Ich kann meinen Account noch so stark absichern, #MFA, #biometrie, #faceid – es braucht manchmal bloß eine einzige Rechnungsnummer, um Zugang zu erhalten.
https://www.gamepro.de/artikel/psn-account-kann-gehackt-werden-mit-rechnung,3445381.html
Gutes Vergleichsbeispiel, um einen #sidechannel-Angriff auf Software zu erklären, denke ich.
@kuketzblog Die Einstellung gibt es bei https://molly.im/ jedoch nicht bei Signal(Android), Herr Kuketz.
Um dies gänzlich zu beheben, muss es von Signal (Client + Server) gepatched werden.
Die Molly-Entwickler wollen jedoch ebenfalls Custom-Fixes bereitstellen.
https://github.com/mollyim/mollyim-android/issues/646
Signals Antwort lässt sich hier finden.
https://github.com/signalapp/Signal-Android/pull/14463#issuecomment-3613869569
P.S.: Signal ist nach wie vor sicher. Coole Kids nutzen Molly. 😁 MfG 🙏
This is a fascinating use of a #sidechannel timing attack against calls to an #AI model.
By capturing encrypted TLS traffic and measuring timing, they can very accurately determine which streams corresponded to an LLM conversation about a pre-selected topic.
TLS is intact. So their ability to recover the conversation is limited to their ability to break TLS. But they can, with high confidence, sift out all the TLS traffic for the only conversations that reference the thing they care about. They don't have to worry about spending resources breaking TLS on traffic that is unrelated. Neat #security research from #Microsoft.
Limnology exam grading
Good to look at streams and the notes
#academicchatter #Limnology #streams #fry #juveniles #sidechannel
📰 Microsoft 'Whisper Leak' Attack Can Spy on Encrypted AI Chats
🔒 Privacy Alert: Microsoft's 'Whisper Leak' attack can identify AI chat topics even through encryption. By analyzing packet sizes & timing, it spies on conversations with OpenAI, Mistral & more. #AI #Privacy #CyberSecurity #SideChannel
Hackers can steal 2FA codes and private messages from Android phones https://arstechni.ca/nGsq #sidechannel #pixnapping #Security #android #privacy #Biz&IT #Google
I presented “NICraft: Malicious NIC Firmware-based Cache Side-channel Attack” at ESORICS 2025.
We show a cache side-channel launched from the NIC itself. We devised new signal amplification (Aging + Domino) to turn small evictions into a clear timing gap. The attack requires no RDMA/DDIO, no kernel/driver mods.
Thank you for attending and for the great discussion!
Slides: https://github.com/amit-choudhari/NICraft/releases/download/slides/NICraft_esorics.pdf
Paper: https://cispa.saarland/group/rossow/papers/nicraft-esorics2025.pdf
With @rossow and Shorya Kumar
#ESORICS #sidechannel #NIC #SmartNIC
I have just presented our paper on Zero Click SnailLoad at ESORICS 2025 in Toulouse. Thank you to all who attended my talk, also for the nice discussion!
Also thanks to @c1t for taking the picture!
Thank you for joining us this year! 💛
Next Graz Security Week:
September 07–11, 2026
#GSW26 #cybersecurity #summerschool #securitysummerschool #sidechannel #AI #systemsecurity #informationsecurity #cryptography #privacy
Security is hard.
The TL;DR is: Do not lose possesion of your private key.
Addendum: This is from a year ago to be clear. But, there are many people that have older Yubikeys that Can Not be fixed.
The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.
All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.
https://www.yubico.com/support/security-advisories/ysa-2024-03/
In the Afternoon, our PhD students hosted the Software Side-Channels Lab, where the participants experimented with various microarchitectural side channels.
Only 5 more days until the GSW registration closes! ☀️
From September 1–5, immerse yourself in cybersecurity topics, engage with expert speakers, and connect with fellow enthusiasts!
Check out the program and register now! 👇
https://securityweek.at/
#GSW25 #cybersecurity #summerschool #securitysummerschool #sidechannel #AI #systemsecurity #informationsecurity #cryptography #privacy
Earlybird registration for Graz Security Week ends on August 4th!
Register now! 👇
https://securityweek.at/
Join us from September 1 to 5 for a deep dive into cybersecurity. Attend expert talks, hands-on lab sessions, and the PhD forum. Test your skills in the Capture the Flag competition by LosFuzzys, and enjoy a social event to connect with fellow enthusiasts.
#GSW25 #cybersecurity #summerschool #securitysummerschool #sidechannel #AI #systemsecurity #informationsecurity #cryptography #privacy
New research reveals timing side channels can leak ChatGPT prompts, exposing confidential info through subtle delays. AI security needs to consider more than just inputs.
Read more: https://dl.acm.org/doi/10.1145/3714464
#AIsecurity #SideChannel #LLM
Post-quantum crypto resists quantum computers, not physical attacks.
On July 10, we're live with PQShield to show how side-channel and fault injection techniques still break schemes like ML-KEM, and how to protect your implementations.
Register now:
🔵 11am CEST: https://pqshield.zoom.us/webinar/register/WN_GUBZIV41QDGiROlkbuUsPg#/registration
🔵 6pm CEST: https://pqshield.zoom.us/webinar/register/WN_6WZOefg3T06jQW6ind_bqw#/registration
#pqc #postquantumcryptography #sidechannel #faultinjection #hardware #hardwarehacking #hardwaresecurity
Live with PQShield on July 10th to see how side-channel and fault injection break ML-KEM and what you can do to stop them.
Register now:
🔵 11am CEST: https://pqshield.zoom.us/webinar/register/WN_GUBZIV41QDGiROlkbuUsPg#/registration
🔵 6pm CEST: https://pqshield.zoom.us/webinar/register/WN_6WZOefg3T06jQW6ind_bqw#/registration
#cryptography #faultinjection #sidechannel #cybersecurity #postquantumcryptography #pqc
Безопасности не существует: как NSA взламывает ваши секреты
Конечные поля, хэш-мясорубки, скрытые радиоканалы и трояны, запаянные в кремний. Пока мы гордимся замками AES-256, спецслужбы ищут обходные тропы: подменяют генераторы случайности, слушают писк катушек ноутбука и вывозят ключи через незаметные ICMP-пакеты. Эта статья собирает мозаичную картину современных атак — от математических лазеек до физических побочных каналов — и задаёт неудобный вопрос: существует ли вообще абсолютная безопасность? Если уверены, что да, проверьте, не трещит ли ваш щит по швам.
https://habr.com/ru/articles/918068/
#криптография #безопасность #NSA #шифрование #конечные_поля #sidechannel #аппаратные_бэкдоры #генератор_случайности #covert_channels #киберпанк
Bypassing kASLR via Cache Timing
Explores a prefetch side-channel attack to bypass kASLR on Windows 11 by measuring cache access times to locate the kernel base address.
https://r0keb.github.io/posts/Bypassing-kASLR-via-Cache-Timing/
Catch us at Hardwear.io later this month!
We’re bringing our side-channel attack bench demo and showing how easily it integrates with the esDynamic platform.
