SIM card maker Gemalto apparently now holds the world's record for fastest security audit?

Subject: General Tech | February 26, 2015 - 01:02 PM |
Tagged: Gemalto, SIM, encryption, fud, security

In just under a week SIM card maker Gemalto claims to have done a complete security audit of their systems in 85 different countries and reports that "its office networks were compromised, the servers holding the SIM card encryption keys weren't."  This is a  record worthy of Guinness as most security audits take months or years to complete and the findings tend to discuss probabilities, not absolute certainties.  As you might expect The Register and security experts everywhere are doubtful of the claims from a company that did not even know if was compromised less than a week ago that the UK based GCHQ and USA based NSA are unable to compromise your SIM cards encryption when they have the keys in hand.  It has not been a good week for anyone who thinks about security.

17225.jpg

"Six days ago Gemalto, the world's largest SIM card manufacturer, was told that back in 2010 it had been ransacked by NSA and GCHQ hackers. Today the company gave itself the all-clear: no encryption keys, used to secure phone calls from eavesdroppers, were stolen, it claims."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Windows 10 Technical Preview Build 10022 Spotted

Subject: General Tech | February 26, 2015 - 07:00 AM |
Tagged: windows 10, windows, microsoft

WZor, a group in Russia that somehow acquires many Windows leaks, has just published screenshots of Windows 10 Build 10022 and Windows Server Build 9926. As far as we can tell, not much has changed. We see neither an upgraded Cortana nor a look at the Spartan browser. The build is not labeled “Microsoft Confidential” though, which makes people believe that it is (or was) intended for public release -- maybe as early as this week.

microsoft-windows10-10022-leak.jpg

Image Credit: WZor Twitter

Honestly, I do not see anything different from the provided screenshots apart from the incremented version number. It is possible that this build addresses back-end issues, leaving the major new features for BUILD in late April. Leaked notes (also by WZor) for build 10014, called an “Early Partner Drop”, suggest that version was designed for hardware and software vendors. Perhaps the upcoming preview build is designed to give a platform for third-parties to develop updates ahead of Microsoft releasing the next (or second-next) big build?

Either way, it seems like we will get it very soon.

Source: WZor

Intel Revamps Atom Branding, Next Generation Atoms Will Come in x3, x5, and x7 Tiers

Subject: General Tech | February 26, 2015 - 02:02 AM |
Tagged: SoFIA, moorefield, Intel, Cherry Trail, branding, atom

Intel is updating its Atom processor branding to better communicate the expected performance and experience customers can expect from their Intel powered mobile device. In fact, the new branding specifies three tiers. Atom processors will soon come in Atom x3, x5, and x7 flavors. This branding scheme is similar to the Core processor branding using the i3, i5, and i7 labels.

The Atom x3, x5, and x7 chips are low power, efficient processors for battery powered devices and sit below the Core M series which in turn are below the Core i3, i5, and i7 processors. The following infographic shows off the new branding though Intel does not reveal any specific details about these new Atom chips (we will hopefully know more after Mobile World Congress). Of course, Atom x3 chips will reside in smartphones with x5 and x7 chips powering tablets and budget convertibles. The x7 brand represents the flagship processors of the Atom line.

The new branding will begin with the next generation of Atom chips which should include Cherry Trail, the 14nm successor to Bay Trail featuring four x86 Airmont cores and Gen 8 Intel graphics. Cherry Trail (Cherryview SoC) will be used in all manner of mobile devices from entry level 8"+ tablets to larger notebooks and convertibles. It appears that Intel will use Moorefield (a quad core 14nm refresh of Merrifield) through 2015 for smartphones though road maps seem to indicate that Intel's budget SoFIA SoC will also launch this year. SoFIA and Moorefield processors should fall under the Atom x3 brand with the higher powered and higher clocked Cherry Trail chips will use the Atom x5 and x7 monikers.

What are your thoughts on Intel's new Atom x3/x5/x7 brands?

Source: Intel

Intel Sheds Its Remaining Stake In Imagination Technologies

Subject: General Tech | February 25, 2015 - 08:56 PM |
Tagged: PowerVR, Intel, Imagination Technologies, igp, finance

Update: Currency exchange rates have been corrected. I'm sorry for any confusion!

Intel Foundation is selling off its remaining stake in UK-based Imagination Technologies (IMG.LN). According to JP Morgan, Intel is selling off 13.4 million shares (4.9% of Imagination Technologies) for 245 GBp each. Once all shares are sold, Intel will gross just north of $50.57 Million USD.

PowerVR Rogue Series6XT GPU.png

Imagination Technologies' PowerVR Rogue Series 6XT GPU is used in Apple's A8-series chips.

