Insecurity experts have found that Intel chips are vulnerable to another side-channel attack similar to Meltdown and Spectre.
Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.
Dubbed “BranchScope” the attack is similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly.
The attacker needs to have access to the targeted system and they must be able to execute arbitrary code. But the researches think that the attack requirements are realistic.
The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.
According to Ars Technica in the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code then runs and makes a branch, which is potentially disturbing the PHT. The attacker then runs more branch instructions of its own to detect that disturbance to the PHT; the attacker knows that some branches should be predicted in a particular direction and tests to see if the victim’s code has changed that prediction.
To be fair to Chipzilla the researchers looked only at Intel processors, using the attacks to leak information protected using Intel’s SGX (Software Guard Extensions), a feature found on certain chips to carve out small sections of encrypted code and data such that even the operating system (or virtualization software) cannot access it. It might be that AMD chips could also suffer. They described ways the attack could be used against address space layout randomization and to infer data in encryption and image libraries.
Intel has commented on the findings saying it had been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits.
“We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.”
Courtesy-Fud
April 6, 2018 by admin
Filed under Around The Net
A US Judge who clearly didn’t understand the full repercussions of what they were doing, has ruled that Google’s use of Java APIs in the original Android code did not constitute fair use, and that reparations are due.
Some analysts believe that Google could be $8bn to $9bn poorer as a result of the ruling, the latest chapter in a long-running dispute.
The story runs thus: Google used the Java code, formally owned by Sun Microsystems to create large swaths of the Android code.
That’s fine because the code is open-source. However, the Java APIs, now owned by Oracle, are not, and Oracle has long since argued that it deserves a piece of the billions made by Google through the Android platform.
Despite a ruling in Google’s favour citing fair use, Oracle persisted and the latest appeal has seen that decision overturned by the Federal Circuit, remanding the matter to California state judges to set damages.
The issue here is, as it always has been, a direct part of the future of open source itself – because if APIs are seen as a chargeable copyrightable asset, separate from the language itself, then back bedroom developers and smaller companies will find it impossible to afford to develop this way.
Additionally, the precedent could result in Oracle being able to pursue thousands of other companies in the same way.
Oracle has claimed that Android ‘destroyed’ the Java mobile market and is willing to fight for that, even if it brings down the entire IT playhouse down.
“The Court pointed out that it was not holding that “a fair use defense could never be sustained in an action involving the copying of computer code”. That may be right, but this Court had no qualms about assessing and reassessing evidence and arguments that were made to the jury. It’s a decision that needs to be carefully and thoughtfully considered in any case involving fair use, particularly in the context of software,” said J Michael Keyes, a partner at Dorsey and Whitney who has been following the case.
He added that the ruling states that API packets are not to be considered ‘transformative’ and that even the slightest bit of proprietary code could be seen as enough to infringe copyright.
“This is a hugely important development in the law of copyright and fair use,” said Keyes.
It’s thought that the matter could now be escalated to the Supreme Court for yet another appeal.
Courtesy-TheInq
Physicist Dr Uriel Levy and his team have emerged from his lightning struck tower in the Hebrew University of Jerusalem having created a proof of concept for a working terahertz microchip.
Until now, two major challenges stood in the way of creating a workable terahertz microchip – scalability and the fact they tended to catch fire.
In a paper published this week in Laser and Photonics Review, which we get for the spot the Proton competition, Levy, and HU emeritus professor Joseph Shappir have shown proof of concept for an optical technology that integrates the speed of optic (light) communications with the reliability and scalability of electronics.
Optic communications encompass all technologies that use light and transmit through optic cables, such as the internet, email, text messages, phone calls, the cloud and data centers, among others. Optic communications are super fast, but in microchips, they become unreliable and difficult to replicate in large quantities.
By using a Metal-Oxide-Nitride-Oxide-Silicon (MONOS) structure, Levy and his team have come up with a new integrated circuit that uses flash memory technology in microchips. If successful, this technology will enable standard 8-16 gigahertz computers to run 100 times faster and will bring all optic devices closer to the holy grail of communications: the terahertz chip.
Levy said: “This discovery could help fill the ‘THz gap’ and create new and more powerful wireless devices that could transmit data at significantly higher speeds than currently possible. In the world of hi-tech advances, this is game-changing technology,”
Meir Grajower, the leading HU PhD student on the project, added, “It will now be possible to manufacture an optical device with the precision and cost-effectiveness of flash technology.”
Courtesy-Fud
Qualcomm’s introduction of a top notch 48 core 10nm server chip means that Intel’s milkmaid can no longer serve up expensive milk from its cash cow Xeons and the lot.
It’s years since Intel had any credible rival on the server front, but if Qualcomm’s hopes, as reported here, turn into reality, then Intel can wave its stonking profits goodbye.
Unless, of course, Intel in sheer desperation, pulls a rabbit out of its financially top notch hat and can waste its shareholders’ money with some stunning acquisition that will leave its new competitors reeling.
