Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. downfall.page

Proud to be part of this impactful effort.

Trust matters, especially for technology like Intel TDX. See how Intel worked with our friends at @Google to improve platform security. ms.spr.ly/6014QPLHM

The new Rowhammer attack paper against SK Hynix DDR5 modules is very impressive! LPE to root in over 100 seconds, or disclosing RSA keys for SSH from adjacent VM, among other vectors. If the SK Hynix brand doesn't ring a bell, some models of ADATA, G.SKILL, Corsair, Dell, Lenovo and even some Cisco OEM modules are based on Hynix chips. Finding exact list of affected OEM vendors and module modules is a bit tricky. As part of the research effort Google has also partnered with Antmicro to build dedicated Rowhammer testing rig, which is also open-source! github.com/antmicro/rowhamme… Paper: comsec.ethz.ch/research/dram… Google blog: security.googleblog.com/2025… PoC: github.com/comsec-group/phoe…

A new attack on DDR5 further demonstrates that current countermeasures against Rowhammer-style assaults aren't enough. tomshardware.com/tech-indust…

🔥 New hardware hack ALERT: ETH Zürich Google just broke SK Hynix DDR5 memory wide open. ➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips ➡️ ECC & TRR defenses? ❌ Bypassed ➡️ RSA keys sudo at risk Full story → thehackernews.com/2025/09/ph… 💡 Only fix: crank DRAM refresh rate 3×.

FFmpeg folks are talking about performance degradation due to Downfall (downfall.page) vulnerability, and if they can disable it. Short blog post on the issue: moghimi.org/downfall_perform…

Deploying mitigations at scale is hard. It has been a couple of years since I discovered downfall.page / GDS attack. The performance degradation due to mitigation is bad, which may cause folks to disable them :(

Follow me on flowyroll.bsky.social

I wrote a piece on @sigarch blog about the state of hardware and architecture security. "Secure Computer Architecture in the Post-Meltdown World: A Long Road Ahead" sigarch.org/secure-computer-…

[Weekend read] Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning - elie.net/publication/general… Thrilled to finally publish our GPAM model and high-quality ECC datasets after years of intense R&D. Compared to existing approaches, the GPAM model represents a generational leap because it is able to attack multiple algorithms (AES, ECC) and countermeasures without the need for human intervention and without the need to pre-process the input traces. Full disclosure each attack requires about automated hyper-tuning: ~700 GPU/h of automated hyper-tuning. @jmichel_p @invernizzi @flowyroll #AI #CyberSecurity #cryptography #crypto #ResearchPapers

I didn't attend Usenix Security this year, but looking at the hardware security papers, only a small number solve real problems. This is unfortunate because I know that students put a lot of efforts into these papers. It looks like the gap between academia-industry is quite big.

Michael wasn't joking when he said fun ideas x.com/misc0110/status/182123…

With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite from writing and reading arbitrary physical memory on affected RISC-V CPUs. Deterministic, fast, and reliable - no side channels. ghostwriteattack.com/

I am looking for a new home. As I am typing my partner's name on Google calendar, it also suggests that I should add our current landlord to the meeting :) I am guessing this is just because we have had a shared history of exchanging emails. Yeah right, AI apocalypse is near.

Went to see the Duel Reality by @The7Fingers. Awed by this thrilling, psychedelic, acrobatic story telling. They are in town till August 4th. Don't miss out.

Well of course CrowdStrike claims they do the same thing as Capsule8. This is how the industry works. Every time a small company creates an innovation, the big companies claim they already do it, or that are about to release something better. It's not true. This works because customers are idiots and don't know the difference. It's helped by the fact that "industry analysts" also are rarely technical enough to know the difference. They usually judge things by who has the best marketing on the issue and what the customers say. They don't have tech experts who put the thing under test. This is not because corporations are evil. For example, back in the day, my product competed against the open-source Snort. The Snort community did exactly the same thing, claiming they had the same innovative features as my product, even though they laughably didn't. That's why "Zero Trust" is just a stupid buzzword. At one point in time there were some innovative vendors doing Zero Trust stuff. But as soon as that term got traction in the industry, suddenly EVERY cybersecurity vendor was a "Zero Trust" vendor, and industry analysts got on board with this. It thus became impossible for average customers to determine which were the true Zero Trust innovations and those that really weren't. People would buy "Zero Trust Firewalls" and deploy them exactly the same way as old firewalls, and then proclaim they had a successful Zero Trust transition. I'm not trying to criticize CrowdStrike here. They had exactly the same problem when they were just starting out and every AV vendor repositioned themselves as being an EDR vendor. But now they are the big company in the space, and now they are doing the same thing. Every small innovator that becomes successful will turn around and do it. The fix isn't to make vendors more honest but for customers to actually pay attention to technical details. If you believe the sales person from CrowdStrike who says "we do the same thing" then you are an idiot who deserves the crap that you buy.

The Twitter/X AI overlords now recommend me more block chain content because of the crowdstrike outage. Are these things this bad?

If I were crowdstrike, I might have as well started monetizing on ads. Such a waste of opportunity to not show customers some ads while protecting them against other adware.

On a positive note, we take a break from the LLM/GenAI madness for a day, at least.

What would happen if one pushes out a buggy firmware that would make a chipset not to boot? Brick billions of computers, sending parts to dumpster 👿