We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
--- Support this podcast: https://anchor.fm/hnasr/supportCQRS is probably the cause of the Microservices madness
Can China Block the New Encrypted Client Hello TLS Extension? Let us Discuss
UUIDs are Bad for Performance in MySQL - Does Postgres Win? Let us Discuss
They Freed up 70GB of Unused Indexes Space on Postgres, How did they Do it?
How do I learn new tech as a software engineer
Overview of InterPlanetary File System - IPFS with (Examples with Command line & Brave Browser)
This Certificate Authority is being banned from Google
Is SELECT * Expensive?
This YouTube Backend API Leaks Private Videos - Research rewarded $5000
He found a way to Hijack Private Google Docs Screenshots with a clever hack - Google paid him $4000
Brave is Decentralized - Users can Consume and HOST IPFS Decentralized Web Content through Brave
RIP FTP - Chrome depreciates FTP for good
The 2021 Slack Outage (Detailed analysis)
HAProxy is closer to QUIC and HTTP/3 Support - Let’s discuss HAProxy 2.3
Apache Kafka 2.7 is One Step Closer to Killing ZooKeeper
Is EventStoreDB the First Native gRPC Database?
Demonstrate your Skills as Backend Engineer To Recruiters - Building a Full Backend Portfolio
WhatsApp’s Ultimatum, What can They see and What are They Collecting (In Details)
Have a Node JS Server? Update it Now!
The Slack Outage (Early Report & Speculations)
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast