|
VUSec
@
vu5ec
Amsterdam, The Netherlands
|
|
Systems and Network Security Group @VUamsterdam. Co-led by @herbertbos @c_giuffrida @kavehrazavi @EKouwe
|
|
|
155
Tweetovi
|
129
Pratim
|
2.219
Osobe koje vas prate
|
| Tweetovi |
|
VUSec
@vu5ec
|
27. sij |
|
Another day, another #RIDL embargo and addendum! “New” (not really!) variants of the day: L1D evictions (Fig 6, RIDL paper) or #L1DES and vector registers or #VRS. See mdsattacks.com. As a bonus: a faster RIDL exploit that leaks a root hash in 4s: youtube.com/watch?v=4DQAcC…
|
||
|
|
||
|
VUSec
@vu5ec
|
14. sij |
|
Our NDSS paper, ABSynthe is now online:
download.vusec.net/papers/absynth…
ABSynthe takes a target program and a microarchitecture and automatically synthesizes new side channels. With cool leakage maps!
@bjg @c_giuffrida @kavehrazavi @mik__ @herbertbos
|
||
|
|
||
|
VUSec
@vu5ec
|
5. pro |
|
Fixed this. Sorry!
|
||
|
|
||
|
VUSec
@vu5ec
|
4. pro |
|
Yes, and this is why we did not say anything about incremental work (which we love), negative results (which we love), or analysis of things that do not work (which we love).
|
||
|
|
||
|
VUSec
@vu5ec
|
4. pro |
|
Interesting. Thanks for the link. Will add a link.
|
||
|
|
||
|
VUSec
@vu5ec
|
4. pro |
|
We compiled a long list of Threats to Validity/Relevance in Security Research for our students, building on common sense & our papers on malware experiments and on benchmarking (and inspired by @GernotHeiser's excellent blog). Perhaps useful for others?
bit.ly/2XAUtmS
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Financial Times
@FinancialTimes
|
13. stu |
|
Intel is still working to close a potentially damaging loophole in its chip architecture that could allow hackers to steal data, almost two years after the issue was disclosed on.ft.com/2qJLaVB
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Thorsten Holz
@thorstenholz
|
12. stu |
|
Interesting article on RIDL and side-effects: nytimes.com/2019/11/12/tec… twitter.com/vu5ec/status/1…
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Stephan van Schaik
@themadstephan
|
12. stu |
|
In other news #RIDL Rogue In-Flight Data Load won the 2nd place for Applied Research at @CsawEurope 2019. I met many nice and interesting people at the poster presentation :). @noopwafel @sirmx @pit_frg @kavehrazavi @c_giuffrida @herbertbos @vu5ec pic.twitter.com/I5rEjkKqEU
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Kim Zetter
@KimZetter
|
12. stu |
|
When Intel released patch for CPU vulns last May, it said the patch fixed all the vulns. But researchers at @vu5ec say this isn't true and Intel knew it. Intel asked them not to disclose this and to alter conf. paper about the vulns. My story for @nytimes nytimes.com/2019/11/12/tec…
|
||
|
|
||
|
VUSec
@vu5ec
|
12. stu |
|
Long embargos without transparency hurt endusers who remain unknowingly exposed to serious flaws. @KimZetter covers our #RIDL saga with @Intel in her @NYTimes piece. #RIDL remains a problem after 1+ year, 2 flawed patches and 2 embargos (+1 still ongoing). nytimes.com/2019/11/12/tec…
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Stephan van Schaik
@themadstephan
|
12. stu |
|
@TechCrunch @vu5ec @noopwafel @sirmc @pit_frg @kavehrazavi @c_giuffrida @herbertbos RIDL actually works on Cascade Lake and Whiskey Lake as our PoCs on github.com/vusec/ridl show and Intel’s acknowledgements on intel.com/content/www/us…. See mdsattacks.com for the story.
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Kav
@kavehrazavi
|
12. stu |
|
@noopwafel deserves a lot of credit for this. She is better at finding #RIDL variants than #Intel engineers. Also kudos to Jonas Theis, our master student who put together the fast /etc/shadow exploit as a term project! @vu5ec twitter.com/vu5ec/status/1…
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Andy Greenberg
@a_greenberg
|
12. stu |
|
Microarchitectural processor vulnerabilities like Spectre and Meltdown were bad, but at least Intel fixed them promptly. Now it seems another deep-seated chip flaw lingered in Intel’s silicon for more than a year after the company was warned about it. wired.com/story/intel-md…
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Alyssa Milburn
@noopwafel
|
12. stu |
|
Intel are disclosing 77 vulns today (blogs.intel.com/technology/201…), some in their CPUs - HW bugs are always painful, but hardware is never perfect. Happy to see TAA disclosed after I found it >1y ago, but @dkg0414's page size issue looks a lot more painful. JCC icache errata too.
|
||
|
|
||
|
VUSec
@vu5ec
|
12. stu |
|
Video shows #RIDL leaking root password hash in default settings in 30s! @themadstephan @noopwafel @pit_frg @sirmc @kavehrazavi @herbertbos @c_giuffrida
|
||
|
|
||
|
VUSec
@vu5ec
|
12. stu |
|
Today, last-minute #Intel embargo on parts of #RIDL ends. The "new" #TAA is just a #RIDL variant we reported in Sep 2018, and it leaks your root hashes fast! Latest Intel patches remain broken. See mdsattacks.com for #RIDL addendum and exploits. bit.ly/3711kdy
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Herbert Bos
@herbertbos
|
13. lis |
|
@vu5sec Great line-up for our VUSec/AMSec Workshop on System Security: amsec.org/news/
Michael Franz (UC Irvine)
Mathias Payer (EPFL)
Stijn Volckaert (KU Leuven)
Lucas Davi (U. Duisburg)
Stefan Brunthaler ( U. der Bundeswehr)
Robert Buhren (TU Berlin)
Free/open for all.
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Victoria Walberg
@vickyjo
|
26. ruj |
|
|
||
|
|
||
| VUSec proslijedio/la je tweet | ||
|
Hany Ragab
@hanyrax
|
26. ruj |
|
Now at @hardwear_io: RIDLed with CPU bugs by @noopwafel and @themadstephan cc @vu5ec pic.twitter.com/Emoc63k8pj
|
||
|
|
||