Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-09-13

BLINDSIDE – A Speculative Execution Attack

www.vusec.net/projects/blindside/ BlindSide allows attackers to hack blind in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation.. POC video https://www.youtube.com/watch?v=m-FUIZiRN5o. whitepaper

download.vusec.net/papers/blindside_ccs20.pdf

Leaky server exposes users of dating site network

www.zdnet.com/article/leaky-server-exposes-users-of-dating-site-network/ Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.

How to enable DNS-over-HTTPS (DoH) on Windows

www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-on-windows/ DNS-over-HTTPS (DoH) allows DNS resolution to be performed via the HTTPS protocol rather than through the normal plain text DNS lookups.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.