1. 10

  2. 5

    No substantive comment, but what a terrible name for a vulnerability.

    1. 1

      Now, humans have distinct typing patterns. For example, typing ‘s’ right after ‘a’ is faster than typing ‘g’ after ‘s’. As a result, NetCAT can operate statical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session.

      Does this actually work? Doesn’t this mean that ALL ssh sessions are then inherently vulnerable, with or without Intel DDIO and RDMA? In this demonstration, however, they had to type with a specific and very slow speed. I wonder if faster typing is immune to this? (Or, I guess, the coalescing bits could be machine-learned as well.)

      Oh, well… Who would have thought that we’d be able to do all these things with timing attacks? (To spare someone from having to write a reply — https://papers.freebsd.org/2005/cperciva-cache_missing/ — yes, someone thought of that back in 2005, until everyone forgot about it for quite a while.)

      1. 1

        Dawn Song et al at Berkeley did some work on this wrt SSH. The exploit is possible but very challenging to execute.

        Also, one of the first RDMA side channel attacks showed up at Usenix Security this year.