- In the case of nonce reuse both integrity and confidentiality properties are violated. If the same nonce is used twice, an adversary can create forged ciphertexts easily.
- When short tags are used, it is rather easy to produce message forgeries. For instance, if the tag is 32 bits, then after $2^{16}$ forgery attempts and $2^{16}$ encryptions of chosen plaintexts (also of length $2^{16}$), a forged ciphertext can be produced. Creation of forgeries can be instantaneous when enough forgeries have been found.
- GCM security proof has a flaw. It has been repaired recently, but the new security bounds are far worse for nonces not 12 bytes long;
- GCM implementations are vulnerable to timing attacks if they do not use special AES instructions. The vulnerability remains even if the AES itself is implemented in constant-time. Constant-time implementations of GCM exist, but they are rather slow.
- GCM restricts the total amount of data encrypted on a single key to 60 GBytes, which might be undesirable in the future.
Monday, October 27, 2014
First Exaflops supercomputer in 2020
This prediction is based on IBM results in low power consumption supercomputer delivery. IBM was however unable, even under strict contract terms delivering anything sooner than this.
Software?? Later, as you already know from personal experience. In 2022-2023 time frame.
___________________________
99% BAD HARDWARE WEEK: Exaflops functionality is related with extremly sensitivity to hardware and sofware failures.
Friday, October 24, 2014
UPDATE 2: China's 5-Year Plan Revealed
And China has dedicated the funding and the economic pressure to accomplish those goals, according to IDC.
___________________________
99% BAD HARDWARE WEEK:
Thursday, October 23, 2014
UPDATE 1: IBM’s chip business sale gets national security scrutiny
It's unclear how capable Iran's supercomputing capabilities are at this point; Iran's Amirkabir University of Technology, the home of the IHPCRC, had in 2010 a system with 4,600 CPUs, but it did not identify the processor maker.
___________________________
99% BAD HARDWARE WEEK: More about chip hacking read at recent bad hardware week posts. But taking chips for granted and don't think who is the SUPPLIER of critical rare earth materials for them is really short sighted national security.
In mutual partnership Abu Dhabi further gets IBM's RF portolio. Congrats.
Monday, October 20, 2014
IBM to pay Globalfoundries $1.5 billion to take its fab !
Saturday, October 18, 2014
Future of the Ethernet
10 times faster in the next 10 years.___________________________
99% BAD HARDWARE WEEK:
Well, used to rise faster some 20 years ago.
Friday, October 10, 2014
See invisible: Canon developing multi-layer CCD
___________________________
99% BAD HARDWARE WEEK: April Fools Or not ? It is however patented in 2011. Perhaps Canon deliver it in 2015.
25 mega pixels x3 color sensor should be great at full frame. Equivalent at current 24 megapixels at micro 4/3 format too. Lets wait.
Monday, October 06, 2014
How secure your iPhone 5 and 6 are ?
•All attributes are now encrypted (not only password)
•AES-GCM is used instead of AES-CBC
AES-GCM has the following problems:
___________________________
99% BAD HARDWARE WEEK: AES-GCM uses 128 bit keys. Thus you can't consider your iPhone 6 data TOP SECRET, but secret. At least under NSA suit B classification. Secret means the same as for iPhone 4 and earlier versions: Open to law enforcement upon request !. SEEMS THAT iPhone IS STILL MORE BENDABLE TOWARD THOSE REQUESTS THAN ADVERTISED BY APPLE !
Saturday, October 04, 2014
XEN bug crashes Amazon and Rackspace clouds
There was substantial speculation about XSA-108 among bloggers, tweeters, and reporters
In other words, a vulnerability appears to have been found that, rather risk having hackers take advantage of by announcing, has been embargoed until it is fixed.
The vulnerability is due to insufficient bounds checking on the Model-Specific Register (MSR) range while emulating read and write accesses for use by the Advanced Programmable Interrupt Controller (APIC) an affected system. An authenticated, adjacent attacker on a guest operating system could exploit this vulnerability to cause the host operating system to crash, resulting in a DoS condition. An attacker could also use this vulnerability to gain access to sensitive information from the host operating system or other guest operating systems that could be leveraged to conduct further attacks.
XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to 3 KiB of random memory that might not be assigned to the guest. The memory could contain confidential information if it is assigned to a different guest or the hypervisor. The vulnerability does not apply to PV guests.
___________________________
99% BAD HARDWARE WEEK:
In other words, a vulnerability appears to have been found that, rather risk having hackers take advantage of by announcing, has been embargoed until it is fixed.
The vulnerability is due to insufficient bounds checking on the Model-Specific Register (MSR) range while emulating read and write accesses for use by the Advanced Programmable Interrupt Controller (APIC) an affected system. An authenticated, adjacent attacker on a guest operating system could exploit this vulnerability to cause the host operating system to crash, resulting in a DoS condition. An attacker could also use this vulnerability to gain access to sensitive information from the host operating system or other guest operating systems that could be leveraged to conduct further attacks.
XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to 3 KiB of random memory that might not be assigned to the guest. The memory could contain confidential information if it is assigned to a different guest or the hypervisor. The vulnerability does not apply to PV guests.
___________________________
99% BAD HARDWARE WEEK:
Friday, October 03, 2014
BadUSB – Turning devices evil
Proof-of-Concept. We are not yet releasing the modified USB controller firmwares. Instead we are providing a proof-of-concept for Android devices that you can use to test your defenses: BadAndroid-v0.1
___________________________
99% BAD HARDWARE WEEK:
Thursday, October 02, 2014
Boeing in problems with displays
Boeing had previously issued an alert in November 2012 after an aeroplane operator and wi-fi vendor noticed interference caused by the installation of an in-flight internet system.
The "phase 3" display units were found to be susceptible to the same radio frequencies used to transmit data via wi-fi.
In addition, the Federal Aviation Administration (FAA) said it was concerned that the screens could be disrupted by mobile satellite communications, cellular signals from phones, and air surveillance and weather radar.
___________________________
99% BAD HARDWARE WEEK: So called blind flight ? MH370 ? :(
METADATA: What NSA XKeyscore program takes anyway from your apsolutely protected PC ??
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Office\11.0\Word\Data\Settings
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cache: [SBI $49804B54] Browser: Cache (3) (Browser: Cache, nothing done)
___________________________
99% BAD HARDWARE WEEK: Yes including Chrome private mode browser. The only thing I managed to protect are cookies in Firefox protected mode AFTER EXCLOUDING cookies from browser cache ?? Of course then you can't access any email or interactive account, so what use ?
But, wait a minute. What is actually metadata ?
