Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Friday, November 06, 2015

James Bond style hack attacks pose no threat in the real world

A couple of years ago I was fortunate enough to be shortlisted in the Best Investigative Feature category at the BT Information Security Awards for a piece published over at Cloud Pro. Under the rather apt title of "Cryptography attack: side-channel cloud threat is all nerd and no knickers", the article was a rather complete dismissal of yet another side-channel attack scenario that had emerged from the labs of some security researchers. The research itself was hugely interesting to a security nerd such as myself, but totally unrealistic as an attack vector outside of the carefully controlled conditions of the lab and into the real world of enterprise data storage. As someone who has been researching, and writing about, side-channel attacks for the best part of a decade now, none of this came as any real surprise. While these attack vectors remain in the theoretical domain of the uber nerd, they are not of any great threat to the rest of us. Sure, there have been plenty of practical demonstrations of how sounds waves or processor timing information can be used to attack crypto systems, but they all rely upon a raft of 'as long as' and 'assuming that' conditions which tend not to exist in actual use-case scenarios.
Newer Post Older Post Home

Blog Archive




Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.



Simple theme. Powered by Blogger.