Daily Archives: March 5, 2019

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

Posted on by

This time, the Silicon Valley giant has been caught red-handed using people’s cellphone numbers, provided exclusively for two-factor authentication, for targeted advertising and search – after it previously insinuated it wouldn’t do that.

Folks handing over their mobile numbers to protect their accounts from takeovers and hijackings thought the contact detail would be used for just that: security. Instead, Facebook is using the numbers to link netizens to other people, and target them with online ads.

For example, if someone you know – let’s call her Sarah – has given her number to Facebook for two-factor authentication purposes, and you allow the Facebook app to access your smartphone’s contacts book, and it sees Sarah’s number in there, it will offer to connect you two up, even though Sarah thought her number was being used for security only, and not for search. This is not a particularly healthy scenario, for instance, if you and Sarah are no longer, or never were, friends in real life, and yet Facebook wants to wire you up anyway.

Following online outcry over the weekend, a Facebook spokesperson told us today: “We appreciate the feedback we’ve received about these settings, and will take it into account.”

Source: When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security • The Register

Anyone surprised much?

Welding glass to metal breakthrough could transform manufacturing

Posted on by

Scientists from Heriot-Watt University have welded glass and metal together using an ultrafast laser system, in a breakthrough for the manufacturing industry.

Various optical materials such as quartz, borosilicate glass and even sapphire were all successfully welded to metals like aluminium, titanium and using the Heriot-Watt laser system, which provides very short, picosecond pulses of infrared light in tracks along the materials to fuse them together.

The new process could transform the and have direct applications in the aerospace, defence, optical technology and even healthcare fields.

Professor Duncan Hand, director of the five-university EPSRC Centre for Innovative Manufacturing in Laser-based Production Processes based at Heriot-Watt, said: “Traditionally it has been very difficult to weld together dissimilar materials like glass and metal due to their different thermal properties—the and highly different thermal expansions involved cause the glass to shatter.

“Being able to weld glass and metals together will be a huge step forward in manufacturing and design flexibility.

“At the moment, equipment and products that involve and metal are often held together by adhesives, which are messy to apply and parts can gradually creep, or move. Outgassing is also an issue—organic chemicals from the adhesive can be gradually released and can lead to reduced product lifetime.

“The process relies on the incredibly short pulses from the laser. These pulses last only a few picoseconds—a picosecond to a second is like a second compared to 30,000 years.

“The parts to be welded are placed in close contact, and the laser is focused through the optical material to provide a very small and highly intense spot at the interface between the two —we achieved megawatt peak power over an area just a few microns across.

“This creates a microplasma, like a tiny ball of lightning, inside the material, surrounded by a highly-confined melt region.

“We tested the welds at -50C to 90C and the welds remained intact, so we know they are robust enough to cope with extreme conditions.”

Read more at: https://phys.org/news/2019-03-welding-breakthrough.html#jCp

Source: Welding breakthrough could transform manufacturing

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Posted on by

Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications.

This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.

Speculative execution, the practice of allowing processors to perform future work that may or may not be needed while they await the completion of other computations, is what enabled the Spectre vulnerabilities revealed early last year.

In a research paper distributed this month through pre-print service ArXiv, “SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks,” computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.

The researchers – Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth and Berk Sunar – have found that “a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem” reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

“We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes,” the researchers explain.

“The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.”

 

Source: SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability • The Register