      @stefanl5183 7 місяців тому +2

      It's a theoretical exploit, that would be very impractical to utilize in the real world. The problem is the process executing the exploit may know that it's reading memory outside it's process, but it has no idea of what resides in that memory and whether it's anything valuable or useful.

  • @slime_stick
    @slime_stick 8 місяців тому +2

    I loved this video! ❤
    Finally got an explanation for this surprisingly simple exploit.
    I will say, I would have loved a section on spectre mitigations instead of ending the video on an unfinished note

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +3

      Thank you! I definitely realize now that I should have included a section on patches / mitigations. Going to keep this is mind for future videos.

  • @Xenonuxium
    @Xenonuxium 8 місяців тому +9

    Thanks to you, I finally understood it!

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +2

      That's awesome to hear! I'm honoured 😊. Thanks for watching

  • @swdev245
    @swdev245 8 місяців тому +1

    What a coincidence. Coming here from ThePrimeTime video where he lets a security researcher who just so happened to be in his chat explain the topic. Great video.

  • @IvanToshkov
    @IvanToshkov 8 місяців тому +2

    This is really well explained. Thank you!

  • @haystackyarn
    @haystackyarn 8 місяців тому +1

    The fact that you were able to something insane so so simply is insane. Great video

  • @liggerstuxin1
    @liggerstuxin1 8 місяців тому +3

    1:47 We can figure out your fingerprint by the audio of your fingerprint, swiping the screen? I don’t know that sounds like that would be really inaccurate. I get that there are technologies that the public isn’t privy to, but I’m sure there is a good amount of posturing and bluffing. To make the government sound more powerful, where they might actually be more inept, and given too much credit.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +3

      It's brand new research, and I'm no expert on the matter, but I'll link to the source below in case you want to take a look yourself.
      here's an article that discusses it:
      www.tomshardware.com/tech-industry/cyber-security/your-fingerprints-can-be-recreated-from-the-sounds-made-when-you-swipe-on-a-touchscreen-researchers-new-side-channel-attack-can-reproduce-partial-fingerprints-to-enable-attacks
      and here's the underlying paper:
      www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf

    • @liggerstuxin1
      @liggerstuxin1 8 місяців тому +2

      @@DanielBoctor Jesus Christ that is impressive and also terrifying. We are absolutely in the future where anything as possible. I appreciate the source. I checked a couple other sources as well. Just didn’t think it was remotely possible. Subbed

  • @jacobparasite
    @jacobparasite 7 місяців тому +1

    That is the highest quality of communication I’ve seen in any format for a long time - what a fucking achievement - well done

    • @DanielBoctor
      @DanielBoctor  7 місяців тому +1

      haha, this is one of my favourite comments of all time. I'm honoured. thank you for the support ❤️

  • @jussiheino
    @jussiheino 8 місяців тому +2

    Good stuff, clear explanation

  • @tamertamertamer4874
    @tamertamertamer4874 8 місяців тому +1

    Ngl that’s absolutely crazy. Also nice timing with the M1 thingy even tough you didn’t know about it yet :)

  • @Speedojesus
    @Speedojesus 8 місяців тому +2

    We made rocks think with electricity and maths, and look where we are.
    Industrial society, and so on.

  • @kineticcat5557
    @kineticcat5557 8 місяців тому +1

    FANTASTIC video! makes the attack super understandable and now I'm going to use that side-channel example everywhere

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +1

      I know, it's a great analogy. Thanks for watching!

  • @pinnacleexpress420
    @pinnacleexpress420 8 місяців тому +3

    ~13:00 kinda sounds like AI. Have computers been using AI to speed up tasks for some 20 years ?

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +2

      I certainly sounds like it, but it's not. These predictions are typically made using simpler heuristic-based or statistical approaches, which tend to be based on the history of taken and not-taken branches, rather than 'real' AI algorithms. It's a fascinating area. I'd love to dive deeper into the concept, but it's a little out of scope for me at the moment. Perhaps someone else can chime in with some lower level details.

