|=------------------------------------------------------------------------------------------------=|

 ########  ######## ########  ######   #######  ##    ##    ########   #######  ##     ## ######## 
 ##     ## ##       ##       ##    ## ##     ## ###   ##    ##     ## ##     ## ###   ### ##       
 ##     ## ##       ##       ##       ##     ## ####  ##    ##     ## ##     ## #### #### ##       
 ##     ## ######   ######   ##       ##     ## ## ## ##    ########  ##     ## ## ### ## ######   
 ##     ## ##       ##       ##       ##     ## ##  ####    ##   ##   ##     ## ##     ## ##       
 ##     ## ##       ##       ##    ## ##     ## ##   ###    ##    ##  ##     ## ##     ## ##       
 ########  ######## ##        ######   #######  ##    ##    ##     ##  #######  ##     ## ######## 
 
|=------------------------------------------------------------------------------------------------=|

                                 DEF CON group 11396 @ Rome, Italy
                                
                               [Main] [Meetings] [Posts] [Projects] 


|=--------------------------------------=[ December 2021 ]=---------------------------------------=|

by pietroborrello
This is the 18th meeting of the DEF CON group. Date and location: December 10th from 6 p.m. to 7 p.m. on Zoom (link to be posted in the Telegram group). The schedule is: ---[ Practical Remote Timing Attacks On Memory Deduplication and Compression by Martin Schwarzl The amount of memory used in both hard disks and RAMs is steadily increasing. However, there are still a lot of use cases to reduce the memory utilization, for instance, in embedded systems. Memory deduplication reduces the utilization by finding memory with identical content and merging data together. In memory compression, compression algorithms are used to reduce the size of memory by compressing the raw data to a smaller version without losing its information. In this talk, we show that both techniques have side channel effects and can be used to mount powerful side channel attacks. We demonstrate remote timing attacks over fourteen hops in the internet and demonstrate data leakage on PostgreSQL, InnoDB, ZRAM, Memcached and a remote KASLR break.