That safe and secure Foxit plugin you use?

Subject: General Tech | January 14, 2013 - 11:00 AM |
Tagged: pdf, foxit, security, fud

The Register has some bad news about that PDF reader you prefer to Adobe's software, a new vulnerability which does not even stem from booby-trapped document but from a long link name.  It seems that you can cause a buffer overflow in Foxit simply by copying the entire URL into a fixed-sized buffer when the user clicks on a PDF which "pretty much lets you write to a memory location of your choice".  5.4.4.1128 and older version are vulnerable and we have yet to hear from the creators of Foxit.  Looks like no PDF reader is safe at this point.

foxit.JPG

"A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability.

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

NVIDIA's 310.90 Driver - more performance, less vulnerabilities

Subject: General Tech | January 9, 2013 - 09:46 AM |
Tagged: nvidia, geforce, graphics drivers, fud

Say what you will about AMD's driver team but they don't tend to release drivers that allow some to elevate their privileges on their PCs.  That was unfortunately the Christmas present NVIDIA offered Windows users who installed 310.70, similar to the gift they offered Linux users last summer.  According to The Register, the new driver no longer contains that security hole, which makes upgrading to the newest driver more important than usual.  That is not the only reason to grab the new driver, NVIDIA reports that 310.90 provides 26% faster performance in Call of Duty: Black Ops 2 and up to 18% faster performance in Assassin’s Creed III as well as improvements to 400, 500 and 600 series cards in most other games. 

logo_geforce.png

"The vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service," HD Moore, the developer of Metasploit and chief security officer at Rapid7, told SecurityWeek.

"This flaw also allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system, but the real risk to enterprises is the remote vector," he added."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

AMD won't be selling its self whole for now

Subject: General Tech | November 14, 2012 - 09:59 AM |
Tagged: fud, amd

AMD did not refute The Register's report that they are in talks with J.P. Morgan, only that there are no plans to sell the company right now.  The possibility that some intellectual properties might be for sale to the right bidder at the right price was not completely refuted though.  AMD is not just tasked with keeping PC users interested in their company they also have shareholders to answer to, who recently have had less to thank the company for than the enthusiast crowd have.  Recent announcements for new chips for the server room as well as the integration of an ARM processor into future AMD chips could be good news for AMDs bottom line in the future but for short term gain they may need to look at new licensing agreements or selling off some assets.

roryread.jpg

"Soon after we clicked Publish on this story, we received a comment from an AMD spokesman. "AMD's board and management believe that the strategy the company is currently pursuing to drive long-term growth by using AMD's highly-differentiated technology assets is the right approach to enhance shareholder value," he wrote. "AMD is not actively pursuing a sale of the company or significant assets at this time.""

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Of course you know, this means war. Clover Trail supposedly can't run Linux

Subject: General Tech | September 14, 2012 - 09:41 AM |
Tagged: Medfield, linux, Intel, fud, clover trail

Clover Trail is Intel's next Atom, the chip which refuses to die, representing an evolution of Medfield and the x86 instruction set.  That didn't stop Intel from making a bizarre statement that Linux will not run on Clover Trail, even though it ran fine on Medfield and is an OS for x86 architecture chips.  It is more accurate to say that some features of Clover Trail will not currently work under Linux, specifically the new power states introduced in the new Atom. Until the Linux kernel catches up to the new technology the new C and P states which can turn off the clock on the chip while still enabling 'instant on' will be unavailable which is a far cry from not being able to run on the chip at all.  Thanks to The Register for immediately stomping on that FUD.

installing-linux-on-a-dead-badger-by-lucy-a-snyder.jpg

"SAN FRANCISCO: CHIPMAKER Intel has confirmed that it will not provide support for Linux on its Clover Trail Atom chip.

Intel's Clover Trail Atom processor can be seen in various nondescript laptops around IDF and the firm provided a lot of architectural details on the chip, confirming details such as dual-core and a number of power states. However Intel said Clover Trail "is a Windows 8 chip" and that "the chip cannot run Linux"."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

With the growing cellular bandwidth, maybe your phone can join a botnet too?