  • @_fudgepop01
    @_fudgepop01 8 місяців тому

    This is the most elegant breakdown of branch prediction and what it does with cache memory I’ve ever seen

  • @Elesario
    @Elesario 8 місяців тому +9

    Interesting this came out when they've just found there's a side-channel exploit in the M series chips used in apple computers.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +4

      I know, it's a crazy coincidence. I started working on this video about a month ago too.

    • @pixobit5882
      @pixobit5882 8 місяців тому +2

      ​@@DanielBoctor I've watched this video a few hours ago an now i've stumbled across a primeagen video about the M series problem, where LowLeveLearning explains exactly the same as you did in this video.

  • @bannawitkongkasmut
    @bannawitkongkasmut 5 місяців тому +1

    thank you i just got this randomly recommended and your explanation was easily digestible enough so that i with no understanding in coding was able to enjoy this video

  • @billyj.causeyvideoguy7361
    @billyj.causeyvideoguy7361 7 місяців тому +4

    You ever think about the fact that we are only one exploit away from being forced back to the 80s in terms of technology?

    • @stargazer7644
      @stargazer7644 7 місяців тому +1

      This is why security is done in layers. It really doesn't matter if you have an exploit to steal memory data if you can't get through the firewall to implement it.

  • @ashrocks8443
    @ashrocks8443 8 місяців тому +1

    This was an amazing explanation, thank you very much for deepening our understanding about the exploit, I still remember reading about the exploit but couldn't understand the significance of the danger that the systems were facing

  • @dexterantonio3070
    @dexterantonio3070 8 місяців тому +4

    How did they try to patch it?

    • @sub0rLai
      @sub0rLai 8 місяців тому +1

      it's un-patchable, you need a new CPU without speculative execution and branching. don't even know if they exist atm.

    • @dexterantonio3070
      @dexterantonio3070 7 місяців тому

      @@sub0rLai That is not entirely true. I know intel sent out some fix that ended up bumping up some server energy consumption by 40%

    • @netkv
      @netkv Місяць тому

      im bit late but lscpu on my 3570k shows
      Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
      Spectre v2: Mitigation; Retpolines; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
      Meltdown: Mitigation; PTI
      idk what it means but it must have been patched somehow, probably resulting in lot of perfomance i'd guess
      if it wasn't then like everyone would buy new cpus

  • @sajinkahnalt
    @sajinkahnalt 8 місяців тому

    The lemmino music was an incredibly good choice for this video given its topic. It’s some of my favorite music to listen to when focusing on something difficult or working. It’s underrated stuff.

  • @monad_tcp
    @monad_tcp 8 місяців тому +7

    6:44 The Von Newman bottle-neck is an absurd way to operate. As John Backus said back in the day, the way we made programming languages and hardware is totally insane and backwards, it worked for simpler machines but it was basically a bodge, and he tried to refuse his Turing award, but was talked out of it.
    That's how wrong our programming languages and hardware is. That was more than 50 years ago, and people keep venerating Unix, C and VonNewman CPU like a cult or church, like perfection, but that's barely a start. We should do better.
    Well, this field is very young, and there's much to do to have a perfect cathedral.

    • @drivers99
      @drivers99 8 місяців тому +1

      Interesting! Any good search terms to find out more? I’m interested in building computer architectures and other systems from scratch.

    • @kreuner11
      @kreuner11 8 місяців тому +1

      ​@@drivers99don't worry about this guy, I'm not sure how the fact it takes a while to read computer memory is related to it's pure architecture. One could make an ISA which is more explicit in what to do in that gap though

    • @afterthesmash
      @afterthesmash 8 місяців тому +3

      John von Neumann was perhaps the smartest guy alive in this field at the time he pioneered digital computation at the IAS. His approach unified code and data, which was a big deal. Anyone else could have come along since then and proposed a better method suited to subsequent generations of hardware, including John Backus. It never happened because it's a very hard problem. There are a finite number of pins on the CPU package. That's where the bottleneck originates, not the von Neumann architecture. I studied Backus's proposal for the programming language FP back in the 1980s. There was merit in what he was proposing at the software level, but he never contributed anything useful to hardware architecture other than hot air.

