Missed our conference this year?

No problem! All uASC'26 paper presentations and talks are available on Youtube. 🥳

https://www.youtube.com/@uasc-conf

The 2nd Microarchitecture Security Conference in full swing. Thank you for joining us today at KU Leuven!

Coming up: Poster session & the social event afterwards!

Die #NooK25 findet ab 14. November im Audimax der Uni Lübeck statt. Auch 2025 wird die langjährige Kooperation der NooK-Orga mit Freifunk fortgesetzt. Diesmal mit Freifunk-Freiraumdisko! https://chaotikum.org/blog/2025/11/11/nook-heart-freifunk/

Just back from RAID 2025 (International Symposium on Research in Attacks, Intrusions and Defenses) on the Gold Coast! 🇦🇺

I had the opportunity to present our paper, Zebrafix: Mitigating Memory-Centric Side-Channel Leakage via Interleaving (with @janw and Thomas Eisenbarth). Leakages from ciphertext side-channels or silent store suppression can leak secrets even from constant-time code. We show how Zebrafix stops this by adding freshness to memory writes through interleaving 🦓

It was a great conference, filled with inspiring keynotes and talks. I've also come away with many wonderful new connections. A definite highlight was the social event at Sea World! Networking alongside dolphins, seals, and rollercoasters is certainly a unique experience 🐬🎢

Big thanks to the organizers and everyone involved!

Germany's position has been reverted to UNDECIDED.

Despite expressing concerns about breaking end-to-end encryption, Germany refrained from taking a definitive stance on the Chat Control proposal during the September 12th LEWP meeting. A willingness to negotiate and compromise remains.

This is an unfortunate development as Germany is crucial to defeating Chat Control.

Please make your voices heard! https://fightchatcontrol.eu/

Source: https://netzpolitik.org/2025/chatkontrolle-noch-haelt-sich-widerstand/

400 scientists speak out against chat control

Researchers from 33 European countries protests against mass surveillance on end devices. They warn that it is of little use and endangers everyone's safety.

https://www.heise.de/en/news/400-scientists-speak-out-against-chat-control-10637109.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#EU #IT #Kriminalität #Netzpolitik #Überwachung #news

Had a great time at the 1st uASC (Microarchitecture Security Conference) last week. I also had the opportunity to give a talk on software-based mitigations against memory-centric side-channels, and I appreciate the insightful questions and feedback. The discussions and presentations were really inspiring, and it was valuable to exchange ideas with so many brilliant researchers.

A big thank you to the organizers for putting together such a well-run event! Looking forward to the next edition 😊

📷: Jonas Juffinger

#uASC

Arrived at #uASC. @lunkw1ll already presented our paper "Flipper: #Rowhammer on Steroids". If you are interested, the paper is freely available: https://uasc.cc/proceedings25/uasc25-heckel.pdf

Digitale Selbstverteidigung, #Chatkontrolle oder Tools für eure Privatsphäre? Und was ist Wildtierethik oder was Androzentrismus? Hier ist der Fahrplan der #NooK2024 am 8. November in Lübeck https://chaotikum.org/blog/2024/10/08/nook-fahrplan/

Announcing #CounterSEVeillance, a novel attack on AMD SEV-SNP inferring control-flow information and operand properties from performance-counter data with single-instruction resolution.
We present 4 case studies with attacks on RSA, TOTP verification and HQC.
Thanks to @hweissi, @supersingular and @lavados for the amazing collaboration!
You can read the full paper (to appear at #NDSS2025) here: https://stefangast.eu/papers/counterseveillance.pdf

Intel fixed the single-stepping detection heuristic but not the prevention mode, see https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-10-08-001.html for their announcement. OpenSSL and wolfSSL also patched the vulnerabilites.
Check out https://uzl-its.github.io/tdxdown/ if you want to learn more about #TDXdown.

Lifting the curtain on the first attack on Intel TDX: #TDXdown. Our paper “TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX” has been accepted @acm_ccs 2024. #TDXdown is joint work with @lucaw and Thomas Eisenbarth

🇬🇧+++ Update: Upcoming #ChatControl vote will be extremely tight - Will autocrat Orban of all people manage to push it through? +++ As of Monday, BEL🇧🇪 joins critics +++ But FRA🇫🇷 in favour under new government, NLD🇳🇱 to switch to support today, ITA🇮🇹 and PRT🇵🇹 already supported in June

+++ Next consultation 2 Oct +++ EU interior ministers to vote on 10 Oct +++

Urge your government now to save digital privacy💌 and secure #encryption 🔐: https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo

Zweitägige Konferenz auf dem Campus der Uni Lübeck: Nights of open Knowledge – Call for Participation. Einreichungen für Vorträge, Lightning Talks, Workshops ab sofort bis 30. September möglich https://chaotikum.org/blog/2024/07/15/nook-2024-cfp/

#eprint Polynomial sharings on two secrets: Buy one, get one free by Paula Arnold, Sebastian Berndt, Thomas Eisenbarth, Maximilian Orlt (https://ia.cr/2024/1025)

Signal strongly opposes the newest #ChatControl proposal in Europe.

Let there be no doubt: we will leave the EU market rather than undermine our privacy guarantees.

This proposal--if passed and enforced against us--would require us to make this choice.

It's surveillance wine in safety bottles.

See more: https://www.patrick-breyer.de/en/majority-for-chat-control-possible-users-who-refuse-scanning-to-be-prevented-from-sharing-photos-and-links/ @echo_pbreyer

🇬🇧🚨Beware: The #ChatControl proposal which has been stalling could be adopted by EU governments after all. France is considerung to give up its resistance.

The "compromise": Either you agree to have your chats scanned or you can no longer share&receive pictures/videos and links!

Read all about it: https://www.patrick-breyer.de/en/majority-for-chat-control-possible-users-who-refuse-scanning-to-be-prevented-from-sharing-photos-and-links/

If you get lost in the multitude of side-channel protection tools, we have something for you: Brew your own obfuscated potion with Obelix 🧙.

In our @ieeessp
paper "Obelix: Mitigating Side-Channels Through Dynamic Obfuscation", we present a drop-in software solution to protect against a variety of side-channels at once.

How many is a variety and how do we brew this potion? Come and find out at Session 11 on Wednesday afternoon!

Paper link: https://computer.org/csdl/proceedings-article/sp/2024/313000a189/1WPcYic94rK
Joint work with Anja Rabich, @paetscan and Thomas Eisenbarth.

Just noticed that the Simple Mobile Tools apps have been sold 🤯 Time for something new I guess 🙃

It’s amazing to me that a proposal to scan *literally ever private communication in Europe* is barely making newspapers, and we’re reading about legislative progress on blogs.