Today we disclose ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture 🔥
It is the *first* architectural CPU bug able to leak sensitive data from the cache hierarchy: like an uninitialized read but in the CPU itself.
https://t.co/JLctj5StjP
If you are at @USENIXSecurity or @BlackHatEvents this week and interested in microarchitectural security, feel free to check out @pit_frg and @b4rbito talks on Spectre-BHI and get more insights on our work! Talks will be Wed (Usenix) and Thu (BlackHat) afternoon.
If you are at @USENIXSecurity or @BlackHatEvents this week and interested in microarchitectural security, feel free to check out @pit_frg and @b4rbito talks on Spectre-BHI and get more insights on our work! Talks will be Wed (Usenix) and Thu (BlackHat) afternoon.
Happy to announce that our (@pit_frg@nSinusR@vu5ec) talk "A Dirty Little History" was accepted at #BHUSA ! We're going to show how "Branch History Injection" can bypass Spectre-v2 HW defenses deployed on the latest Intel and ARM CPUs.
https://t.co/RWebNglY1T
Want some good expert feedback on your recent DRAM security work? Maybe you missed the S&P deadline? Work is not yet ready for CCS? #DRAMSec is the right answer for you! Deadline is next week. May the 4th be with all who will submit!
The deadline for the First Workshop on DRAM Security (DRAMSec) is a month away. We are looking for short papers (5 pages) on all aspects of attacks and defenses on current and future DRAM. Codeword: #Rowhammer. Together with @kavehrazavi at @ISCAConfOrg
https://t.co/mIyxCaiAmG
Wanna learn more about #Rowhammer? Wondering why we are still struggling with it after a decade? Have a new DRAM attack or defense? @ssaroiu and I are organizing the First Workshop on DRAM Security (#DRAMSec) co-located with @ISCAConfOrg. Spread the word! https://t.co/3TrZYaAdd4
You: in university studying computer security (software, hardware, or networking), loves to geek out on stuff like ROP chains and use-after-free exploits, looking for an opportunity that will change your life.
Us:
Qualcomm Product Security Initiative (QPSI) is one of the oldest and certain the best mobile security organisation [citation needed]. I'm told that we're not well known anymore, so let me talk about what we do, to encourage you to apply for an internship with us (DM for details).
Looking forward for me and @pit_frg to present "A journey into the secret flaws of in-DRAM RowHammer mitigations" at @HITBSecConf2020 ! Don't miss it! #HITBLockdown002
In other news I am leaving VU and its great people to start a new group @ETH_en focused primarily on hardware security. I am hiring motivated PhD students. DM me if you find hardware attacks like #TRRespass or #NetCAT cool and want to actually engineer secure computers! Please RT
Remember #Rowhammer? Old variants won't work on recent DDR4 chips. Introducing #TRRespass, a Rowhammer fuzzer that finds new Many-Sided #Rowhammer patterns to bypass in-DRAM #TRR on "Rowhammer-free" DIMMs of all vendors. Coming soon: app to test your phone https://t.co/h4X7N69Rgs
Remember #Rowhammer? Old variants won't work on recent DDR4 chips. Introducing #TRRespass, a Rowhammer fuzzer that finds new Many-Sided #Rowhammer patterns to bypass in-DRAM #TRR on "Rowhammer-free" DIMMs of all vendors. Coming soon: app to test your phone https://t.co/h4X7N69Rgs
Introducing #NetCAT: the first PRIME+PROBE cache attack over the network using #Intel#DDIO technology. Here is NetCAT leaking keystrokes from a victim SSH client in real-time: https://t.co/CAl8dGrr04 @mik__@bjg Dennis @c_giuffrida@herbertbos@kavehrazavi