Today I noticed a random bit-flip for the third time in my life! A "5" was changed to a "7" in the bank account number on invoices I sent. That could have had pretty big consequences!! Luckily the number was on the invoice twice and the buyer noticed the two were different.
-
Show this thread
-
Replying to @berendjanwever
Wow, I've never seen a bit flip in my life. Was it in a file (what type) or in a database? On a disk or in transit?
1 reply 0 retweets 0 likes -
Replying to @mkolsek
The first 2 were "in memory" changes to JavaScript during fuzzing; a bit flipped and turned "document" to something like "dpcument". That JS was static and not part of fuzzed data so my fuzzer reported an unexpected error, which is how I found out.
1 reply 1 retweet 0 likes -
Replying to @berendjanwever @mkolsek
I found out about this latest one because it was in a file. That file was generated from a template file, which also contained the flipped bit. So, it was either flipped on-disk in the template file or in memory when I last edited it and then saved to disk.
2 replies 0 retweets 0 likes -
Replying to @berendjanwever
Cool. Do we have any assessment/guess on how likely a bit flip is to occur under normal (non-RowHammer) circumstances in a given timeframe on a given media? Is "bit-flip fishing" even theoretically a viable attack, e.g., for IP addresses, domain names, or "is_admin" variables?
1 reply 0 retweets 0 likes
I think there are too many factors affecting this to give a useful number or even a range that can be applied to a single person or machine. But you could squad bit-flipped domains like "http://googlu.com " to gather a number that applies to machines in general I guess.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.