#sidechannel — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sidechannel, aggregated by home.social.
-
Websites have a new way to #spy on visitors: #analyzing their #SSD activity
source: arstechnica.com/security/2026/…
The #attack that #FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a #visitor is using, the researchers were able to determine the #websites open in other tabs—even on other browsers—and the apps that were open on the visitor’s device. FROST requires no interaction from the visitor other than opening the site hosting the attack.
#news #web #www #browser #hardware #software #sidechannel #tracking #surveillance #privacy #internet #online #security #problem #computer #surfing #hack #hacker #software #cybersecurity
-
Websites have a new way to #spy on visitors: #analyzing their #SSD activity
source: arstechnica.com/security/2026/…
The #attack that #FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a #visitor is using, the researchers were able to determine the #websites open in other tabs—even on other browsers—and the apps that were open on the visitor’s device. FROST requires no interaction from the visitor other than opening the site hosting the attack.
#news #web #www #browser #hardware #software #sidechannel #tracking #surveillance #privacy #internet #online #security #problem #computer #surfing #hack #hacker #software #cybersecurity
-
Websites have a new way to #spy on visitors: #analyzing their #SSD activity
source: arstechnica.com/security/2026/…
The #attack that #FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a #visitor is using, the researchers were able to determine the #websites open in other tabs—even on other browsers—and the apps that were open on the visitor’s device. FROST requires no interaction from the visitor other than opening the site hosting the attack.
#news #web #www #browser #hardware #software #sidechannel #tracking #surveillance #privacy #internet #online #security #problem #computer #surfing #hack #hacker #software #cybersecurity
-
Air gaps don't stop sound.
USAT (Ultrasonic Sub-Audible Trojan) — acoustic covert channel operating at 17–22kHz, inaudible, cross-device, no physical access required.
Full research: researchgate.net/publication/404012350
-
Air gaps don't stop sound.
USAT (Ultrasonic Sub-Audible Trojan) — acoustic covert channel operating at 17–22kHz, inaudible, cross-device, no physical access required.
Full research: researchgate.net/publication/404012350
-
Air gaps don't stop sound.
USAT (Ultrasonic Sub-Audible Trojan) — acoustic covert channel operating at 17–22kHz, inaudible, cross-device, no physical access required.
Full research: researchgate.net/publication/404012350
-
Air gaps don't stop sound.
USAT (Ultrasonic Sub-Audible Trojan) — acoustic covert channel operating at 17–22kHz, inaudible, cross-device, no physical access required.
Full research: researchgate.net/publication/404012350
-
Air gaps don't stop sound.
USAT (Ultrasonic Sub-Audible Trojan) — acoustic covert channel operating at 17–22kHz, inaudible, cross-device, no physical access required.
Full research: researchgate.net/publication/404012350
-
Watch this video, https://www.youtube.com/watch?v=_6BcuHpp9eU and vote this person as president. #sydbox denies sysipvc(7) API by default, thank me later: https://man.exherbo.org/syd.7.html#Shared_Memory_Hardening #exherbo #linux #security #sidechannel
-
Ich kann meinen Account noch so stark absichern, #MFA, #biometrie, #faceid – es braucht manchmal bloß eine einzige Rechnungsnummer, um Zugang zu erhalten.
https://www.gamepro.de/artikel/psn-account-kann-gehackt-werden-mit-rechnung,3445381.html
Gutes Vergleichsbeispiel, um einen #sidechannel-Angriff auf Software zu erklären, denke ich.
-
@kuketzblog Die Einstellung gibt es bei https://molly.im/ jedoch nicht bei Signal(Android), Herr Kuketz.
Um dies gänzlich zu beheben, muss es von Signal (Client + Server) gepatched werden.
Die Molly-Entwickler wollen jedoch ebenfalls Custom-Fixes bereitstellen.
https://github.com/mollyim/mollyim-android/issues/646
Signals Antwort lässt sich hier finden.
https://github.com/signalapp/Signal-Android/pull/14463#issuecomment-3613869569
P.S.: Signal ist nach wie vor sicher. Coole Kids nutzen Molly. 😁 MfG 🙏
-
This is a fascinating use of a #sidechannel timing attack against calls to an #AI model.
By capturing encrypted TLS traffic and measuring timing, they can very accurately determine which streams corresponded to an LLM conversation about a pre-selected topic.
TLS is intact. So their ability to recover the conversation is limited to their ability to break TLS. But they can, with high confidence, sift out all the TLS traffic for the only conversations that reference the thing they care about. They don't have to worry about spending resources breaking TLS on traffic that is unrelated. Neat #security research from #Microsoft.
