
The Spy in the Sandbox: Practical Cache Attacks in JavaScript - aaron695
http://arxiv.org/abs/1502.07373#
======
mmastrac
From reading this paper, this appears to allow you to guess what a computer is
doing by determining which memory regions are actively in use by making use of
the high precision timer.

By training it on something like network or mouse pointer data, you can
determine whether a user or network is active based on cache activity
patterns. You can't resolve much else other than this high-level view of which
segments are in use, but they've been pretty creative figuring out what this
can tell you.

It's possible that this could be used as another method to fingerprint Tor
users, or confirm that a given Tor user corresponds to a given insecure user.

~~~
askmike
This paper is really more about the fact that basically everyone is
automatically vulnerable to this attack. It doesn't really address the
applications, but:

> [..] the attacker must now correlate the cache sets he has profiled to data
> or code locations belonging to the victim. This learning/classification
> problem was addressed earlier by Zhang et al. in [25] and by Yarom et al. in
> [23], where various machine learning methods such as SVM were used to derive
> meaning from the output of cache latency measurements.

------
chrisdotcode
This is why people use NoScript. Not that we're Luddites, but rather arbitrary
scripts means arbitrary vulnerabilities that are automatically exploitable.

It's not that we don't want to see your cool new site built in Angular 2.0,
but rather the principle of least privilege[0] is _even more_ relevant with
respect to the web.

People wouldn't think you're crazy for leaving Java applets off by default
(even when they were popular), and it's an ad populum fallacy to say that just
because everyone uses JavaScript you should trade your own personal security
so that developers can use AJAX instead of a form POST.

[0]
[https://en.wikipedia.org/wiki/Principle_of_least_privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege)

