September 25th, 2014
Just months after Heartbleed made waves across the Internet, a new security flaw known as the Bash bug is threatening to compromise everything from major servers to connected cameras....
The vulnerability could affect Unix and Linux devices, as well as hardware running Mac OS X....
Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a Bash patch. And, since most of them can't be patched, you are likely screwed.
August 27th, 2014
On August 26, 2014 HP announced a worldwide voluntary recall and replacement program in cooperation with various government regulatory agencies, for affected AC power cords distributed worldwide with HP and Compaq notebook and mini notebook computers, as well as with AC adapters provided with accessories such as docking stations, sold from September 2010 through June 2012.
HP customers affected by this program will be eligible to receive a replacement AC power cord for each verified, recalled AC power cord at no cost.
HP believes that certain power cords shipped with notebook PC products and AC adapter accessories may pose a risk of a fire and burn hazard to customers. We are taking this action as part of our commitment to provide the highest quality of service to our notebook customers.
Note: Not all HP and Compaq notebook and mini notebook PCs were sold with an affected power cord. Please validate the power cord shipped with your notebook PC or purchased with an accessory, or as a spare.
The recall affects many countries and regions with 5.6 million cords already recalled in the US, with another 447,000 in Canada. (The campaign has now extended here to Australia).
The recall was implemented after HP received 29 reports of power cords overheating and melting or charring, resulting in two claims of minor burns and 13 claims of minor property damage.
The LS-15 AC power cords were distributed with HP and Compaq notebook and mini notebook computers, and with AC adaptor-powered accessories including docking stations.
The power cords are black and have an “LS-15” moulded on the AC adaptor end of the cord. They were manufactured in China.
Consumers are advised to immediately stop using and unplug the recalled power cords and contact Hewlett-Packard to order a free replacement.
Link to recall page
May 21st, 2014
Hackers have broken into eBay's database and gained access to customer names, passwords and other personal data.
eBay says the attack occurred in late February and early March and was only detected two weeks ago.
PayPal, eBay, I wonder if the banks truly understand the risk they're carrying when they guarantee customers funds?
All it would take is a huge breach and loss of funds and they could be brought to their knees.
I get annoyed when bank tellers tell me that internet banking is "safe". These are junior accountants or graduates who are fed that line of BS while all around them the big internet financial and eCommerce sites are being hacked, its so asinine.
Anyway, time to change passwords yet again.
Story here and here and here
April 9th, 2014
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
"There is no limit on the number of attacks that can be performed," Cyber-defence specialists at Fox-IT said in a blog post.
This is the big one we've been dreading with the current version of OpenSSL completely compromised. The only defence seems to be complete renewal of all private/public key pair and re-issue of all certificates. Not only that but all account passwords need to be replaced on the basis that they may have been compromised by multiple agencies.
Of course replacing your passwords should only be done after your service providers have updated all their web servers with the patch, new keys and certificates. That may take some time.
Personally, I would have to assume that the big institutions have been compromised and go from there.
Repeating; this is a complete failure of the current version of OpenSSL. All keys and certificates are compromised. All sites need to be patched and updated and all users need to update their passwords on all devices. I think OpenSSL is in widespread use by most of our institutions, government agencies, service providers and small to medium size businesses.
March 27th, 2014
Microsoft chief executive Satya Nadella has taken the wraps off an Office software suite designed for Apple's iPad...
The Surface, one of Ballmer's prized concepts, was conspicuously missing...
Microsoft's Office 365 Home Premium, designed for home consumers, costs $119 a year. For businesses it starts from $7.90 per user, per month. Users will need an Office 365 subscription to create documents with the iPad app.
December 27th, 2013
Fearing rapidly plummeting sales of traditional laptops and desktop computers -- which collapsed by as much as 10 percent in 2013 -- manufacturers are planning a revolution against Microsoft and the standard Windows operating system, analysts say.
At the mammoth Consumer Electronics Show (CES) in Las Vegas in early January, multiple computer makers will unveil systems that simultaneously run two different operating systems, both Windows and the Android OS that powers many of the world’s tablets and smartphones, two different analysts said recently. The new devices will be called “PC Plus” machines, explained Tim Bajarin of Creative Strategies.
September 7th, 2013
The National SecurityAgency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents...
I'm not sure whether i should be concerned or not about this.
On one hand we have to weigh up the imperative to monitor known criminal and terrorist communications and on the other the privacy of the individual.
Personally i see a great deal of risk for fraud and identity theft and i have to ask who watches the watchers? The whole purpose of encryption is to minimise those risks and to provide secure communications. Many large companies have security policies in place using well known private encryption formats. If an elite few can bypass the controls and correlate such information then there would be a big temptation to mis-use the information.
One solution is to forego proprietary encryption tools for open source products. At least the community continuously monitors the code for any back doors.
It just seems to me that with this news the standard vendor tools that we all use to encrypt our data and messages are now all compromised and broken.
July 11th, 2013
... Microsoft said it would dissolve its eight product divisions in favor of four new ones arranged around broader themes, a change meant to encourage greater collaboration as competitors like Apple and Google outflank it in the mobile and Internet markets. Steven A. Ballmer, the longtime chief executive, will shuffle the responsibilities of nearly every senior member of his executive bench as a result.
“To execute, we’ve got to move from multiple Microsofts to one Microsoft,” Mr. Ballmer said in an interview.
It remains to be seen whether more cohesive teamwork, if that is what results from all the movement, will offer the spark that has been missing from so many of Microsoft’s products in recent years....
April 21st, 2013
Intel is continuing to lead its way and us on the correct computer progression path by engineering products that are smaller and use less power. Not only does Intel have to hit homeruns with every design in order to avoid getting caught in quicksand like AMD, their products have to adhere to and guide the changing market. Intel has concentrated on smaller dies, not increasing unnecessary core count, better power management, and multi-chip processors to combine functions. Intel has withdrawn from the ATX desktop boards as well moving away from its eventual demise. With all this Intel is able to help build devices which are smaller, have longer battery life, and are cheaper.
Intel has what is called the NUC (Next Unit of Computing). A small mobo in a box provides a mini computer complete with graphics that can run Windows. These will get more powerful as Haswell and Broadwell get integrated.
One of Intels new products is the Ultrabook, a sleek and thin folding laptop that lasts all day and can be used without the keyboard.
Next up is Atom based touch screen devices like phones, PDA's, and small computers.
January 22nd, 2013
After some 20 years of selling branded desktop motherboards, Intel will begin exiting this portion of its business, Intel spokesman Dan Snyder has told PCWorld. The Santa Clara chip giant will begin the retreat from desktop motherboards as soon as its next-generation Haswell CPU ships
Intel exits the desktop motherboard business to focus on new form factors | PCWorld