Source: Hacker News
Article note: Interesting. Also weird that it went unreported for so long.
I can't quite tell what the exploit is from the provided context. Was it algorithm substitution with a backdoored version that will interoperate with the real one? Was it a bad RNG (see: Dual_EC_DRBG)?
As someone in the HN pointed out, one of the big markets for this stuff is HSMs (Hardware Security Modules: think co-processors that do the "security stuff" for a larger system) in hosted environments like clouds. Last I looked Cavium->Marvell's CloudHSM product was pretty big in the "It's totally secure to do your work on our computer" market.
Comments 