Silk Road 2.0 Shutdown

U.S. governmnent authorities said they have shut down the successor website to Silk Road, an underground online drug marketplace, and charged its alleged operator with conspiracy to commit drug trafficking, computer hacking, money laundering and other crimes.

Blake Benthall, 26, was arrested last Wednesday in San Francisco and was expected to make an initial court appearance in federal court there later on Thursday.

The charges against Benthall carry a maximum sentence of life in prison.

A lawyer for Benthall could not immediately be identified.

Silk Road 2.0 was launched late last year, weeks after authorities had shuttered the original Silk Road website in October and arrested its alleged owner, Ross Ulbricht, who went by the online alias, Dread Pirate Roberts.

“Let’s be clear – this Silk Road, in whatever form, is the road to prison,” Manhattan U.S. Attorney Preet Bharara, whose office is prosecuting both cases, said in a statement.

Benthall, known as “Defcon” online, became the operator of Silk Road 2.0 in December, one month after an unnamed co-conspirator launched the site, according to prosecutors.

Silk Road 2.0 provided an online bazaar where users across the world could buy and sell drugs, computer hacking tools and other illicit items, using the digital currency Bitcoin as payment, authorities said.

As of September, the site was generating at least $8 million a month in sales, they said.

The government’s investigation included an undercover agent who was able to infiltrate the administrative staff of the website and interact directly with Benthall, prosecutors said.

Ulbricht, 30, has pleaded not guilty and is scheduled for trial in New York in January.

Source

New Malware Targeting Apple Devices

Palo Alto Networks Inc  has uncovered a new group of malware that can infect Apple Inc’s  desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.

The “WireLurker” malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables, said Ryan Olson, intelligence director for the company’s Unit 42 division.

Palo Alto Networks said on Wednesday it had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.

The malware spread through infected apps uploaded to the apps store, that were in turn downloaded onto Mac computers. According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.

It’s unclear what the objective of the attacks was. There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books, Olson added.

But “they could just as easily take your Apple ID or do something else that’s bad news,” he said in an interview.

Apple, which Olson said was notified a couple weeks ago, did not respond to requests for comment.

Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs. Olson said it was the first time he had seen it in action. “It’s the first time we’ve seen anyone doing it in the wild,” he added.

Source

Dell Unveils 720TB Storage Server

Dell has unveiled the DCS XA90, an “ultra-dense” storage server capable of holding 720TB of data in a single 4U chassis.

Described by CEO Michael Dell on stage at the Dell World conference as “the power of a diesel truck in a Mini Cooper”, the DCS XA90 storage server means that a single Dell modular data centre of these units would hold 220PB of data, nearly a quarter of an exabyte.

“In a world where we could download our memories into those servers, we could house the experiences of about 90 people, an entire neighbourhood of digital lives,” said Dell.

He explained that the development of the DCS XA90 was driven by the demand for data storage that is “speeding us towards an exascale future”.

“That is what drove Dell to develop the DCS XA90 for our customers seeking extreme storage density and flexibility as they build out the cloud infrastructure of the future,” Dell added.

The DCS XA90 also packs two independent server nodes featuring Intel Xeon E5-2600v3 processors into each chassis, which Dell said makes it better for data-intensive analytics as well as archival storage.

As part of the announcement, Dell also revealed its PowerEdge FX architecture, a 2U enclosure with six PowerEdge server, storage and network IOA sleds built specifically to fit into the FX2 chassis and support varying workloads.

Due to ship in December, the PowerEdge FX architecture is described as “next-generation convergence” and a game changer in the IT industry, offering the flexibility to build configurations to meet requirements while simplifying management.

“There are other vendors who talk about convergence purely by doing an architecture rack,” said Dell’s server marketing vice president Ravi Pendekanti .

For example, HP’s Moonshot platform “just puts a bunch of blades together”, while Oracle’s Exadata platform “does one thing, and one thing really well, which is run Oracle’s enterprise applications”, he said.

The PowerEdge FX, which stands for ‘flexible infrastructure’, comprises a specially designed 2U rack-mount FX2 enclosure that can be filled with a choice of sled modules offering differing capabilities, enabling customers to adopt a building block approach to their infrastructure.

At launch, the sleds comprise a handful of full-width, half-width and quarter-width compute modules that allow customers to pick the performance and density required for applications such as web hosting, virtualisation or running databases, plus a half-width storage sled that can provide direct attached storage for the compute nodes.