-
藍牙 AES 的 side-channel attack
#aes #attack #bluetooth #channel #encryption #learning #machine #privacy #security #side #SideChannel
-
No fix yet for attack that lets hackers pluck 2FA codes from Android phones - Android devices are vulnerable to a new attack that can cove... - https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #sidechannel #pixnapping #security #android #privacy #biz #google
-
I have just presented our paper on Zero Click SnailLoad at ESORICS 2025 in Toulouse. Thank you to all who attended my talk, also for the nice discussion!
Also thanks to @c1t for taking the picture!
-
Security is hard.
The TL;DR is: Do not lose possesion of your private key.
Addendum: This is from a year ago to be clear. But, there are many people that have older Yubikeys that Can Not be fixed.
The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.
All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.
https://www.yubico.com/support/security-advisories/ysa-2024-03/
-
New research reveals timing side channels can leak ChatGPT prompts, exposing confidential info through subtle delays. AI security needs to consider more than just inputs.
Read more: https://dl.acm.org/doi/10.1145/3714464
#AIsecurity #SideChannel #LLM -
Безопасности не существует: как NSA взламывает ваши секреты
Конечные поля, хэш-мясорубки, скрытые радиоканалы и трояны, запаянные в кремний. Пока мы гордимся замками AES-256, спецслужбы ищут обходные тропы: подменяют генераторы случайности, слушают писк катушек ноутбука и вывозят ключи через незаметные ICMP-пакеты. Эта статья собирает мозаичную картину современных атак — от математических лазеек до физических побочных каналов — и задаёт неудобный вопрос: существует ли вообще абсолютная безопасность? Если уверены, что да, проверьте, не трещит ли ваш щит по швам.
https://habr.com/ru/articles/918068/
#криптография #безопасность #NSA #шифрование #конечные_поля #sidechannel #аппаратные_бэкдоры #генератор_случайности #covert_channels #киберпанк
-
Безопасности не существует: как NSA взламывает ваши секреты
Конечные поля, хэш-мясорубки, скрытые радиоканалы и трояны, запаянные в кремний. Пока мы гордимся замками AES-256, спецслужбы ищут обходные тропы: подменяют генераторы случайности, слушают писк катушек ноутбука и вывозят ключи через незаметные ICMP-пакеты. Эта статья собирает мозаичную картину современных атак — от математических лазеек до физических побочных каналов — и задаёт неудобный вопрос: существует ли вообще абсолютная безопасность? Если уверены, что да, проверьте, не трещит ли ваш щит по швам.
https://habr.com/ru/articles/918068/
#криптография #безопасность #NSA #шифрование #конечные_поля #sidechannel #аппаратные_бэкдоры #генератор_случайности #covert_channels #киберпанк
-
Безопасности не существует: как NSA взламывает ваши секреты
Конечные поля, хэш-мясорубки, скрытые радиоканалы и трояны, запаянные в кремний. Пока мы гордимся замками AES-256, спецслужбы ищут обходные тропы: подменяют генераторы случайности, слушают писк катушек ноутбука и вывозят ключи через незаметные ICMP-пакеты. Эта статья собирает мозаичную картину современных атак — от математических лазеек до физических побочных каналов — и задаёт неудобный вопрос: существует ли вообще абсолютная безопасность? Если уверены, что да, проверьте, не трещит ли ваш щит по швам.
https://habr.com/ru/articles/918068/
#криптография #безопасность #NSA #шифрование #конечные_поля #sidechannel #аппаратные_бэкдоры #генератор_случайности #covert_channels #киберпанк
-
Безопасности не существует: как NSA взламывает ваши секреты
Конечные поля, хэш-мясорубки, скрытые радиоканалы и трояны, запаянные в кремний. Пока мы гордимся замками AES-256, спецслужбы ищут обходные тропы: подменяют генераторы случайности, слушают писк катушек ноутбука и вывозят ключи через незаметные ICMP-пакеты. Эта статья собирает мозаичную картину современных атак — от математических лазеек до физических побочных каналов — и задаёт неудобный вопрос: существует ли вообще абсолютная безопасность? Если уверены, что да, проверьте, не трещит ли ваш щит по швам.
https://habr.com/ru/articles/918068/
#криптография #безопасность #NSA #шифрование #конечные_поля #sidechannel #аппаратные_бэкдоры #генератор_случайности #covert_channels #киберпанк
-
TOR is not a gimmick, but it doesn’t claim to be perfect either.
#sidechannel #COSADE #TorProject
A mask is still the best metaphor.
https://yashalevine.com/surveillance-valley
#MIC #MilitaryIndustrialComplex #ChrisHedges #SI #Scheer #Surveillance #Privacy #CivilSociety #MartialLaw #Junta #Tech #CS
#History #MIC #Arpa #ONR
#clock #delusion #psy #genocidalSpyime #Pharoh
The hate group violates our privates with subconscious patrols . . . -
TOR is not a gimmick, but it doesn’t claim to be perfect either.
