Nov 12 2019 mjos\dwez
This is pretty cool and important stuff on full working timing attacks on real-life TPMs; paper http://tpm.fail/tpmfail.pdf Intel TPM chips: CVE-2019-11090, ST's TPM chips: CVE-2019-16863. In this case a vulnerability website is entirely appropriate: http://tpm.fail/ https://t.co/851Bt3A6JA4 replies, 207 likes
Nov 13 2019 Ian Coldwater ⎈
Oh shit. This is a big deal. And it can be done over the wire!8 replies, 160 likes
Nov 13 2019 Jann Horn
timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?0 replies, 83 likes
Nov 13 2019 Daniel Cuthbert
Having spent the last month knee-deep in TPMs, this is just something else. Super solid research here, wow2 replies, 34 likes
Nov 13 2019 Michal Stanek
Uh oh.. a new, practical, remote (!) timing attack on discrete and firmware TPMs. Extracts private keys in just a few hours. Infineon and Nuvoton chips apparently not affected.0 replies, 4 likes
Nov 13 2019 friendly neighborhood dog mom
Honestly, it's far beyond time to stop fucking trusting Intel for *literally anything*. Every tech company making similar products has vulnerabilities, but Intel's built up a *fuck* of a list at this point compared to everyone else.0 replies, 4 likes