We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
--- Support this podcast: https://anchor.fm/hnasr/supportPublish-Subscribe Pattern vs Message Queues vs Request Response (Detailed Discussions with Examples)
HTTP Code 502 Bad Gateway Explained (All its Possible Causes on the Backend)
Technical Discussion on VPNs - How VPNs Work, their benefits, and What happens when VPNs are Hacked
Let us discuss the Linux Kernel community and University of Minnesota situation
Auth0 Outage (Early report)
North Korean Hackers Hide Malicious Code within BMP image, Goes Undetected by AntiVirus software
These New WhatsApp Vulnerabilities Can Leak Images, Voice Notes, and Chat by Opening an HTML message
A Look into Modern Leaky Abstractions - Postgres, MySQL, HTTP/2, TCP, ORMs GraphQL, N+1, Axios, git
Here is what caused the Hack to PHP Source Code git Server
If I wasn’t a Backend Engineer, I would pick this as my career - Q&A April 2021
Can NULLs Improve your Database Queries Performance? - The Backend Engineering Show
10 Vulnerabilities to watch for When building secure backend application (OWASP recommendations)
Browser Caching best practices, when to use no-cache vs max-age without breaking your site
Write Amplification Explained in Backend Apps, Database Systems and SSDs
DNS issue impacting multiple Microsoft services on April’s fool day (with Bonus content)
My Python CRUD App hits 2 million rows, Should I Shard my Database?
cURL TLS 1.3 session ticket proxy host mixup Vulnerability
PHP’s Source Code hacked - Two Remote Code execution added to the Git server, let us discuss
What happens when your Web Server Private Key is Leaked?
Researcher bypasses Azure, and Cloudflare Reverse Proxy Security - HTTP/2 Smuggling (h2c)
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast