cache timing

[badgolferman]

Install your Windows Updates. Update your antivirus software. Scan your
system regularly. Keep religious backups. It's all good advice -- and
it's advice that I give to readers on a near-daily basis.

And maybe it's all meaningless.

MIT researchers are warning that it doesn't matter much what security
measures you take with your computer. If someone wants in, they're
getting in.

The latest concern/attack involves data "leakage," the idea that no
matter how secure your data might be in storage (even if it's
encrypted), once it's in actual use, it's fair game. One area of
research involves cached data: Say you decrypt your secret spreadsheet
outlining your plans for world domination and have it open on your
desktop. Other programs running in the background uses that same
working area (the cache) on the machine... and, coded properly, one
such program could relatively easily "steal" what else is going on in
the cache at that time.

A variation on such an attack has been used to break otherwise
rock-solid AES encryption keys. Called "cache timing," the attack
determines which specific portions of a computer's memory are used
during a decryption process, and can rebuild the key -- in seconds --
just by looking at the pattern of those memory accesses.

Up next: Researchers are investigating whether these attacks can be
applied to so-called cloud computing situations. It's one thing to get
a piece of malicious software installed on your personal computer
(where you might find it easily), but what if you're sharing time on a
server on the net? Attackers could run programs on shared servers that
watch the cache on that server for other people's data. Just watch for
busy servers and run your app when something good is going on, and
you're none the wiser... Kind of scary stuff. Read all the details on
MIT's news site.

How you feeling about your spyware security system now?

http://tech.yahoo.com/blogs/null/154264/all-your-computer-security-precautions-are-worthless/;_ylc=X3oDMTI1a210M2RpBFJfYWlkAwRSX2RtbgN5YWhvby5jb20EUl9maWQDYzZmMGRmYTY3ZWU3NzE5MjA4M2MyODIzMDViNDRmODIEUl9sdHADMQ--

--
�The more things change, the more they remain the same.� ~ Alphonse Karr

[Brian Cryer]

"badgolferman" <REMOVETHISb...@gmail.com> wrote in message
news:xn0gh819...@news.albasani.net...
<snip>

> MIT researchers are warning that it doesn't matter much what security
> measures you take with your computer. If someone wants in, they're
> getting in.
>
> The latest concern/attack involves data "leakage," the idea that no
> matter how secure your data might be in storage (even if it's
> encrypted), once it's in actual use, it's fair game. One area of
> research involves cached data: Say you decrypt your secret spreadsheet
> outlining your plans for world domination and have it open on your
> desktop. Other programs running in the background uses that same
> working area (the cache) on the machine... and, coded properly, one
> such program could relatively easily "steal" what else is going on in
> the cache at that time.

To work this does require that your machine has already been compromised.

<snip>

> How you feeling about your spyware security system now?

Reasonably confident, but you should never be complacent.
--
Brian Cryer
www.cryer.co.uk/brian