Money Chrome has a new way to keep Spectre hackers at bay

15:51  12 july  2018
15:51  12 july  2018 Source:   cnet.com

Chinese hackers crack into ANU in major national security breach

  Chinese hackers crack into ANU in major national security breach China-based hackers have utterly compromised the computer network of the university that is home to Australia’s National Security College and the School of Strategic and Defence Studies. The Australian National University was contacted by an intelligence agency months ago, demanding that it deal with a pervasive and persistent intrusion into its entire computer network.

By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre , a new type of attack that Google and other researchers

Has Meltdown or Spectre been abused in the wild? More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.

a close up of a keyboard: Google's Chrome browser logo© Provided by CNET Google's Chrome browser logo By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data.

Since Google first released it publicly in 2008, Chrome has divided work among multiple computing processes. That approach helps keep one tab's work from interfering with what's happening in another. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre, a new type of attack that Google and other researchers revealed in January.

Google released the new security feature, called site isolation, to a limited number of Chrome users starting with the Chrome 67 release in May. Now it's "enabled for 99 percent of users on Windows, Mac, Linux and Chrome OS," Chrome team member Charlie Reis said in a blog post on Wednesday.

Chinese hackers infiltrate systems at Australian National University

  Chinese hackers infiltrate systems at Australian National University Hackers based in China have infiltrated one of Australia's most prestigious universities, the Australian National University in Canberra, and the threat is yet to be shut down. The ABC has been told the Australian National University (ANU) system was first compromised last year.In a statement, the ANU said it had been working with intelligence agencies for several months to minimise the impact of the threat.

These are external links and will open in a new window. How would a hacker target my machine? An attacker would have to be able to put some code on to a user's computer in order Many of the ways they do this look like they can be monitored via Spectre to gain information about what the chip is up to.

Your Chromebook may already be patched and has the ability to employ a new feature that will help mitigate your vulnerabilities. Let’s talk through a couple things you need to know with regards to your Chrome device, Meltdown, and Spectre .

The move shows just how complicated Spectre and the related Meltdown attacks are to thwart. Tech companies that make processors, operating systems and browsers all scrambled to block attackers from using the vulnerabilities to snatch sensitive data like passwords or encryption keys. The problem is severe enough to have risen to the US Congress, where senators griped on Wednesday that they hadn't heard about Spectre sooner.

a screenshot of a cell phone: Chrome's site isolation technology partitions some computing processes to make  it harder for attackers using Spectre to snoop for sensitive data.© Provided by CBS Interactive Inc. Chrome's site isolation technology partitions some computing processes to make it harder for attackers using Spectre to snoop for sensitive data.

Uses more memory

Google's site isolation feature is a major change to Chrome. It affects a core part of the browser called the renderer, which turns website programming code into actual pixels on your phone or laptop screen. With site isolation, Chrome splits renderers into separate computing processes more often to wall off data better.

All Android users can now use YouTube's incognito mode

  All Android users can now use YouTube's incognito mode YouTube for Android just got a lot better at keeping secrets. The incognito mode the video platform has been testing since May is now rolling out to all Android users . Just like incognito for Chrome, the one for YouTube doesn't log what you watch, keeping your history squeaky clean. To access the feature, simply tap on your avatar to see the new "Turn on Incognito" option, which replaces the Sign Out button. If you choose to switch it on, you'll get a prompt reminding you that your school, employer and ISP will probably still see your activities.

Since exploitation of Spectre through JavaScript embedded in websites is possible,[1] Chrome 64 "Windows surprise patch KB 4078130: The hard way to disable Spectre 2 - Disabling the disruptive ' Spectre 2' bugs in Intel processors has always Sony Pictures hack . Russian hacker password theft.

Chromebooks should have already updated to Chrome OS 63 in December. Nvidia released new drivers containing Spectre mitigations for GeForce, Quadro, NVS, and some Tesla hardware shortly Keeping security software installed and vigilant helps keep hackers and malware off your computer.

Unfortunately, that means Chrome needs more memory. The increase is about 10 to 13 percent for people with lots of tabs open, Google said in a project document. The good news, though, is that site isolation lets Google relax earlier restrictions on monitoring precise timing of browser actions it had adopted to make Spectre attacks harder.

"Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure," Reis said in the blog post. And it's also working to bring site isolation to Chrome for Android, he said.

Hackers stole $18.2 million from cryptocurrency exchange Bancor

  Hackers stole $18.2 million from cryptocurrency exchange Bancor Cryptocurrency trading startup Bancor has lost roughly $US13.5 million ($AU18.2 million) in a security breach. Hackers accessed a wallet used to upgrade smart contracts and withdrew the money mostly in Ethereum, a popular cryptocurrency. Bancor was able to freeze $US10 million of its own tokens once it noticed the breach.Bancor, an Israeli startup and decentralized cryptocurrency trading platform, lost approximately $US13.5 million in virtual currency on Monday.According to Bancor, hackers compromised a wallet - which facilitates cryptocurrency trading - used to update smart contracts.

Browsers like Chrome , Firefox, and Edge/Internet Explorer all have preliminary Spectre patches, as do some operating systems. And attackers could find novel ways to exploit either bug, particularly Spectre , that could The Air Force Is Already Betting on SpaceX's Brand- New Falcon Heavy.

If you're a Chrome user in particular, Google has one very specific recommendation for protecting That way , your login secrets for one site cannot be stolen by another." Topics: big-tech-companies, Google Chrome , Google, hackers , hacking , Intel, meltdown, Spectre , Tech, vulnerabilities.

Site isolation, a ten-year project

Reis has been working on the site isolation technology for a decade, starting with his Ph.D. research, and the Chrome team began about six years ago, Chrome security leader Justin Schuh tweeted.

Eric Lawrence, a former Chrome security team member who now works on Microsoft's rival Edge browser, called the move "an extremely impressive achievement."

"Google invested many engineer-years in a feature that initially seemed hopelessly out of whack from cost/benefit POV [point of view]," he tweeted. Then when Spectre arrived, site isolation suddenly became "an essential defense against a class of attack."

—   Share news in the SOC. Networks

Topical videos: