The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they’re typed over the network


Cat looking at a laptop

Video It is possible to discern someone’s SSH password as they type it into a terminal over the network by exploiting an interesting side-channel vulnerability in Intel’s networking technology, say infosec gurus.

In short, a well-positioned eavesdropper can connect to a server powered by one of Intel’s vulnerable chipsets, and potentially observe the timing of packets of data – such as keypresses in an interactive terminal session – sent separately by a victim that is connected to the same server.

Read more…