Tech News - Cryptography

After the recent SpectreRSB attack on Intel, AMD, and ARM CPUs, a group of security researchers have found a new Spectre variant in town codenamed NetSpectre. They have recorded this latest Spectre in their paper, “NetSpectre:Read arbitrary memory over Network” As per the researchers, the specialty of NetSpectre is, it can be launched over the network without requiring the attacker to host the code on a targeted machine. This new Spectre attack is a new remote side-channel attack, which is related to Spectre variant 1. https://twitter.com/misc0110/status/1022603751197163520 What does NetSpectre attack do? The new Spectre attack exploits speculative execution to perform bounds-check bypass and can be further used to destroy address-space layout randomization on the remote system. This issue further allows the attacker to write and execute malicious code that extracts data from the previously secured CPU memory. This memory could include sensitive information such as passwords, cryptographic keys, and much more. The researchers have demonstrated the NetSpectre attack using the AVX-based covert channel. This approach allowed them to capture data at a speed of 60 bits per hour from the target system. Researchers said, “Depending on the gadget location, the attacker has access to either the memory of the entire corresponding application or the entire kernel memory, typically including the entire system memory.” The remote attacker need to simply send a series of request packets to the target machine and measure the response time to leak a secret value from the machine’s memory. Researchers said, “We verified that our NetSpectre attacks work in local-area networks as well as between virtual machines in the Google cloud.” How to be safe? If one has updated their code and applications to mitigate previous Spectre exploits they do not have to worry about the ‘NetSpectre’ attack. Researchers have mentioned state-of-the-art and network-layer countermeasures for NetSpectre in their paper. However, they state, “as attackers can adapt and improve attacks, it is not safe to assume that noise levels and monitoring thresholds chosen now will still be valid in the near future.” Also recently, Intel paid $100,000 bug bounty to a team of researchers to find and report new processor vulnerabilities. These newfound Spectre variants were also related to Spectre variant 1. Following this, Intel has included information related to the NetSpectre attack in its updated white paper, ‘Analyzing potential bounds check bypass vulnerabilities’ Read more about the NetSpectre attack in the whitepaper. SpectreRSB targets CPU return stack buffer, found on Intel, AMD, and ARM chipsets Intel’s Spectre variant 4 patch impacts CPU performance  

After the first preview of its Blockchain Cloud Service at OpenWorld last October, Oracle has confirmed the general release and availability of its Blockchain platform in an official press release this Monday. Before this release, Oracle’s pre-release version of  Blockchain Cloud Service was being used by different businesses across the globe such as Arab Jordan Investment Bank, Certified Origins, Solar Site Design, CargoSmart, etc. These organizations say have seen a major difference in their business after adopting Oracle’s Blockchain as a service (BaaS). For instance,  Andrea Biagianti, CIO of Certified Origins (Italy based olive oil producer) mentions that the company wanted to trace the products (Bellucci EVOO) that they sell in the market of United States across the entire supply chain. Oracle’s Blockchain service helped the company by making the implementation and collaboration of all the included parties quite simple. It also provided them with a competitive edge over the others in the market. “It adds a further level of transparency and information that is valuable for consumers looking for quality products and helps us to support the excellence of the small farms”, says Biagianti. This Blockchain service will be of great help to organizations in three major ways. Firstly, it provides them with a development platform to build their own Blockchain networks. Secondly, it allows integration with Oracle SaaS, existing third-party applications, Oracle PaaS and other Blockchain networks to drive more reliable transactions. Lastly, clients or customers can program and test smart contracts to automate processes over the Blockchain distributed electronic ledger. The new service is based on top of the Linux Foundation’s Hyperledger Fabric, which is a collaboration tool that comes with in-built infrastructure dependencies, REST proxy, and a number of monitoring and operation tools. It helps in building Blockchain based automated ledger such as smart contract technology. A smart contract is an automation tool based on the Blockchain technology. It gets rid of the middleman in a business by enabling automatic exchange of money, property, etc, in a transparent and hassle-free manner. According to Amit Zavery, executive vice president of Oracle Cloud Platform, “Blockchain promises to be one of the most transformative technologies of our generation”. This is quite true as Blockchain is helping transform businesses by making interactions more secure, efficient and cost-effective. It has also made the future Blockchain implementations easier. This means that as the Hyperledger specification evolves and makes new updates, there is no need for the developers to rewrite the company-specific Blockchain applications. Apart from that, new SaaS applications are being offered by Oracle for the Blockchain technology. These can be used in cases like track and trace, warranty and usage, cold chain, etc. Organizations wanting to avail Oracle’s Blockchain services can either pay per usage (without a contract) or via a monthly, yearly or a multi-year deal. There is also a 30-day free trial of the cloud service that the Customers can sign up for. Oracle Apex 18.1 is here! Oracle announces Oracle Soar, a tools package to ease application migration on cloud