When looking at all the CPU vulnerabilities in the recent years even until this day. We see mitigations taking place in microcode or OS level. But the performance impact is huge! Sometimes 30%-50% decrease in performance on specific tasks like databases!
Question: can we get some compensation as consumer? Since both Intel and AMD sold hardware that doesn't give the promised results.
#specre #meltdown #hertzbleed #Zenbleed #Inception #vulnerability #security #secops #compensation #money
#specre #meltdown #hertzbleed #zenbleed #inception #vulnerability #security #secops #compensation #money
New blog post "Turbo Boost: How to perpetuate security problems." https://blog.cr.yp.to/20230609-turboboost.html with special guest appearances from Shark, Fluffy, and Turbo Boost Max Ultra Hyper Performance Extreme. #overclocking #performancehype #power #timing #hertzbleed #riskmanagement #environment
#overclocking #performancehype #power #timing #hertzbleed #riskmanagement #environment
RT @hashbreaker@twitter.com
New resource page available on timing attacks, including recommendations for action to take regarding overclocking attacks such as #HertzBleed: https://timing.attacks.cr.yp.to Don't wait for the next public overclocking attack; take proactive steps to defend your data against compromise.
🐦🔗: https://twitter.com/hashbreaker/status/1539123289624391680
This Week in Security: Pacman, Hetzbleed, and The Death of Internet Explorer
https://hackaday.com/2022/06/17/this-week-in-security-pacman-hetzbleed-and-the-death-of-internet-explorer/
#ThisWeekinSecurity #HackadayColumns #SecurityHacks #Hertzbleed #pacman #News #ping
#ThisWeekinSecurity #HackadayColumns #SecurityHacks #hertzbleed #pacman #news #ping
Has anyone seen an explanation for why #AMD got notified of #Hertzbleed several months after #Intel that doesn't make me immediately suspicious of the researchers?
Sicherheitslücke Hertzbleed:
#Hertzbleed ist eine neue Familie von #Seitenkanalangriffen: Frequenzseitenkanäle. Im schlimmsten Fall können diese Angriffe einem Angreifer ermöglichen, kryptografische Schlüssel von entfernten Servern zu extrahieren, die zuvor als sicher galten.
Hertzbleed macht sich laut dem Experiment zunutze, dass die dynamische Frequenzskalierung moderner #x86-Prozessoren unter bestimmten Umständen von den zu verarbeitenden Daten abhängt.
#x86 #Seitenkanalangriffen #hertzbleed
#Hertzbleed : à nouveau, la tourmente insécuritaire pour les micro-solutions #Intel et #AMD via une cyber-attaque par canal auxiliaire ! (sous haute-tension dynamique…)
#hertzbleed #intel #amd #securite #cpu
#Sicherheitslücke #Hertzbleed:
#x86-#Prozessortaktung verrät Geheimnisse.
Ein #Forscherteam belauscht #kryptografische #Berechnungen auf modernen x86-CPUs anhand charakteristischer #Taktfrequenzänderungen. ...
#sicherheitslücke #hertzbleed #x86 #Prozessortaktung #forscherteam #kryptografische #Berechnungen #Taktfrequenzänderungen
Varying execution time can leak secrets from cryptographic algorithms. "Constant Time Code" is one known mitigation. However, modern processors adjust CPU frequency depending on what they process, which can be measured even remotely. https://www.hertzbleed.com/ #hertzbleed
New #processor #vulnarability
#Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract #cryptographic #keys from remote servers that were previously believed to be secure.
#ProcessorVulnerability #CPU #Intel #AMD #leakage #encryptio #privacy #SideChannelAttack
https://www.hertzbleed.com/
#sidechannelattack #privacy #encryptio #leakage #amd #intel #cpu #ProcessorVulnerability #keys #cryptographic #hertzbleed #vulnarability #processor
Intel and AMD #Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys https://t.co/uKI6kZDECk
Love the name of this one: #hertzbleed. Using power analysis attacks as a viable side-channel exploit.
#hertzbleed #cybersecurity #cybersecuritynews
https://twitter.com/ricpacca/status/1536755506840231936
RT @ricpacca@twitter.com
We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with @YingchenWang96@twitter.com).
"Under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed." :-s
RT @ricpacca@twitter.com
We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with @YingchenWang96@twitter.com).
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
https://arstechnica.com/?p=1860639
#sidechannelattack #hertzbleed #Biz&IT #Intel #AMD #CPU
#sidechannelattack #hertzbleed #biz #intel #amd #cpu