Cryptology Attacks: What’s New
A new attack on RSA called Simple Branch Prediction Analysis promises to reveal “almost all of the secret key bits” by executing a parallel spy process that only needs to watch a single execution of the RSA private key. Some more technical details show it to be a sophisticated, dangerous attack:
Namely, in the context of simple side-channel attacks, it is widely believed that equally balancing the operations after branches is a secure countermeasure against such simple attacks. Unfortunately, this is not true, as even such “balanced branch” implementations can be completely broken by our SBPA attacks. Moreover, despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualization, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor.
If that weren’t bad enough, a rootkit now can be persisted in your PCI device. A paper called Implementing and Detecting a PCI Rootkit details how PCI cards execute bios code which can be flashed from the windows software if the user is running as an administrator. Combined with a remote exploit, this could lead to a remote rootkit injection. Also, given that PCI BIOS software is not verified in any way, the rootkit would difficult to detect.
Farecast: Know When to Buy
For the cheapest airline fares and hot travel deals, try Farecast, now in private beta.
Imagine, for a moment, that you wanted to travel at the end of July from Seattle to PHX for a weeklong conference. You’d zip over to Farecast, and it would be able to tell you which airline were at their optimal prices at the time, and whether or not the price was likely to significantly change over the next few days. Here’s an example:
As you can see, it issues a recomendation for you to buy, followed by the degree of accuracy of the prediction, and a very pretty looking chart. How do they do it? On their technology page, they say:
We use data-mining algorithms to search for patterns, in the accumulated airfare data, which are associated with significant price changes. These patterns are represented and stored in models, and the models are then rigorously trained. Once created and trained, we use these models to predict the future. Then, new, current airfares can be scored by the model to answer the question, “Is the price going up or down in the future?”
In other words, they probably are training neural networks per route to learn seasonal patterns to pricing data, and then to keep them accurate, using feedback between their simulated passengers and what the next day actually becomes. Very cool, in my opinion. The only thing stopping me from using Farecast for buying airplane tickets now is that it only covers routes from Seattle, WA or Boston, MA. Since I live in neither location, it’s just a pretty toy.
Cornell’s Internet = Super Fast
I tried the Speakeasy bandwidth test utility and got some amazing results:
This is on a 1.2MB/s LAN connection over 54Mb/s wifi, which either makes the Cornell internet connection prescient (it can guess bits?) or Speakeasy’s tool completely wrong.
Update
Don’t post when you’re sleepy! 5600kbs = .7 MB/s, so this is within the range of what should be happening. We were getting weird results that morning in the 300kbs range, as well, which make me think it was on some kind of different scale, as that would have been really really slow…