I'm moving ➡️ Mastodon: * Find me at @oleksii_o@infosec.exchange ( https://t.co/xMiGlqL3zv) * BlueSky bridge at @oleksii-o.infosec.exchange.ap.brid.gy

Oh! 37 new bugs (28 new CVEs) discovered in 5 RISC-V CPUs (e.g., BOOM and CVA6)! #Cascade fuzzes #RISC-V CPUs based on novel basic principles. Try it on your own CPU, it’s open! https://t.co/5JwUKghZ5L (with @K_CeesaySeitz @kavehrazavi)

No More Speculation: Exploiting CPU Side-Channels for Real by @akrasuski1 https://t.co/2Yr2ihQSs4

Great to see the fix applied so quickly... ... although some sort of acknowledgement of the people who discovered the speculative leak (as well as the flaw in the original patch) would have been nice 🙄

The first Linux kernel patch for a speculative leak found by our fuzzer Revizor:

More speculative vulns @USENIXSecurity! Check out @vanema94's talk: he presents the first fuzzer to detect undocumented #Meltdown-type leaks Results: (1) brand-new type of speculation on AMD Zen+; (2) new variant of MDS; (3) formal models for lots of known leaks More in thread👇

Let's use random black-box testing to find some *new* Spectre leakage. "Aren't most random test cases useless?" Well, with 1) efficient pre-filtering 2) principled test case generation large-scale testing campaigns become practical. [Hide&Seek👻, by @oleksii_o ] #SP23

Revizor automatically detects microarchitectural leakage in CPUs, speeding up discovery of vulnerabilities that previously required persistent hacking and painstaking manual labor. This new tool helps the industry protect customers from risk:

Author order on academic papers is important! My Google friends and I spent lots of time thinking about this critical issue (the scores of our ICML submissions show this is time well spent) We distill our findings for the community here: https://t.co/W4kLLhYn1m Comments welcome!

In this issue: A new tool helps find speculative leaks in commercial CPUs; Data Science Summer School; and a conversation on how AI can improve carbon sequestration:

@socialboris This paper is related to the previous announcement: "Revizor" was the original paper presenting the methodology of contract-based testing, whereas "Hide&Seek" shows a set of techniques to make the testing much faster, and which enabled us to find new speculative leaks in x86 CPUs

More announcements! Our paper on testing for speculative leaks in black-box CPUs was selected for IEEE Micro Top Picks! Joint work with @socialboris, Mark Silberstein, and Christof Fetzer.

@IEEESSP cc/ @socialboris @MarcoGuarnier1

👻 is back! Excited to announce "Hide and Seek with Spectres", our paper accepted to @IEEESSP'23. We present a tool for fast discovery of spec. vulnerabilities in x86 CPUs, and two new speculative leaks we found. 📑arXiv: https://t.co/PftIBZXhrI 🔬tool: https://t.co/74zmUR6yrS

Before you donate…

Even more ways to help:

Are you're reading the 🇺🇦 war news and thinking: "I wish I could do something about it"? You can! * Support the resistance financially: https://t.co/ruxvNxOdAV * Join a local protest to push your government to support Ukraine Every contribution matters!

#StopRussianAggression #StandWithUkraine #StopRussia EN: Russia launched a missile strike on Vasilkov, Kyiv region. The oil depot in the city is on fire right now:

Dear friends demand No-Fly Zone over Ukraine. This practice was used earlier in Libya in 2011 when NATO suspended all flights over the country’s territory. This crucial military action should be introduced to protect Ukraine from Russian jets, drones, and missiles.

I used to live there, my beloved family still there 💔😔#StopRussianAggression #StopRussiaNow #UkraineCrisis