Sign up for our Technology Newsletter 
Apple Blasted For Not Blocking Stolen Certificates
Comments Off on Apple Blasted For Not Blocking Stolen Certificates
A security researcher blasted Apple for what he called “foot dragging” over the DigiNotar certificate fiasco, and urged the company to act fast to update Mac OS X to protect users.
“We’re looking at some very serious issues [about trust on the Web] and it doesn’t help matters when Apple is dragging its feet,” said Paul Henry, a security and forensics analyst with Arizona-based Lumension.
Unlike Microsoft, which updated Windows Tuesday to block all SSL (secure socket layer) certificates issued by DigiNotar, Apple has not updated Mac OS X to do the same.
DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website’s identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for weeks.
Because almost all the people who were routed to a site secured with one of the stolen certificates were from Iran, many experts suspect that the DigiNotar hack was sponsored or encouraged by the Iranian government, which could use them to spy on its citizens.
Microsoft isn’t the only software maker to block all DigiNotar certificates: Google, Mozilla and Opera have also issued new versions of their browsers — Chrome, Firefox and Opera — to completely, or in Opera’s case, partially prevent users from reaching websites secured with a DigiNotar certificate.
Users of Safari on Mac OS X, however, remain at risk to possible “man-in-the-middle” attacks based on the fraudulently obtained certificates.
Because Safari relies on the underlying operating system to tell it which certificates have been revoked or banned entirely, Apple must update Mac OS X. The Windows edition of Safari, which has a negligible share of the browser market, taps Windows’ certificate list: That version is safe to use once Microsoft’s Tuesday patch is applied.
Microsoft: Stolen SSL Certs No Good
Comments Off on Microsoft: Stolen SSL Certs No Good
Microsoft has officially stated that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.
The company’s assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft’s update services, was revealed by Dutch authorities and several other affected developers.
“Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers,” said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. “The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued
and secured by Microsoft.”
Seven of the 531 certificates now known to have been fraudulently obtained by hackers in July were for the domains update.microsoft.com and windowsupdate.com, while another six were for *.microsoft.com.
The Linux Kernel Got Hacked
Servers that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.
According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.
“Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.
The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.
Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.
According to the kernel.org admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.
The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.
AMD Ships One Million Llano Processors
It appears that AMD has successfully managed to ship one million Llano chips in the second quarter, which is weeks ahead of the official launch.
AMD released the news during its earnings conference call. Where interim CEO Thomas Seifert said demand for Llano was strong. “We expect Llano ramp to outpace the Brazos ramp,” he noted.
If you look back at AMD’s Brazos launch, they managed to ship around one million units ahead of its scheduled launch, in the fourth quarter of 2010. Conversely, introducing Llano will be a bit more challenging, because AMD is planning to offer many varieties of mobile and desktop SKUs; including affordable dual- and triple-core processors. Therefore, Llano is expected to outpace Brazos very soon. AMD also made mention in their earnings call that total APU shipments for the quarter hit seven million. That said, so 6 million of them were Brazos processors.
It is believed that AMD Llano chip will take 50 percent of their total CPU shipments by the end of the year. In the first quarter of 2012, the Llano is expected to garner over 60 percent of their shipments.
Nokia Had Horrible Quarter
July 27, 2011 by admin
Filed under Smartphones
Comments Off on Nokia Had Horrible Quarter
Nokia has just posted very disturbing quarterly results this morning. The European smartphone giant outlook appears to be getting worse and CEO Stephen Elop has acknowledged that things will not turn around overnight.
Elop is reporting that Nokia’s operating profit is down 44 percent since Q1 and sales of mobile devices are down 23 percent consecutively. While the overall sales of mobile phones and smartphones are down, along with average selling prices.
Elop labelled the results as “clearly disappointing” and went on to say that competitive pressures are continuing. He tried to paint a somewhat more positive outlook for the rest of the year, thanks to Nokia’s clear strategy and several major product launches.
