RSA Attack Efficiency Improves
by: Carl Jongsma

August 2006 saw the disclosure of a fairly interesting attack against the RSA encryption algorithm (most famously being used in SSL - protecting online transactions). While it didn't target the actual algorithm, which still has not been broken, it is a so-called side channel attack, targeting the peculiarities associated with implementing the algorithm on various computing hardware.

The team behind the initial disclosure have recently submitted a modified approach to the attack, resulting in almost-astronomical improvements in attack efficiency.

In basic terms, the attacks rely upon a phenomenon known as 'Branch Prediction Analysis', where a program / attacker is able to predict what other software is doing as it passes through the CPU of a system.

In the first iteration of the described attack, the method required snooping on what was happening with the CPU for a relatively long period (or number of cycles), and certain software that implemented SSL protection (OpenSSL) quickly introduced patches to protect against this listening attack.

While many hardware manufacturers and Operating System developers have introduced defensive mechanisms to try and prevent this sort of attack taking place, it has been discovered that Pentium-IV (PIV) chips with Hyper-Threading enabled still have two caches that are not adequately protected. The new iteration of the attack, using a technique dubbed 'Simple Branch Prediction Analysis' (SBPA) targets both of these caches and can extract almost the complete secret SSL key in just one cycle. Running as an unprivileged user, this method can also target and extract data from any other software processes running on the system (SSL is an example in this case).

The technical black magic of how a branch predictor attack works can be explained as follows. Although modern CPUs are very quick, they still can't process absolutely every bit of information that they need to without a queue building up. This queue of instructions / data waiting for processing sits in a cache next to the CPU and they are executed in order of priority / time spent in the queue (various tuning settings come into play). By attempting to monopolise the CPU's attention, and filling the cache, the miniscule timing differences between when instructions from the same process are executed can give hints about what other instructions and data are moving through the CPU. Being able to interpret what this data is exactly, is key to branch prediction.

Mitigating the issue is the requirement to be running secure and insecure processes on the same processor at the same time, and for the attacker being able to run their process as a local user. Due the spying process capturing almost 100% CPU continuously while it is running, normal system monitoring software should be alerting administrators to something out of the ordinary running on the system.

What real-world threat exists for this relatively esoteric attack? Shared-server installations. It would be possible for a lesser-privileged account holder on a shared server to run the spying process while other account holders are negotiating SSL connections. A well timed attack will allow them to run their spying process once (and thus minimise the attention drawn to it), and then be able to effectively intercept SSL communications directed at the target.

What Is RSS?
by: Madison Lockwood

RSS is technology - a simple software program - that allows you to access web and blog content automatically. The acronym's most popular translation is "Really Simple Syndication. Once your browser or computer has an RSS reader on board, you can subscribe to any number of RSS "feeds." A feed is simply a way in which a reader may subscribe to website content - most commonly blogs or news sites. A news site, for example, may list their latest headlines or entire articles in their feed every time a new article is published. A blog would publish this feed as a series of recent posts.

Feeds are published by millions of publishers, from small individuals to large organizations like Newsweek. The value of a feed is that it brings the most current site content to you in a format that is easily scanned; further, you are spared the task of visiting each source site each day. This is typically done through the use of what is called an 'aggregator' or 'feed reader'.

Feed readers or RSS readers, are software programs that run on your computer (or PDA or phone); let you easily subscribe to feeds, and allow you to read through them efficiently. Some are relatively simple, showing the headline and summary. The fancier ones often work with (or in) your browser to make viewing the material look much like the source page. Once you have a reader on your computer, subscribing to a feed with is an easy click or drag from your browser. Sites that provide RSS feeds will usually have a button for that purpose.

There are several RSS feed formats as well as one with an entirely different methodology called Atom. Atom has become popular with some bloggers and blogging tools. Some aggregators can read both. The other acronyms you will see in "feedspeak" are XML, which stands for 'extensible markup language' and is the code standard for these simple text feeds. An 'OPML" file is a format for indexing hierarchical feed lists. If you dive into this web habit in a big way, your aggregator or reader may keep your subscription list in an OPML file.

An RSS feed is a great method for staying abreast of issues and topics that interest you. There are a number of feed "libraries," so to speak, from which you can learn what's out there in your areas of interest. Google has a built-in reader that makes the subscription process easy, as does Yahoo. Firefox has a downloadable extension for the purpose of aggregating RSS feeds, as well as a default ability to save RSS feeds as "live bookmarks" that update via the RSS feed. You can download a number of stand alone readers and aggregators; you can find them through a simple web search.

The whole RSS "movement" is a step towards utilizing the Internet more efficiently. The trick is to avoid overloading your email inbox with daily reports that you end up ignoring most of the time. For that purpose, there are sites like Feedster that will search millions of RSS feeds for articles that are relevant to your interests. Like any search tool, however, these services are hit and miss. They are still working off keywords and sometimes what they find is relevant, sometimes not. But if you want daily news broken into categories, it's great technology once you learn how to make it work for you.