-
RIDL/Zombieload and L1DES/CacheOut are the latest vulnerabilities discovered in Intel CPU’s. Reports indicate
#Intel is still working on fixes, but may have another#patch ready soon https://www.wired.com/story/intel-zombieload-third-patch-speculative-execution/ …#vulnerability#CPU#cybersecurity#ZombieLoad#CacheOut#RIDL#L1DES -
One paper on
#RIDL is enough. (And enough drama to last a lifetime.) -
For what it's worth, we do not consider this new vulnerabilities at all. More
#RIDL -
When is
#RIDL really going to be fixed? https://twitter.com/vu5ec/status/1221855606270844930 … -
Another day, another
#RIDL embargo and addendum! “New” (not really!) variants of the day: L1D evictions (Fig 6, RIDL paper) or#L1DES and vector registers or#VRS. See http://mdsattacks.com . As a bonus: a faster RIDL exploit that leaks a root hash in 4s:https://www.youtube.com/watch?v=4DQAcCfg3b8 … -
In other news
#RIDL Rogue In-Flight Data Load won the 2nd place for Applied Research at@CsawEurope 2019. I met many nice and interesting people at the poster presentation :).@noopwafel@sirmx@pit_frg@kavehrazavi@c_giuffrida@herbertbos@vu5ecpic.twitter.com/I5rEjkKqEU
-
Long embargos without transparency hurt endusers who remain unknowingly exposed to serious flaws.
@KimZetter covers our#RIDL saga with@Intel in her@NYTimes piece.#RIDL remains a problem after 1+ year, 2 flawed patches and 2 embargos (+1 still ongoing). https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html … -
@noopwafel deserves a lot of credit for this. She is better at finding#RIDL variants than#Intel engineers. Also kudos to Jonas Theis, our master student who put together the fast /etc/shadow exploit as a term project!@vu5echttps://twitter.com/vu5ec/status/1194314339211190274 … -
Today, last-minute
#Intel embargo on parts of#RIDL ends. The "new"#TAA is just a#RIDL variant we reported in Sep 2018, and it leaks your root hashes fast! Latest Intel patches remain broken. See http://mdsattacks.com for#RIDL addendum and exploits. https://bit.ly/3711kdyPrikaži ovu nit -
We finally released some of our PoCs and
#ridl test suite (after a long embargo): https://github.com/vusec/ridl https://mdsattacks.com#mds@vu5ec (credits to Jonas Theis for the updated /etc/shadow PoC)pic.twitter.com/CD0g63qUGl -
Now online
@themadstephan’s great talk at@IEEESSP about the#RIDL attack: Rogue In-Flight Data Load. Cc@vu5echttps://youtu.be/1Y0h4JyK3fs -
Many of you asked about the
#ridl /#mds disclosure process and independent finders. It has been confusing, also to us. We tried to piece this together. Check out the updated timeline on http://mdsattacks.com for all the details!#sp19@IEEESSP -
@vu5ec's@themadstephan presents#RIDL, the#mds vulnerability in Intel CPUs that allows unprivileged attackers to leak sensitive information across *any* security boundary. Even from javascript.pic.twitter.com/ctOBiCDVe7
-
"hardware is the new software except it is much harder to fix"
@kavehrazavi describing the#MDS /#ridl side-channel attack at AMSSEC pic.twitter.com/nm4VBTzSNU
-
Very nice interactive diagram at https://mdsattacks.com/ Perhaps most telling is how many uncolored parts remain to be explored..
#ZombieLoad#Fallout#RIDL#MDShttps://twitter.com/r00tkillah/status/1128503526613635073 …
-
Como era de esperar, después de Meltdown, Spectre y L1TF, tenemos nuevos ataques explotando vulnerabilidades en la microarquitectura de los procesadores. Voy a explicar un poco en qué consisten
#MDS#ZombieLoad#RIDL#FalloutPrikaži ovu nit -
Here's a longer technical deep dive explainer of
#MDS (Microarchitectural Data Sampling): https://youtu.be/Xn-wY6Ir1hw#RIDL#Fallout#ZombieLoad -
Wanna know about
#RIDL and#MDS class of vulnerabilities? Come to the AMSec workshop in Amsterdam tomorrow and learn about how your Intel CPUs shout out your deepest secrets.https://twitter.com/qrs/status/1128218734420746242 …
-
Very proud of my PhD student
@gimaisura@CISPA, who discovered#RIDL, a new type of u-arch vulnerability in#Intel CPUs. Read the details here: https://mdsattacks.com/ . I'm excited we can finally talk about it, after a long embargo of 11M. Thanks to@vu5ec for allowing a merge. -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.