We wouldn’t put that past Intel. It has a habit of both shocking and being shocking.
But there’s more to this than meets the eye. Although Qualcomm has clearly humiliated Intel by beating it on the nanometer and processor front, there are many other considerations to take on board.
The first is the supply channel. Imagine if you are an ODM and you get approached because Qualcomm produces better chips than the Mighty Intel. You have to weigh up your relationship with Chipzilla and you had better not hack them off, particularly if a big chunk of your server business is Intel based.
Going down a stage further. Imagine if you are one of the worldwide Intel distributors and you take the Qualcomm route. Will Intel just sit on its ass while it sees its business sap away? We all remember the “Intel Inside” campaign where lots of money was thrown to keep people on the Intel path.
And going further down the supply chain, to the corporate level, imagine if you had an enormous data center all powered by Intel server chips. Can you imagine telling your chief technology officer (CTO) that there’s something better on the scene and cheaper, and faster.
And this last point is actually Intel’s Achille’s Heel. Driven by costs, driven by artificial intelligence, driven by cars, driven by profit, corporate customers might well take the Qualcomm route.
And that’s exactly what Intel’s milkmaid should contemplate while she is pumping the four udders of the milch cow.
Courtesy-Fud
BlackBerry has unveiled a comprehensive mobile-security platform for a wide range of Internet of Things devices connected to enterprises.
Officially named BlackBerry Secure, the mobile security software and related services will combine key technologies from recent BlackBerry acquisitions including Good Technology, WatchDox, AtHoc and Encription. The company detailed its efforts in a blog post.
BlackBerry emphasized that the new approach will simplify management and security for smartphones, tablets, sensors and industrial devices, among other objects, that it calls the “Enterprise of Things.” With this new approach, customers will be able to simplify management and lower cost.
“Blackberry is no longer about the smartphone, but about the smart in the phone and in cars and containers and medical devices and wearables and industrial devices,” BlackBerry Chief Operating Officer Marty Beard said in a late afternoon conference call.
“We believe this is the most comprehensive mobile security platform for the emerging Enterprise of Things,” Beard said.
BlackBerry officials said BlackBerry Secure is more than a re-branding of previous offers made to enterprises, since it combines disparate software platforms — a process that took company engineers nearly a year to complete. Customers will be able to access device management and security from a single back-end and a single front-end.
Customers will also be able to pick and choose capabilities under a set of five different suites revolving around the BlackBerry BES12 software that meets their needs. Payment will be made using an annual subscription model.
Carl Weise, president of global sales, said BlackBerry Secure is already in early trials with dozens of existing BlackBerry customers, though no customers were named. “We’ve gotten very good feedback on the early trials,” he said.
BlackBerry Secure will be available in the first 10 days of January, he said.
Source- http://www.thegurureview.net/mobile-category/blackberry-unveils-new-mobile-security-platform.html
Microsoft dropped a bomb on December 7th. At WinHEC it announced that the Next generation Qualcomm Snapdragon processors have full Windows 10 support. Yes, this time, they will run every Windows X86 application via an emulator.
It looks like 2017 will be a fun year. Qualcomm, all of a sudden got support for Windows 10 on its mobile computing devices. This will enable new anytime, anywhere connected device form factors. What Qualcomm and Microsoft are trying to say is that you can expect some tablet/notebook devices powered by SoCs that aren’t coming from Intel nor AMD.
This will help the synergy between mobile devices and computers and may well be the right way to do the Windows “continuum” in the right way.
The Windows 10 devices powered by Snapdragon are expected to support all aspects of Microsoft’s latest operating system including Microsoft Office, Microsoft Edge browser, Windows 10 gaming titles like Crysis 2 and World of Tanks, Windows Hello, and touchscreen features like Windows Pen. Qualcomm Snapdragon powered devices are expected to support Universal Windows Platform (UWP) apps and Win32 apps through emulation, providing users with a wide selection of full featured applications. There is no label but most things should work, if not all of them.
This is definitely better than Windows RT, when Microsoft tried to develop Windows on ARM – a platform that simply confused the market as it would not run X86 applications. Now that problem is solved.
Terry Myerson, executive vice president of the Windows and Devices Group at Microsoft said:
“We are excited to bring Windows 10 to the ARM ecosystem with our partner, Qualcomm Technologies, We continue to look for ways to empower our customers to create wherever they are. Bringing Windows 10 to life with a range of thin, light, power-efficient and always-connected devices, powered by the Qualcomm Snapdragon platform, is the next step in delivering the innovations our customers love – touch, pen, Windows Hello, and more – anytime, anywhere.”
Cristiano Amon, executive vice president, Qualcomm Technologies, Inc. and president, QCT said:
“Qualcomm Snapdragon processors offer one of the world’s most advanced mobile computing features, including Gigabit LTE connectivity, advanced multimedia support, machine learning and superior hardware security features, all while supporting thin, fan-less designs and long battery life. “With full compatibility with the Windows 10 ecosystem, the Qualcomm Snapdragon platform is expected to support mobility to cloud computing and redefine how people will use their compute devices.”
