Friday, September 02, 2016

[Links of the Day] 02/09/2016 : Row Hammer in the cloud , Usenix Security conf and Agile IT Book

  • USENIX Security '16 : usenix security conference proceedings are out, there is two notable paper in there: 
    • Off-Path TCP Exploits: Global Rate Limit Considered Dangerous : it seems that there is a flaw in current TCP sepcificatin and implementation that  allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. This could allow large scale denial of service or worse . 
    • One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation : this one sound scarier than the precedent paper. However the inherent limitation of the approach reduce the potential scope of attack. It basically leverage Row Hammer procedure to attack neighbor VM within a cloud system. However, the caveat is that it requires that the cloud provider allow to run paravirtualised guest, can only target PV guest. And is easily defeated if the RAM used is non ECC. Which is the default RAM used in any decent data-center. 
  • Agile IT Management: From Startup to Enterprise really good book providing a well documented set of observations on IT’s current challenges that can orient you for more effective decisions and actions in your journey toward IT excellence. But beware of buying too much of the hype of one solution fits all. Agile is just one part of the solution, old waterfall still has its place as well as intermediary one. The makes the difference between wisdom and knowledge.