Bédrune: Most FIPS 140-2 certification is about hardware attacks, and don't cover software attacks. It gives no guarantee about being safer against software attacks than any other software.
-
-
Prikaži ovu nit
-
Everything runs as root on the HSM and no hardening or mitigation options exist. So, any exploit can be used to get everything!
Prikaži ovu nit - Još 3 druga odgovora
Novi razgovor -
-
-
Many HSM vendors forbid this kind of research as part of their licensing. I encountered constant memory safety issues in their tooling just getting command-line options wrong.
-
It’s the Middle Ages of security. Not allowing inspection doesn’t help anyone but the criminal attackers.
- Još 10 drugih odgovora
Novi razgovor -
-
-
HSM vendors are the last bastion of security by obscurity.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Haha - you can do a lot with just a bit of poking. I have a disclosure pending with Atmel atm. There are deffo bugs out there :P
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.