That's true if you host wordpress or joomla or something that is widely used that would have timing attack, because then someone will automate it for sure.
If you have your custom web app I don't think anyone will bother unless you are bank or something.
It works quite well in practice though. I wonder if you could make an ergonomic library for it.
Just add a macro to a function and it'll keep track of how long past executions took to execute and add artificial delays to ensure all subsequent executions are at least that long. If they're longer, extend the minimum time by 2x.
Perhaps apply an AIMD algorithm to it? Though there's still room for exploitation there, it'd just take a lot longer to find. Just letting the programmer specify the minimum time might be better in practice.
Unless I misread they don't state exactly how the attack escalates privileges to install the driver. Could there be two versions of the attack with varying levels of severity?
You know what, until your comment I haven't even considered that someone just copy pasted the entire transcript into ChatGPT and asked for a summary. It sucks - and I see that happening everywhere actually, especially in facebook groups, people are trying to be "helpful" by just copying output from ChatGPT or Gemini, but more often than not it's just completely wrong.
I can’t say for sure but the thing I thought was suspicious was someone saying “The episode provides an in-depth look at the challenges Panic faced during this ordeal and the measures taken to resolve the situation”. People who actually read the content and offer TL;DRs typically wouldn’t include statements like these that are basically just fluff.
Yeah - I don't have an hour to listen to the podcast or read the transcript. I got an AI to summarise the article and it saved me the time, I thought someone else might appreciate the summary (and it appears they did).
Perhaps next time I'll add TL;got-an-llm-to-do-it or something
“I don’t have time to know what really happened so I had something hallucinate a series of events that didn’t happen and that was good actually” is such a fascinating take
reply