In theory, and in the lab at least, this is a cool little attack. Intel is super skeptical it’s a big deal for many ppl. Who knows? It’s a bit early to make an accurate assessment.
This is fairly comprehensible analysis from Intel of the so-called Hertzbleed side-channel cryptographic attack.
The long and short of it is that there are likely to be very, very few organizations/people who should actually be worried about this.
And another opinion.
I haven’t read the Hertzbleed paper yet, but I’m simply going to observe that the most powerful side-channel attacks are those where (1) operations are done very slowly, and (2) each operation depends on very few bits of the key.
-
@aluandalee @IanColdwater @krisnova highly recommended talk to blow your mind: your CPU runs a web server, has a USB stack & a mouse driver, and even Google didn't discover that until 5 yrs ago (at which point they started dumping Intel boards en mass and building & rolling out their own across their global fleet).
Kenn White @kennwhite
-
-
2013: Bug is fixed
2016: Fix is regressed
2022: Exploited in-the-wild and fixed again #itw0days
Here's the story of CVE-2022-22620, including zombies 🧟♀️
googleprojectzero.blogspot.com/2022/06/an-aut…
-
Have a look at what China thinks about Russian APTs.
https://www.socinvestigation.com/apt-c-53-aka-gamaredon-launches-new-ddos-attacks-using-loic/
-
-
https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
-
More attribution of US cyber ops from the Global Times and a Chinese cyber security company, Anzer
Exclusive: Report reveals how US spy agencies stole 97b global internet data, 124b phone records in just 30 days
-
Anastasios @a_andronidis and I are delighted to announce SnapFuzz, our fuzzing framework for network applications:
-
The Hollywood Reporter @THR
-
I was able to access thousands of companies’ passwords on #Azure and run code on their VMs.
This includes access to Microsoft’s own credentials… 💣
Here’s HOW I did it.
This is the story of #SynLapse. (1/11)
-
The latest blog from the Trend Micro Research Team looks at CVE-2022-26937: a Microsoft Windows NFS NLM Portmap stack buffer overflow that could lead to RCE. They provide root cause, source code walkthrough, and detection guidance. zerodayinitiative.com/blog/2022/6/7/…
-
*whispers* It's only the Internet Explorer desktop application that's going out of support. The browser engine, MSHTML, will be supported on Windows machines until 2029...
-
Missed our @reconmtl talk?
This blogpost by @__comedian and @hgarrereyn provides an in-depth walk through of the slides, released tools, and previously undocumented workings of Mikrotik internals.
margin.re/blog/pulling-m…
-
Great work by the team here.
Free knowledge and education empowers all to know how to attack and defend.
Web developers, site reliability engineers, security consultants or bug bounty Ronin. It doesn't matter..
Web Security Academy @WebSecAcademy
-
It will never not be funny to me that there were two enemy philosophers who lived at almost the exact same time called Hegel and Schlegel
-
WHOA: White House just weighed in on possible acquisition of NSO by @L3HarrisTech.
Doesn't sound pleased.
Parses as a thinly veiled warning that a *lot of scrutiny is on the table.*
I wonder if $LHX shareholders have an appetite for it?
By @skirchy
theguardian.com/world/2022/jun…
-
Cyber partisans get a glowing review.