| ||
There are several things to watch out for:
A process sending output to users that comes from the OS or the run-time environment
Operations on secret data that dont complete in a fixed amount of time, where the time is dependent on the makeup of the secret data
Accidental use of sensitive information
Unprotected or weakly protected sensitive or privileged data
Sensitive data sent from a process to potentially low-privileged users
Unprotected and sensitive data sent over insecure channels