New NetSpectre Attack to be Discovered

NetSpectre method works due to network activity, not the executing the programs
30 July 2018   466

Security experts from Graz University of Technology have discovered a new way to read the memory of a remote Specter class computer without executing malicious code on it. Unlike previously described attacks of this class, the NetSpectre method works due to network activity, not the executing the programs.

The method is associated with the Specter v1 vulnerability and represents a threat to all affected processors, but has a low data extraction speed. The experiment showed that the extraction speed during the cache attacks on the third-party channels is only 15 bit / h. Using a new third-party channel associated with AVX instructions increases the speed to 60 bph. In Google Cloud, scientists were able to extract data from a virtual machine at a rate of 3 bits / hour.

According to experts, attackers can use NetSpectre also to bypass the technology of Address Space Layout Randomization, which allows you to randomly change the location of important data structures in the address space.

To protect against NetSpectre, it is sufficient to use existing measures against the Specter. Because NetSpectre is a network attack, it can be detected by means of protection from DDoS attacks.

Ring UI 1.0 Library Released

Learn about new features and improvements of Jet Brains' open source library
28 September 2018   758

JetBrains told about the release of the Ring UI 1.0 library. Updates have affected the support of Babel 7, the finalization of the visual language, customizable CSS properties, and the library home page has moved.

In addition, in the new version, the developers did:

  • most components moved to CSS;
  • "pop-up messages", "tabs" and "buttons-switches" components;
  • the ability to configure the list of browsers in which the application will work, thanks to the support of Babel 7.

Colors from the Ring UI can be used for the harmonious design of their application. To do this, you need to configure PostCSS as follows:

plugins: [
  ...
  require('postcss-custom-properties')({
    preserve: true,
    variables: require('@jetbrains/ring-ui/extract-css-vars')
  })
]

Changes in the visual language look like this:

Ring UI
Ring UI

At the end of July 2018, the company reported that its products would not support legacy license servers. Changes were made to the development environments of versions 2018.2.1 and .NET 2018.3 tools.