Slate Magazine |
Will Obama's Russia Retaliation Work—or Is It Too Little, Too Late?
Slate Magazine If that's the case, the main goals of a U.S. response should be the following: to punish the culprits below Putin's level; to put a dent in Russian intelligence activities that Putin values; to show state-sponsored hackers—whether Russian, Chinese, or … |
Softpedia News |
Android Ransomware Just Became a Little Bit More Sophisticated
Softpedia News A previously unsophisticated Android ransomware that locks an Android device's screen has received new updates that make it impossible for security researchers to help victims to unlock their devices. Android.Lockscreen was a simplistic Android … |
The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It’s a technique that’s so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment.
Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of computers that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit.
Now, computer scientists have developed a significantly more refined Rowhammer technique they call Flip Feng Shui. It manipulates deduplication operations that many cloud hosts use to save memory resources by sharing identical chunks of data used by two or more virtual machines. Just as traditional Feng Shui aims to create alignment or harmony in a home or office, Flip Feng Shui can massage physical memory in a way that causes crypto keys and other sensitive data to be stored in locations known to be susceptible to Rowhammer.
Enlarge (credit: Gerald England)
Underscoring the flourishing world of for-profit hacking, researchers have uncovered a thriving marketplace that sells access to more than 70,000 previously compromised servers, in some cases for as little as $ 6 apiece.
As of last month, the xDedic trading platform catalogued 70,624 servers, many belonging to government agencies or corporations from 173 countries, according to a report published Wednesday by researchers from antivirus provider Kaspersky Lab. That number was up from 55,000 servers in March, a sign that the marketplace operators carefully maintain and update the listed inventory.
“From government networks to corporations, from Web servers to databases, xDedic provides a marketplace for buyers to find anything,” Kaspersky researchers wrote in a separate blog post. “And the best thing about it—it’s cheap! Purchasing access to a server located in a European Union country government network can cost as little as $ 6.” The post continued:
