Side Channel Attacks in the Wild: The Smart Home

19 March 2018 | Comments Off on Side Channel Attacks in the Wild: The Smart Home

Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post. Side channel attacks…

Short Take: Side Channel Attacks

13 March 2018 | Comments Off on Short Take: Side Channel Attacks

In this short take, recently posted over at the Network Collective, I discuss what a side channel attack is, and why they are important.

On the ‘net: Spectre, Meltdown, and Flexible Scaleout

20 February 2018 | Comments Off on On the ‘net: Spectre, Meltdown, and Flexible Scaleout

The recent Meltdown and Spectre attacks illustrate the problematic nature of modern computing systems. While the earlier Rowhammer attack could read or attack one process running in a virtual environment from another process running on the same processor, the Meltdown and Spectre attacks are of a completely different class, enabling a process to read large…

Giving the Monkey a Smaller Club

30 January 2018 |

Over at the ACM blog, there is a terrific article about software design that has direct application to network design and architecture. The problem is that once you give a monkey a club, he is going to hit you with it if you try to take it away from him. What do monkeys and clubs…

The Overoptimization Meltdown

15 January 2018 |

In simple terms Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month’s worth of payroll. [time-span] There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either…

Meltdown and Spectre (Updated)

4 January 2018 | Comments Off on Meltdown and Spectre (Updated)

Replaced by this page.

Several on KRACK

26 October 2017 | Comments Off on Several on KRACK

Three articles of interest on the new WiFi KRACK— This is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug). When a client connects to the network, the access-point will at some point send a random “key” data to use for encryption. Because this packet may be lost in…

OneLogin and Password Managers

6 June 2017 |

An interesting incident this last week brings password managers back to the front of the pile— OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. —Krebs on…

Reading List: WannaCry and Ransomware

24 May 2017 | Comments Off on Reading List: WannaCry and Ransomware

A good bit has been written about the recent WannaCry outbreak over the last few weeks; rather than stringing the best out through Worth Reading posts, I have collected the three best posts on the topic here. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let…

Notes on the FCC and Privacy in the US

11 April 2017 |

I’ve been reading a lot about the repeal of the rules putting the FCC in charge of privacy for access providers in the US recently—a lot of it rising to the level of hysteria and “the end is near” level. As you have probably been reading these stories, as well, I thought it worthwhile to…