Found 3 bookmarks
Custom sorting
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read
#ETHZ#EN#2024#ZenHammer#Rowhammer#DDR4#AMD#Zen2#Zen3#attack#study
·comsec.ethz.ch·
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
n late November 2022, a few days after ETH Alumni launched their new feature “Who is who” which allows them to look up and connect to other members, I came across a severe access control vulnerability. Without any authorization over the internet, it allowed extracting at least 35418 member profiles, including full name, postal address, nationality, title, graduation field, study start year, gender, profile picture and hashed passwords.
#andreaskuster#EN#2023#ETHZ#Zurich#bugbounty#blog#vulnerability#disclosure#CH
·andreaskuster.ch·
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
n late November 2022, a few days after ETH Alumni launched their new feature “Who is who” which allows them to look up and connect to other members, I came across a severe access control vulnerability. Without any authorization over the internet, it allowed extracting at least 35418 member profiles, including full name, postal address, nationality, title, graduation field, study start year, gender, profile picture and hashed passwords.
#andreaskuster#EN#2023#ETHZ#Zurich#bugbounty#blog#vulnerability#disclosure#CH
·andreaskuster.ch·
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23