You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
side-channel
About this tag
Side-channel attacks exploit unintended information leakage from computer systems, such as timing, cache usage, or power consumption, to extract sensitive data. On WindowsForum.com, discussions cover a range of side-channel vulnerabilities including speculative execution flaws like Meltdown, Spectre, and Foreshadow (L1TF) affecting Intel CPUs, as well as cryptographic implementation weaknesses in Mbed TLS (CVE-2019-18222, CVE-2020-10941) that leak private keys via cache or blinding issues. More recent topics include Whisper Leak, a side-channel in encrypted LLM streams that reveals topic clues through packet sizes and timings. Mitigations for browser-based side-channel attacks in Microsoft Edge and Internet Explorer are also addressed. These threads provide technical analysis, patch guidance, and security best practices for developers and IT professionals.
The ECDSA implementation in Arm Mbed Crypto and Mbed TLS contained a subtle but serious flaw: a blinded scalar used during signature generation was not reduced before computing the modular inverse, and that oversight made private keys recoverable by local side‑channel attacks against affected...
Arm’s Mbed TLS contained a subtle but consequential side‑channel flaw — tracked as CVE‑2020‑10941 — that allowed a privileged observer to recover RSA private key material by measuring cache usage during an import operation, and the case raises lasting lessons for developers, embedded vendors...
Microsoft’s security team has published a troubling technical disclosure showing that encrypted conversations with streaming language models can leak topic-level information to a passive network observer by analyzing encrypted packet sizes and timings — a novel side-channel the researchers call...
Intel has revealed another major security vulnerability in its CPUs, similar to the Meltdown/Spectre vulnerabilities revealed earlier this year.
It is understood that at this time there are no current exploits and further information can be found on the released Link Removed .
AMD chips are...
Original release date: May 21, 2018
Systems Affected
CPU hardware implementations
Overview
On May 21, 2018, new variants—known as 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were Link Removed. These variants can allow an attacker to obtain access to...
Today, Google Project Zero published details of a class of vulnerabilities which can be exploited by speculative execution side-channel attacks. These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process...
attack prevention
browser security
cpu cache
fall creators
internet explorer
javascript
john hazen
kb4056890
memory access
microsoft edge
mitigation
performance
project zero
security updates
sharedarraybuffer
side-channel
speculative execution
update
vulnerability
windows 10