It seems to be a new trend to have security research conducted and an announcement made that “we can’t tell you” what is going to happen but if you come to our talk you will see everything. Well, its happening again.
And, word is it will be big:
First things first; the reason for secrecy. Their research combined a known weakness in one area with a massive resource investment in another to show that a third party was vulnerable to a practical attack that affects the security of all Internet users. Security researchers often release code and technical documentation to demonstrate a flaw, but in this case, they went a step further and used the attack in the real world to obtain proof that it works. This process required interaction with a third party that will likely do whatever they can to save face once the details become public.
…
Their research required massive computational resources that had to be utilized within a specific window of time. Although computing costs have dropped significantly over the last few years, the researchers estimated that commercially available computation resources such as Amazon EC2 put the technique within the grasp of a profitable criminal organization, large botnet operator and certainly state sponsors. The attack only has to be performed once in order to reap rewards for a long time afterward (months, if not years). This one-time investment model could pay for itself many times over if it was used to provide services to criminal organizations. Finally, they actually did it. This isn’t a pie-in-the-sky talk about what may happen or what someone might be able to do, this is a demonstration of what they actually did with the results to prove it.
The presentation is scheduled to be shown tomorrow morning. Might be worth a watch to see what is going on. I expect this model of hype will be around for a while, so get used to it. It serves a purpose (secrets exist for a reason), and it gets a lot of attention.
Here is hoping we get a good show out of this.