Nov 12 2019 mjos\dwez
This is pretty cool and important stuff on full working timing attacks on real-life TPMs; paper http://tpm.fail/tpmfail.pdf Intel TPM chips: CVE-2019-11090, ST's TPM chips: CVE-2019-16863. In this case a vulnerability website is entirely appropriate: http://tpm.fail/ https://t.co/851Bt3A6JA4 replies, 209 likes
Nov 13 2019 Ian Coldwater ⎈
Oh shit. This is a big deal. And it can be done over the wire!8 replies, 160 likes
Nov 13 2019 Jann Horn
timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?0 replies, 83 likes
Nov 13 2019 Daniel Cuthbert
Having spent the last month knee-deep in TPMs, this is just something else. Super solid research here, wow2 replies, 34 likes
Nov 13 2019 friendly neighborhood dog mom
Honestly, it's far beyond time to stop fucking trusting Intel for *literally anything*. Every tech company making similar products has vulnerabilities, but Intel's built up a *fuck* of a list at this point compared to everyone else.0 replies, 4 likes
Nov 13 2019 Michal Stanek
Uh oh.. a new, practical, remote (!) timing attack on discrete and firmware TPMs. Extracts private keys in just a few hours. Infineon and Nuvoton chips apparently not affected.0 replies, 4 likes