The discovery of the longest pattern ever for DDR5 Rowhammer flips! 😱

Join us for Kaveh Razavi’s talk “Rowhammer bit flips a decade later”:

📅 April 1st, 2026 | 11:00
📍 CCG Seminar room, CCGEG002

Abstract:
The first Rowhammer exploit was published a little more than a decade ago on a DDR3-based system. Since then, we have had two generations of DRAM technology with proprietary mitigations. In this talk, I present our journey in understanding the security guarantees of these mitigations in DDR4 and DDR5 devices through significant platform building efforts, painstaking reverse engineering, and creative system-level techniques. The results are not encouraging; DRAM is as insecure as a decade ago while the cost of independent security analysis is growing beyond what academia can do. I finish with a brief discussion of possible paths forward.

Details 👇
https://www.isec.tugraz.at/event/rowhammer-bit-flips-a-decade-later/

RE: https://fedi.lwn.net/@lwn/116239303710146388

And when you make changes to 20,000 kmalloc calls, you start getting CCed on a LOT of patches since you touched "neighboring code" recently. 😭

Our PhD students, Carina Fiedler, Sudheendra Neela (@vmcall) and Hannes Weissteiner (@hweissi) attended the NDSS Symposium 2026 in San Diego, California, this week to present their papers!

Check them out 👇

Carina Fiedler: Memory Band-Aid: A Principled Rowhammer Defense-in-Depth
https://www.ndss-symposium.org/ndss-paper/memory-band-aid-a-principled-rowhammer-defense-in-depth/

Sudheendra Neela: Eviction Notice: Reviving and Advancing Page Cache Attacks
https://www.ndss-symposium.org/ndss-paper/eviction-notice-reviving-and-advancing-page-cache-attacks/

Hannes Weissteiner: Continuous User Behavior Monitoring using DNS Cache Timing Attacks
https://www.ndss-symposium.org/ndss-paper/continuous-user-behavior-monitoring-using-dns-cache-timing-attacks/

I'm looking forward to presenting my paper, "Continuous User Behavior Monitoring using DNS Cache Timing Attacks" at NDSS next week!
We mount an Evict+Reload-style attack on the local DNS cache, detecting recently accessed domains and evicting to continuously monitor new accesses.

Our attack works from native code, even across virtual machines and containers.
We also run the attack in the browser from a malicious website, using JavaScript or even scriptless HTML+CSS.
Most underlying primitives are OS-agnostic!

Read the paper here: https://hannesweissteiner.com/publications/dmt/

Thanks to Roland Czerny, @silent_bits, @notbobbytables , Johanna Ullrich and @lavados for the amazing collaboration!

We're waving goodbye to Inffeldgasse 16A! 👋

Today marks our final day here, and we've been busy packing up all week to get ready for our big move starting next week! It's hard to believe how much we've grown and evolved during our time here, and we are so grateful for all the moments we've shared inside these walls.

While saying goodbye is a little sad, we're really excited about the adventures waiting for us at our fabulous new place at Sandgasse 38A. We can't wait to see all of you there! 🥳