March 6th, 2015
'Freak' security flaw left Apple and Android users exposed.
Apple and Google say they have developed fixes to mitigate the newly uncovered "Freak" security flaw affecting mobile devices and Mac computers.
Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability.
Apple spokesman Ryan James said the computer company had developed a software update to remediate the vulnerability, which would be pushed out next week.
February 23rd, 2015
Recently Samsung announced that serial production of its new 14nm SoC has already commenced. The new part is going to end up in Samsung Galaxy S6 and a few other devices. This happens less than two quarters after Intel started production of Broadwell-Y 14nm CPUs, its first 14nm volume manufactured part.
Samsung has the capability of Intel and the purse of Apple IMO. I think they are destined to the leader one of these days.
January 21st, 2015
Kicking off the consumer-focused Windows 10 event in Redmond on Tuesday, Microsoft operating system chief Terry Myerson announced that current users of Windows 7, Windows 8.1, and Windows Phone 8.1 will be able to upgrade to Windows 10 for free for one year after the operating system launches. Once you’ve claimed the upgrade, Microsoft will keep you updated for the supported lifetime of the device....
Some editions are excluded: Windows 7 Enterprise, Windows 8/8.1 Enterprise, and Windows RT/RT 8.1.
September 25th, 2014
Just months after Heartbleed made waves across the Internet, a new security flaw known as the Bash bug is threatening to compromise everything from major servers to connected cameras....
The vulnerability could affect Unix and Linux devices, as well as hardware running Mac OS X....
Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a Bash patch. And, since most of them can't be patched, you are likely screwed.
August 27th, 2014
On August 26, 2014 HP announced a worldwide voluntary recall and replacement program in cooperation with various government regulatory agencies, for affected AC power cords distributed worldwide with HP and Compaq notebook and mini notebook computers, as well as with AC adapters provided with accessories such as docking stations, sold from September 2010 through June 2012.
HP customers affected by this program will be eligible to receive a replacement AC power cord for each verified, recalled AC power cord at no cost.
HP believes that certain power cords shipped with notebook PC products and AC adapter accessories may pose a risk of a fire and burn hazard to customers. We are taking this action as part of our commitment to provide the highest quality of service to our notebook customers.
Note: Not all HP and Compaq notebook and mini notebook PCs were sold with an affected power cord. Please validate the power cord shipped with your notebook PC or purchased with an accessory, or as a spare.
The recall affects many countries and regions with 5.6 million cords already recalled in the US, with another 447,000 in Canada. (The campaign has now extended here to Australia).
The recall was implemented after HP received 29 reports of power cords overheating and melting or charring, resulting in two claims of minor burns and 13 claims of minor property damage.
The LS-15 AC power cords were distributed with HP and Compaq notebook and mini notebook computers, and with AC adaptor-powered accessories including docking stations.
The power cords are black and have an “LS-15” moulded on the AC adaptor end of the cord. They were manufactured in China.
Consumers are advised to immediately stop using and unplug the recalled power cords and contact Hewlett-Packard to order a free replacement.
Link to recall page
May 21st, 2014
Hackers have broken into eBay's database and gained access to customer names, passwords and other personal data.
eBay says the attack occurred in late February and early March and was only detected two weeks ago.
PayPal, eBay, I wonder if the banks truly understand the risk they're carrying when they guarantee customers funds?
All it would take is a huge breach and loss of funds and they could be brought to their knees.
I get annoyed when bank tellers tell me that internet banking is "safe". These are junior accountants or graduates who are fed that line of BS while all around them the big internet financial and eCommerce sites are being hacked, its so asinine.
Anyway, time to change passwords yet again.
Story here and here and here
April 9th, 2014
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
"There is no limit on the number of attacks that can be performed," Cyber-defence specialists at Fox-IT said in a blog post.
This is the big one we've been dreading with the current version of OpenSSL completely compromised. The only defence seems to be complete renewal of all private/public key pair and re-issue of all certificates. Not only that but all account passwords need to be replaced on the basis that they may have been compromised by multiple agencies.
Of course replacing your passwords should only be done after your service providers have updated all their web servers with the patch, new keys and certificates. That may take some time.
Personally, I would have to assume that the big institutions have been compromised and go from there.
Repeating; this is a complete failure of the current version of OpenSSL. All keys and certificates are compromised. All sites need to be patched and updated and all users need to update their passwords on all devices. I think OpenSSL is in widespread use by most of our institutions, government agencies, service providers and small to medium size businesses.
March 27th, 2014
Microsoft chief executive Satya Nadella has taken the wraps off an Office software suite designed for Apple's iPad...
The Surface, one of Ballmer's prized concepts, was conspicuously missing...
Microsoft's Office 365 Home Premium, designed for home consumers, costs $119 a year. For businesses it starts from $7.90 per user, per month. Users will need an Office 365 subscription to create documents with the iPad app.
December 27th, 2013
Fearing rapidly plummeting sales of traditional laptops and desktop computers -- which collapsed by as much as 10 percent in 2013 -- manufacturers are planning a revolution against Microsoft and the standard Windows operating system, analysts say.
At the mammoth Consumer Electronics Show (CES) in Las Vegas in early January, multiple computer makers will unveil systems that simultaneously run two different operating systems, both Windows and the Android OS that powers many of the world’s tablets and smartphones, two different analysts said recently. The new devices will be called “PC Plus” machines, explained Tim Bajarin of Creative Strategies.
September 7th, 2013
The National SecurityAgency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents...
I'm not sure whether i should be concerned or not about this.
On one hand we have to weigh up the imperative to monitor known criminal and terrorist communications and on the other the privacy of the individual.
Personally i see a great deal of risk for fraud and identity theft and i have to ask who watches the watchers? The whole purpose of encryption is to minimise those risks and to provide secure communications. Many large companies have security policies in place using well known private encryption formats. If an elite few can bypass the controls and correlate such information then there would be a big temptation to mis-use the information.
One solution is to forego proprietary encryption tools for open source products. At least the community continuously monitors the code for any back doors.
It just seems to me that with this news the standard vendor tools that we all use to encrypt our data and messages are now all compromised and broken.