AMD A75 Motherboards Economically Priced
Comments Off on AMD A75 Motherboards Economically Priced
It appears that AMD’s A75 motherboards have finally started to hit the streets. Furthermore, we were truly shocked to see these MB’s economically priced for about $60.00.
Do not get too over excited in reference to the pricing because this gets you a decent A75 micro-ATX motherboard with up to four USB 3.0 ports and six SATA 6Gbps ports matched with a FM1 socket. It’s also worth pointing out that you will not get these same features like USB 3.0 and SATA 6Gbps on a comparable Intel platform in the same price range; you’d pay more.
We noticed that online retailer Newegg.com has an AMD motherboard selling for $59.99 after the rebate; otherwise it will cost $72.99. We expect the more serious computer geeks to opt for more muscle in regards to their motherboards; so they can whet their appetite for a good A75 for about $150.00.
Gigabyte Debuts New Motherboards
July 14, 2011 by admin
Filed under Uncategorized
Comments Off on Gigabyte Debuts New Motherboards
Gigabyte just announced their new slate of motherboards that will support AMD’s A75 series chipsets and the latest AMD A-Series APUs or Llano. The new A75 based motherboards are said to offer DIY PC builders and developers a higher level of 3D and multimedia performance that is scalable and said to offer the best value upgrade path imaginable.
Gigabyte’s VP of Service and Marketing Henry Kao is quoted as saying that the new boards were new and exciting as AMD new APU’s were “ground breaking” APU technology. As well as bringing AMD A-Series technology to DIY users who demand excellent gaming and multimedia performance on a budget, these motherboards also offer a compelling upgrade path that includes Dual Graphics configurations.
The A75 motherboards from Gigabyte feature an AMD A75 ‘Hudson’ chipset supporting the latest 32 nanometer AMD A-Series APUs. That said, these chips are the first ever to combine a DX11-capable, high performance graphics processor with the option of a dual or quad core CPU on one silicon die, offering a 3D gaming and multimedia experience which is similar to a discrete graphics configuration.
Skype Debuts Video Calls For Android
July 5, 2011 by admin
Filed under Smartphones
Comments Off on Skype Debuts Video Calls For Android
Skype, which is being gobbled up by Microsoft for $8.5 billion, debuted a new service on Thursday allowing users of Android phones to make free video calls to Skype contacts, including those on Apple iPhones.
The company whose name has become synonymous with Internet calling said its updated Android app would initially support video calling on selected HTC and Sony Ericsson Phones, with more devices to follow shortly.
“We are committed to bringing Skype video calling to as many platforms as possible,” Skype’s product and marketing chief Neil Stevens said in a statement.
The move will help makers of phones based on Google’s Android software compete with Apple’s FaceTime video-calling service launched last year for the iPhone and now available on its iPad 2 tablet and Mac computers.
Video calling could also help new Skype owner Microsoft promote its Windows Phone smartphone platform, which it is merging with Nokia’s in an effort to become competitive with Android and Apple.
Apple Website Is Ripe For Hacking
July 4, 2011 by admin
Filed under Around The Net
Comments Off on Apple Website Is Ripe For Hacking
According to the Ethical Hacking group YGN, Apple’s website for developers is virtually wide open and gives the opportunity for hackers to introduce malware such asphishing attacks to gain access to subscriber’s vital personal information.
One group known as Networkworld identified three holes on Apple’s website that arbitrary URL redirects, cross-site scripting and HTTP response splitting. That said, these holes could allow hackers to arbitrarily redirect to other websites and make phishing attacks against developers login credentials more successful.
AMD’s Bulldozer Overclocked To 4.63 GHz
It appears that those techies toying around with samples of AMD’s FX-8130P were able to overclocked this processor to a remarkable 4.63GHz.
That said, Bulldozer appears be AMD’s fastest offering where the eight cores run at 3.8GHz, or up to 4.2GHz with AMD’s Turbo Core 2.0. The processor 8MB of L2 cache, 8MB of L3 cache, supports DDR3 1866MHz and is said to have a 125W TDP.