Your message "More interposer fun, this time with DDR5 memory. Breaking TDX, S..." has been signed. Check out your quote at: view.tee.fail/view/45ecffd7c… and visit tee.fail for more info.

More interposer fun, this time with DDR5 memory. Breaking TDX, SGX, SEV and even Nvidia TEEs. Checkout our work at TEE.fail, and get a personally-signed Intel attestation report at @TEEdotFail.

Want to know what happens when commercial TEEs meet improvised DRAM memory interposers? SGX mayhem including attestation key extraction. Please DO try that at home😉. Check out our work at wiretap.fail/

Have an Apple device from the last few years? We have a new side channel attack for you. Checkout our work at predictors.fail/ Joint work with Jason Kim, Jalen Chuang and Yuval Yarom (@yuvalyarom). Could not have asked for a better team!

Our work on page walk side channels was accepted at @IEEESP 2025 (#ieeesp2025)! The full paper is now available at: gofetch.fail/files/peek-a-wa… and our code is available at: github.com/FPSG-UIUC/Peek-a-…

Excited to present "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" at @ASPLOSConf with Archit Agarwal, Max Christman, @CryptoGPS, @DanielGenkin, Andrew Kwong, @flowyroll, @deiandelmars, @mktaram and Dean Tullsen. (1/4)🧵

GoFetch.fail happening now @RealWorldCrypto. Come see Boru Chen (@blue75525366) talking about breaking constant time crypto using fancy prefetchers on Apple CPUs

Ever wondered what happens when side-channel resistant code meets a fancy prefetcher? Checkout our paper breaking constant time crypto on Apple CPUs. gofetch.fail/ Joint work with Boru Chen, @YingchenWang96, @PradyumnaShome, Chris Fletcher, @dkohlbre, @ricpacca

I'm very thankful to the @SloanFoundation for recognizing my research. Could not have done it without my awesome students, great collaborators, and wonderful mentors. Checkout our research group that made this possible at architecture.fail/

Microarchitectural unboxing: check out our new demo for breaking two factor authentication using iLeakage. Yes you heard it, speculative execution attacks on Apple’s M3 Macs and latest Safari that defeat Facebook’s 2FA over SMS. ileakage.com/

Goodbye WOOT the Workshop, hello WOOT the Conference! Excited to be a part of this legacy and this new beginning.

WOOT! Big news! Starting 2024 WOOT will be @USENIX WOOT Conference on Offensive Technologies! WOOT '24 will be on August 12-13 2024, colocated with USENIX Security WOOT '24 will be co-chaired by @noopwafel (@intel) and @adamdoupe (@ASU <= corrected!) usenix.org/conference/woot24

For those wondering if Apple’s iOS/iPadOS 17.1 and macOS 14.1 released yesterday protect against ileakage.com/? We took a look for you, the answer is no. Devices are still vulnerable.

iLeakage: Speculative execution attack on Safari, iPhone, iPad and Mac, allowing a hostile website to extract your passwords and other secrets. ileakage.com/ The only way to be safe is to stop using Safari: At the time of public release, Apple has implemented a mitigation for iLeakage in Safari. However, this mitigation is not enabled by default, and enabling it is possible only on macOS. Furthermore, it is marked as unstable.

Also we now have a group website architecture.fail/

After more than a year of embargo we can now show you how speculative attacks can extract sensitive information from the Safari browser on @Apple platforms. Check out our latest paper ileakage.com/. Great work by Jason Kim, @themadstephan and @yuvalyarom.