Category Archives: Uncategorized

Harry King Wins bachelor Thesis Prize

Recently graduated Harry King just won the (university-wide) best bachelor thesis award for his thesis on “Development Tools &
Techniques for a More Robust Operating System”. For his thesis project he built an operating system kernel from scratch in Ada. The implementation in Ada allowed him to formally verify the OS components.

RIDL Second in CSAW’19 Best applied Research

Two of VUSec’s papers were nominated for the Best Applied Research Award at CSAW’19 in Valence France: ECCploit and RIDL.

When the dust settled, “RIDL: Rogue In-Flight Data Load”, the
paper that was published at Security & Privacy in May and that shows a new class of speculative execution attacks that can leak any “in-flight” data from Intel CPUs won the second place
prize for Best Applied Research at CSAW ’19.

See also: “Much Ado about RIDL“.

Much ado about RIDL

The RIDL saga that started in September 2018 lingers on. A new embargo and a new set of insufficient patches, and it isn’t over yet. Excellent coverage by Kim Zetter in the New York Times.

In addition there were many other outlets covering this:

International:

https://www.wired.com/story/intel-mds-attack-taa/

https://www.theverge.com/2019/11/13/20962667/intel-processor-security-vulnerabilities-researchers-disclosure

https://www.ft.com/content/d60cda42-7699-11e9-be7d-6d846537acab

https://in.pcmag.com/news/133831/intel-struggles-to-fix-hardware-based-flaws-researchers-say

https://www.tomshardware.com/news/intel-reveals-taa-vulnerabilities-in-cascade-lake-chips-and-a-new-jcc-bug

https://www.dailymail.co.uk/sciencetech/article-7681917/Intel-failed-fix-dangerous-chip-flaw-affecting-MILLIONS-Apple-Microsoft-Google-devices.html

https://www.engadget.com/2019/11/13/intel-fixes-cpu-security-flaw-for-real/

https://gizmodo.com/intel-reportedly-warned-of-critical-chip-security-flaws-1839807262

Dutch:

https://www.nu.nl/tech/6010595/onderzoekers-vrije-universiteit-intel-is-niet-eerlijk-over-processorlek.html

https://www.nporadio1.nl/nieuws-en-co/onderwerpen/519738-processorchips-intel-nog-steeds-kwetsbaar

https://nos.nl/artikel/2310247-onderzoekers-intel-neemt-beveiligingslek-niet-serieus.html

https://www.ad.nl/tech/onderzoekers-vu-intel-loog-over-oplossen-lek-in-chips~acb207e0/

https://tweakers.net/nieuws/159826/vu-onderzoekers-intel-heeft-ridl-kwetsbaarheid-nog-niet-volledig-opgelost.html

https://www.computable.nl/artikel/nieuws/cloud-computing/6834006/250449/oproep-vu-zet-hyperthreading-in-intel-processor-uit.html

https://radar.avrotros.nl/nieuws/item/processorchips-van-intel-nog-steeds-kwetsbaar/

https://www.noordhollandsdagblad.nl/cnt/dmf20191113_36194155/vu-studie-intel-chips-nog-steeds-kwetsbaar

https://www.security.nl/posting/631293/VU-onderzoekers+onthullen+%22nieuwe%22+aanval+op+Intel-processors

Tabloids:

https://www.telegraaf.nl/nieuws/348361583/vu-studie-intel-chips-nog-steeds-kwetsbaar