Black Hat USA 2010: Exploiting Timing Attacks in Widespread Systems 1/5





The interactive transcript could not be loaded.



Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 18, 2010

Speakers: Nate Lawson, Taylor Nelson

Much has been written about timing attacks since they first appeared over 15 years ago. However, many developers still believe that they are only theoretically exploitable and don't make it a priority to fix them.

We have notified vendors who declined to fix timing attacks for this reason. Thus, they won't have any problem with us using their applications as a demo for how to effectively exploit timing attacks, right?

This talk will show how we exploited timing attacks in common frameworks (such as the Java crypto framework). We will provide experimental evidence on what filtering techniques work best for dealing with network and host jitter to decrease attack time.

Finally, we will show the current limits of exploitability and give predictions about whether attackers or defenders will benefit more from future technology advances such as multicore systems and virtualization.

For more information click here (http://bit.ly/dwlBpJ)


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...