Category Archives: Uncategorized

RIDL featured in the media

After a long embargo period of 9 months we made our paper RIDL: Rogue In-Flight Data Load available to the general public. RIDL introduces a new class of speculative execution attacks that can leak any “in-flight” data available in the CPU.

More information (including some nice demo videos) are available at https://mdsattacks.com. We have also released a tool that you can use to see how vulnerable your computer is to different speculative execution attacks.

VUSec: Election software very vulnerable

We analyzed the election software that is used, and has been used for years, in all Dutch elections. Our conclusion: this software is very vulnerable.

On the 13th of March, Herbert Bos appeared on RTL Nieuws to summarize these findings. He is on briefly after 7 seconds, and then again at 3m17s (also with Sebastian, Marco and Sanjay, who did the heavy lifting for the analysis, together with Andrei).

Surprisingly, Minister Ollongren does not think there is a problem, even though we show vulnerabilities as bad as integer overflows that allow attackers to manipulate overall results even from compromised local polling stations.

The news broadcast, our analysis, and the independent analysis by Sijmen Ruwhof, did lead to questions from the parliament, and some members of parliament explicitly echoed Herbert’s analysis.  The issue was also reported in most newspapers and on Tweakers.