We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
--- Support this podcast: https://anchor.fm/hnasr/supportMy Thoughts on How Clever the SolarWinds Hack Really Is
Got Bit by A Docker Default on my Postgres Container, Interesting Story, let us discuss!
2021's Exciting Backend Tech - Serverless, QUIC, Microservices, The Backend Engineering Show
My Process of Designing and Architecting Software
How to Overcome Procrastination
2020 Retrospective
The 2020 Google Outage (Detailed Analysis)
Indexing Woes, The Secret to Backend Interviews, What is on my Bookshelf? The Backend Engineering Show
Postgres Instances hacked and used to mine crypto - Let us discuss how is that possible
Did Google run out of disk space? - The Google Outage ( Early report )
Certificates Gone Bad! Certificate Revocation Techniques Explained (CRL, OCSP, OCSP Stapling)
Impostor syndrome and Staying Motivated - The Backend Engineering Show with Hussein Nasser - Q&A
Oblivious DoH (oDOH) Introduces a TLS Terminating Proxy with additional Layer of Encryption
Meet mySQL RAPID - distributed, in-memory, columnar, query processing engine by ORACLE
The Road to QUIC - what’s wrong w/ HTTP/1.1, HTTP/2, HTTP Pipelining, CRIME, HTTP/2 HOL, HPACK - The Backend Engineering Show Live with Hussein Nasser #8
Will AWS Babelfish Succeed Moving Developers Away from SQL Server to Postgres?
We Need a Solution to NPM Trojans - post-install hell
A Detailed Analysis of The Amazon Kinesis Outage on US East-1 Region
AWS US East-1 Region Experienced Outages, What was the Cause? let us discuss!
Basic Caching Techniques Explained - Spatial, Temporal, Distributed, Write-Through, Write-Back, Cache Aside
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast