When looking at all the CPU vulnerabilities in the recent years even until this day. We see mitigations taking place in microcode or OS level. But the performance impact is huge! Sometimes 30%-50% decrease in performance on specific tasks like databases!
Question: can we get some compensation as consumer? Since both Intel and AMD sold hardware that doesn't give the promised results.
#specre #meltdown #hertzbleed #Zenbleed #Inception #vulnerability #security #secops #compensation #money

New blog post "Turbo Boost: How to perpetuate security problems." https://blog.cr.yp.to/20230609-turboboost.html with special guest appearances from Shark, Fluffy, and Turbo Boost Max Ultra Hyper Performance Extreme. #overclocking #performancehype #power #timing #hertzbleed #riskmanagement #environment

RT @hashbreaker@twitter.com

New resource page available on timing attacks, including recommendations for action to take regarding overclocking attacks such as #HertzBleed: https://timing.attacks.cr.yp.to Don't wait for the next public overclocking attack; take proactive steps to defend your data against compromise.

🐦🔗: https://twitter.com/hashbreaker/status/1539123289624391680

This Week in Security: Pacman, Hetzbleed, and The Death of Internet Explorer

https://hackaday.com/2022/06/17/this-week-in-security-pacman-hetzbleed-and-the-death-of-internet-explorer/

#ThisWeekinSecurity #HackadayColumns #SecurityHacks #Hertzbleed #pacman #News #ping

Has anyone seen an explanation for why #AMD got notified of #Hertzbleed several months after #Intel that doesn't make me immediately suspicious of the researchers?

Sicherheitslücke Hertzbleed:

#Hertzbleed ist eine neue Familie von #Seitenkanalangriffen: Frequenzseitenkanäle. Im schlimmsten Fall können diese Angriffe einem Angreifer ermöglichen, kryptografische Schlüssel von entfernten Servern zu extrahieren, die zuvor als sicher galten.

Hertzbleed macht sich laut dem Experiment zunutze, dass die dynamische Frequenzskalierung moderner #x86-Prozessoren unter bestimmten Umständen von den zu verarbeitenden Daten abhängt.

https://www.hertzbleed.com/

#Hertzbleed : à nouveau, la tourmente insécuritaire pour les micro-solutions #Intel et #AMD via une cyber-attaque par canal auxiliaire ! (sous haute-tension dynamique…)

https://blog.sosordi.net/2022/06/hertzbleed-a-nouveau-la-tourmente-insecuritaire-pour-les-micro-solutions-intel-et-amd-via-une-cyber-attaque-par-canal-auxiliaire-sous-haute-tension-dynamique.html

#securite #CPU

#Sicherheitslücke #Hertzbleed:

#x86-#Prozessortaktung verrät Geheimnisse.

Ein #Forscherteam belauscht #kryptografische #Berechnungen auf modernen x86-CPUs anhand charakteristischer #Taktfrequenzänderungen. ...

https://www.heise.de/news/Sicherheitsluecke-Hertzbleed-x86-Prozessortaktung-verraet-Geheimnisse-7141221.html

Varying execution time can leak secrets from cryptographic algorithms. "Constant Time Code" is one known mitigation. However, modern processors adjust CPU frequency depending on what they process, which can be measured even remotely. https://www.hertzbleed.com/ #hertzbleed

New #processor #vulnarability
#Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract #cryptographic #keys from remote servers that were previously believed to be secure.
#ProcessorVulnerability #CPU #Intel #AMD #leakage #encryptio #privacy #SideChannelAttack
https://www.hertzbleed.com/

Intel and AMD #Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys https://t.co/uKI6kZDECk

Love the name of this one: #hertzbleed. Using power analysis attacks as a viable side-channel exploit.

#cybersecurity #cybersecuritynews

https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/

https://twitter.com/ricpacca/status/1536755506840231936

RT @ricpacca@twitter.com

We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with @YingchenWang96@twitter.com).

https://www.hertzbleed.com/

🐦🔗: https://twitter.com/ricpacca/status/1536755506840231936

Neue Attacke gegen CPUs: #Hertzbleed

https://www.hertzbleed.com/

"Under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed." :-s

RT @ricpacca@twitter.com

We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with @YingchenWang96@twitter.com).

https://www.hertzbleed.com/

🐦🔗: https://twitter.com/ricpacca/status/1536755506840231936

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

https://arstechnica.com/?p=1860639

#sidechannelattack #hertzbleed #Biz&IT #Intel #AMD #CPU