#sidechannel #COSADE #TorProject
A mask is still the best metaphor.
https://yashalevine.com/surveillance-valley
#MIC #MilitaryIndustrialComplex #ChrisHedges #SI #Scheer #Surveillance #Privacy #CivilSociety #MartialLaw #Junta #Tech #CS
#History #MIC #Arpa #ONR
#clock #delusion #psy #genocidalSpyime #Pharoh
The hate group violates our privates with subconscious patrols . . . -
SCA4PQC – die @Cyberagentur startet ein Forschungsprogramm zur Entwicklung seitenkanalresistenter Post-Quanten-Kryptographie. Ziel: Schutz vor Quantenangriffen und physischen Seitenkanalangriffen. Fokus: Cloud/Desktops, IoT und Smartcards. Forschung und Wirtschaft sind eingeladen.
Mehr Informationen: https://t1p.de/b52np
#PostQuantum #CyberSecurity #SCA4PQC #PostQuantumCrypto #SideChannel #ITSecurity #OpenScience -
SCA4PQC – die @Cyberagentur startet ein Forschungsprogramm zur Entwicklung seitenkanalresistenter Post-Quanten-Kryptographie. Ziel: Schutz vor Quantenangriffen und physischen Seitenkanalangriffen. Fokus: Cloud/Desktops, IoT und Smartcards. Forschung und Wirtschaft sind eingeladen.
Mehr Informationen: https://t1p.de/b52np
#PostQuantum #CyberSecurity #SCA4PQC #PostQuantumCrypto #SideChannel #ITSecurity #OpenScience -
SCA4PQC – die @Cyberagentur startet ein Forschungsprogramm zur Entwicklung seitenkanalresistenter Post-Quanten-Kryptographie. Ziel: Schutz vor Quantenangriffen und physischen Seitenkanalangriffen. Fokus: Cloud/Desktops, IoT und Smartcards. Forschung und Wirtschaft sind eingeladen.
Mehr Informationen: https://t1p.de/b52np
#PostQuantum #CyberSecurity #SCA4PQC #PostQuantumCrypto #SideChannel #ITSecurity #OpenScience -
SCA4PQC – die @Cyberagentur startet ein Forschungsprogramm zur Entwicklung seitenkanalresistenter Post-Quanten-Kryptographie. Ziel: Schutz vor Quantenangriffen und physischen Seitenkanalangriffen. Fokus: Cloud/Desktops, IoT und Smartcards. Forschung und Wirtschaft sind eingeladen.
Mehr Informationen: https://t1p.de/b52np
#PostQuantum #CyberSecurity #SCA4PQC #PostQuantumCrypto #SideChannel #ITSecurity #OpenScience -
SCA4PQC – die @Cyberagentur startet ein Forschungsprogramm zur Entwicklung seitenkanalresistenter Post-Quanten-Kryptographie. Ziel: Schutz vor Quantenangriffen und physischen Seitenkanalangriffen. Fokus: Cloud/Desktops, IoT und Smartcards. Forschung und Wirtschaft sind eingeladen.
Mehr Informationen: https://t1p.de/b52np
#PostQuantum #CyberSecurity #SCA4PQC #PostQuantumCrypto #SideChannel #ITSecurity #OpenScience -
Someone found a clever #sidechannel to abuse #Cloudflare CDN caching to reveal the approximate location (~location of next big datacenter) of #Signal and #Discord users by sending them a message/notification with an image in it that is fetched from the CDN:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
-
Hardware #SideChannel attacks like "electromagnetic fault injection" bypass Apple’s chip defenses. The result? Jailbreaks & #malware on iDevices. #Apple needs to rethink its shielding fast. 🛡️
-
Cracking encrypted communication with #AI Chatbots like ChatGPT using, ironically, LLMs.
Responses were sent back one word-sized token at a time📨
Merely knowing word lengths is enough to infer whole response paragraphs.
The opening responses sentences are so formulaic you can use an LLM to guess the topic, punctuation was singled out with a special token 😬
This shows how encrypted information is still vulnerable to #sidechannel attacks.
-
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey
-
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey
-
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey
-
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey
-
Can the informaiton leaked by #sidechannel #subconscious - #timespace ever be anonymized scientifically?
They wake you from your dreams (subconscious) to target your daytime (gravity).
Their capabilities aren't really for terrorism, they're for terrorizing.
https://spaceplace.nasa.gov/gravitational-waves/en/
https://www.ligo.caltech.edu/page/what-are-gw
https://en.wikipedia.org/wiki/Laser_Interferometer_Space_Antenna
https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html
#COSADE #Freemasonry #Time #TerrorismByTheState #Genocide #Privacy #SocialControl #Clock
-
Can the informaiton leaked by #sidechannel #subconscious - #timespace ever be anonymized scientifically?
