How The RIDL CPU Vulnerability Was Found

I love how a negative result was so pivotal.

hikingpete

I discovered this channel 5 years ago, thanks to the reverse engineering playlist. I took CS in Uni 3 years ago, inspired by this channel. Some months ago i started writing my thesis on the formalization of relaxed memory models and their speculative behaviour, and today this video is uploaded. What a journey, Live :)

nicholas

Your comment about the page size isn't quite correct: A modern x86 CPU fetches and writes 64 byte chunks of memory (the cache line size). The 4096 byte page size refers to the minimum chunk of memory that can be virtually addressed, i.e. mapped from virtual to physical memory. So basically, as you're watching replace "page" with "cache line" in most of this video. Page size only becomes relevant later when it comes to memory access controls.

squelchedotter

While I might be a bit biased, I really have to say that this video turned out extremely nice! Great job explaining this in a very easy to follow way!

sirmcx

I really respect Intel for not only taking silicon vulnerabilities so seriously, not only starting a bug bounty program, but sponsoring people to promote it by analyzing existing bugs. This is dedication, and I really hope we see more companies treat security in this way. I've seen more and more companies start bug bounty programs recently, and it's definitely a move in the right direction.

ndm

4:12 I don't know if anybody has said this yet, there are only 243 comments right now, but:
What you pronounced as "fourty-two'th" should be "fourty-second"
.
In general: good job. Your work is appreciated.

wrathofainz

I never had someone explain branch prediction so well to me. Thank lord.

peglothefirst

You actually show out-of-order-execution (<illegal instruction>; <instruction with cache side effect>) vulnerabilities, like meltdown. Speculative execution (foo: xor rax, rax; jnz bar; jmp foo; bar: <unreachable, but speculative executed code with cache side effect>) vulnerabilities like spectre are slightly different concepts. The first class is afaik intel-only, the second class is an issue for other modern CPUs of other ISAs too.

RepublikSivizien

In my view, every field should have journals of negative results. I had no idea that the history of the speculative execution vulnerabilities was so rich.

logiciananimal

If anyone else wants more videos like this to watch, Christopher Domas' Defcon talks on x86 architecture are extremely fascinating.

dandymcgee

I did not understand much of the video but still find it intresting

AjayKumar-fdmv

I always wanna understand that issue and you just explained it briliantly! I salute you, man!

miroslavmajer

42 TOOTH lmao. These things just make my day. Thank you!

mikaay

This is one of the best video's you've posted. Well done!

llmnrxpsed

What a great timing of that upload hence I just read about them but didnt know how you would discover something like this

kampet

I made my Bachelor's thesis about RIDL, it was awesome! 😍 I basically used it to leak the hash of the root password of my Professor 's PC remotely through ssh. Cool video, thank you !

francescoventurini

"The forty-twoth page" really gets me.

Forty-second.

sarunint

Amazing video! I hope we get more content on hardware-type vulnerabilities and “hacking”!

ibonitog

Holy smokes, i was waiting on this one ! Big Thanks.

MADhatter_AIM

shoutout to intel for sponsoring this, lol!
amazing video as always

xNaN