Intel first invested in Imagination Technologies back in October of 2006 in a deal to gain access to the company’s PowerVR graphics IP portfolio. Since then, Intel has been slowly moving away from PowerVR graphics in favor of it’s own internal HD graphics GPUs. (Further, Intel sold off 10% of its IMG.LN stake in June of last year.) Even Intel’s low cost Atom line of SoCs has mostly moved to Intel GPUs with the exception of the mobile Merrifield and Moorefield” smartphone/tablet SoCs.

The expansion of Intel’s own graphics IP combined with Imagination Technologies acquisition of MIPS are reportedly the “inevitable” reasons for the sale. According to The Guardian, industry analysts have speculated that, as it stands, Intel is a minor customer of Imagination Technologies at less than 5% for graphics (a licensing agreement signed this year doesn’t rule out PowerVR graphics permanently despite the sale). Imagination Technologies still has a decent presence in the mobile (ARM-based) space with customers including Apple, MediaTek, Rockchip, Freescale, and Texas Instruments.

Currently, the company’s stock price is sitting at 258.75 GBp (~$3.99 USD) which seems to indicate that the Intel sell off news was “inevitable” and was already priced in or simply does not have investors that concerned.

What do you think about the sale? Where does this leave Intel as far as graphics goes? Will we see Intel HD Graphics scale down to smartphones or will the company go with a PowerVR competitor? Would Intel really work with ARM’s Mali, Qualcomm’s Adreno, or Samsung’s rumored custom GPU cores? On that note, an Intel powered smartphone with NVIDIA Tegra graphics would be amazing (hint, hint Intel!)

The mothership is standing by

Subject: General Tech | February 25, 2015 - 03:35 PM |
Tagged: VLAN party, kick ass, Homeworld Remastered, gaming, fragging frogs

That's right, for those of you who pre-ordered Homeworld Remastered and for anyone that pops by Steam to purchase it, your productivity is in for a serious hit as you try to guide your fleet to a new homeworld and then defend it.  For those lucky and old enough to have played through it originally you will find the look vastly improved and from what Rock, Paper, SHOTGUN and other reviewers have found you will also love the improved interface.  For those who have not had the pleasure of playing through these two games before, the $33 investment is more than worth it, especially with improved multiplayer coming in the near future.  Check out the videos and overview of the poster child for revamped legacy games here.

You will have to take a break this Saturday though, as the Fragging Frogs Virtual LAN party #9 kicks off at 10AM ET and will end when the last frog drops.  You can check out the official thread in the forums right here to get all the information you need to participate.  AMD and other mystery sponsors will be giving away prizes to those who log into and participate in the TeamSpeak channels; not to mention it is the best way to chat in game and in the general lobby.  You can also check out the list of games that will be played as well as links to the mods and patches you will need, please download and install them before Saturday to maximize your playing time.  See you there!

hwc7.jpg

"In terms of strategy games which ‘need’ remastering, Homeworld was probably somewhere at the bottom of the list. But in terms of strategy games which really, truly benefit from remastering – well, this is a chart-topper."

Here is some more Tech News from around the web:

Gaming

Roll over Superfish, PrivDog is just as bad but doesn't come directly from Comodo

Subject: General Tech | February 25, 2015 - 12:36 PM |
Tagged: SSL, security, PrivDog, idiots, fud, Comodo

This has been a bad week for the secure socket layer and the news just keeps getting worse.  Comodo provides around one out of every three SSL certs currently in use as they have, until now, had a stirling reputation and were a trusted provider.  It turns out that this reputation may not be deserved seeing as how their Internet Security 2014 product ships with an application called Adtrustmedia PrivDog, which is enabled by default.  Not only does this app install a custom root CA certificate which intercepts connections to websites to be able to insert customized ads like SuperFish does it can also turn invalid HTTPS certificates into valid ones.  That means that an attacker can use PrivDog to spoof your banks SSL cert, redirect you to a fake page and grab your credentials, while all the time your browser reports a valid and secure connection to the site. 

The only good news from The Register's article is that this specific vulnerability is only present in PrivDog versions 3.0.96.0 and 3.0.97.0 and so has limited distribution.  The fact that this indicates the entire SSL certificate model is broken and even those who create the certs to assure your security feel that inserting a man in the middle attack into their software does not contravene their entire reason for existing is incredibly depressing.

Update: The Register's article was originally based on research from Hanno Bock who referred to PrivDog as being distributed by Comodo. Comodo does not distribute the standalone desktop version of PrivDog only the browser extension application which was never vulnerable to the TLS interception.

picarddoublefacepalm.jpg

"The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo.

Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Adesso's E10, the wireless mouse for those whose nerve tunnels hate them

Subject: General Tech | February 24, 2015 - 01:34 PM |
Tagged: input, wireless mouse, vertical mouse, Adesso E10

Vertical mice sometimes help those with issues with their cubital or carpal tunnels by relieving pressure due to repetitive arm and wrist movement.  They have been around for a while but do not often get reviewed which is why it might be worth checking out eTeknix today.  The Adesso E10 is wireless which is relatively uncommon un this type of mouse as is the DPI switch.  In addition it has 4 buttons and a mouse wheel so it could still serve as a gaming mouse, at least for right handed gamers who prefer this style of mouse.  Check it out if your mousing fingers get numb while you are sitting at your computer.

