ROWHAMMER Being Used To Read From Vulnerable RAM

The ROWHAMMER vulnerability in DRAM which allows running processes to fuck with memory allocated to other processes is being developed into reliable side channel leaks reading from memory (archived). The importance of computing hygiene continues to be supported by the unforgiving march of time.

The full text of the academic paper is presented below: Continue reading

50,000 Microsoft SQL Servers Captured And Sent To Altcoin Mines

More than 50,000 machines running Microsoft SQL server have been captured through a piece of malware calling itself Nanshou (archived). The captured machines have pressed into service of their new masters and made to slave away in the altcoin mines. Microsoft SQL server software listening on a port open to the attacker provides all the opening Nanshou needs to capture root on affected boxes.

New Microsoft Chromium Based Browser To Include Legacy IE Attack Surface

Microsoft has announced that while making their newest browser from Google's Chromium code, they will also be including a legacy "Internet Explorer Mode" for "businesses" and South Korea (archived). Apparently Microsoft's accumulated technical debt is so great that in brushing away the mess of its past, it needs to bundle the mess it was trying to escape with the perceived solution.

Bezos Deals: 35 Billion USD In Amazon Stock To Wife For Splitting

Jeff Bezos and his beleaguered ex-wife MacKenzie have reached a divorce agreement which will make Jeff's ex the "World's 4th Richest Woman" holding a 4% stake in Amazon valued at ~35 billion USD (archived). MacKenzie declined to take stakes in Jeff's rocket startup Blue Origin or Jeff's troubled Washington Post gossip network. MacKenzie is ceding her stock's voting rights to Jeff for 25 years. The dissolution of the Bezos household comes after Bezos indiscretely dipped into a nearly 50 year old matron behind MacKenzie's back.

Bezos has taken to blaming the House of Saud for hacking his phone and leaking his sexts in recent days (archived).

Remote Code Execution Vulnerability Hits Automattic's .Org WordPress Fork

A remote code execution vulnerability for the .Org WordPress fork has been reported (archived). At the core of this issue is Auttomattic's refusal to have their software do any sort of checking when comments are involved, a flaw which has left the bulk of WordPress blogs open to being used as DDoS participants. Because why would they fix structural problems? Why fix the grave structural problems making the software a public nuissance, when they can wait and patch particular problems only as they are exploited?

Constant Time Miller-Rabin Test Added To Finite Field Arithmetic

Stanislav Datskovskiy (WOT: asciilifeform) has published code that adds a constant time implementation of the Miller-Rabin primality test to his Finite Field Arithmetic library as chapter 16A. He will publish a proof his algorithm implements Miller-Rabin and a discussion of the statistics informing proper use of the Miller-Rabin in the field as chapter 16B.

In his genesis of the FFA library Datskovskiy laid out his mission of creating a auditable bignum library whose entire operation is accessible to literate readers while avoiding optimization traps that add complexity or deviate from constant time operation opening up side channels that leak information intended to be kept secret. In the case of Werner Koch's MPI versus FFA, Datskovskiy's constant time implementation actually outperforms the optimized, variable time, legacy Koch library in in modular exponentiation.

At present FFA consists of 4013 non-empty lines of code in the libffa library of which 1835 are comments and 1047 non-empty lines of code in the accompanying ffacalc interface to the library of which 390 are comments.

Stanislav Datskovskiy Publishes Fully Constant Time Code For Barrett's Modular Reduction As Part Of FFA Library

As part of his Finite Field Arithmetic Library, Stanislav Datskovskiy1 (WOT: asciilifeform) has published code to perform Barrett's Modular Reduction in constant time. Speed of the code is favorable compared to Werner Koch's MPI library utilized in GPG. It appears that leaky optimizations of the sort that seem like they should make Koch's non-constant time implementation faster end up chewing quite a few clock cycles to accomplish an effect quite contrary to actual optimization.


  1. Involved as a principal in the Republican ventures No Such lAbs and Pizarro ISP.