Cancel
CreatorsPublishersAdvertisers
View more in
Software

Researchers contradict AMD claims that SEV keys can't be extracted remotely

By Mayank Sharma
Posted by 
TechRadar
TechRadar
 8 days ago
Cover picture for the article

Security researchers have overruled claims from AMD that recent findings concerning the chip giant's security processes do not pose a real-world threat. The Technische Universität (TU) Berlin's Security in Telecommunications group recently published a research paper that demonstrated a means to defeat AMD's SEV mechanism in a voltage fault injection attack they refer to as a glitching attack.

www.techradar.com

Comments / 0

TechRadar

TechRadar

12K+
Followers
30K+
Post
1M+
Views
ABOUT

A 🌏 team of gadget obsessives here to help you make informed decisions on tech. What to skip, what to buy, and where to buy it.

 http://www.techradar.com
IN THIS ARTICLE
#Sev#Sev#Cpu#Vm#Poc#Antivirus
YOU MAY ALSO LIKE
NewsBreak
Data Security
NewsBreak
Technology
Place
Berlin, DE
NewsBreak
Computers
NewsBreak
AMD
NewsBreak
Software
Related
Softwaretheregister.com

Re-volting: AMD Secure Encrypted Virtualization undone by electrical attack

AMD's Secure Encrypted Virtualization (SEV) scheme is not as secure as its name suggests. Boffins from the Technische Universität Berlin have devised an attack that defeats the primary purpose of this silicon safe room technology: protecting the data in virtual machines from rogue administrators in cloud environments. In a paper...
SoftwareFudzilla

AMD's Secure Encrypted Virtualisation is a little insecure

AMD's Secure Encrypted Virtualisation (SEV) scheme may not be as secure as its claims according to a team of Berlin boffins. The team at Technische Universität Berlin has devised an attack that defeats the system of protecting the data in virtual machines from rogue administrators in cloud environments. In a...
Softwaremarketresearchtelecast.com

AMD processors: cloud virtual machines remain insecure

Several research teams have discovered new attack vectors on the RAM encryption of AMD’s Epyc processors. The company can improve two variants with the help of the extended Secure Nested Paging (SEV-SNP) function and firmware updates that AMD has built into the third generation Epyc 7003, alias Milan, with Zen 3 architecture. A third type of attack also leverages SEV-SNP, provided that one has one-time access to the system.
Softwarebleepingcomputer.com

Windows 365 exposes Microsoft Azure credentials in plaintext

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. Mimikatz is an open-source cybersecurity project created by Benjamin Delpy that allows researchers to test various credential stealing and impersonation vulnerabilities. "It's well...
Softwarephoronix.com

AMD Publishes Latest SEV-SNP Guest + Hypervisor Support For Linux

AMD has published their fifth revision of SEV-SNP support for the KVM hypervisor and guest VM support for this Secure Encrypted Virtualization Secure Nested Paging functionality found with new EPYC 7003 series server processors. SEV-SNP is the latest iteration of Secure Encrypted Virtualization. SEV-SNP provides additional memory integrity protections around...
SoftwarePosted by
GeekyGadgets

Microsoft Windows 365 performance and benchmarks

Last week Microsoft launched their new Windows 365 cloud service providing the Windows operating system and virtual Windows computers you can access from almost any device. Microsoft launched the service with a free trial available but unfortunately due to “unbelievable response” has closed invitations for the near future although you can still register to be included on the waiting list.
Coding & ProgrammingTechRepublic

How to use chaos engineering in Microsoft Azure

Complex systems need to be resilient, and we need to use tools like chaos engineering to ensure that resilience. Learn about Azure Chaos Studio. Cloud-native applications aren't the monoliths of old, fitting neatly into client-server or three-tier categories. They're now a conglomeration of services, mixing your code and platform tools, designed to manage and control errors and to scale around the world.
ComputersItproportal

Bare metal vs dedicated servers: which is the better option?

