If you put timing attacks & FREAK in the same sky-is-falling class as Heartbleed, you might want to brush up on threat modeling.
A lot of teams have to assume the bad guys have local network access trivially and same-physical-box with plausible work.
-
-
(For the edification of the peanut gallery, this is "Assume the victim runs on AWS. Bad guy can attack from same rack.")
-
slightly tangent, but interesting thing about many ZOMG Zen/KVM Break stories past year: MUCH tougher to pull off on ec2/gce.
End of conversation
New conversation -
-
-
right, but I'm going to at least finish my coffee for bad-guys-already-own-my-LAN vs. mint-admin-session-tokens-from-Internet
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.