Daniel Hirche

@0x64616E69656C

point of low order

Munich, Germany
Vrijeme pridruživanja: studeni 2012.

Tweetovi

Blokirali ste korisnika/cu @0x64616E69656C

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0x64616E69656C

  1. proslijedio/la je Tweet

    Every time you use Chrome, you're using a new MIT-designed tool that automatically generates optimized cryptography code: Paper:

    Poništi
  2. proslijedio/la je Tweet
    20. ožu 2019.

    Replacing the cache-based side channel with our port contention side channel "SMoTher" allows us to leak secrets *during* speculative execution (through execution timing), not afterwards (through cache contention). Get more secret data, leverage easier gadgets!

    Poništi
  3. proslijedio/la je Tweet
    26. velj 2019.

    For our Usenix Paper we found a lot of Padding Oracle Vulnerabilities in TLS stacks of the Alexa Top-1 Million, including Citrix and OpenSSL. With @JanisFliegens and others. Check our current findings at:

    Poništi
  4. proslijedio/la je Tweet
    31. lis 2018.

    Full corrected version of my book, free online from my webpage

    Poništi
  5. proslijedio/la je Tweet
    12. lis 2018.

    New document / wall of text, about the design and implementation of big integers in BearSSL: All the dark secrets of implementation are revealed!

    Poništi
  6. proslijedio/la je Tweet
    12. lis 2018.

    Great guide to TLS message format explaining every single byte

    Poništi
  7. proslijedio/la je Tweet
    9. ruj 2018.

    Here's why I think that 's dns-01 is a bad idea and how I got wild card certs with tinydns, and a little bit of shell on , after all.

    Poništi
  8. proslijedio/la je Tweet
    17. kol 2018.

    Prime and Prejudice: Primality Testing Under Adversarial Conditions: MR Albrecht, J Massimo, KG Paterson, J Somorovsky

    Poništi
  9. proslijedio/la je Tweet
    14. kol 2018.
    Poništi
  10. proslijedio/la je Tweet
    14. kol 2018.

    Following seven months of responsible disclosure, we are happy to announce that our Foreshadow attack is now public . Work with Mark Silberstein, Daniel Genkin, Frank Piessens

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet

    Peter Scholze, a 30-year-old wunderkind with a brilliant ability to see deep connections between number theory and geometry, has been awarded a 2018 Fields Medal.

    Poništi
  12. proslijedio/la je Tweet
    26. srp 2018.

    We present NetSpectre: A remote Spectre attack without attacker-controlled code on the victim, and the first Spectre attack which works without the cache as covert channel. /cc

    Poništi
  13. proslijedio/la je Tweet

    Multiplying by the cofactor is a design smell. Use a proper prime order group like Decaf and Ristretto.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    23. srp 2018.

    Paper of new Spectre variant called SpectreRSB is out: „none of the known defenses including Retpoline and Intel's microcode patches stop all SpectreRSB attacks.“

    Poništi
  15. proslijedio/la je Tweet
    29. lip 2018.

    Sen. Ron Wyden asks NIST to consider WireGuard to replace IPSEC and OpenVPN.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    28. lip 2018.

    I'm glad to present our LTE Layer Two Analysis with the title "Breaking LTE on Layer Two". Our work reveals two passive attacks and the active aLTEr attack, that allows redirecting of DNS requests to a malicious DNS server. For more information see:

    Poništi
  17. proslijedio/la je Tweet

    switches amd64 to semi-eager FPU switching with a nice hint: """3) post- rumors suggest that the %cr0 TS flag might not block speculation, permitting leaking of information about FPU state (AES keys?) across protection boundaries."""

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    7. lip 2018.

    Phasar: LLVM-based Static Analysis Framework

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    21. svi 2018.

    So here is variant 4. The processor speculates that your write operation does not change anything and continues with the outdated (possibly non-sanitized) value from L1.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    Odgovor korisnicima

    They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·