•   
  •   
  •   

Technology Chrome has a new way to keep Spectre hackers at bay

15:56  12 july  2018
15:56  12 july  2018 Source:   cnet.com

'Preparing the battlefield': Hackers implant digital grenades in industrial networks

  'Preparing the battlefield': Hackers implant digital grenades in industrial networks The United States pioneered the use of cyber weapons when it shattered Iran's nuclear centrifuges in 2010 but such devastating tools have spread and are now boomeranging to make industrial digital sabotage a growing concern to the United States. The weapons can wreak destruction and kill people. Experts say cyber weapons can turn off power grids, derail trains, cause offshore oil rigs to list, turn petrochemical plants into bombs and shut down factories.

By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre , a new type of attack that Google and other researchers

Has Meltdown or Spectre been abused in the wild? More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.

a close up of a keyboard: Google's Chrome browser logo © Provided by CNET Google's Chrome browser logo By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data.

Since Google first released it publicly in 2008, Chrome has divided work among multiple computing processes. That approach helps keep one tab's work from interfering with what's happening in another. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre, a new type of attack that Google and other researchers revealed in January.

Google released the new security feature, called site isolation, to a limited number of Chrome users starting with the Chrome 67 release in May. Now it's "enabled for 99 percent of users on Windows, Mac, Linux and Chrome OS," Chrome team member Charlie Reis said in a blog post on Wednesday.

Russian hackers used fake accounts disguised as local news: report

  Russian hackers used fake accounts disguised as local news: report Russian operatives working out of the St. Petersberg-based Internet Research Agency (IRA) used fake accounts disguised as local U.S. media outlets to exploit Americans' trust in local news.An An NPR report found that accounts linked to the IRA operated at least 48 social media accounts disguised as U.S.-based local media organizations, including @ElPasoTopNews, @MilwaukeeVoice, @CamdenCityNews and @Seattle_Post.

These are external links and will open in a new window. How would a hacker target my machine? An attacker would have to be able to put some code on to a user's computer in order Many of the ways they do this look like they can be monitored via Spectre to gain information about what the chip is up to.

Your Chromebook may already be patched and has the ability to employ a new feature that will help mitigate your vulnerabilities. Let’s talk through a couple things you need to know with regards to your Chrome device, Meltdown, and Spectre .

The move shows just how complicated Spectre and the related Meltdown attacks are to thwart. Tech companies that make processors, operating systems and browsers all scrambled to block attackers from using the vulnerabilities to snatch sensitive data like passwords or encryption keys. The problem is severe enough to have risen to the US Congress, where senators griped on Wednesday that they hadn't heard about Spectre sooner.

a screenshot of a cell phone: Chrome's site isolation technology partitions some computing processes to make  it harder for attackers using Spectre to snoop for sensitive data. © Provided by CBS Interactive Inc. Chrome's site isolation technology partitions some computing processes to make it harder for attackers using Spectre to snoop for sensitive data.

Uses more memory

Google's site isolation feature is a major change to Chrome. It affects a core part of the browser called the renderer, which turns website programming code into actual pixels on your phone or laptop screen. With site isolation, Chrome splits renderers into separate computing processes more often to wall off data better.

July 27, 2016: Trump asked Russia to find Hillary’s emails. They acted within hours.

  July 27, 2016: Trump asked Russia to find Hillary’s emails. They acted within hours. Apparently, Russia was listening.It is maybe the most eyebrow-raising detail in an indictment filled with them. Mueller on Friday indicted 12 Russian intelligence officers for crimes related to the hacking and public release of Democratic emails to influence the 2016 presidential campaign.

Since exploitation of Spectre through JavaScript embedded in websites is possible,[1] Chrome 64 "Windows surprise patch KB 4078130: The hard way to disable Spectre 2 - Disabling the disruptive ' Spectre 2' bugs in Intel processors has always Sony Pictures hack . Russian hacker password theft.

Chromebooks should have already updated to Chrome OS 63 in December. Nvidia released new drivers containing Spectre mitigations for GeForce, Quadro, NVS, and some Tesla hardware shortly Keeping security software installed and vigilant helps keep hackers and malware off your computer.

Unfortunately, that means Chrome needs more memory. The increase is about 10 to 13 percent for people with lots of tabs open, Google said in a project document. The good news, though, is that site isolation lets Google relax earlier restrictions on monitoring precise timing of browser actions it had adopted to make Spectre attacks harder.

"Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure," Reis said in the blog post. And it's also working to bring site isolation to Chrome for Android, he said.

Site isolation, a ten-year project

Reis has been working on the site isolation technology for a decade, starting with his Ph.D. research, and the Chrome team began about six years ago, Chrome security leader Justin Schuh tweeted.

Eric Lawrence, a former Chrome security team member who now works on Microsoft's rival Edge browser, called the move "an extremely impressive achievement."

Mueller: Congressional candidate sought stolen emails from Russian spies in 2016

  Mueller: Congressional candidate sought stolen emails from Russian spies in 2016 Prosecutors working for special counsel Robert Mueller said Friday that a congressional candidate sought hacked documents about his opponent from Russian intelligence officers posing as an online activist.The allegation is spelled out in a single paragraph of a 29-page indictment released Friday that accuses 12 Russian intelligence officers with conducting a hacking campaign that targeted Democratic political organizations to attempt to influence the 2016 election. Prosecutors charged that the hackers breached the computers of the Democratic Congressional Campaign Committee, then stole troves of emails and other records that the Russian government later made public.

You might have heard that the sky has fallen and the security apocalypse has happened because of two new attacks named Meltdown and Spectre . The phone you're using right now is almost certainly affected by the Spectre exploit, but nobody has found a way to use it — yet.

Browsers like Chrome , Firefox, and Edge/Internet Explorer all have preliminary Spectre patches, as do some operating systems. And attackers could find novel ways to exploit either bug, particularly Spectre , that could The Air Force Is Already Betting on SpaceX's Brand- New Falcon Heavy.

"Google invested many engineer-years in a feature that initially seemed hopelessly out of whack from cost/benefit POV [point of view]," he tweeted. Then when Spectre arrived, site isolation suddenly became "an essential defense against a class of attack."

—   Share news in the SOC. Networks

Topical videos: