home.social

#snailload — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #snailload, aggregated by home.social.

  1. I have just presented our paper on Zero Click SnailLoad at ESORICS 2025 in Toulouse. Thank you to all who attended my talk, also for the nice discussion!

    Also thanks to @c1t for taking the picture!

    #ESORICS2025 #Toulouse #SnailLoad #sidechannel

  2. Nuisance of the day: Mobile email applications that automatically render HTML mails by default, including links, without clearly indicating where they go. "Bonus" points for loading external references without asking.
    Just now, somebody showed me a fully rendered phishing mail in their web.de app.
    Of course, I had to do a quick SnailLoad demo and that one works, too, with a client-side connection to the attacker server. 🤔
    We investigated problematic behavior like this in our Zero-Click SnailLoad paper, so this is just yet another case.
    However, I said it before and I will say it again: HTML emails are a pest, especially with external references!

    #SnailLoad #phishing #tracking #email

  3. In our new paper (accepted at ESORICS 2025), we explore how attackers can mount automated SnailLoad attacks without requiring the user to explicitly click a link to the attacker's server.
    For this, we exploit the automatic handling of external references in messenger and email applications, as well as responses from home routers to TCP SYNs targeting closed ports.
    The full paper is available here: stefangast.eu/papers/zeroclick

    Thank you to Nora Puntigam, @silent_bits, @vmcall, @lavados and Johanna Ullrich for the fantastic collaboration!

    #ESORICS2025 #SnailLoad

  4. SnailLoad: the next Side-Channel Attack found by the University of Technology in Graz: snailload.com #snailload

  5. By me @Forbes: SnailLoad attack methodology allows for spying without infiltrating the network or installing malware. It’s clever, but is it dangerous?

    # infosec #SnailLoad #PrivacyMatters

    forbes.com/sites/daveywinder/2

  6. Während der Arbeitszeit gleichzeitig youtube-Videos und twitch-streams schauen ist das neue
    "Radio an und die Unterhaltung bei laufender Dusche im Badezimmer führen": Es fügt Abhörschutz durch Rauschen hinzu. ;-)

    heise.de/news/SnailLoad-Lausch

    #SnailLoad

  7. Wenn man eine #Sicherheitslücke gefunden hat und die #Bahn mal wieder länger braucht, kann man auch ein #Musikvideo im Zug drehen:

    "c0de - SnailLoad (A Parody Song)"
    youtube.com/watch?v=oQpbSbeAJ2

    (Details gibt es unter snailload.com/ - hab aber noch nicht tiefer reingeschaut)

    #SnailLoad #YouTube

  8. Announcing SnailLoad, the first fully remote website- and video-fingerprinting attack working via arbitrary TCP connections.
    SnailLoad does not require any attacker code on the victim machine, any TCP connection is enough.

    Great collaboration with Roland Czerny, Jonas Juffinger, Fabian Rauscher, @silent_bits and @lavados.

    See the website for the full paper and a live demo: snailload.com
    (1/3)

    #SnailLoad #sidechannel #networksecurity