Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS

Over the summer, Kenny Paterson and me spent some time looking at Amazon’s (Amazon Web Services – Labs to be precise) implementation of TLS. This implementation — called s2n — was released in June with the intent of providing a clean, easy to read, small implementation of a core subset of the TLS protocol.

Continue reading “Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS”

Friday Afternoon Fun

It is Friday and all teaching is done for the week. Also, it has been about 10 days since the FREAK attack was made public. Hence, the most natural idea is to scan the Internet for hosts that are still vulnerable and mining their Ps and Qs. After all, the tools for the job are readily available. Here’s what we found.