Nowadays the internet has become a preliminary part of our life, and with the developing technology, and the security about which websites & internets promises us about our data being confidential, are they actually safe? This article is all about how Google is working on protecting our data from intruders.
A recent article from Google revealed about the increased leveraging of attackers, derived about the vulnerability from a specific class which is built into the web platform with the help of side-channels, to snatch sensitive data out of any web application. Dubbed cross-site leaks (XS-Leaks); this new class of vulnerability highlights the new challenge for the security of web infrastructure.
Attackers use the existing side-channels on the web to leak sensitive & confidential data about the users from other web applications, such as details about their local environment or their internal networks.
- Recently, a team of security researchers found a new side-channel that was being used by the attackers, PLATYPUS which gives them the privilege of sneaking and taking all the sensitive data of users.
- Apart from that researchers from the University of California & Tsinghua University also reported a series of critical vulnerabilities dubbed Side-channels ‘AttackeD’, ‘DNS’ or ‘SAD DNS’ attacks that could lead to a revival of DNS cache poisoning attacks.
For enhancing the research into the issue of cross-site leaks of user’s information, google has recently set up a new site for XS-Leaks. It is basically a collection of browser-based side-channels attack vectors.
- By establishing the attack vectors it’ll create a jinx for the intruders also upbringing the security engineers and defense mechanism, for safer surfing.
- The XS-Leaks wiki site basically includes information about the principles behind cross-site leaks, common attacks, and proposes defense mechanisms to stop these attacks.
Studies shows that side-channel attacks are still in the development phase and their true potential in XS-Leaks attacks is still an illusion and they are going through a transition period yet. It is believed that projects such as the XS-Leak wiki can help prevent or alleviate these intrudes by providing appropriate frameworks & guidelines for security teams to overcome such threats.
Post comments (0)