They wake you from your dreams (subconscious) to target your daytime (gravity).
Their capabilities aren't really for terrorism, they're for terrorizing.
https://spaceplace.nasa.gov/gravitational-waves/en/
https://www.ligo.caltech.edu/page/what-are-gw
https://en.wikipedia.org/wiki/Laser_Interferometer_Space_Antenna
https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html
#COSADE #Freemasonry #Time #TerrorismByTheState #Genocide #Privacy #SocialControl #Clock
-
Can the informaiton leaked by #sidechannel #subconscious - #timespace ever be anonymized scientifically?
They wake you from your dreams (subconscious) to target your daytime (gravity).
Their capabilities aren't really for terrorism, they're for terrorizing.
https://spaceplace.nasa.gov/gravitational-waves/en/
https://www.ligo.caltech.edu/page/what-are-gw
https://en.wikipedia.org/wiki/Laser_Interferometer_Space_Antenna
https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html
#COSADE #Freemasonry #Time #TerrorismByTheState #Genocide #Privacy #SocialControl #Clock
-
Can the informaiton leaked by #sidechannel #subconscious - #timespace ever be anonymized scientifically?
They wake you from your dreams (subconscious) to target your daytime (gravity).
Their capabilities aren't really for terrorism, they're for terrorizing.
https://spaceplace.nasa.gov/gravitational-waves/en/
https://www.ligo.caltech.edu/page/what-are-gw
https://en.wikipedia.org/wiki/Laser_Interferometer_Space_Antenna
https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html
#COSADE #Freemasonry #Time #TerrorismByTheState #Genocide #Privacy #SocialControl #Clock
-
Can the informaiton leaked by #sidechannel #subconscious - #timespace ever be anonymized scientifically?
They wake you from your dreams (subconscious) to target your daytime (gravity).
Their capabilities aren't really for terrorism, they're for terrorizing.
https://spaceplace.nasa.gov/gravitational-waves/en/
https://www.ligo.caltech.edu/page/what-are-gw
https://en.wikipedia.org/wiki/Laser_Interferometer_Space_Antenna
https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html
#COSADE #Freemasonry #Time #TerrorismByTheState #Genocide #Privacy #SocialControl #Clock
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Można klonować klucze Yubikey 5. Podatne są klucze z firmware < 5.7. Wymagany fizyczny dostęp.
Piekło zamarzło, Yubikey’e zhackowane – tak moglibyśmy opisać wczorajszy komunikat wydany przez Yubico, czyli producenta najpopularniejszych na świecie fizycznych kluczy bezpieczeństwa. Moglibyśmy, ale pomimo że jest w tym nieco prawdy, to nie ma powodu do paniki, przynajmniej dla większości użytkowników popularnych yubikey’ów. Dlaczego nie ma? Zacznijmy od teorii. Badacze z...
#WBiegu #Atak #EUCLEAK #Infineon #Klonowanie #SideChannel #U2f #Yubikey
-
Można klonować klucze Yubikey 5. Podatne są klucze z firmware < 5.7. Wymagany fizyczny dostęp.
Piekło zamarzło, Yubikey’e zhackowane – tak moglibyśmy opisać wczorajszy komunikat wydany przez Yubico, czyli producenta najpopularniejszych na świecie fizycznych kluczy bezpieczeństwa. Moglibyśmy, ale pomimo że jest w tym nieco prawdy, to nie ma powodu do paniki, przynajmniej dla większości użytkowników popularnych yubikey’ów. Dlaczego nie ma? Zacznijmy od teorii. Badacze z...
#WBiegu #Atak #EUCLEAK #Infineon #Klonowanie #SideChannel #U2f #Yubikey
-
Można klonować klucze Yubikey 5. Podatne są klucze z firmware < 5.7. Wymagany fizyczny dostęp.
Piekło zamarzło, Yubikey’e zhackowane – tak moglibyśmy opisać wczorajszy komunikat wydany przez Yubico, czyli producenta najpopularniejszych na świecie fizycznych kluczy bezpieczeństwa. Moglibyśmy, ale pomimo że jest w tym nieco prawdy, to nie ma powodu do paniki, przynajmniej dla większości użytkowników popularnych yubikey’ów. Dlaczego nie ma? Zacznijmy od teorii. Badacze z...
#WBiegu #Atak #EUCLEAK #Infineon #Klonowanie #SideChannel #U2f #Yubikey
-
#YubiKeys are #vulnerable to #cloning attacks thanks to newly discovered side channel
#sidechannel #security #2fa #privacy -
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
https://arstechnica.com/?p=2046777
#Yubikey #Yubikey5 #Security #SideChannel #Hacking #Hack #SecOps #ninjalab