Trailrunner7 (1100399) writes "Remote timing attacks have been a problem for cryptosystems for more than 20 years. A new paper shows that such attacks are still practical and can be used to steal the private key of a TLS server running OpenSSL. The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL's implementation of the elliptic curve digital signature algorithm (ECDSA), and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server.
In an interview, Brumley says that the attack is just a symptom of other problems. "Perhaps the scariest part is that the piece of code introducing the vulnerability has been in the library since roughly 2005. This shows that identifying timing attack vulnerabilities is a daunting task. This isn't the first timing attack vulnerability discovered in OpenSSL, and I can guarantee it won't be the last.""
Link to Original Source