Tag: Branding

Another Vulnerability Found In Intel CPU’s

More bad news for Intel. Yet another security flaw has been identified in the processors the company makes.  This one is so newly discovered that the full technical details have yet to be released.  Here’s what we know so far, from a recent Intel announcement:

“System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch…Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other process through a speculative execution side channel that infers their value.”

In simpler terms, what this means is that a hacker could use this exploit to gain partial cryptographic keys used by other programs running on the target computer.

While related to the recent Spectre and Meltdown security flaws, this one is different in two ways.  First, it’s not quite as severe as the formerly discovered flaws in scope or scale.  To make use of this, one would require an incredibly exotic attack that would simply be beyond the capabilities of most hackers.

Also, it should be noted that where Spectre and Meltdown impacted dozens of chipsets dating back more than a decade, the “Lazy FP State Restore” flaw only impacts chips beginning at Sandy Bridge.

The other key difference is that the flaw in this case, does not reside in the hardware.  That’s good news for businesses of all shapes and sizes, because it means that when Intel and their hardware vendors have a patch ready, it will be quick and relatively painless to install it.

Unfortunately, since the initial discovery of Spectre and Meltdown, a number of variants of those flaws have emerged, and now this new one.  It’s unlikely that this will be the last we’ve seen of these types of issues, so if you’re using Intel equipment, brace yourself.  There’s likely more to come.

Apple Will Officially No Longer Sell Routers

After more than two decades in the business, Apple is officially going to stop selling routers.  The writing has been on the wall for a while now, since the company’s “AirPort” family of products hasn’t received a significant update in more than five years.

When Apple first introduced its AirPort product line, wireless computing was still something of a rarity, and Apple’s offerings were ahead of their time.  In the years between then and now though, the market has changed significantly.  Unfortunately, Apple’s product line never really changed with it.

These days the competition is fierce with industry giants like Google and Linksys both offering great options for power users. With the rise of mesh networks, the AirPort product line has fallen increasingly behind the times.

The company announced that it would sell its existing AirPort product inventory and support its current user base for the time being, but after that, it would quietly fade away.  The company has simply moved on and has redirected its efforts toward other initiatives.

In looking at the broader market, it’s not a huge blow. Of course, if you own and use an AirPort product, now is the time to begin casting about for alternatives.  The clock is ticking, and once Apple sheds its existing inventory, we can expect to get an end of support date from them. This will leave any AirPort products still in operation at that point increasingly vulnerable to a variety of hacks.

Even so, given how ubiquitous wireless networking is these days, and how many powerful options are out there, finding a replacement for your AirPort product shouldn’t present too much of a challenge.  Just make sure your IT staff knows that the end is nigh, so they can get a replacement in place before the clock runs out.

T-Mobile And Sprint To Merge Companies

The on-again, off-again talks about a merger between T-Mobile and Sprint is definitely back on, with T-Mobile planning to buy Sprint for a staggering $26 billion.

The deal has been in the works since before Trump was elected President. It died quietly when it became clear that the Obama administration would not allow the deal to go forward, due to concerns that it would leave the US with only three telecom providers, which could harm consumers.

The Trump administration has made it clear that they applaud the move.  However, Trump’s Justice Department may be a significant hurdle to clear.  Nonetheless, as things stand now, the deal is steaming ahead and the combined company would have a whopping 127+ million customers, putting it not far behind AT&T’s 141.6 million and Verizon Wireless’ 150.5 million customers. T-Mobile’s CEO John Legere would lead the new, larger company.

John had this to say about the planned merger:

“This combination will create a fierce competitor with the network scale to deliver more for consumers and businesses in the form of lower prices, more innovation, and second-to-none network experience – and do it all so much faster than either company could on its own.”

The underlying argument in favor of the merger is that the US is falling behind in terms of network speed. If there is to be any hope of arriving first at a nationwide 5G network, we need bigger, stronger and more robust competitors.

As history shows us clearly though, the regulators of the previous administration have valid concerns about the monopolization of the industry.  Any time there are fewer competitors on the board, regardless of the industry, consumers invariably get hit with higher prices. There’s no reason to believe this merger will lead to a different outcome.

Regardless, it now appears that the merger is likely to happen.

Some VW and Audi Cars May Be Hacked Through WiFi

Thanks to researchers Daan Keuper and Thijs Alkemade (who work at the Dutch cyber-security firm Computest), newly produced Golf GTE and Audi A3 vehicles are a little bit safer, and a lot less vulnerable to remote hacks.

The duo found that by taking advantage of these vehicles’ WiFi connection, they could access the cars’ IVI, (in-vehicle infotainment system) and from there, gain access to other systems as well.

The researchers had this to say about their work:

“Under certain conditions, attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and conversation history.  Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time.”

It gets worse though.  Once the researchers had gained access to these systems, they found they could also access the car’s braking and acceleration systems. They stopped short of performing exploits on these for fear of violating Volkswagen’s intellectual property rights.  A hacker, however, would not hesitate to do so.

