Skip to main content

‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks

A team of researchers has revealed a new security vulnerability in the Thunderbolt data transfer specification called “Thunderclap” that could leave computers open to serious attacks from otherwise innocuous USB-C or DisplayPort hardware.

As researcher Theo Markettos explains, Thunderclap takes advantage of the privileged, direct-memory access (DMA) that Thunderbolt accessories are granted to gain access to the target device. Unless proper protections are put in place, hackers can use that access to steal data, track files, and run malicious code.

It’s the sort of OS-level access that accessories like GPUs or network cards are typically granted. Because Thunderbolt is designed to replicate those functions externally, it requires the...

Continue reading…



from The Verge - All Posts https://ift.tt/2BUuJbG
Labels:

Comments

Post a Comment

Popular posts from this blog

Pandora Stories lets artists add commentary to their own playlists

Pandora launched Stories today, a tool that lets artists and creators add voice commentary to their own playlists. The Stories feature merges podcasts with music playlists, and is meant for artists to add context to an album, or for podcasters to experiment with new storytelling formats. The feature is part of Pandora AMP, the streaming service’s free Artist Marketing Platform that helps creators promote their work. To kick off the launch, Pandora’s prepared some Stories by artists like John Legend and Daddy Yankee, who tell listeners their personal stories interspersed between their own songs. There’s also a Stories playlist called Love Songs That Aren’t Really Love Songs , which includes commentary on individual songs like a podcast... Continue reading… from The Verge - All Posts https://ift.tt/2Xz1oNc
Post a Comment
Read more

Minneapolis hiring social media influencers for former police officers’ trials

George Floyd died in police custody in May 2020 | Getty Minneapolis is hiring social media influencers to share “city-generated and approved messages” during the trials of four former city police officers charged in the May 2020 killing of George Floyd, according to the Minnesota Reformer . The Minneapolis city council approved the plan on Friday, which calls for six influencers to be paid about $2,000 each to spread the city’s messages with Black, Native American, Hmong, and Latino communities. The goal is to “address/dispel incorrect information” by using “trusted messengers,” part of a program the city refers to as its Joint Information System to share “timely and relevant information” with the public during the trials. “Through the Communications and Neighborhood and Community Relations... Continue reading… from The Verge - All Posts https://ift.tt/3q1AY3x
Post a Comment
Read more

Android Addition Opens FIDO Password Killer to Billions

The FIDO Alliance hammered another nail into the passwords coffin with the announcement that devices running Android 7.0 or higher will be compatible with FIDO2. Certification of Android 7.0+ means devices running those versions of Google's mobile operating system will support FIDO2 out of the box or through a software update. FIDO2, introduced last year, provides a FIDO Web authentication standard that combines the World Wide Web Consortium's Web Authentication specification with FIDO's Client-to-Authenticator protocol. from TechNewsWorld https://ift.tt/2GQVG4f
Post a Comment
Read more