This is pretty bad but it needs local access to a server/workstation as well as pretty sophisticated knowledge/tools to exploit. Even then there's no guarantee of getting any relevant information out of it. Anything with frequent enough logins/hashes going through the local system is probably a server someplace, and if its important you should have it physically locked away and access controlled.
Exploit is usable via JavaScript. Does not require local access.
Is there any evidence that the exploit works in a browser? A few comments on the article suggested that the Javascript engines in browsers protect against timing attacks like these.
This is pretty bad but it needs local access to a server/workstation as well as pretty sophisticated knowledge/tools to exploit. Even then there's no guarantee of getting any relevant information out of it. Anything with frequent enough logins/hashes going through the local system is probably a server someplace, and if its important you should have it physically locked away and access controlled.
Exploit is usable via JavaScript. Does not require local access.
Is there any evidence that the exploit works in a browser? A few comments on the article suggested that the Javascript engines in browsers protect against timing attacks like these.
I was hoping there would be a reply to this :(