Subject: General Tech | August 24, 2012 - 09:50 AM |
Tagged: symantec, 4g, cell phone, fud

While this could be a bid to convince people that they need to purchase an anti-virus product for their phones, it is also possible that the increase in bandwidth expected from the roll out of 4G in North America could lead to increased attacks on phones.  If Windows 7.5 and 8 become popular, it is reasonable to assume that phones running those OSes will be vulnerable to the same types of attacks that would infect their desktop equivalents. Now that phones often sport four cores, sometimes with a companion, they actually have enough processing power that they might worth infecting especially with the added bandwidth that would be available to them.  Take a peek at The Inquirer and see if you think this is a valid concern or just an attempt to sell Norton Cellular Protector.

cell_phones.jpg

"THE ROLLOUT OF 4G later this year could give way for more high-risk mobile security implications, Symantec has warned.

Speaking to The INQUIRER in an exclusive interview today, the firm's security strategist, Sian John said that threats such as botnets seen in popular desktop operating systems such as Windows could start shifting to mobile devices due 4G's new capabilities."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

No, Microsoft is not recording your Skype converstations with Mom

Subject: General Tech | July 30, 2012 - 10:07 AM |
Tagged: fud, skype, microsoft, office 2013

It is highly unlikely that the reason many of Skype's Supernodes have been moved to the inside of Microsoft data centres is to allow them to record your Skype conversations.  Consider instead the numerous guides on the net to disable the ability of Skype to co-opt your PC into being a temporary supernode.  With many users opting out of that necessary piece of Skype's infrastructure it could possibly cause quality of service issues with Skype.  As Microsoft is planning on bundling Skype in with the new version of Office, it makes sense that they want at least some supernodes of which they can guarantee a certainly level of QoS to their paying customers.  As The Register points out, they need to find some way to recoup the expense of purchasing the company.

The patent that Microsoft holds to allow for the silent recording of transmissions between two computers, like VoIP, is of some concern but perhaps not as much as some other coverage would have you believe.  The patent application was filed almost 2 years before the purchase of Skype; while it could certainly be used on Skype connections it seems unlikely that it was designed specifically with Skype in mind.  Perhaps a more logical application of this patent would be to offer a way for business users to record conference calls natively and not need to rely on third party software to enable them to do so.  Skype has offered up unencrypted recordings to law enforcement agencies in the past but only did so in special circumstances.  It is likely to continue to do so for as long as the laws of the land consider that process to be legal but the likelihood of general recording of all Skype conversations is almost nil.

skynet.gif

"Skype has issued a formal denial to reports that it has been allowing law enforcement to listen in on users' calls following a change in its system architecture.

"Some media stories recently have suggested Skype may be acting improperly or based on ulterior motives against our users' interests. Nothing could be more contrary to the Skype philosophy," said Mark Gillett, Skype's chief development and operations officer in a blog post."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Are Western Digital and Seagate doomed to be marked as bad sectors?

Subject: General Tech | June 15, 2012 - 10:01 AM |
Tagged: Hard Disk, Seagate, western digital, fud, hdd

There are quite a few things in the industry to speculate on, from Microsoft's intimating a 'big new thing' next Monday to AMD and the HSA's plans for the future of the industry, but if you want to go for the big one then it is the hard drive industry you should be following.  The most recent sign that something big is going on would be the change in warranty length on consumer drives from the two remaining players, both of which now offer a 1yr warranty.  That is a vast reduction from previous 3yr and 5yr warranties and while it does not necessarily imply these drives will fail any faster it does mean they offer shorter warranties than their competition, the SSD.  This could convince a lot of people that paying $1/GB for an SSD is not really that bad of a deal and you can only expect that price to fall, especially on larger sized SSDs.

Also consider the fact that there are only two major HDD manufacturers left, Seagate and Western Digital.  This defragmentation of the industry has been going on for quite a while now, resulting in those two manufacturers owning their competitions resources and IP and pretty much being able to determine what the market will provide and at what cost to the consumer.  That has lead to the rather counter-intuitive profits that these two, especially Western Digital, made over the past year.  You would not expect a company which lost its manufacturing capabilities to the Thai floods to see a 230% increase in profit, yet that is exactly what happened from March 2011 to March 2012.  Seagate held their first place spot over the same time period, with higher volume sales contributing to that success with their prices only rising 20% instead of the 40% they threatened during the supposed supply difficulties.  

