Description: Exploiting timing attacks in widespread systems
Much has been written about timing attacks since they first appeared over 15 years ago. However, many developers still believe that they are only theoretically exploitable and don't make it a priority to fix them.
We have notified vendors who declined to fix timing attacks for this reason. Thus, they won't have any problem with us using their applications as a demo for how to effectively exploit timing attacks, right?
This talk will show how we exploited timing attacks in common frameworks (such as the Java crypto framework). We will provide experimental evidence on what filtering techniques work best for dealing with network and host jitter to decrease attack time.
Finally, we will show the current limits of exploitability and give predictions about whether attackers or defenders will benefit more from future technology advances such as multicore systems and virtualization.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , blackhat10 , blackhat-2010 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.