The first devices running the full Windows 10 experience based on Snapdragon processors are expected to be commercially available in the second half of 2017. From what we understand, this cooperation will not only include Snapdragon 835 and it looks like that all future chips might end up getting support for Windows 10. We will have to wait until the second half of next year to see which will be the first company to launch a device powered by Snapdragon.
It will be interesting to see if that incurs a performance penalty for emulating the applications written for X86 on ARM architecture as emulation always cost you some performance. But Qualcomm and Microsoft would not go to this venture if it wasn’t something they could generally contribute to. This announcement has just put a lot of fuel to a Snapdragon 835 powered Surface phone, or at least a Surface device at some point.
We have a feeling that that might be Microsoft itself of one of the big OEMs think Dell, HP, Lenovo kind of customers.
Courtesy-Fud
December 13, 2016 by admin
Filed under Around The Net
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html
December 12, 2016 by admin
Filed under Around The Net
The word on the information street is that Google wants to buy Facebook. It is entirely speculative, but could have legs.
Information leaked suggests that talks are well advanced between the two companies.
Anecdotal evidence from many Facebook users suggests that talks are well advanced and the companies are already sharing experimental data, between themselves, of user data. Other sources suggest that Microsoft (Vole) is also interested in Facebook and, conversely, that Facebook is interested in buying Microsoft.
None of the companies cared enough to comment to Fudzilla at press time.
Courtesy-Fud
December 9, 2016 by admin
Filed under Around The Net
Researchers have worked out a way to push Wi-Fi speeds to 34 Gbps using the TeraHertz band.
While greater bandwidth in the 300GHz and above band has been known for a while it is pointless because the range makes it a chocolate teapot.
Some researchers have managed to hit 100 Gbps but when it only works for a few centimeters it is not commercially viable.
Now boffins at the Tokyo Institute of Technology have got the technology to provide a great 34 Gbps speed with a decent range.
Naoto Oshimo, one of the scientists behind this latest test, said that “device performance is almost sufficient for short-distance wireless communication such as KIOSK downloads, which might be its first application”. By that they mean that they have managed 10 metres, almost OK for home use.
Oshimo believes that this technology will scale hugely in terms of the speed as well, and we could eventually be looking at topping the 1Tbps mark.
Courtesy-Fud
MediaTek has announced two more Helio X20 series products – a Helio X27 and an X23 and as you can figure out from the names; Helio X27 is faster than the X25 while X23 is a bit slower.
Helio X25 was the fastest deca-core 20nm SoC from MediaTek with three cluster designs and this SoC ended up in quite a few prominent China higher end phones including a few Meizu devices. But it looks like customers wanted a bit faster camera, SoC and GPU performance for its late 2016 early 2017 phones, the ones that will launch before the Helio X30 comes to market.
Jeffrey Ju, Executive Vice President and Co-Chief Operating Officer at MediaTek said: “The MediaTek Helio platform fulfills the diverse needs of device makers. Based on the success of MediaTek Helio X20 and X25, we are introducing the upgraded MediaTek Helio X23 and X27. The new SoCs support premium dual camera photography and provide best in-class performance and power consumption,”
The Helio X25 has two Cortex A73 cores clocked at 2.5 GHz, four Cortex A53 clocked at 2.00 GHz and last four Cortex A53 clocked at 1.55GHz. The Mali GT880 graphics is clocked at 850 MHz.
The Helio X20 has two Cortex A73 cores clocked at 2.1 GHz, four Cortex A53 clocked at 1.85 GHz and last four Cortex A53 clocked at 1.4GHz. The Mali GT880 graphics is clocked at 780 MHz.
The newcomer, Helio X27, has two Cortex A73 cores clocked at 2.6 GHz, four Cortex A53 clocked at 2.00 GHz and the last four Cortex A53 clocked at 1.6 GHz. The Mali GT880 graphics is clocked at 875 MHz. The rest of the specification is identical to the Helio X25.
The Helio X23 has two Cortex A73 cores clocked at 2.3 GHz, four Cortex A53 clocked at 1.85 GHz and the last four Cortex A53 clocked at 1.4GHz. The Mali GT880 graphics is clocked at 780 MHz. As you can see, this is just a slightly faster version of Helio X20 and it sits just below Helio X25 with its specs.
Thanks to MediaTek-engineered advancements in the CPU/GPU heterogeneous computing scheduling algorithm, both products deliver more than a 20 percent overall processing improvement and significant increases in web browsing and application launching speeds. This definitely sounds promising but you should bear in mind that MediaTek had enough time to optimize these designs of the new and updated SoCs.
Phones based on the Helio X27 and X23 will be available soon.
Courtesy-Fud
Comments