I've been getting a few questions about the recent "PortSmash" vulnerability announcement. Short answer: This is not something you need to worry about. If your code is vulnerable to it, you were already vulnerable to other (easier) attacks.
-
-
Keys are generally more sensitive than data; but yes, it should all be kept secure. I've been asking compiler authors for 13 years to give us better tools, e.g. to mark variables as "cannot be used in control flow or address computation". Alas, no progress yet...
-
Maybe Amazon can find some smart compiler people and get them to do this? It would help everybody's security. ;-)
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.