Unable to load image

Hertzbleed Attack: New CPU Vulnerability

https://www.hertzbleed.com

tl:dr I'm to r-slurred to understand this but you will probably be affected by this

Orange forum

52
Jump in the discussion.

No email address required.

Interesting :marseyreading: a spectre-like exploit that can be used for timing attacks during cryptographic operations.

Still obviously requires running malicous code on your machine. Can't see how it can be done over a network.

Jump in the discussion.

No email address required.

Yeah they insist multiple times this can be done remotely, and I have absolutely no idea how that could be feasible

Jump in the discussion.

No email address required.

SSL or chat encryption

Jump in the discussion.

No email address required.

I understand things can be encrypted over a network. But it's just impossible to measure that kind of precise timing over a normal connection.

Jump in the discussion.

No email address required.

data sends in packets, if the packet is small enough itll get read in all at once

but it seems like to craft malware itll take more effort

Jump in the discussion.

No email address required.

If someone's running a server that will encrypt arbitrary messages, then you can send them chosen plaintexts to encrypt, measure how long it takes for them to respond, and derive the key that way.

Jump in the discussion.

No email address required.

Shouldn't the real difference be miniscule compared to the noise? This sounds entirely impractical for all but the most advanced threats

Jump in the discussion.

No email address required.

:marseyagree:

Jump in the discussion.

No email address required.

I've tried timing attacks over a network and the latency always screws it up. Too much variation when you're measuring fractions of a millisecond.

Jump in the discussion.

No email address required.

You know SSL also exists right? That utilizes cryptography thus making the whole channel vulnerable

Jump in the discussion.

No email address required.

jabascript stay winning

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.