Risky Business #357 -- Mark Dowd talks Rowhammer

Yeah SCIENCE!!
12 Mar 2015 » Risky Business

On this week's show we're having a chat with Mark Dowd about the so-called Rowhammer exploit. And yeah, if you haven't heard about this one you're in for a treat. It's among the most badass research I've ever seen. You know, you can skin a cat with a knife, or you can do what the Google Project Zero team did and skin it with 300 synchronised lasers.

[NOTE: It's been pointed out that the post on the Project Zero blog is actually a guest post. The work was done by Googlers and published on the Google Zero blog, but these researchers aren't actually a part of the Project Zero team. Sorry for the confusion.]

In this week's sponsor episode we're chatting with Joseph Sokoly of Tenable Network Security about bugs like Freak. The fact is, if you're operating a web property and you were running your SSL config correctly, Freak wouldn't be a risk to your users when they're using your service.

But a lot of organisations just don't bother running best-practice configs. Why not? They're too busy putting out fires in their vuln management programs to deal with the low-hangers. Joseph stops by soon to talk about that.

(Joseph is also one of the voices of the Southern Fried Security Podcast. Check it out here, because I'm guessing if you're reading this you like security podcasts!)

Show notes

Patched Windows PC remained vulnerable to Stuxnet USB exploits since 2010 | Ars Technica
http://arstechnica.com/security/2015/03/patched-windows-pc-remained-vuln...

Stuxnet leak probe stalls for fear of confirming US-Israel involvement | Ars Technica
http://arstechnica.com/tech-policy/2015/03/stuxnet-leak-probe-stalls-for...

UK man arrested on suspicion of US Department of Defense hacking | Ars Technica
http://arstechnica.com/tech-policy/2015/03/uk-man-arrested-on-suspicion-...

iSpy: The CIA Campaign to Steal Apple's Secrets
https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-ap...

Errata Security: No, the CIA isn't stealing Apple's secrets
http://blog.erratasec.com/2015/03/no-cia-isnt-stealing-apples-secrets.ht...

Australia to prosecute Heartbleed pentest in desperation to pin charges on Anonymous radio host | ZDNet
http://www.zdnet.com/article/australia-to-prosecute-heartbleed-pentest-i...

OpenSSL Security Audit Ready to Start | Threatpost | The first stop for security news
https://threatpost.com/openssl-security-audit-ready-to-start/111538

Anthem Refuses Audit Following Massive Breach | Threatpost | The first stop for security news
https://threatpost.com/anthem-refusing-oig-security-audit-following-brea...

Why Clinton's Private Email Server Was Such a Security Fail | WIRED
http://www.wired.com/2015/03/clintons-email-server-vulnerable/

Hillary Clinton Says Her Email Was Secure; She Can't Know | WIRED
http://www.wired.com/2015/03/hillary-clinton-says-email-secure-cant-know/

Feds Indict Three in 2011 Epsilon Hack - Krebs on Security
http://krebsonsecurity.com/2015/03/feds-indict-three-in-2011-epsilon-hack/

Stop Spying on Wikipedia Users - NYTimes.com
http://www.nytimes.com/2015/03/10/opinion/stop-spying-on-wikipedia-users...

Litecoin-mining code found in BitTorrent app, freeloaders hit the roof \u2022 The Register
http://www.theregister.co.uk/2015/03/07/utorrent_epic_scale_mining_softw...

Adobe Starts Vulnerability Disclosure Program on HackerOne | Threatpost | The first stop for security news
https://threatpost.com/adobe-starts-vulnerability-disclosure-program-on-...

Apple Fixes FREAK Bug, iCloud Flaw in iOS 8.2 | Threatpost | The first stop for security news
https://threatpost.com/apple-fixes-freak-bug-icloud-flaw-in-ios-8-2/111553

Yahoo Patches Critical Small Business, eCommerce Bugs | Threatpost | The first stop for security news
https://threatpost.com/yahoo-patches-critical-ecommerce-small-business-v...

Dropbox Patches Remotely Exploitable Vulnerability in SDK | Threatpost | The first stop for security news
https://threatpost.com/dropbox-patches-remotely-exploitable-vulnerabilit...

Facebook Users Open to Attack Via Several Security Bugs | Threatpost | The first stop for security news
https://threatpost.com/facebook-users-open-to-attack-via-several-securit...

Patch Tuesday patches FREAK, Universal XSS | Ars Technica
http://arstechnica.com/information-technology/2015/03/patch-tuesday-patc...

Microsoft Fixes Stuxnet Bug, Again - Krebs on Security
http://krebsonsecurity.com/2015/03/microsoft-fixes-stuxnet-bug-again/

You Am I - Soldiers - YouTube
https://www.youtube.com/watch?v=P1SV4v_qtBI

Rowhammer
http://www.rowhammer.com/

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: