Sponsored Content

Intermarkets' Privacy Policy

Donate to Ace of Spades HQ!

Recent Entries
Absent Friends
westminsterdogshow 2023
Ann Wilson(Empire1) 2022
Dave In Texas 2022
Jesse in D.C. 2022
OregonMuse 2022
redc1c4 2021
Tami 2021
Chavez the Hugo 2020
Ibguy 2020
Rickl 2019
Joffen 2014
AoSHQ Writers Group
A site for members of the Horde to post their stories seeking beta readers, editing help, brainstorming, and story ideas. Also to share links to potential publishing outlets, writing help sites, and videos posting tips to get published. Contact OrangeEnt for info
Cutting The Cord And Email Security
Moron Meet-Ups

THE MORNING RANT: Polite Conservatives, Lauren Boebert, and “How Losing My Political Values Helped Me Gain My Freedom” | Main | The Morning Report — 9/27/23
September 27, 2023

Daily Tech News 27 September 2023

Top Story

  • A new attack on GPUs can steal data from web pages as you view them. (Ars Technica)

    This affects all significant GPU manufacturers - not just AMD and Nvidia, but also Intel (including integrated graphics), Apple, ARM, and Qualcomm's Adreno graphics, and impacts Chrome and Chromium-based browsers including Microsoft Edge.

    How worried should you be?

    Not at all.

    In the example provided by the security researchers, visitors to a malicious website that showed Wikipedia in an embedded frame (which Wikipedia allows websites to do) could have their usernames read by the site inside of, well, half an hour.

    If they didn't scroll the page at all during that time.

    What the hack does is very clever though not very useful, but is a great example of an entire class of tricks called side-channel attacks.

    The host website (the malicious one) loads the Wikipedia content, and then starts drawing over it invisibly using SVG filters. (SVG is scalable vector graphics, a set of drawing operations supported by web browsers.)

    Most browsers support hardware acceleration for SVG, and if that is in effect, there is a consistent, measurable - though tiny - difference in the time taken to draw SVG filters depending on what is behind the filter.

    So by drawing filters over and over, at slightly different angles and screen locations, you can tell the difference between white background and black text depending on how long the drawing operations over each pixel take on average.

    It's statistical, and slow, but it gives you a blurry copy of what is showed on screen in a page that is supposed to be safely sandboxed away from the malicious site.

    So after half an hour of busily drawing invisible filters, the host website - knowing where on the page Wikipedia shows the username - has a blurry copy of that tiny section of the page and can OCR it and find out who you are.

    Of course, if you scroll the page at all during that half hour, its fun is ruined and all it gets is a jumbled mess.

    And what hackers really want is passwords and credit card CVCs, and all that it can get there - even if you leave the page whirring away with the login box open for half an hour - is *******.

    But when you see these hacks that leak data at the rate of one bit per minute or something like that, they are doing the digital equivalent of very, very slowly shading in a page on a notepad to get an impression of what was written on the previous page.

Tech News

Disclaimer: Donna Noble has an overdue library book. Donna Noble has been fined.
digg this
posted by Pixy Misa at 04:15 AM

| Access Comments

Recent Comments
BourbonChicken: "Furiosa story from the Mad Max director https:/ ..."

JT: "Thanks Skip ! ..."

Duncanthrax: "[i]So, what's this about smelly penguins? Posted ..."

Tim The Enchanter [/s] [/u] [/i] [/b]: "The absence of mephitic Spheniscidae this evening ..."

Hairyback Guy: "Gavin is a venomous snake. And a piece of sh*t. P ..."

LenNeal: "Evenin’, All. I’m back. Didja miss ..."

Bulgaroctonus : "Evenin’, All. I’m back. Didja miss ..."

Yudhishthira's Dice: "You know that the FBI will see to it that the guy ..."

LenNeal: "Wait a minute!... Posted by: Hadrian the Seventh' ..."

San Franpsycho: "Gavin is a venomous snake. And a piece of sh*t. ..."

LenNeal: "The absence of mephitic Spheniscidae this evening ..."

Drive by: "What I don't understand is Trump sucking up to New ..."

Recent Entries

Polls! Polls! Polls!
Frequently Asked Questions
The (Almost) Complete Paul Anka Integrity Kick
Top Top Tens
Greatest Hitjobs

The Ace of Spades HQ Sex-for-Money Skankathon
A D&D Guide to the Democratic Candidates
Margaret Cho: Just Not Funny
More Margaret Cho Abuse
Margaret Cho: Still Not Funny
Iraqi Prisoner Claims He Was Raped... By Woman
Wonkette Announces "Morning Zoo" Format
John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia
World Muslim Leaders Apologize for Nick Berg's Beheading
Michael Moore Goes on Lunchtime Manhattan Death-Spree
Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears
Liberal Economists Rue a "New Decade of Greed"
Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility
Intelligence Officials Eye Blogs for Tips
They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan
Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq
Leather-Clad Biker Freaks Terrorize Australian Town
When Clinton Was President, Torture Was Cool
What Wonkette Means When She Explains What Tina Brown Means
Wonkette's Stand-Up Act
Wankette HQ Gay-Rumors Du Jour
Here's What's Bugging Me: Goose and Slider
My Own Micah Wright Style Confession of Dishonesty
Outraged "Conservatives" React to the FMA
An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear
The Story the Rightwing Media Refuses to Report!
Our Lunch with David "Glengarry Glen Ross" Mamet
The House of Love: Paul Krugman
A Michael Moore Mystery (TM)
The Dowd-O-Matic!
Liberal Consistency and Other Myths
Kepler's Laws of Liberal Media Bias
John Kerry-- The Splunge! Candidate
"Divisive" Politics & "Attacks on Patriotism" (very long)
The Donkey ("The Raven" parody)
Powered by
Movable Type 2.64