Language Selection

English French German Italian Portuguese Spanish

Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU

Filed under
OSS
Security

Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow severely vulnerable.

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly.

The first thing you have to note about such papers is that informed readers generally ignore the parts that a newbie is most likely focus on: the Abstract, Introduction and Conclusion sections. Unfortunately, these promotional parts of the paper are the sections that focus on the negative implications for OpenSSL. In the rest of the paper, OpenSSL is merely the software component of the experiment equipment.

The experiment described in the paper is very difficult to reproduce. You have to cause very subtle faults in computation at specific times. As I understand it, they had to assemble a specialized hardware copy of a SPARC-based GNU/Linux environment to accomplish the experiment.

rest here




re: OpenSSL

Good but way toooooo long of an article.

To sum up...

"Likelihood of being cracked" is NOT the same as "can be cracked".

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

War Thunder on GNU/Linux and More on SteamVR

Leftovers: OSS

Security Leftovers

  • Wednesday's security advisories
  • Smartphones with fingerprint scanners under screen to hit market this year
    The majority of fingerprint scanners can be found either on the back of a smartphone or on the front, embedded in the home button. But it looks like that status quo is soon about to change. According to a report from The Investor, CrucialTec, a manufacturer of fingerprint modules based in South Korea, will launch its on-screen fingerprint scanning solution that allows you to unlock your device by placing a finger on the screen sometime this year. This means that we can expect to see the first smartphones featuring the new fingerprint technology hit the market in 2017. Unfortunately, CrucialTec did not reveal an exact time frame or the smartphone manufacturers it is currently working with.
  • Kaspersky launches 'secure operating system' -- with no trace of Linux in it [Ed: You must be pretty desperate for headlines and attention when your marketing pitch is, "we're not Linux!"]
  • Windows Botnet Spreading Mirai Variant
    A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under certain conditions.
  • Five New Linux Kernel Vulnerabilities Were Fixed in Ubuntu 16.10, 14.04 & 12.04
    We reported earlier that Canonical published multiple security advisories to inform Ubuntu users about the availability of new kernel updates that patch several flaws discovered recently by various developers. We've already told you about the issues that are affecting Ubuntu 16.04 LTS and Ubuntu 16.04.1 LTS (Xenial Xerus) users, so check that article to see how you can update your systems is you're still using the Linux 4.4 LTS kernel. But if you managed to upgrade to Ubuntu 16.04.2 LTS, which uses Ubuntu 16.10 (Yakkety Yak)'s Linux 4.8 kernel, then you need to read the following.
  • Another Linux Kernel Vulnerability Leading To Local Root From Unprivileged Processes

Red Hat News