Worse still, the company apparently had no idea there was a problem. In fact, when the researchers presented their findings, they discovered that the company had deployed the IVI system completely untested.

Since bringing the issue to the company’s attention, they have addressed the issue. However, the fix only applies to newly manufactured vehicles.  If you purchased either of the models listed above prior to June 2016, your vehicle has not received the fix, and will not get fixed unless you take it back to the dealership.  There’s no way for the company to remotely install it.  That means there are untold thousands of cars on the road right now that are vulnerable.

All Twitter Passwords Exposed, Change Your Password Now

Twitter shot itself in the foot recently but is working hard to get out in front of the problem.  According to a recent blog post, the company experienced an issue with its hashing routine – a process which masks user passwords, making them virtually impossible to crack.

Because of the issue, user passwords were stored as plain text on an internal log file.  The company found the bug on its own, conducted an investigation and found no evidence that anyone discovered the log file and appropriated it.  Although they gave no indication as to how many user passwords the log file contained, they nonetheless urged all of their 330+ million users to change their passwords immediately as a safety precaution.

This could have been far worse for the company, had the log been discovered by a diligent security researcher, or worse still, by a hacker.  Even so, it’s a fairly damaging bit of news that’s sure to cause at least some lost trust with its growing user base.

If you use Twitter, you should definitely take the company’s recommendation to heart and change your password immediately.  As ever, when you do, the best thing you can do to help yourself is to be sure you’re not using the same password on Twitter as you use on other websites you frequent.  That way, even if your password is compromised, the damage will be limited to your Twitter account only.

An even better solution would be to use a password safe, which securely stores the passwords of the various sites you frequent. Although even this step doesn’t provide bullet-proof protection, as password safes are by no means immune to hacking.

Diligence and vigilance are once again the keys.  Keep your passwords secure and change them often.

Vulnerability In Mac OS Went Unnoticed For Years

Researchers at Okta Security have stumbled across something big.  Recently, they discovered a flaw in Apple’s OS that would have allowed hackers to completely undermine Apple’s code signing process.

While at first glance that doesn’t sound so bad, the implications are terrifying.  In a nutshell, code signing uses cryptographic “signatures” to verify and validate code.  If code bears the digital signature, it is considered trusted.  If it’s trusted, then it’s given an automatic free pass, straight into the heart of any system.

Unfortunately, this flaw in Apple’s code signing process dates back more than a decade. It was only recently discovered, and purely by chance at that.

An extensive forensic analysis has turned up no evidence suggesting that this exploit was ever used for nefarious purposes, which is the one silver lining in all of this.

Upon discovering the flaw, Okta personnel reached out to Apple and other vendors who could have been impacted by the flaw, including tech giants like Google, Facebook and also smaller players like VirusTotal, Objective Development, Yelp, and Carbon Black.

Apple moved swiftly and has since fixed the issue, so this one can be considered a bullet dodged.

Josh Pitts, an Okta engineer, sums the issue up:

“Different types of tools and products use code signing to implement actionable security; this includes whitelisting, antivirus, incident response and threat hunting products.  To undermine a code signing implementation for a major OS would break a core security construct that many depend on for day to day security operations.”

A completely fair assessment.  Thankfully (at least in this particular case), although the issue was hiding in plain sight, it does not appear to have been exploited before being fixed.  We won’t always be so lucky.

New SSD Drive Can Hold 8TB of Storage

Good news for the business world in general, and the owners of data centers, in particular.

Mass storage is about to get vastly more efficient thanks to Samsung’s recently launched solid state drive, which manages to pack an impressive 8TB of storage into a delightfully small footprint, measuring just 11cm x 3.05cm.

Not only do the new drives deliver twice the storage capacity of the SSDs used in high-end servers and slim line laptops, but it also has an impressive read speed of 3100 MB/s, and write speeds of 2000 MB/s. The read speed of the new drive is five times faster than the speeds you typically get from SATA SSDs, and the write speeds are three times faster.

When hyper-scaled, that means that enterprise server system could perform more than a million IOPS in a 2U rack space, and that translates into a significant ROI for large-scale data centers.

It gets even better. Samsung is planning to release a 512 gigabit version of its 3-bit V-NAND SSD later this year, which will allow significant improvements in processing speeds for big data applications.

What we’re talking about here, ultimately, is storage and processing density. The new SSD is built with 16 512GB NAND package, stacked in sixteen layers of 256 gigabit 3-bit V-NAND chips that were specifically engineered with massive SSDs in mind.

This allows data centers to triple total system density in the same footprint, and allows for a mind-boggling 576 terabytes of storage in 2U rack servers.

This is paradigm shifting and will make cloud-based service providers even more attractive. The most successful of these already have hyper-scale data centers in place, already have a wealth of experience when it comes to handling Very Large Data sets and experience dealing with applications designed to sift through those mountains of data. Enterprise users, rejoice!