Zenbleed
If you remove the first word from the string "hello world", what should the result be? This is the story of how we discovered that the answer could be your root password!
Hasnain says:
Great writeup, quite accessible to someone who’s not an architecture expert. My mind was blown when it came out this was detected via fuzzing.
“It turns out that mispredicting on purpose is difficult to optimize! It took a bit of work, but I found a variant that can leak about 30 kb per core, per second.
This is fast enough to monitor encryption keys and passwords as users login!”
Posted on 2023-07-25T06:58:19+0000