Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Google Chrome Introduces V8 Sandbox to Bolster Security

Google has unveiled support for the V8 Sandbox in its Chrome web browser, aiming to combat memory corruption issues. According to Samuel Groß, the V8 Security technical lead, the sandbox prevents the spread of memory corruption within the host process. 

Described as a lightweight, in-process sandbox for the JavaScript and WebAssembly engine, the V8 Sandbox mitigates common vulnerabilities. It restricts V8 code execution to a subset of the process's virtual address space, isolating it from the rest of the process to limit vulnerability impact. These vulnerabilities have comprised a significant portion of Google's addressed zero-day vulnerabilities, with up to 16 security flaws discovered between 2021 and 2023. 

The sandbox assumes attackers can arbitrarily modify memory inside the sandbox address space and aims to protect the rest of the process from such attacks. Groß highlights the challenges of addressing V8 vulnerabilities with memory-safe languages like Rust, given the exploitable "subtle logic issues." The V8 Sandbox isolates V8's heap memory to prevent memory corruption from escaping to other parts of the process's memory. It replaces data types accessing out-of-sandbox memory with sandbox-compatible alternatives to prevent attackers from accessing other memory. 

Benchmark results indicate a 1% overhead on typical workloads, allowing the sandbox to be enabled by default in Chrome version 123 across multiple platforms. The V8 Sandbox requires a 64-bit system because it needs a large virtual address space. It's seen as a necessary step toward memory safety in JavaScript engines, as current memory safety technologies are largely ineffective in optimizing them. 

Additionally, Google highlights the role of Kernel Address Sanitizer (KASan) in detecting memory bugs in native code and enhancing Android firmware security. KASan has been instrumental in discovering over 40 bugs, underscoring its importance in precluding memory corruption vulnerabilities before they reach user devices.


Source: https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html


Caitlin Joyce (CaitlinG) Galanza | News
Created: April 08 2024 | Updated: on 4/8/24
Comments


  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi