Yes, this is a RIDL variant called "L1D Eviction Sampling". Bolt the RIDL paper (Addendum 2 B [1]) and the CacheOut paper refer to the CVE-2020-0549: "L1D Eviction Sampling (L1Des) Leakage".
But the CacheOut paper describes how to use it in practice and why the intel fix is not sufficient.
Just a reminder that Comparitech "pays" security researchers for "data breaches" and most likely encourages people to report these things to them without getting servers patched: https://twitter.com/securinti/status/1196850409924681728
No offense, but if you need to "pay" for your researcher, you're probably not that ethical and are most likely behind some intentional offensive hacking, so people can make money off your back.
To be it just sounds like they're offering a bespoke bounty programme.
If you can assume that they are reporting the exploits or breaches through the right channel, it might actually be more convenient for bounty hunters to have 1 place to funnel them all into.
If the Comparitech also make some profit off their reporting of the breaches then you can start to get an idea of where they're getting some funding from.
I am fine with this practice.. It incentivises more grey/white hat eyes on potential breaches. And in my book, thats never a bad thing.
Given how public they are about their methods and approach, I will give them the benefit of the doubt for now..
It's a university email, not Pentagon backend accounts.
It is a stupid law because they're being way too thorough and abrasive when they shouldn't.
How much do you wanna bet the German parliament is not protected in the same way... actually don't answer that... here's an article published today about a stupid vulnerability in the Bundestag's internal chat app: https://zero.bs/osintrecon-vs-pentestschwachstellenscan.html
Depending on the permissions on the accounts they can be pretty powerful. Not just access to eduroam (which all of them have and which is extremely convenient) and full course records including results (also from teacher side!) but also access to many resources such as supercomputer clusters, scientific literature behind paywalls, software licenses (also for expensive things) and many more.
Note that institutions such as ESA, CERN or the local space agencies are also involved in the network. There absolutely are very interesting targets, even if you are a state actor.
YES IT IS BUT STILL WITH 6.9K VIEWS LATER WHOS Bitching the news is out let the people choose and if copy right is a issue for you, you must not be much of a internet savy person after all a small group of people who were upset with the lack of privacy to accounts and constent hacks to facebook we thought we should develop a social network and at least try our run at the go but we do not follow dmca policy's on our website
