Risky Business Podcast

October 18, 2017

Risky Business #474 -- Inside new, "invisible" Rowhammer attacks

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we’re chatting with Daniel Gruss an infosec researcher doing a postdoc in the Secure Systems group at the Graz University of Technology in Austria.

Daniel was one of the authors of a recent paper on a new Rowhammer technique. This one’s pretty clever, basically because it evades all known detection techniques by executing in an Intel SGX enclave.

In this week’s feature interview we chat with Dan Guido from Trail of Bits. He’s along this week to talk about his experience in helping to build secure software and security tools for his clients.

Of course the big news this week are the so-called “KRACK” attacks against WPA2. Adam’s done his homework on that and joins the news segment to tell you all how bad it is. We also look at the RNG bugs making life hard for smart card vendors and all the other news of the week!

Links to everything are below.

Oh, and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #474 -- Inside new, "invisible" Rowhammer attacks
0:00 / 0:00

Show notes

What You Should Know About the ‘KRACK’ WiFi Security Weakness — Krebs on Security

Falling through the KRACKs – A Few Thoughts on Cryptographic Engineering

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible | Threatpost | The first stop for security news

Millions of high-security crypto keys crippled by newly discovered flaw | Ars Technica

'Hacking back' legislation is back in Congress

The World Once Laughed at North Korean Cyberpower. No More. - The New York Times

North Korean Hackers Used Hermes Ransomware to Hide Recent Bank Heist

Beaumont Porg, Esq. on Twitter: "Ukraine Intelligence Agency warning of planned large scale disk wiping attack using supply chain: https://t.co/Scm6kcgXSI https://t.co/EebTrrLwzu"

October Price Adjustment — Steemit

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | ZDNet

Cyberespionage Group Steps Up Campaigns Against Japanese Firms | Threatpost | The first stop for security news

Middle Eastern hacking group is using FinFisher malware to conduct international espionage

Exclusive: Microsoft responded quietly after detecting secret database hack in 2013

Equifax website borked again, this time to redirect to fake Flash update | Ars Technica

Google’s strongest security, for those who need it most

Russia Fines Telegram $14,000 for Not Giving FSB an Encryption Backdoor

Web-connected household devices to face mandatory rating over spying fears

Want to see something crazy? Open this link on your phone with WiFi turned off.

Sexual assault allegations levied against high profile security researcher and activist - The Verge

Leveraging the Analog Domain for Security (LADS)

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

KRACK Attacks: Bypassing WPA2 against Android and Linux - YouTube

[1710.00551] Another Flip in the Wall of Rowhammer Defenses