Source

Intel Opens Up Core M

Intel has extended its Core M range of fanless mobile chips by adding four models to the three initial Core M processors launched at the IFA trade show in September.

Like those first fanless models, Intel’s new Core M processors are dual-core chips that support Hyperthreading in up to four threads and have thermal design power (TDP) ratings of 4.5W.

They’re faster than the initial Core M chips, with base clock speeds ranging from 800MHz to 1.2GHz and Turbo Boost speeds from 2GHz to 2.9GHz.

The firm’s initial Core M chips were also rated at 4.5W TDP but topped out at 1.1GHz and 2.6GHz under Turbo Boost.

These additional fanless mobile chips are configurable by system designers, in that OEMs can scale the chip speeds and power consumption up or down depending on the purpose and configuration of the device.

A compact tablet or notebook can conserve power by limiting processor speed, while a larger device can offer higher speed at the cost of higher power draw and heat.

Thus, these new Core M chips can be configured from 600MHz base clock speed and 3.5W TDP to 1.4GHz base clock speed and 6W TDP in the fastest model.

Intel has also boosted the integrated graphics processors in these latest Core M chips, offering GPU base clock speeds ranging from 300MHz to 900MHz, whereas the initial models supported 100MHz to 850MHz.

The detailed specifications of all of Intel’s Core M mobile processors are available on the firm’s website.

Intel said that these new fanless Core M processors will start hitting the market early next year.

Source

Adobe Eases Privacy Concerns

Tests on the latest version of Adobe System’s e-reader software reveals the company is now collecting less data following a privacy-related row last month, according to the Electronic Frontier Foundation.

Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), wrote Cooper Quintin, a staff technologist with the EFF. DRM places restrictions on how content can be used with the intent of thwarting piracy.

Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text.

Since that data was not encrypted, critics including the EFF contended it posed major privacy risks for users. For example, plain text content could be intercepted by an interloper from a user who is on the same public Wi-Fi network.

Adobe said on Oct. 23 it fixed the issues in 4.0.1, saying it would not collect data on e-books without DRM and encrypt data that is transmitted back to the company.

Quintin wrote the EFF’s latest test showed the “only time we saw data going back to an Adobe server was when an e-book with DRM was opened for the first time. This data is most likely being sent back for DRM verification purposes, and it is being sent over HTTPS.”

If an e-book has DRM, Adobe may record how long a person reads it or the percentage of the content that is read, which is used for “metered” pricing models.

Other technical metrics are also collected, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device, according to Adobe.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source

MDM Coming To Office 365

Microsoft will rollout mobile device management (MDM) capabilities to Office 365 in 2015, making it easier for firms to manage corporate data across a range of mobile devices, including those running iOS and Android as well as Windows.

Microsoft unveiled the updates coming to its Office 365 cloud-delivered productivity suite in 2015 at its TechEd Europe conference.

These will enable customers to apply security policies against devices that connect to Office 365 to ensure that email and documents can be accessed only by approved devices, plus the ability to remotely wipe Office 365 data if necessary.

Julia White, Microsoft general manager for Office 365, said that the updates will enable customers to offer “conditional access” to Office documents and email, such as ensuring that any device used by employees has not been jailbroken or rooted, which could potentially pose a security risk.

Administrators will be able to set policies directly from the Office 365 administration portal, and enforce the use of a Pin to secure access to the device. Any wipe of Office 365 content will not affect the user’s personal data, White added.

These MDM features coming to Office 365 are actually powered by Microsoft’s Intune cloud-based management service and are a subset of Intune’s capabilities, the firm disclosed.

Intune itself is also getting some upgrades that will enable customers to benefit from additional security features if they also subscribe to Intune.

These will include data leak prevention measures that enable policies to be applied against managed applications, preventing users from copying and pasting data from an Office 365 app to another, for example, or copying files from Office 365 to elsewhere on the device.

While these capabilities are built in to Office 365, Microsoft will also enable this to be extended to other applications using Intune app wrapper functionality, White said.

White also confirmed that Microsoft is working on an Android version of the Office for iPad suite of mobile productivity tools that the firm announced for Apple’s tablet platform earlier this year.

Microsoft’s Office announcement comes amid speculation that the firm will release Office for Android next month.

Source

TSMC’s FinFet Coming In 2015?

TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late Q2 or early Q3.

