Azure Confidential Computing: Seguridad real en 2026
¿Tus mensajes en Azure Service Bus realmente están protegidos? Seguridad en Azure con Confidential Computing ya tiene GA: TEEs, CVEs de AKS y arquitectu...
https://donweb.news/seguridad-azure-confidential-computing-service-bus/
The Confidential Computing Summit 2026 schedule is LIVE! This is the essential technical gathering for developers defining the future of secure AI.
Deep-dive into hardware-rooted attestation, scaling Confidential AI on #Kubernetes with TEEs, and building the "Trust Layer" for autonomous agents.
San Francisco | June 23-24. Early Bird ends May 12.
Register Now: https://www.linuxfoundation.org/press/confidential-computing-summit-2026-schedule-showcases-next-era-of-ai-sovereignty
Ubuntu 26.04 Security Shift
Ubuntu 26.04 LTS brings TPM-backed disk encryption, confidential computing, safer defaults, and more. Here is what matters most.
Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
Reproducible builds allow anyone to verify that a binary matches its source code. But what if the build artifact must contain a cryptographic signature? Reproducing the signature requires the private key, which defeats the purpose of reproducibility. In this post, we present a technique based on ECDSA public key recovery that produces signatures which are both secure and fully reproducible, without anyone ever knowing a private key. Build artifacts with signatures - a reproducibility issue Remote attestation is a fundamental part of Confidential Computing. It can be used to prove what software is running in a remote environment. Users of such an attested environment do not need to trust the software vendor, excluding them from the trusted computing base1.
Modern hardware with the latest kernel is advised for operators of the current and maintained #QubesOS version 4.3.
The features of the system are nearly the same as the previous generations. One interesting innovation is the possibility to change
VM Persistent/User modes in Qubes Manager when updating or configuring
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Sysmaint
Compare with #Whonix in Vmware
https://fekir.info/post/immutable-machines-with-virtualbox/
Considier RO in regard to Stateless Relays (a gateway, a browser, a relay server)
Bandwidth-Weighted algorithm (performance vs security trade-off)
"Tor relays build reputation over time: a relay that has been running for months earns bandwidth flags that make it more useful to the network"
@torproject @FreedomofPress
live RAM Relay
http://uy3qxvwzwoeztnellvvhxh7ju7kfvlsauka7avilcjg7domzxptbq7qd.onion/websites/lists.torproject.org/pipermail/tor-talk/2015-July/038493.html
#Gentoo @gentoo @installgentoo
#FreedomOfThePress #FreedomOfThePressFoundation #Press #News #Journalism #ComputationalJournalism #Stateless #Immutable #ConfidentialComputing
#infosec #Qubes #Fedora #Tor #Innovation #Science #CS #IT #Linux
Cool, KVM-based AMD SEV-SNP support was recently added to Cloud Hypervisor! Including support for Google's oak stage0 firmware and IGVM image format.
https://github.com/cloud-hypervisor/cloud-hypervisor/pull/7942
#ConfidentialComputing #virtualization #KVM #CloudHypervisor
Fabricked, a new attack on AMD SEV-SNP presented: software-based attack that manipulates memory routing of inter-component communication within the SoC to trick the secure processor into improperly initializing the RPM table. The root cause is a missing check in the secure processor firmware to enforce the Data Fabric is locked down.
Confidential computing allows cloud tenants to offload sensitive computations and data to remote resources without needing to trust the cloud service provider. Hardware-based trusted execution environments, like AMD SEV-SNP, achieve this by creating Confidential Virtual Machines (CVMs). With Fabricked, we present a novel software-based attack that manipulates memory routing to compromise AMD SEV-SNP. By redirecting memory transactions, a malicious hypervisor can deceive the secure co-processor (PSP) into improperly initializing SEV-SNP. This enables the attacker to perform arbitrary read and write access within the CVM address space, thus breaking SEV-SNP core security guarantees.
RE: https://infosec.exchange/@trailofbits/116363081880526734
Trail of Bits published a really interesting audit report on Meta's confidential computing protection for WhatsApp's AI support. One of the findings is an AML injection attack, which I wrote about in a blog post a few weeks ago: https://katexochen.aro.bz/posts/badaml/
There are many other interesting findings, and a lot to learn from them. I really appreciate that they are sharing the full report.
Sounds like #Tor met amnesiac hardcode.
cf. HEADS (#TPM) and
mmutability (#stateless #ConfidentialComputing)
http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/exploring-stateless-relays/ #TorRelay #Operators
--> https://novacustom.com/forum/d/45-dasharo-corebootheads-for-a-secure-boot-process
--> https://www.ibm.com/think/topics/immutable-infrastructure
Donweb Media
The Linux Foundation
Michael J Burgess
Paul Meyer
The Subliminal Press