The password reset MitM attack

The password reset MitM attack Gelernter et al., IEEE Security and Privacy 2017 The Password Reset Man-in-the-Middle (PRMitM) attack is really very simple, but that doesn't mean it's not dangerous. It involves persuading the user to sign-up for an account for some service under the attacker's control (maybe there's an enticing free download for example), ... Continue Reading

SGXBounds: memory safety for shielded execution

SGXBounds: memory safety for shielded execution Kuvaiskii et al., EuroSys'17 We've previously looked at a number of Intel SGX-related papers in The Morning Paper, including SCONE, which today's paper builds on. SGX comes with a memory encryption engine and seeks to protect trusted applications from an untrusted operating system, providing confidentiality and integrity guarantees. SGX, ... Continue Reading