New NetSpectre Attack to be Discovered

NetSpectre method works due to network activity, not the executing the programs
30 July 2018   1547

Security experts from Graz University of Technology have discovered a new way to read the memory of a remote Specter class computer without executing malicious code on it. Unlike previously described attacks of this class, the NetSpectre method works due to network activity, not the executing the programs.

The method is associated with the Specter v1 vulnerability and represents a threat to all affected processors, but has a low data extraction speed. The experiment showed that the extraction speed during the cache attacks on the third-party channels is only 15 bit / h. Using a new third-party channel associated with AVX instructions increases the speed to 60 bph. In Google Cloud, scientists were able to extract data from a virtual machine at a rate of 3 bits / hour.

According to experts, attackers can use NetSpectre also to bypass the technology of Address Space Layout Randomization, which allows you to randomly change the location of important data structures in the address space.

To protect against NetSpectre, it is sufficient to use existing measures against the Specter. Because NetSpectre is a network attack, it can be detected by means of protection from DDoS attacks.

Frontend News Digest 12 - 18.10

Building command line spinners in Node.js, perfect architecure for your next node project and Zero update in this issue Frontend News Digest
18 October 2019   131

Greetings! I hope your week went great! Here's new Frontend news digest.

Another version of a super popular Node.js relaesed, get the info bellow! Also, you will be able learn about Firefox new websocket inspector, WordPress update and watch the video how to built classic layout fast in CSS grid

Guides

  • Build Command-Line Spinners in Node.js

CLI spinners creating will improve your Node.js terminal skills

Articles

  • Improving Form Controls in Microsoft Edge and Chromium 

The Chrome and Edge teams worked together on refreshing form controls in Chromium-based browsers; learn what they have made

  • Firefox’s New WebSocket Inspector

Overview of new Firefox's websocket inspector, which is going to be released in Firefox 71 but availbale only in Firefox Developer Edition at the moment.

  • The Perfect Architecture Flow for Your Next Node Project 

Best practices and architectural tips for your next Node project

  • Coloring Your Terminal Using Nodejs

Article on how coloring libraries like Chalk work under the hood.

Updates

  • WordPress 5.2.4 Release Addresses Several Security Issues

Information about security fixes the news WordPress release

  • Node v12.12.0 (Current)

Another update of the the popular JS RTE with some interesting changes, such as a --force-context-aware flag has been added to prevent addons that aren’t context aware from being loaded, the fs module has added opendir() and fs.Dir as ways to asynchronously iterate through directories and JSON module support has also been made experimental again, due to security concerns in the Web-based implementation of the idea.

  • Zero

A graphics pipeline implemented in JavaScript and rendered to the terminal that can run without GPU required.

Video

Build a Classic Layout FAST in CSS Grid

Podcast

  • Jen Simmons on Browser Features 

Discussion between Jen Simmons, designer advocate at Mozilla and two hosts, Dave Rupert and Chris Coyier. about how new features get shipped to browsers, and how you can get your ideas over to browser makers for consideration.