  • @JazzJackrabbit
    @JazzJackrabbit 8 місяців тому +1

    The obvious solution to this problem would be to clear the cache automatically once there is an incorrect branch prediction.

  • @olegmakarikhin
    @olegmakarikhin 8 місяців тому +5

    Spectre and meltdown in smartphones? 😮

  • @spoobspoob2270
    @spoobspoob2270 7 місяців тому

    This was a wonderfully executed video in all aspects. Having these explained to me like this actually blew my mind. The final conclusion was satisfying and brought everything you talked about together beautifully. Well done

  • @HamguyBacon
    @HamguyBacon 8 місяців тому +5

    These are not vulnerabilities or accidents, they are deliberate and demanded by the unintelligence agencies.

    • @xSaDii
      @xSaDii 8 місяців тому +3

      Yeah, sure, i can imagine the dialog "let's release a potential vulnerability to everyone in the world because we're the only smart people able to understand how it works" 🙄🙄 Anyone in the world could have descipher this, including North Korea, for example.

    • @robertsmith2956
      @robertsmith2956 7 місяців тому

      @@xSaDii Yea, North Korea is known for notifying the world of exploits so they can be patched. How long did it take for anyone to figure out VW's emission trick?
      if (OBD2 plugged in == TRUE) .....;

  • @1337bitcoin
    @1337bitcoin 4 місяці тому

    Wow. You explain very complex algorithms so freaking well that it's captivating.

  • @knghtbrd
    @knghtbrd 8 місяців тому +5

    To explain Specter and Meltdown, imagine a bus that arrives every 0.35 seconds. That bus runs you over, despite the bus working properly and being driven by a licensed driver. … No?
    Two of you thought this was funny.

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +3

      I must be one of the two LOL

    • @knghtbrd
      @knghtbrd 8 місяців тому

      @@DanielBoctor I was going to further feed the beast with a pun about HOME's We're Finally Landing, but that might be a little too on the nose. Besides, you weren't even eating a slice of pizza while explaining this, sheesh.
      I'll stop now. 😁 Enjoyed the video!

  • @MinishMan
    @MinishMan 8 місяців тому

    Awesome explanation. So clear! Made me think about how our central nervous system runs this kind of speculative execution on sensory inputs and can even act directly before brain (CPU) processing. If you touch a very hot surface, your CNS will jerk your hand back long before your brain has evaluated the full sensory input and come up with your 'real' response.

  • @fletcherluders415
    @fletcherluders415 6 місяців тому +1

    Wow, that was the most simple and straightforward explanations of this attack that I've heard!

  • @cry1273
    @cry1273 8 місяців тому +3

    First 🎉 nice video

    • @DanielBoctor
      @DanielBoctor  8 місяців тому +2

      First indeed. Glad you liked it! Thanks for watching ❤

  • @mritunjaymusale
    @mritunjaymusale 8 місяців тому +1

    This is probably the best security explanation video that I have ever seen

  • @whisky0809
    @whisky0809 7 місяців тому

    Ahhh I love that you used Cipher, great callback

  • @snorman1911
    @snorman1911 6 місяців тому

    Super, this is the first time ive actually seen the details explained. Usually, it's a hand wavy "and then they steal the data from the cache."

  • @MartynDerg
    @MartynDerg 7 місяців тому

    the pizza analogy is absolutely flawless, I love it

  • @MrSammyTeee
    @MrSammyTeee 5 місяців тому

    Fantastic use of the Pizza index to explain side-channel attacks!

  • @magicmanchloe
    @magicmanchloe 8 місяців тому

    1:22 I’m only this far and I already love it. That is one of the best and most intuitive explanations of a side channel attack I’ve ever seen!!!!!!

  • @Czarmzy
    @Czarmzy 8 місяців тому +1

    Congratz to whomever figured this attack out. The last bit was particularly genius. It's a bit of a shame on Intels QA part though. Great video as a whole.