Reply to post: Re: Heartbleed

Oracle's Larry Ellison claims his Sparc M7 chip is hacker-proof – Errr...

Michael Wojcik Silver badge

Re: Heartbleed

There must be something we all missed - apparently the M7 chip does protect against Heartbleed.

see here : ADI Demo

That page isn't working, at least for me, but I doubt it shows that SSM would prevent Heartbleed in every case. There are a huge number of possible permutations. And a huge number of targets for attackers to try, so that 1-in-16 would still have left an unacceptably high hit rate.

Also, it's much easier for something like this to catch something like Heartbleed if the attacker is aggressive and opens the DTLS heartbeat window as wide as possible (i.e., tries to grab all 64KB). A careful attacker might gradually widen it, hoping to get something useful before triggering a trap. That's easy to automate.

Of course, the article says Larry claimed "SSM would have discovered Heartbleed". Discovering is not exactly the same thing as preventing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019