For consumers, this means products based on TSMC 16nm FinFET silicon should appear in late 2015 and early 2016. The first TSMC 16nm FinFET product was announced a few weeks ago.

TSMC executive CC Wei said sales of 16nm FinFET products should account for 7-9% of the foundry’s total revenue in Q4 2015. The company already has more than 60 clients lined up for the new process and it expects 16nm FinFET to be its fastest growing process ever.

Although TSMC is not talking about the actual clients, we already know the roster looks like the who’s who of tech, with Qualcomm, AMD, Nvidia and Apple on board.

This also means the 20nm node will have a limited shelf life. The first 20nm products are rolling out as we speak, but the transition is slow and if TSMC sticks to its schedule, 20nm will be its top node for roughly a year, giving it much less time on top than earlier 28nm and 40nm nodes.

The road to 10nm

TSMC’s 16nm FinFET, or 16FinFET, is just part of the story. The company hopes to tape out the first 10nm products in 2015, but there is no clear timeframe yet.

Volume production of 10nm products is slated for 2016, most likely late 2016. As transitions speed up, TSMC capex will go up. The company expects to invest more than $10bn in 2015, up from $9.6bn this year.

TSMC expects global smartphone shipments to reach 1.5bn units next year, up 19 percent year-on-year. Needless to say, TSMC silicon will power the majority of them.

Source

Google Goes To The Supreme Court

Google has asked the U.S. Supreme Court to rule on contentious litigation against Oracle arguing that the high court must act to protect innovation in high tech.

Google’s request seeks to overturn an appeals court ruling that found Oracle could copyright APIs of its Java programming language, which Google used to design its Android smartphone operating system.

Oracle sued Google in 2010, claiming that Google had improperly incorporated parts of Java into Android. Oracle wants $1 billion on its copyright claims. Oracle claimed Google’s Android trampled on its rights to the structure of 37 Java APIs. A San Francisco federal judge had decided that Oracle could not claim copyright protection on parts of Java, but earlier this year the U.S. Court of Appeals for the Federal Circuit in Washington disagreed.

In its filing this week, Google said the company would never been able to innovate had the Federal Circuit’s reasoning been in place when the company was formed.

“Early computer companies could have blocked vast amounts of technological development by claiming 95-year copyright monopolies over the basic building blocks of computer design and programming,” Google wrote.

Source

nVidia Finally Goes 20nm

For much of the year we were under the impression that the second generation Maxwell will end up as a 20nm chip.

First-generation Maxwell ended up being branded as Geforce GTX 750 and GTX 750 TI and the second generation Maxwell launched a few days ago as the GTX 980 and Geforce GTX 970, with both cards based on the 28nm GM204 GPU.

This is actually quite good news as it turns out that Nvidia managed to optimize power and performance of the chip and make it one of the most efficient chips manufactured in 28nm.

Nvidia 20nm chips coming in 2015

Still, people keep asking about the transition to 20nm and it turns out that the first 20nm chip from Nvidia in 20nm will be a mobile SoC.

The first Nvidia 20nm chip will be a mobile part, most likely Erista a successor of Parker (Tegra K1).

Our sources didn’t mention the exact codename, but it turns out that Nvidia wants to launch a mobile chip first and then it plans to expand into 20nm with graphics.

Unfortunately we don’t have any specifics to report.

AMD 20nm SoC in 2015

AMD is doing the same thing as its first 20nm chip, codenamed Nolan, is an entry level APU targeting tablet and detachable markets.

There is a strong possibility that Apple and Qualcomm simply bought a lot of 20nm capacity for their mobile modem chips and what was left was simply too expensive to make economic sense for big GPUs.
20nm will drive the voltage down while it will allow higher clocks, more transistors per square millimeter and it will overall enable better chips.

Just remember Nvidia world’s first quad-core Tegra 3 in 40nm was rather hot and making a quad core in 28nm enabled higher performance and significantly better battery life. The same was true of other mobile chips of the era.

We expect similar leap from going down to 20nm in 2015 and Erista might be the first chip to make it to 20nm. A Maxwell derived architecture 20nm will deliver even more efficiency. Needless to say AMD plans to launch 20nm GPUs next year as well.

It looks like Nvidia’s 16nm FinFET Parker processor, based on the Denver CPU architecture and Maxwell graphics won’t appear before 2016.

Source

« Previous Page — Next Page »