Scary stuff. It proves the point that there are infinitely more ways for
code to have a vulnerability than can be secured - and a system is only as
secure as the weakest link.
On Mon, 17 Jun 2019 at 12:28, Peter Reutemann <fracpete(a)waikato.ac.nz>
'Researchers from Austria's Graz University of
devised an automated system for browser profiling using two new side
channel attacks that can help expose information about software and
hardware," reports The Register.
Attacks: Automatically Inferring Host Information for Targeted
Exploits," which The Register says "calls into question the
effectiveness of anonymized browsing and browser privacy extensions...
Long-time Slashdot reader Artem S. Tashkinov shared their report:
Attacks involve measuring runtime differences between two code
snippets to infer the underlying instruction set architecture through
variations in JIT compiler behavior. The other involves measuring
timing differences in the memory allocator to infer the allocated size
of a memory region.
only the ability to fingerprint via browser version, installed privacy
extension, privacy mode, operating system, device microarchitecture,
And their research shows there are far more of these than are covered
in official documentation. This means browser fingerprints have the
potential to be far more detailed -- have more data points -- than
they are now.
The Mozilla Developer Network documentation for Firefox, for example,
covers 2,247 browser properties. The researchers were able to capture
15,709. Though not all of these are usable for fingerprinting and some
represent duplicates, they say they found about 10,000 usable
properties for all browsers.'
-- source: https://yro.slashdot.org/story/19/06/16/232241
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
wlug mailing list | wlug(a)list.waikato.ac.nz