iMyFone LockWiper Crack With Serial Key 2020

iMyFone LockWiper Crack With License Key 2020

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

Flvto Youtube Downloader Crack + Activator Download 2020

Flvto Youtube Downloader Crack With Activator Latest

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

Voicemod Crack + Serial Key Updated

Voicemod Crack Plus Serial Number

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

Dolby Access Crack + Activator

Dolby Access Crack With Keygen

Take advantage of stunning sound quality and realism in your multimedia experiences, with sound that surrounds you with the help of this app that gives you a free trial of Dolby Atmos.

DraftSight Crack With Activator 2020

DraftSight Crack + Activator Updated

Rich-featured CAD application that enables users to quickly load, visualize and edit all their DWG files, as well as create new drawings from scratch


IT News

May 29
The experimental project addresses common pain points of developing, testing, and deploying microservices and distributed applications
May 28
Red Hat's middleware platform for cloud-native apps now incorporates Java microservices technology
May 28
The company's Cliq messaging app gets a raft of features designed to help employees and managers keep track of workers in a virtual office.
May 27
Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.
May 27
COVID-19 has accelerated some companies' plans to adopt secure access service edge (SASE), which combines SD-WAN capabilities with network security services.
May 27
Microsoft is bringing improvements to the 'low code' Power Platform that professional developers could use, such as T-SQL support and GitHub integration
May 27
Cisco has upgraded its core networking software to include better support for multicloud integration and management as well as tools to help telcos or hyperscalers tie together large scale data center networks.


New NetCAT CPU side-channel vulnerability exploitable over the network

Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn't need to have local access on the targeted machine because the attack works over the network.

The culprit is Intel's Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor's internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck.

DDIO was designed with ethernet controllers and fast datacenter networks in mind to allow servers to handle 10-gigabit ethernet (10 GbE) connections and higher. The technology was first introduced in 2011 in the Intel Xeon E5 and Intel Xeon E7 v2 enterprise-level processor families.

CPU attacks like Spectre and Meltdown and their many variants have used the CPU cache as a side-channel to infer sensitive data. Researchers from the VUSec group at Vrije Universiteit Amsterdam have now shown that DDIO's cache access can be exploited in a similar manner.

In a new paper released today, the researchers described an attacked dubbed NetCAT which abuses DDIO over the network to monitor access times in the CPU cache triggered by other clients connected to the same server over SSH (Secure Shell). By using a machine learning algorithm, they were then able to infer the keystrokes transmitted over the connection by analyzing the time information in the CPU cache region used by the server's network card.

"In an interactive SSH session, every time you press a key, network packets are being directly transmitted. As a result, every time you type a character inside an encrypted SSH session on your console, NetCAT can leak the timing of the event by leaking the arrival time of the corresponding network packet. Now, humans have distinct typing patterns. For example, typing 's' right after 'a' is faster than typing 'g' after 's'. As a result, NetCAT can operate statistical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session."

First remote side-channel attack

This means that with a direct network connection to the server, an attacker can leak potentially sensitive information about other clients connected to the same server, making it the first time when a CPU side-channel attack has been demonstrated to work remotely instead of locally.

Intel awarded a bounty for the vulnerability but assigned a low severity score to it -- 2.6 out of 10 on the CVSS scale.

"In scenarios where DDIO and RDMA are enabled, strong security controls on a secured network are required as an attacker would need to have read and write RDMA access on a target machine using DDIO," the company said on its website. "In the complex scenarios where DDIO and RDMA are typically used, such as massively parallel computing clusters, the access an attacker would need would be uncommon."

The researchers disagreed to some extent on the rarity of the exploitation conditions cited by Intel. They told CSO that they used Remote Direct Memory Access (RDMA) for this attack because it was easier, but that there are probably ways to exploit DDIO without it.

NetCAT is just the first crack in the dam and future research will likely uncover additional and improved attack methods, as it has happened with other attacks in the past, they said.

Mitigation limited and impractical

They feel that like most vendors, Intel's response focuses on the exploit reported to them rather than the root cause vulnerability, which is DDIO itself. Short of disabling this feature, which can have a significant performance impact, server owners can't do much to mitigate the problem.

"Where DDIO and RDMA are enabled, limit direct access from untrusted networks," Intel said in an advisory. "The use of software modules resistant to timing attacks, using constant-time style code."

The problem is that following these recommendations might not be viable in practice for many deployments. For example, servers that need to have a direct connection to the internet are available to untrusted networks by default.

Also, achieving constant time in the context of cache access implies that the code should talk to the CPU even when it doesn't technically need to, so that the access time doesn't variate and doesn't reveal anything to an attacker. However, that is very expensive for performance, the researchers tell CSO.

The NetCAT attack targets SSH because it generates new packets for every keystroke, making it an obvious target. However, there might be other vulnerable applications and potential attack scenarios that have yet to be discovered.

The VUSec researchers are confident that just as we've seen with Meltdown, Spectre, Rowhammer and other flaws that stem from hardware design decisions, we will see more DDIO attack variants.

This story, "New NetCAT CPU side-channel vulnerability exploitable over the network" was originally published by CSO.