Meltdown and Spectre. Spectre, and Meltdown. The two vulnerabilities, both affecting computer processors across the globe, were disclosed on Jan. 3 and in the process sent manufactures scrambling to answer whether or not their operating systems, laptops, cloud computers, and smartphones are safe from hackers.
But another, less technical, question presents itself: just how did the bugs get those cool names?
It turns out we have the security researchers who first discovered Meltdown and Spectre to thank for the terror-evoking nomenclature that may haunt us for years to come. And, importantly, that was kind of the point.
Meltdown has layers
“One morning, he came into the office and suggested to [Moritz Lipp] and me that we should call it Meltdown,” Schwarz told Mashable over email. “We really liked the name for multiple reasons.”
And those reasons? Well, the name drove home the destructive nature of the vulnerability.
“The bug basically ‘melts’ the border between programs and the operating system,” Schwarz explained. “A (nuclear) meltdown usually comes with some form of leakage. It sounds really devastating, with a huge impact, like an actual meltdown in a nuclear reactor.”
Realizing that the “disclosure [would] lead to a collective meltdown,” the name seemed even more perfect. Plus, Schwarz hipped us to the fact that Meltdown evokes a German-language pun.
“In German, meltdown is ‘Kernschmelze,’ which is ‘melting of the core,'” he noted. “We also call the CPU core ‘CPU Kern,’ so it is also a wordplay, implying that the CPU is not in a good condition.”
Which, yeah, that’s pretty neat.
So does Spectre
Image: NATASCHA EIBL
The thinking behind the name Spectre was also multilayered. According to Paul Kocher, who worked with five other researchers to discover the bug, the idea of a ghost was very much on his mind.
“I picked the name Spectre for two reasons — the word’s similarity with ‘speculative’ (since the vulnerability results from speculative execution) and its literal definition as a ghost,” he explained over email. “Speculative execution is largely invisible from ordinary program execution.”
What about the logos?
And the logos? Those were designed by Natascha Eibl. We reached out to her for comment, but haven’t heard back as of press time. Thankfully, however, Schwarz was able to fill us in on some of the details.
“Our ideas for Meltdown were something that melts, e.g. a wall, a barrier, a no entrance sign, or a safe,” he noted of the logo design process. “For Spectre we agreed that it has to be something with a ghost. I don’t know who came up with the idea that the ghost holds a branch, I think it was Moritz. We had 3 or 4 iterations for the logos until we ended up with the final logos, which we really like.”
But things almost took a different turn. Werner Haas, who worked with Thomas Prescher to independently discover Meltdown before teaming up with other researchers also working on the bug, told Mashable that had the two been left to their own devices both the name and the artwork would have likely been something else entirely.
“[We] had a different code name internally and as Thomas and I are rather clumsy with respect to artwork and astronomy aficionados we would have picked a picture from the public domain.”
But that doesn’t mean he’s not a fan. Upon seeing the logo drafts, Haas noted that “they seemed good enough to everybody (and I actually like them) so we quickly decided not to waste any more energy on this topic.”
And so that’s how we ended up with Meltdown and Spectre being the names that chip manufacturers will cry out at night, in anger and despair, for the foreseeable future. But hey, at least they’re catchy. It’s almost enough — almost — to make us forget (even if only for a second) that we’ll be dealing with the ramifications of these vulnerabilities for years.