Freedom vs. Security in Computer Systems
Is it time to consider designing and operating computer systems with an “off-by-default” attitude to proactively defend against such attacks?
Archive of posts tagged: Security
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART IV)
What should vendors do when they discover that a hardware 0-day has been used to exploit systems built on their product? Some vulnerabilities may permit vendors to patch the vulnerability using microcode updates. For instance, a mitigation for the row hammer DRAM...
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART III)
What should academics do if they come across a hardware 0-day attack? Obviously, disseminate. But before the vulnerability is made public, it is important to responsibly disclose the vulnerability to the vendor to give them a chance to fix it. If the vendor determines...
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)
What should governments do when they discover a hardware 0-day? In the US, as a matter of policy, any vulnerability that is deemed to affect critical infrastructure is disclosed to the vendors by the government [VEP]. The government can hide vulnerabilities (and...
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART I)
[Editor’s Note: This post is the first in a series of micro-blogs over four consecutive days.] 0-day security exploits are attacks that use vulnerabilities that are unknown to a vendor. They are referred to as 0-days because the vendor knows about them for zero...Subscribe
