InfoQ Homepage Side channel vulnerabilities Content on InfoQ

News

RSS Feed

Development

Google Researchers Say Spectre Will Haunt Us for Years

According to a paper by several Google researchers, speculative vulnerabilities currently defeat all programming-language-level means of enforcing information confidentiality. This would not be just an incidental property of how we build our systems, but rather the result of wrong mental models that led us to trade security for performance without knowing it.

Sergio De Simone
on Feb 24, 2019
Development

GPUs Found Vulnerable to Side-Channel Attacks

Since Spectre and Meltdown were demonstrated at the beginning of 2018, researchers have been discovering many variants of side-channel vulnerabilities affecting both Intel and AMD CPUs. GPUs seemed instead to be immune to such attacks. Until now, that is.

Sergio De Simone
on Nov 22, 2018
Development

PortSmash is the Latest Side-Channel Attack Affecting Intel CPUs

Researchers have devised a new kind of timing attack to steal information from a different process running on the same core with SMT/hyper-threading enabled. By carefully measuring port contention delays when sending instructions to a shared core, the researchers could recover a private key from a different process. Intel CPUs are probably not the only ones affected.

Sergio De Simone
on Nov 04, 2018 1
Development

Intel Discloses New Speculative Execution Vulnerability L1 Terminal Fault

Intel has disclosed a new speculative execution side channel vulnerability, dubbed L1 Terminal Fault, that could potentially leak information residing in the processor L1 data cache. Mitigations are already available, according to Intel, based on its latest Microcode Updates and corresponding updates to operating systems and hypervisor stacks.

Sergio De Simone
on Aug 17, 2018
Development

NetBSD 8.0 Brings Spectre V2/V4, Meltdown, and Lazy FPU Mitigations, and More

NetBSD 8.0, a major release of the BSD-based OS providing portability across many architectures, brings mitigations for the Spectre V2/V4, Meltdown, and Lazy FPU vulnerabilities, along with many new features and bug fixes.

Sergio De Simone
on Jul 24, 2018
Development

TLBleed Can Leak Cryptographic Keys from CPUs Snooping on TLBs

A new side-channel vulnerability affecting Intel processors, known as TLBleed, can leak information by snooping on Translation Look-aside Buffers (TLBs), writes VUsec security researcher Ben Gras.

Sergio De Simone
on Jun 26, 2018

Topics

Let's Talk Locks!

Strategic Domain-Driven Design

Computer Mathematics, AI and Functional Programming

Mastering Remote Meetings: How To Get—and Keep—Your Participants Engaged

Multi-Tenancy in Kubernetes

Helpful links

QCons from around the world

Choose your language

News

Google Researchers Say Spectre Will Haunt Us for Years

GPUs Found Vulnerable to Side-Channel Attacks

PortSmash is the Latest Side-Channel Attack Affecting Intel CPUs

Intel Discloses New Speculative Execution Vulnerability L1 Terminal Fault

NetBSD 8.0 Brings Spectre V2/V4, Meltdown, and Lazy FPU Mitigations, and More

TLBleed Can Leak Cryptographic Keys from CPUs Snooping on TLBs

QCon San Francisco '19: Track Hosts From WeWork, Microsoft, Tesla Focus on Architecture, ML, Culture

Git 2.23 Adds Switch and Restore Commands

Let's Talk Locks!

Strategic Domain-Driven Design

An Engineer’s Guide to a Good Night’s Sleep

The State of Serverless Computing

Design Sprints at LEGO: Q&A with Eik Thyrsted Brandsgård

Mastering Remote Meetings: How To Get—and Keep—Your Participants Engaged

Randy Shoup on Creating High-Performance Cultures

Computer Mathematics, AI and Functional Programming

Evoking Magic Realism with Augmented Reality Technology

MLflow: An Open Platform to Simplify the Machine Learning Lifecycle

Multi-Tenancy in Kubernetes

Instana Pipeline Feedback for Release Performance

How Compuware Escaped Its Waterfall for True Mainframe DevOps

Shanghai

San Francisco

London

Beijing

QCon São Paulo

New York

QCon Guangzhou

Login with:

Don't have an InfoQ account?

News