Posts by notbobbytables@infosec.exchange
 (DIR) Post #AzNFe3XlswLI7hRVpo by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
       
 (DIR) Post #AzNFe3hLJLzybNv9km by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       @kde@floss.social @kde@lemmy.kde.social Thanks for all the great work, providing a customizable and sensible free desktop environment for such a long time! 🙂As a long-term user (20+ years), I've just donated. I hope it helps to fulfill your wishes. 👍
       
 (DIR) Post #AzNFe3mezaFgrsPP2e by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       In our new paper (accepted at ESORICS 2025), we explore how attackers can mount automated SnailLoad attacks without requiring the user to explicitly click a link to the attacker's server.For this, we exploit the automatic handling of external references in messenger and email applications, as well as responses from home routers to TCP SYNs targeting closed ports.The full paper is available here: https://stefangast.eu/papers/zeroclicksnailload.pdfThank you to Nora Puntigam, @silent_bits, @vmcall, @lavados and Johanna Ullrich for the fantastic collaboration!#ESORICS2025 #SnailLoad
       
 (DIR) Post #AzNFe3wwNMTXNlDc48 by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       Announcing SnailLoad, the first fully remote website- and video-fingerprinting attack working via arbitrary TCP connections.SnailLoad does not require any attacker code on the victim machine, any TCP connection is enough.Great collaboration with Roland Czerny, Jonas Juffinger, Fabian Rauscher, @silent_bits and @lavados.See the website for the full paper and a live demo: https://www.snailload.com(1/3)#SnailLoad #sidechannel #networksecurity
       
 (DIR) Post #AzNFe3yiGltRTG31pQ by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
       
 (DIR) Post #AzNFe45RrjHTo9CPKK by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       Announcing #CounterSEVeillance, a novel attack on AMD SEV-SNP inferring control-flow information and operand properties from performance-counter data with single-instruction resolution.We present 4 case studies with attacks on RSA, TOTP verification and HQC.Thanks to @hweissi, @supersingular and @lavados for the amazing collaboration!You can read the full paper (to appear at #NDSS2025) here: https://stefangast.eu/papers/counterseveillance.pdf
       
 (DIR) Post #AzNFe6bQVo35buAyRs by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       Looking forward to present #SnailLoad at #BlackHatUS, together with @lavados:https://www.blackhat.com/us-24/briefings/schedule/#snailload-anyone-on-the-internet-can-learn-what-youre-doing-38797(2/3)
       
 (DIR) Post #AzNFe6hS9OrxuazmqG by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       And, for the demo we also created a video: https://www.youtube.com/watch?v=oQpbSbeAJ2I
       
 (DIR) Post #AzNFe6hS9OrxuazmqH by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       Also looking forward to present #SnailLoad at #USENIX2024.(3/3)#usenixsecurity #usenixsec #usenixsecurity
       
 (DIR) Post #AzNFe6wLG2mMelxg36 by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       #SnailLoad is now CVE-2024-39920: https://nvd.nist.gov/vuln/detail/CVE-2024-39920
       
 (DIR) Post #AzNFe7g4W1MIwbMCKO by notbobbytables@infosec.exchange
       0 likes, 0 repeats
       
       Official #AMD security brief: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3013.html