If, when choosing the best web hosting services that offer dedicated servers, you’re trying to get the best performance out of yours, you have to choose between two options: bare metal vs dedicated servers. Specifically speaking, these are respectively traditional dedicated servers and modern bare metal options. However, what’s the...
ComputersElectronicsWeekly.com

Intel adds to IPUs

Mount Evans is Intel’s first ASIC-based IPU. It was designed in collaboration with a Cloud Service Provider. CSP. It supports existing use cases – including vSwitch offload, firewalls, and virtual routing – while providing headroom for future use cases. Mount Evans is Intel’s first ASIC-based IPU. It was designed in...
Softwaremakeuseof.com

GitHub Copilot: The Coding AI

If you're a programmer, there's a good chance you've become exhausted from writing lengthy programs (or you will!) And you've probably wondered to yourself, "What if I had someone sitting with me to help me create these programs?" Now you have GitHub Copilot, an Artificial Intelligence tool that helps you...
Computerscyberscoop.com

Mozi botnet gets stealthier in infecting Huawei network gateways and other gear

The authors of a prolific internet-of-things botnet called Mozi have developed new capabilities for their malicious software to linger on infected device and avoid detection, Microsoft researchers said Thursday. A botnet is a horde of compromised computers that attackers use to distribute spam or ransomware, or conduct distributed denial of...
Coding & Programmingtowardsdatascience.com

Turn Your Code into a Real Program: Packaging, Running and Distributing Scripts using Docker

With Docker, it is easy to package your code into an image that we can run anywhere, anytime; regardless of your hardware or software. It will run on a laptop, Raspberry Pi, Server, Mac, Linux or Windows. This article will detail the process of packaging your script into a Docker image that can be shared and run. It focuses particularly on how to run the programs that exist in the Docker image.
SoftwareZDNet

Nvidia brings AI to more mainstream servers with Nvidia AI Enterprise in GA

Nvidia on Tuesday announced the general availability of Nvidia AI Enterprise, a software suite that lets companies virtualize AI workloads on mainstream servers running VMware vSphere. As part of the GA release, Nvidia also said that it's partnering with Domino Data Lab to integrate its MLOps platform on top of Nvidia AI Enterprise.
Softwarewindowscentral.com

AMD and researchers spar over shocking attack's real-world dangers

Researchers have exposed a vulnerability with AMD SEV (Secure Encrypted Virtualization). In response, AMD has cast doubt on the real-world implications of the discovery, citing physical logistical hurdles for threat actors. The researchers have responded, disputing the existence of said hurdles. In one of the more tech-savvy, inside-baseball bits of...
Softwaredevops.com

Google Unveils Tool to Better Secure GitHub Repos

Google today launched a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. Kim Lewandowski, a product manager for open source software security at Google, said the Allstar application enables IT teams to assess any project on GitHub to check for security policy adherence. In addition, Allstar sets desired enforcement actions and automatically applies those rules when triggered by a setting or file change in a repository.
Computersprotocol.com

Intel’s new companion chip for cloud providers has Arm inside

Intel turned to an unlikely source for the newest version of its infrastructure processing unit strategy: longtime rival Arm. The new Mount Evans IPU, designed to help cloud providers manage their internal computing needs alongside those of their customers, will come with 16 Arm Neoverse N1 cores. That's the same core that's at the heart of AWS's Graviton2 processor, one of the greatest threats to Intel's decades-long dominance of the data center market.
TechnologyWebProNews

Microsoft’s Azure Government Top Secret Now Available

Microsoft has announced the general availability of its Azure Government Top Secret, in the company’s bid to gain more government contracts. Government contracts are some of the most lucrative contracts for tech companies, including cloud providers. Needless to say, however, combining cloud options with classified and top secret information presents very unique challenges. At one point, Amazon had a clear lead, being the only company to have achieved the Pentagon’s Impact Level 6 certification. Microsoft closed that gap in late 2019, and has been accelerating its efforts to get government cloud contracts ever since.
ComputersPosted by
Tom's Hardware

Disable Windows 11 Bloatware With This New System Tool

The first unofficial optimization tool for Windows 11 is already here. ThisIsWin11 allows you to customize many of Windows 11's settings all from one app. Instead of hunting down each setting yourself through the control panel, settings app or other tools. You can do things such as disable Microsoft Teams, disable PowerThrottling, adjust visual effects for best performance, and change windows to dark mode all from the software.

Comments / 0

Community Policy