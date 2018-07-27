Security: Updates, Bitwarden, Remote Spectre Exploits, Ascendance of nftables
-
Security updates for Friday
-
Update: 3 months with Bitwarden
Three months ago, I wanted to move away from LastPass — who’ve lately have been reducing support for Firefox and other platforms — to an open source password manager instead. I chose to migrate to Bitwarden and I’ve been overall happy with the decision ever since. Here are my thoughts and impressions three months on with Bitwarden.
-
Remote Spectre exploits demonstrated
This paper from four Graz University of Technology researchers [PDF] describes a mechanism they have developed to exploit the Spectre V1 vulnerability over the net, with no local code execution required. "We show that memory access latency, in general, can be reflected in the latency of network requests. Hence, we demonstrate that it is possible for an attacker to distinguish cache hits and misses on specific cache lines remotely, by measuring and averaging over a larger number of measurements. Based on this, we implemented the first access-driven remote cache attack, a remote variant of Evict+ Reload called Thrash+Reload. Our remote Thrash+Reload attack is a significant leap forward from previous remote cache timing attacks on cryptographic algorithms. We facilitate this technique to retrofit existing Spectre attacks to our network-based scenario. This NetSpectre variant is able to leak 15 bits per hour from a vulnerable target system." Other attacks described in the paper are able to achieve higher rates.
-
The Ascendance of nftables
iptables is the default Linux firewall and packet manipulation tool. If you’ve ever been responsible for a Linux machine (aside from an Android phone perhaps) then you’ve had to touch iptables. It works, but that’s about the best thing anyone can say about it.
At Red Hat we’ve been working hard to replace iptables with its successor: nftables. Which has actually been around for years but for various reasons was unable to completely replace iptables. Until now.
-
- Login or register to post comments
- Printer-friendly version
- 462 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
DebCamp/DebCamp18 (National Chiao Tung University)
The Microsoft Tax and Tax Authorities
GNOME's Nautilus 3.30 and GUADEC 2018 Report by Bin Li:
today's howtos
Recent comments
2 hours 4 min ago
2 hours 59 min ago
4 hours 11 min ago
4 hours 12 min ago
15 hours 24 min ago
22 hours 47 min ago
1 day 17 hours ago
1 day 17 hours ago
2 days 7 hours ago
2 days 19 hours ago