These gadgets do exist, but they are rare, and it's currently tricky to find them via static analysis.
#realworldcrypto
-
Show this thread
-
So, SLH (speculative load hardening), have caveats, really expensive (40% in latency and QPS), but automatic via a compiler flag
#realworldcryptopic.twitter.com/xr14fvbZcu
1 reply 0 retweets 2 likesShow this thread -
So, what you should you actually do _today_: - patch everything - TEST YOUR PATCHES - did you actually test them???
#realworldcryptopic.twitter.com/Uy2mSFWi6Q
1 reply 1 retweet 2 likesShow this thread -
- use agent in separate process for long-lived keys - isolate your agent to a single _physical_ core on Intel CPUs - harden your agents with SLH if you can afford it
#realworldcrypto1 reply 0 retweets 2 likesShow this thread -
Only data-invariant techniques with untrusted inputs in isolated agent
#realworldcryptopic.twitter.com/naxTE7lqTo
1 reply 0 retweets 1 likeShow this thread -
-
-
Short break.
1 reply 0 retweets 0 likesShow this thread -
Next up, "CRLite: Where Industry and Academia Collide"
#realworldcrypto1 reply 0 retweets 1 likeShow this thread -
Mmm mmm heartbleed
#realworldcryptopic.twitter.com/bxSv2Bj5Bo
2 replies 0 retweets 1 likeShow this thread
Even though it's almost 6 years later I am reflexively compelled to mention that http://Amazon.com was not vulnerable to the Heartbleed vulnerability! Image kinda looks like it was.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.