Tag Archives: recovery

OpenSSL 的 DSA 被 Side-channel attack 打爆

在「Make Sure DSA Signing Exponentiations Really are Constant-Time」這篇文章裡面,直接透過 end-to-end 的 timing attack 打爆 (也就是透過 internet 觀察攻擊),而不需要在同一台機器上對 cache 之類的區域攻擊: A unique feature of our work is that we target common cryptographic protocols. Previous works that demonstrate cache-timing key-recovery attack only target … Continue reading

Posted in Computer, Murmuring, Network, Security, Software | Tagged , , , , , , , , , , , , , | Leave a comment

Amazon 之前放出的 s2n 的安全性問題

Amazon 之前放 s2n 出來當作 TLS protocol 的方案,於是就有人摸出東西來:「Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS」。 即使是經過外部資安檢證,仍然還是有找到問題。這次找到的問題是 timing attack 類在 CBC-mode 下的 plaintext recovery: At the time of its release, Amazon announced that s2n had undergone three external security … Continue reading

Posted in Computer, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , | 1 Comment

EC2 instance Auto Recovery 功能全區開放

在 Twitter 上看到公告:「Announcement: EC2 instance Auto Recovery now available in 8 more AWS Regions」。 也就是 C3、C4、M3、R3、T2 這五種 instance 都可以開 Auto Recovery,而且必須在 VPC 內的 EBS-only instance。 在某種程度上的 High Availability 機制可以直接用這個功能解決掉。

Posted in AWS, Cloud, Computer, Murmuring, Network | Tagged , , , , , , , , , , , , , , , | Leave a comment

Amazon EC2 的 Auto Recovery

2015/01/12 先前在「Amazon EC2 Auto Recovery now available in the US East (N. Virginia) Region」這邊發表了,不過剛剛在「New – Auto Recovery for Amazon EC2」這邊看到消息。 重點在於偵測到問題時會重開機,並且保持原來的 instance id、IP address、Elastic IP address、EBS 以及其他外部設定: The instance will be rebooted (on new hardware if necessary) but will retain … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network | Tagged , , , , | Leave a comment