Boss Byproducts: Corium Is Man-Made Lava

So now we’ve talked about all kinds of byproducts, including man-made (Fordite), nature-made (fulgurites), and one that’s a little of both (calthemites). Each of these is beautiful in its own …read more Continue reading Boss Byproducts: Corium Is Man-Made Lava

How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?

About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by the victim? Is this doable in "norma… Continue reading How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?

Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?

In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-… Continue reading Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?

Is protecting against Meltdown and Spectre on virtual servers actually possible?

I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?

Are there any class of systems where it is safe to disable spectre and meltdown patches

I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & windows seems to allow the disabling of th… Continue reading Are there any class of systems where it is safe to disable spectre and meltdown patches

Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?

Can a meltdown attack also violate data integrity of other processes by obtaining different passwords or is it just violating data secrecy by reading data it is unauthorized to do?

Continue reading Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?