[Swordmaker]

I have no comment as I have seen nothing on this from any other source. This is a cross platform vulnerability and may be just that, and mostly theoretical, at this point.

[Swordmaker]

Is there a vulnerability for both MacOS, including new M1 Macs, and Windows, with Intel? Might be. I don’t know. Cornell security researchers say there is using a non-JavaScript HTML/CSS hack. I have seen nothing in detail.—PING!

APPLE, Android, and WINDOWS PING!

If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.

[Swordmaker]

Thanks to Freeper Mark17 for the heads up...

[Pollard]

Kind of light on details. html5 is pretty functional these days and will do things only jacascript would do a few years ago.

[ArcadeQuarters]

Hmmm. Maybe something related to css image urls?

[ScubaDiver]

I don’t want to dismiss or diminish the problems of malware in technology today. But, aren’t most - or at least many - of these kinds of exploit warnings largely theoretical in nature?

[Menehune56]

Thanks for the heads up. I wonder if a VPN eliminates vulnerability.

[rarestia]

This article is bordering on useless. What’s the vulnerability? Is it remote code execution (RCE)? Data exfiltration? Privacy breach? They just say “oh, there’s this vulnerability. It doesn’t require Javascript.” Great! Thanks. What’s it do?

[tina07]

I am completely illiterate about any and all of this, just wanted to mention what’s been happening when I’m on facebook. Multiple pages open up, 15 to 20 sometimes, of anything I scroll past on facebook, ads, pictures someone posts, anything. It seemed to only be when I was on fb but about 20 minutes ago I opened a link someone posted on here, on another thread, and 2 additional pages of the same link opened up. Not sure if it indicates a hack or what and no idea how to stop it.

I have a Lenovo ThinkPad laptop, given to me by a friend, and Windows 10. I use Firefox for a browser and a couple of months ago switched to DuckDuckGo for a search engine, had google before that.

Thanks..and sorry for posting a possible unrelated issue.

[VeniVidiVici]

I still use Win7 for my general searches, which are benign, and freerepublic. Anything else I use Oracle Virtualbox.

[sauropod]

.

[Skywise]

Did a little digging on this - for the average person it’s not going to be a big deal.

This is once again some hacks getting their masters thesis by writing papers on stating the obvious.

What they’ve “proven” is that they can figure out things about the physical characteristics about your computer - like memory speed, CPU type, power consumption, etc via the scary term “side-channel attack”

https://www.wired.com/story/what-is-side-channel-attack/

This isn’t all that complex - regardless of VPN and browser security you STILL pull down web page info from the server. CSS still has some scripting features (for stuff like animation and scaled scrolling) so stick a little processing for animation in there that changes how things are loaded and voila, the server knows some things about the computer it sends data too.

At BEST - the most information they’re going to get from you is a hardware fingerprint - but that’s not going to mean anything because all MacBook 13” M1s are the same hardware!!!

In an spy situation it gets a little more serious because you can figure out a profile and maybe usage patterns on a group or business and focus any hacking efforts - but in the grand scheme of things it’s nothing to worry about.

[bitt]

p

(even a VPN...)

[Sir_Ed]

Well this is spooky!

Thanks, Swordmaker!