. home.aspx



New NetSpectre-Class Attack Raises Device-Hardening Concern

July 30, 2018 / Kacy Zurkus

A new type of NetSpectre attack requires no malware or malicious JavaScript, because it instead attacks victims through network connections, according to researchers at Graz University of Technology. Four scientists at the university have published findings on a new type of Spectre attack in a paper entitled NetSpectre: Read Arbitrary Memory over Network. The paper details a new CPU attack that can be carried out via network connections and does not require the attacker to host code on a targeted machine, a significant development for Spectre-class attacks. “By manipulating the branch prediction, Spectre tricks a target process into performing a sequence of memory accesses which leak secrets from chosen virtual memory locations to the attacker. This completely breaks confidentiality and renders virtually all security mechanisms on an affected system ineffective,” the researchers wrote. Until now, Spectre attacks have needed the victim to either download and run malicious co...