Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

New Cache Attack Can Monitor Keystrokes On Android Phones ( 36

Trailrunner7 quotes a report from OnTheWire: : Researchers from an Austrian university have developed techniques that allow them to perform cache attacks on non-rooted Android phones that can monitor the keystrokes, screen taps, and even observe code execution inside the ARM processor's TrustZone secure execution environment. The attacks the team developed are complex and rely on a number of individual building blocks. The techniques are similar to some used against Intel x86 processor-based systems, but the team from Graz University of Technology in Austria shows that they can be used on ARM-based systems, such as Android phones, as well.

"Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen," the researchers wrote in their paper, which was presented at the USENIX Security Symposium this week.

It's a proof-of-concept attack. But interestingly, another recently-discovered Android vulnerability also required the user to install a malicious app -- and then allowed attackers to take full control of the device.

Comment Re:When did AV became so useless ? (Score 1) 265

Sure, the goold old technique that searches for viruses signature became uneffective long time ago.

Monitoring the filesystem activity is something I can imagine quite easily. This is not rocket science. On my PC, I don't know many program that need to open and write a lot of files, and I would not mind to be warned against them, every time. I may loose the first dozen files before the detection program fires the "unusual activity" alert, but that would at least prevent the program to destroy the next thousands files.

At the bare minimum, AV should have trapped a program writing .locky files since it's such a well known devastating virus for so long. Not rocket science either...

Comment When did AV became so useless ? (Score 3, Insightful) 265

So, a stupid macro virus open thousand files on a PC at full speed, delete them, and create another one with .locky extension. No AV software has he capability to detect something unusual ? dangerous ? Suspect ? (I wonder how AV waste my CPU and disk IOs so badly...)

This locky shit has been around for a few month, and no AV can do anything about it ?? seriously ? They did not even bother changing the .locky file extension...

Comment Re:Internet access? (Score 3, Interesting) 119

Well, yes. This is called "sandboxing". Microsoft should have made their macro run in a sandbox, with prominent prompts when the marco needs to access the filesystem, send data over the network, run an external program etc etc Anything that is not manipulating data in the current document.

But this is the the way microsoft dioes things, and it sucks hard.

Comment Re:Just don't install the Start menu loss update (Score 1) 387

Hm, that's right, it seems to be slightly different. I don't recall precisely what happens, but I clearly remebered the start button was visible with no effect whatsoever, and I think the desktop was replaced by the tile view. Looks like this 'feature' has numerous variations...
Quite frankly, this is a small addition to my "I don't want windows anymore" long list, well after the absurd automatic "rebooting with opened apps" to install some vital updates when I wakeup my laptop to ... well ... work. Who's the genius that made this decision ?
Enough Rant, I just need to install linux. MS lost me on that version, after some good fellings on windows seven.

Comment Re:Youtube next? (Score 1) 176

I agree: sites hosting those like button are the ones we should blame hard, because they should protect their visitor's privacy. It's very easy for any web site to implement "safe" social buttons but they don't care for most.

I don't blame FB when they try to use any way they can to gather data. This is their business. I do think though there are some boundaries nobody should cross. Because there is no good technical answer yet does not mean we should just let them do anything. That's my opinion (and this is only an opinion). The french law set some of those boudaries in a way that seems balanced to me.

The french CNIL (I'm french) has ben setup long long time ago (back in the 70's) to ensure data privacy law is applied. They go after FB because FB violates a french law. In france, this is unlawful to collect data without signing a consent form. You also have to provide a way to remove any data to end users, on simple request. There are 5 ou 6 key points like that where FB violates the french law.

Comment Re:Youtube next? (Score 1) 176

Again, "third party cookie" does not mean anything to most people. Granted, the checkbox is one clic away, but you need t know about cookies to use it. (or listen someone who told you "it's better this way"). Having this setting won't solve the large scale tracking issue (if we consider there is an issue here). This, at best, is a workaround for educated people.

"facebook will simply find a way to make people click accept to see any part of the page,"

FB does not control pages using their "like" button. Hence, prompting to "click somewhere" to see the page won't work, ok?

Comment Re:Youtube next? (Score 3, Insightful) 176

What you write is technically true. The thing is: a very tiny fraction of internet users has a clue about ways to protect their privacy. Most of them don't event think it matters. Because it's rather impractical to educate billions of users about this, some need to act to prevent big corporation to abuse their position. That's why french instances gave facebook a warn. Even though thay have no power to enforce anything seriously, I'm glag they took that position.

Comment Re:Considering how fast Google ditched China (Score 1) 381

You makes an interesting point here.

There is no "good" way to erase something on Internet. Hunting individual sites, caches, etc is known to be ineffective, hard, and often just impossible. Removing the links that lead to this content is effective, but we could question how [un]fair and [un]wise it is, endlessly. I have no strong opinion on this.

However, the motive that lead the french CNIL (which is an independant organism) to fight google on this point has little to do with some government agenda, I'm pretty sure of this.

Comment Re:Oh, they're a big company, (Score 1) 527

> So far, Windows 10 has reminded me repeatedly that I should: (1) Consider getting Office 365! (2) Consider installing Skype! (3) Should collect and use Bing Rewards! (4) That I should look into getting an Xbox! (5) That I should buy things from the Microsoft Store!

So far, windows has reminded me to install linux.

I kind of liked seven, was not entirely hateful against win8, but win10 is a no-go for me after giving it a try for the last 2 weeks. Very disapointed indeed. This telemetry shit is just one more thing I don't want to fight. Hunting for ways to disable/uninstall on windows sucks; I've better way to use my time and nerves. And thanks to have set EDGE as my default browser. No big deal, just a nice way to show how much you care about people choices.

Comment Re:Arrest (Score 1) 333

> The legislation in question is a protectionist movement for jobs that will die anyways

Partly true, but not only. No mater what you think of cab service in France (I'm french; they're pretty bad), there is something else more important.

UBER business bypass social system almost entirely. You may love or hate what exist in France (employee protection; taxes ; etc), but you cant
have businesses that bypass those rules, and others that pay for it. I myself run a business and know the amount of money we spend tu run this
system. Sorry, I don't want to pay for UBER's guys. I don't mind if UBER shareholders make cash as long as we play with the same rules.

Comment Re:c++? (Score 2) 407

> Yes. Dynamic binding and loading is ugly and clunky

Really ? You mean: universally ugly and clunky ?

I've spent 10 years in programming Objective-C. I wrote myself an Objective-C compiler at a time none existed (not really a compiler, a parser that generates C and a runtime lib). In the company I used to work for, it helped a great lot more than it has hurt. It also made possible very sophisticated debugging and testing environments, thanks to the dynamic bindings of Objective-C. I don't find that ugly and clunky, not even in the language syntax details.

My point is that dynamic bindings and introspection are immensely powerful tools. They enable generic programming in a clean way as long as you know what you're doing. You may reach similar results with strict typing language, or code generators (thanks visual c), sure. I don't think it's that easy though.

You may hate it for the reasons you mention (Prone to errors because too much things pass the compiler task), which are perfectly valid. But writing it's inherently "ugly and clunky" seems really missing the point here. "Dangerous" is a better word maybe ?

In the other hand, I've seen many C++ programmers lost in their code that no one but the compiler could barely understand a few month after writing. I'm absolutely not saying c++ is inherently bad and/or difficult; it's just about the people who use it and the rules your team adopt to make it coherent and intelligible.

Slashdot Top Deals

If I'd known computer science was going to be like this, I'd never have given up being a rock 'n' roll star. -- G. Hirst