Addesso-E10-Featured-Small.jpg

"The peripheral market is booming, there’s a huge range of products with a wide range of features available between each device, so finding something suitable for your needs shouldn’t be too difficult. Naturally, not all products are created equally and some are designed for a more niche part of the market than others, such as the iMouse E10 which we have in for review today."

Here is some more Tech News from around the web:

Tech Talk

Source: eTeknix

Your aggregate battery consumption isn't Li-On about your location

Subject: General Tech | February 24, 2015 - 12:56 PM |
Tagged: fud, security, smartphone

Tracking your smartphones location via aggregate battery usage is not the most efficient or accurate method but it can be done and Samsung (and others) have not provided a switch which makes that particular data private.  Researchers have shown that by tracking the battery drain of the 3G cellular radio on the battery one can determine distance from the cellular base station the phone is connected to and a coarse location based on interference environmental factors such as buildings which partially block the signal.  It is only a very coarse locator but does give better information than just the base station the phone is connected to and as we are creatures of habit it allows tracking normal patterns of movement.  This is nowhere near as accurate as GPS tracking and does require a bit of work to pull off but as battery usage and levels are sent by the phone in the clear with no method of preventing that it should cause some privacy concerns for users.  You can read the research paper (in PDF) by following the link from The Inquirer.

index.jpg

"SCIENTISTS have warned of a new smartphone risk after discovering that battery power can be used to track a person's movements."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Seemingly Out of Spec AC Cables Could Be a Fire Hazard

Subject: General Tech | February 23, 2015 - 03:31 PM |
Tagged: Vantec, c13

I say “seemingly out of spec” because I am not an electrician, and this requires more understanding of wire classifications than I possess. Regardless, we found a story a little while ago about devices that ship with power cables that are labeled for voltages and amperages that are significantly lower than what they are capable of carrying.

vantec-my-far.jpg

My cable

The minimum requirement for cables with a C13 connector is American 18 gauge (AWG), and they must be able to carry 10 amps. I own the device from the blog posting, like many others at PC Perspective. Again, the device itself (minus the cord that plugs it into the wall) is perfectly fine. The allegation is that the power cord (that goes between the wall and the transformer power brick) cannot carry its full, labeled wattage. The head claims that it can carry 250V at 10A, which is 2500W.

vantec-my-close.jpg

My cable, close up.

We cut open the insides of the cable to see what gauge wire was used, and we were able to remove the insulation with an 18 gauge wire stripper. This is where my lack of applied electrical skills fail me. The power cable feels as flimsy as a quarter-inch audio cable, but I am not qualified to measure the actual internal wires' thickness. It might meet the minimum (18 AWG) requirements, or it might just be thick insulation. I wouldn't trust it, especially not at hundreds or thousands of watts. The blog post author apparently tested their own cable under load, and they claim that it started to melt at 2.6A 123V (320W).

VantecPowerCableOfDeath-Conductors.jpg

The blog author's wire vs a standard cable's wire. It's hard to tell how thin the Vantec one is, because the standard cable was twisted.

Image Credit: Fry's Acid Test

Now, to power a single hard drive and USB controller, you are not going to be drawing those hundreds or thousands of watts from the wall. The main concern is if you swap cables around with other devices. For instance, if that cable would be attached to a high-end gaming desktop, then it could easily see wattages in that range that are sustained for most of a play session, or even higher.

So I guess the takeaway from this is do not trust every power cables that you receive. Make sure your high-power devices are using the cable that came with them, or one from a vendor that you trust. Just because it says it can handle any given load, does not mean that it can.

Just wait, blacklisting dangerous root certificates will lead to a legal battle

Subject: General Tech | February 23, 2015 - 01:35 PM |
Tagged: superfish, mozilla, komodia, security

Firefox can remove any threat that Superfish presents with a simple step and 24 hours; indeed they could prevent any similar issue using a questionable or downright poisonous SSL Certificate simply by blacklisting them.  They specifically quote the ability of OneCRL to block even obfuscated certs before the Network Security Services level if the certs are properly recorded on the blacklist in this Register article.  This would lead to a much more secure web, requiring attackers to invest significantly more effort when attempting to create fake or dangerous SSL certs.  There is a flip side to this, for there are those who may attempt to have valid certs added to the Blacklist and so there must be a way of policing the list and a way to remove certs which should not be on the list due to being placed there in error or because of a change in the software associated with that certificate.  It is also likely that there will be court cases attempting to have the blacklist removed if it does come into being as Superfish is not the only business out there whose business model requires phishing or at least a way around proper SSL certification and best practices which will no longer be viable if we are allowed to block their mutant SSL certs.

images.jpg

"Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register