New NetSpectre Attack to be Discovered

NetSpectre method works due to network activity, not the executing the programs
30 July 2018   1895

Security experts from Graz University of Technology have discovered a new way to read the memory of a remote Specter class computer without executing malicious code on it. Unlike previously described attacks of this class, the NetSpectre method works due to network activity, not the executing the programs.

The method is associated with the Specter v1 vulnerability and represents a threat to all affected processors, but has a low data extraction speed. The experiment showed that the extraction speed during the cache attacks on the third-party channels is only 15 bit / h. Using a new third-party channel associated with AVX instructions increases the speed to 60 bph. In Google Cloud, scientists were able to extract data from a virtual machine at a rate of 3 bits / hour.

According to experts, attackers can use NetSpectre also to bypass the technology of Address Space Layout Randomization, which allows you to randomly change the location of important data structures in the address space.

To protect against NetSpectre, it is sufficient to use existing measures against the Specter. Because NetSpectre is a network attack, it can be detected by means of protection from DDoS attacks.

Frontend News Digest 21 - 27.03

Embrace modern image formats, how to indicate scroll postion on page with CSS, integrate TypeScript with GraphQL and more
27 March 2020   2525

Greetings! I hope your week went great! Here's new frontend technologies news digest.

Learn how to use the currentColor value in CSS, how to debug a child process in Node and Gatsby.js with Chrome, how to Debug a Node.js Application: Tips, Tricks and Tools and other cool, useful and demanded things, related to all parts of frontend development.

Guides

  • Embracing modern image formats

Learn how modern images formats and <picture> element can reduce image sizes

  • How to use the currentColor value in CSS

A tutorial on a basic CSS feature, great for newbies

  • Indicating Scroll Position on a Page With CSS

This guide will teach you how to indicate scroll position, using only CSS

  • How to debug a child process in Node and Gatsby.js with Chrome

Learn how to patch `jest-worker`package used by Gatsby.js and by patching enable child process debugging using Chrome Dev Tools in this tutorial

  • Integrating TypeScript with GraphQL

Learn how to integrade TypeScript with GraphQL

  • How to Debug a Node.js Application: Tips, Tricks and Tools

Massive tutorial on Node app debugging, with some tips, that can be useful even for skilled developers

Articles

  • Full Third-Party Cookie Blocking and More (in Safari)

Safari’s Intelligent Tracking, has been in beta for some time, introduces significant privacy changes, including cross-site cookies now being blocked by default

Video

  • The Complete AEA DC 2019 Now Online

Giant number of different interesting speeches from An Event Apart session, that was realeased special in a pack for you to stay home

Updates

  • uppload

JS image uploader with 30+ plugins 

  • Node-SQLite

SQLite client library for Node.js applications 

  • Backstage

Open platform for building developer portals