So, I recently saw some quiet discussion about a paper where researchers reverse-engineered and disclosed some attacks against PhotoDNA, the very-super-duper-secret algorithm used by tech megacorps to scan for illegal images.

They didn't make any code public, and so... I did: https://github.com/ArcaneNibble/open-alleged-photodna

A _complete_ reverse-engineering and commented Python reimplementation of the algorithm from publicly-leaked binaries.

This means that studying the algorithm and any potential flaws is now much more accessible.

This took only about two days (once I knew that there even _was_ a leaked binary to compare against), which just goes to again show that security through obscurity never works.

🔁 encouraged

Our PhD students, Carina Fiedler, Sudheendra Neela (@vmcall) and Hannes Weissteiner (@hweissi) attended the NDSS Symposium 2026 in San Diego, California, this week to present their papers!

Check them out 👇

Carina Fiedler: Memory Band-Aid: A Principled Rowhammer Defense-in-Depth
https://www.ndss-symposium.org/ndss-paper/memory-band-aid-a-principled-rowhammer-defense-in-depth/

Sudheendra Neela: Eviction Notice: Reviving and Advancing Page Cache Attacks
https://www.ndss-symposium.org/ndss-paper/eviction-notice-reviving-and-advancing-page-cache-attacks/

Hannes Weissteiner: Continuous User Behavior Monitoring using DNS Cache Timing Attacks
https://www.ndss-symposium.org/ndss-paper/continuous-user-behavior-monitoring-using-dns-cache-timing-attacks/

Interesting paper upcoming in NDSS'26: "Continuous User Behavior Monitoring using DNS Cache Timing Attacks", by @hweissi, Roland Czerny, Simone Franza, @notbobbytables, Johanna Ullrich and @lavados

https://tugraz.elsevierpure.com/ws/portalfiles/portal/102463797/dmt.pdf

If I understand correctly, the privacy implications discussed here might actually be worse depending on the country, and mitigations by vendors should take a higher priority. What comes to my mind is that monitoring accessed domains and timings through DNS cache even despite security countermeasures like VPNs is a very desirable attack vector by state-level attackers (i.e., in authoritarian surveillance states) where the consequences of such a breach of privacy go beyond mere advertisements or extortion and can include direct threats to the user's freedom and/or safety (e.g. if they access an "undesirable" website blocked by the censor). In existing realities, if a state-level attacker wants to find out if a security- and privacy-conscious (e.g. VPN or TOR-using) user X accessed a blocked website Y, they usually resort to setting up honeypots, hoping that a user accesses the honeypot version of a website and exposes themselves through entering personal information or broader fingerprinting. This DNS cache timing attack however removes the need for that, since the state attacker can simply use a website they control (which can be any popular government website widely used by the citizens) to perform a Javascript-based or a scriptless version of the attack to collect data on which users access "undesirable" websites, which can be further used for social profiling and persecution. I wonder if we'll see real-world usages of such an attack (I hope not).

Hi everyone! I'm excited to announce that my first first-author paper has been accepted at NDSS 2026 🥳, to be held at San Diego, California, USA. If you're attending #NDSS2026 this year and are working on systems security, let me know - it'd be awesome to meet up!

Eviction Notice: Reviving and Advancing Page Cache Attacks

@vmcall, Jonas Juffinger, Lukas Maar, @lavados

all of us from @isec_tugraz, at TU Graz, Austria.

In the paper, we revive practical attacks on the Linux page cache and also provide a systematic classification & understanding of primitives which interact with page cache. This understanding helps us advance page cache attacks, including speeding up previously known mechanisms by six orders of magnitude.

I have a small technical write up on my website if you're interested to check it out: https://snee.la/posts/eviction-notice/

Paper available here: https://snee.la/pdf/pubs/eviction-notice.pdf

Our artifacts have been evaluated to be available, functional, and reproducible, so feel free to try the code out on your Linux box: https://github.com/isec-tugraz/Eviction-Notice

Join us tomorrow for the InfoSec + SSD Christmas special, featuring real-world exploits, live hacking of various targets, information leaks, file formats, and a review of the year in security. This event tends to be somewhere between Lecture, Magic Show, Comedy, and Mr. Robot.

📅 December 17th, 2025 | 17:30
📍 Lecture Hall HS i13, Inffeldgasse 16b

To enhance your experience, we're happy to announce that coincidentally a Mulled Wine Stand is happening right in front of HS i13 at the same time, so see you there!