New NetSpectre Attack to be Discovered

NetSpectre method works due to network activity, not the executing the programs
30 July 2018   1083

Security experts from Graz University of Technology have discovered a new way to read the memory of a remote Specter class computer without executing malicious code on it. Unlike previously described attacks of this class, the NetSpectre method works due to network activity, not the executing the programs.

The method is associated with the Specter v1 vulnerability and represents a threat to all affected processors, but has a low data extraction speed. The experiment showed that the extraction speed during the cache attacks on the third-party channels is only 15 bit / h. Using a new third-party channel associated with AVX instructions increases the speed to 60 bph. In Google Cloud, scientists were able to extract data from a virtual machine at a rate of 3 bits / hour.

According to experts, attackers can use NetSpectre also to bypass the technology of Address Space Layout Randomization, which allows you to randomly change the location of important data structures in the address space.

To protect against NetSpectre, it is sufficient to use existing measures against the Specter. Because NetSpectre is a network attack, it can be detected by means of protection from DDoS attacks.

Node.js v12.0.0 to be Rolled Out

It has giant list of updates, improvements and changes
24 April 2019   548

The release of Node.js 12.0.0, a platform for executing network applications in JavaScript, is available. Node.js 12.0 refers to branches with a long period of support, but this status will be assigned only in October, after stabilization. Updates for LTS branches are issued for 3 years. Support for the last LTS branch of Node.js 10.0 will last until April 2021, and the year before last LTS-branch 8.0 until January 2020. Support for the intermediate branch Node.js 11.0 will be discontinued in June 2019. The lifetime of the LTS branch 6.0 will end on April 30.

These are some of the large list of updates and new staff:

  • V8 engine was updated to version 7.4 with support for asynchronous stack traces, increasing await performance, parsing JavaScript and calls when the actual and declared number of arguments does not match;
  • TLS 1.3 is now¬†supported in the tls module and TLS 1.0 / 1.1 is shutdown by default;
  • Enhancing protection and checks on the size of allocated memory in the Buffer class;

Get more info at official website.