The HDD market seems to be on its way out, not just because ultraportable devices chose SSDs over HDDs but also because the average consumer has come to the realization that while having a few terabytes of storage is nice for long term storage they really do not need it, especially on a device which does not have long term support.  The Inquirer smells something foul in the air and comments on this topic here.

deaddrive.png

"Seagate, Western Digital and to a lesser extent Toshiba are starting to see free market economics - or as close as it gets - show their strategy of consolidation and profiteering. With the number of solid state disk (SSD) in the low teens, prices are falling steeply while hard drive makers rely on artificially high prices and shorter warranties to make a quick buck."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Some Lenovo models might maybe get a little smokey ... but probably not

Subject: General Tech | April 27, 2012 - 09:58 AM |
Tagged: Lenovo, fud, M70z, M90z

Some Mexican made Lenovo models were recalled earlier this year and that recall has recently been expanded, to about 63,000 units.  It seems that one single fire incident and one smoke incident with no injuries, were recorded in the US and blamed on a possible faulty part in the PSU which could overheat.  A 0.003% failure rate is apparently unacceptable in some sectors of today's marketplace, with others requiring not only a much higher incident of failure but a fatality or at least a serious injury before a recall is even considered.  While PCs releasing their magic smoke on their own is certainly a bad thing, especially on models most likely to be found in the workplace it seems the PC industry is held to an obscenely high level of performance.  The Register is not terribly impressed either.

image1.png

"Lenovo has been forced to expand the recall of possibly flamey desktops it first announced back in March.

The Chinese PC giant, in conjunction with the US Consumer Product Safety Commission, announced the initial recall affected around 50,500 ThinkCentre M70z and M90z desktops."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Revisiting an old argument; does HyperThreading hurt performance?

Subject: General Tech | April 26, 2012 - 08:48 AM |
Tagged: hyperthreading, Intel, overclocking, fud

In the past there have been two arguments against using Intel's HyperThreading to create two threads per core.  The first is specific to overclockers who found that previous generations of Pentium and Core architecture chips could remain stable when pushed to higher frequencies when they disabled HyperThreading.  There is still a lot of testing to be done on Ivy Bridge overclocking before a definitive answer is found for this generation of chips, which may fall victim to power issues before HyperThreading becomes a major limiter.

The second issue is more serious and deals with the fact that in some cases enabling HyperThreading reduces the total performance of the chip on certain, usually single threaded, applications and by disabling it you will see performance improvements from your processor.  SemiAccurate felt that this needed to be revisited in light of the release of Ivy Bridge and so took an i7-3770K through a battery of 7 tests once with HyperThreading enabled and once without, including a run through CineBench with multithreaded processing disabled.  Drop by to see if there is any noticeable benefit to disabling HyperThreading on this generation of Intel processor.

hyperthreading_image2.gif

Yes, that was 11 years ago

"We decided to explore the effects of Hyper-Threading on the performance of the Ivy Bridge based Core i7-3770K by running our CPU benchmarking suite on it twice. Once with Hyper-Threading enabled, and once with Hyper-Threading disabled. As such we set-up our results table to look for applications that perform better with Hyper-Threading disabled, rather than enabled."

Here is some more Tech News from around the web:

Tech Talk

 

Source: SemiAccurate

Bad Ultrabook sales could be very bad for suppliers

Subject: General Tech | March 27, 2012 - 10:01 AM |
Tagged: ultrabook, fud

Intel's Ultrabook mobile form factor requires very specific components which is causing a great deal of concern among component makers.  The parts that are designed specifically for Ultrabooks are not necessarily useful in any other form factor which makes them unattractive to manufacture since poor Ultrabook sales would mean that they are stuck with a large amount of unusable inventory.  If that concern limits the supply of parts for Ultrabooks then we could see a self-fulfilling prophecy as poor availability at the retail level will lessen the attraction for both consumers as well as major laptop vendors who may not want to include a product that might or might not be available for a customer to purchase.  DigiTimes points out that because of the previous failure of Intel's CULV form factor, many of the manufactures are already leery of the Ultrabook.  We shall see what effect that has on Intel's sales over the next few months as Ivy Bridge hits the market.

giz_xlarge_lenovo-u300s.png

"Component makers, seeing their downstream brand partners are aggressively entering the ultrabook market, are concerned that if demand for ultrabook is not as good as expected, their inventories could hurt their performance as ultrabook components are mostly custom made and cannot be used in traditional notebooks, according to sources from the upstream supply chain."

Here is some more Tech News from around the web:

Tech Talk

 

Source: DigiTimes