PhD student working on system security, side-channel security, and CPU security at @isec_tugraz, TU Graz, Austria.
Hardware equivalent of a Sticky Note 
Probably will talk about #linux, #security, #systems, and #filmphotography. Oh, and also chonk the #plushtodon
Opinions posted here are my own.
| website | https://snee.la |
| film photography | https://fotos.snee.la/ |
Announcing my latest first-author paper, accepted to #DIMVA2026:
❄️ FROST: Fingerprinting Remotely using OPFS-based SSD Timing.
While SSD contention-based side channels have been demonstrated from native code before, we bring them to the browser.
We use the Origin-Private File System (OPFS), which allows any website to use up to 10GB (Firefox), or 60% of total disk space (other browsers), from JavaScript, without any user interaction or special permissions.
We use a file larger than system RAM to measure SSD latencies, bypassing the page cache to guarantee disk access.
From the resulting traces, we can infer website visits (even across browsers!) and application startups.
While we did most of our evaluations on macOS, the underlying mechanisms are platform-agnostic.
This is a feature, not a bug!
Read the paper here: https://hannesweissteiner.com/publications/frost/
Thanks to Tobias Weiser, @wayna, @vmcall, Fabian Rauscher, Jonas Juffinger and @lavados for the collaboration!
A bit late, but here are some spring flowers on film. Shot in Graz, Austria.
📷️: Minolta X-700
🎞️: Dubblefilm Treat 400
All photos are at: https://fotos.snee.la/graz26-spring/
#filmphotography #analogphotography #photography #believeinfilm #spring #flowers #flowerphotography #graz #austria
Congratulations Dr. Fabian Rauscher!
Thank you for the past 6 years in my teaching and then research team.
I am incredibly proud and impressed by your excellent PhD thesis, great papers, and the independence you got! Happy to have discovered not only a highly talented teacher and researcher, but also someone who cares, and a friend. All the best for your next endeavors!
@ all: If you are looking for a team leader who can teach and put up a research vision and direction, this is your man 😉
Alrighty!! These are the final film photos from my trip to San Francisco a few months ago!
Fisherman's Wharf and Chinatown were so vibrant, I couldn't help going through 2 rolls :D
📷: Minolta X-700
🎞️: Fujifilm ISO 400
All the photos are at: https://fotos.snee.la/sanfran_chinatown_fishermanswharf/
#analogphotography #filmphotography #photography #believeinfilm #filmisnotdead #sanfrancisco #california
🎉 Congratulations to Fabian Rauscher! 🎉
He successfully defended his #PhD thesis “Advancing CPU Security through Attack Discovery and Systematization” last week. 🎉
We wish him the best in his future endeavors!
Shout out to this absolute legend who let me take photos of him doing the coolest tricks. More photos of him are on my website. He was so awesome, I *had* to dedicate 13/36 shots just for him.
All the photos are at: https://fotos.snee.la/san_francisco/
📷️: Minolta X-700
🎞️: Fujifilm ISO 400
#filmphotography #analogphotography #photography #believeinfilm #sanfrancisco #california #cycling
I **LOVE** how the photos turned out in San Francisco (open toot to see more photos). The weather was excellent and the photos were so awesome! Unfortunately, some film suffered from heat damage, but not too many.
All the photos are at: https://fotos.snee.la/san_francisco/
📷: Minolta X-700
🎞️: Fujifilm ISO 400
#filmphotography #analogphotography #photography #believeinfilm #filmisnotdead #sanfrancisco #california #cityscape
Davide Ornaghi and Giuseppe Caruso found a very interesting bug in #Linux's in-kernel Samba3 server from 6.12 to 6.19.x. Essentially, from the commit message and #CVE description:
> Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to hijack an orphaned durable handle by predicting or brute-forcing the persistent ID.
Very interesting stuff! The kernel let's users resume their connection to an open file even after WiFi drops (durable handle), and a bug in this code let another authenticated user become this WiFi-dropped user, letting the hijacker access all files.
https://github.com/TurtleARM/CVE-2026-31717-KSMBD-Exploit
CVE-2026-31717
I really liked my reMarkable Paper Pro. It was so nice to send PDF files of papers to it with one click using the browser extension, to review or annotate them.
A few days ago, they decided to remove that feature entirely. No patch notes, no message - just a silent update of the extension. Even the support agents didn't know what was causing the issue at first.
The new extension now converts websites to EPUBs (without pictures) - OR you can pay for a subscription to get their custom format, which includes pictures.
I assume they realized that allowing people to upload websites as PDFs (with pictures!) would hurt their subscription sales.
Also, the new extension cannot send PDF files at all.
There is NO official communication from reMarkable about this, only a number of confused posts online and negative reviews on the Chrome Web Store. All of their communication is about their new device they just released.
So, if you are thinking of buying the new reMarkable device, be aware that they may just remove some of its features in the future to hide them behind a paywall when they need more money.
Preston von Gabbleduck
Hannes Weissteiner
Daniel Gruss
ISEC @ TU Graz