Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror

Submission + - New Javascript Attack Lets Websites Spy on the CPU's Cache (forbes.com)

Submitted by Anonymous Coward
An anonymous reader writes: Bruce Upbin at Forbes reports on a new and insidious way for a malicious website to spy on a computer. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack.

The exploit, which the researchers are calling “the spy in the sandbox,” is a form of side-channel attack. Side channel attacks were previously used to break into cars, steal encryption keys and ride the subway for free, but this is the first time they're targeted at innocent web users. The attack requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker.

Link to the full research paper at arXiv

Submission + - Traffic app Waze to alert L.A. drivers of kidnappings and hit-and-runs (thestack.com)

Submitted by Anonymous Coward
An anonymous reader writes: Traffic-alert app Waze has announced a partnership with Los Angeles to share information on hit-and-runs and kidnappings taking place across the city, alongside traffic data and road closure updates. The deal forms part of a data-sharing agreement between L.A. authorities and the Google-owned tech startup detailed yesterday by the city’s mayor Eric Garcetti. He assured that the data provided to the city by Waze would be “aggregated” and completely anonymous. According to the councillor the collaboration was mutually confirmed on Monday following a “very good meeting” between Waze and LAPD chief officer Charlie Beck. This move signals a considerable turn of events after Beck argued at the end of last year that the traffic alert app posed a danger to police due to its ability to track their location. The complaint followed the shooting of two police officers in New York after the shooter used the app to track his targets.

Comment Hi, I co-authored the paper :-) (Score 5, Informative) 155

by Yossi Oren (#47189945) Attached to: Millions of Smart TVs Vulnerable To 'Red Button' Attack

Thanks for the comments. I hope I can clarify some of the things people said here.

Re popularity of OTA vs. cable: Cable is more popular in the US, but that's just the US. Digital Terrestrial is much more common in other places - for example it's the most popular delivery method in Europe by far (page 39) . In the US immigrants use it a lot more than US-born.

To whomever suggested attacks via the remote control's IR port: that sounds a lot of fun to try, but the IR receiver's much less sensitive than the RF jack, it has a much lower data rate, and it needs line of sight.

About the power calculations: 1 Watt (0 dBm) can cover an area of 1.4 square Kilometers, under reasonable assumptions. The math is in the paper.

One last thing: A big shout-out to Martin Herfurt, whose work on HbbTV security was our starting point.

Submission + - Millions of Smart TVs Vulnerable to "Red Button" Attack (forbes.com)

Submitted by Anonymous Coward
An anonymous reader writes: Bruce Upbin from Forbes reports on a major flaw, discovered by researchers from Columbia University's Network Security Lab, affecting millions of Smart TVs supporting the HbbTV standard.
The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to interact with any website on their behalf — Academic paper here.

Slashdot Top Deals

You will lose an important tape file.

Close