A Rescue In The Queue For Data Breach

Cyber security + Data Breach 7 Defence todayDecember 18, 2020 124

Background
share close

Nowadays the internet has become a preliminary part of our life, and with the developing technology, and the security about which websites & internets promises us about our data being confidential, are they actually safe? This article is all about how Google is working on protecting our data from intruders.

A recent article from Google revealed about the increased leveraging of attackers, derived about the vulnerability from a specific class which is built into the web platform with the help of side-channels, to snatch sensitive data out of any web application. Dubbed cross-site leaks (XS-Leaks); this new class of vulnerability highlights the new challenge for the security of web infrastructure.

Attackers use the existing side-channels on the web to leak sensitive & confidential data about the users from other web applications, such as details about their local environment or their internal networks.

  • Recently, a team of security researchers found a new side-channel that was being used by the attackers, PLATYPUS which gives them the privilege of sneaking and taking all the sensitive data of users. 
  • Apart from that researchers from the University of California & Tsinghua University also reported a series of critical vulnerabilities dubbed Side-channels ‘AttackeD’, ‘DNS’ or ‘SAD DNS’ attacks that could lead to a revival of DNS cache poisoning attacks.

For enhancing the research into the issue of cross-site leaks of user’s information, google has recently set up a new site for XS-Leaks. It is basically a collection of browser-based side-channels attack vectors.

  • By establishing the attack vectors it’ll create a jinx for the intruders also upbringing the security engineers and defense mechanism, for safer surfing.
  • The XS-Leaks wiki site basically includes information about the principles behind cross-site leaks, common attacks, and proposes defense mechanisms to stop these attacks.

Studies shows that side-channel attacks are still in the development phase and their true potential in XS-Leaks attacks is still an illusion and they are going through a transition period yet. It is believed that projects such as the XS-Leak wiki can help prevent or alleviate these intrudes by providing appropriate frameworks & guidelines for security teams to overcome such threats.

Written by: 7 Defence

Tagged as: , .

Rate it
Previous post

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *