Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Submission + - Microsoft issues an emergency fix for Windows 10 to address processor bug (betanews.com)

Submitted by Mark Wilson
Mark Wilson writes: News of an enormous security bug affecting millions of processors can't have escaped your attention over the last 24 hours or so. While Intel goes into a panicked meltdown, desperately pointing out that there's another bug affecting other processors too, software fixes are starting to emerge.

macOS has already been patched, and fixes have started to roll out to numerous Linux distros as well. Now Microsoft has pushed out a rare, off-schedule emergency fix for Windows 10 users which should be automatically installed. Users of Windows 7 and Windows 8 will have to wait until next week for a patch.

Submission + - Researchers reveal meltdown and spectre hardware level cpu exploits (techreport.com)

Submitted by nanoflower
nanoflower writes: Researchers at Google and other institutions have revealed detail on two new security exploits, Meltdown and Spectre. Meltdown is the one that has had the most exposure since it directly impacts Intel CPU made in the last decade. Spectre is a similar exploit but it impacts AMD/ARM/Intel and possibly other CPUs. OS vendors are working on patches for both exploits that will have some impact on performance but how much impact is not truly known at this point.

Submission + - Details of "Meltdown" and "Spectre" Attacks Against Intel & AMD Chips Disclo (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Researchers have disclosed technical details of two new attack methods that exploit critical flaws in CPUs from Intel, AMD and other vendors. They claim billions of devices are vulnerable, allowing malicious actors to gain access to passwords and other sensitive data without leaving a trace.

There have been reports over the past few days about a critical flaw in Intel CPUs that allows an attacker to gain access to kernel space memory. It turns out that there are actually two different attacks and researchers say one of them impacts AMD and ARM processors as well.

The attack methods, dubbed Meltdown and Spectre by researchers, rely on hardware design flaws and they allow malicious applications installed on a device to access data as it’s being processed. This can include passwords stored in a password manager or web browser, photos, documents, emails, and data from instant messaging apps.

Submission + - Yes, Your Amazon Echo Is An Ad Machine (gizmodo.com) 2

Submitted by Anonymous Coward
An anonymous reader writes: CNBC reports that Amazon is in discussions with huge companies that want to promote their goods on Echo devices. Proctor & Gamble as well as Clorox are reportedly in talks for major advertising deals that would allow Alexa to suggest products for you to buy. CNBC uses the example of asking Alexa how to remove a stain, with Alexa in turn recommending a Clorox product. So far it’s unclear how Amazon would identify promoted responses from Alexa, if at all. Here’s the really wacky thing: Amazon has already been doing this sort of thing to some degree. Currently, paid promotions are built into Alexa responses, but maybe you just haven’t noticed it. CNBC uses this example: "There are already some sponsorships on Alexa that aren’t tied to a user’s history. If a shopper asks Alexa to buy toothpaste, one response is, 'Okay, I can look for a brand, like Colgate. What would you like?'" So it seems like Amazon wants to get you coming and going. Not only does the company want to let you buy stuff with your voice. Jeff Bezos and friends also want to make money by suggesting what to buy and even by pushing those products higher up in the search results so that you’re more likely to do it.

Submission + - Roombas Will Soon Build a Wi-Fi Coverage Map While They Clean (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The feature is arriving later this month on the iRobot app, making it possible for WiFi-enabled Roombas to create a map of indoor signals. The map exists alongside the existing Clean Map feature, letting users toggle between the two, like they would, say, satellite and standard imagery in Google Maps. The maps themselves won’t go into too much detail — no upload and download speeds like you see on many mobile speed test apps. Instead, the information will show up as decibel readings. Really, it’s intended as a handy way of showing off where you might want to toss a range extender, to help get rid of dead spots.

Submission + - Intel Responds To Alleged Chip Flaw (hothardware.com)

Submitted by Anonymous Coward
An anonymous reader writes: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."

Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that “these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits.

Submission + - SPAM: More Bad News Expected for Tesla 1

Submitted by schwit1
schwit1 writes:

In October, Tesla reported that it produced 220 Model 3 vehicles in the third quarter. CEO Elon Musk had previously said the company would produce more than 1,600 Model 3s by September.

Munster isn't the only analyst to doubt Tesla's fourth-quarter Model 3 production. KeyBanc analyst Brad Erickson reduced his fourth-quarter Model 3 production target by two-thirds, cutting it from 15,000 to only 5,000.

According to Munster, Tesla investors may need to wait several more quarters for the Model 3 story to play out. "We predict a breakout year for the Model 3 in 2019 which means, until then, other elements like solid Model S and X production numbers, increasing energy deployments like the South Australia installation, and future vehicles (Roadster, Semi, Model Y, and pickup truck) will stoke investor optimism," he says.

Elon Musk promised Tesla would produce 500,000 Model 3 sedans in 2018 and has accepted refundable $1,000 deposits on nearly that many. At current production rates, it will be years before pre-orders are filled.

The Model 3's good will and good reviews won't matter much if Tesla can't ramp up production, which even bulls like Munster believes is running at least a year late.
Link to Original Source

Submission + - 2 Years Later, Security Holes Linger in GPS Services Used by Millions of Devices (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: Security researchers say that serious security vulnerabilities linger in a GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. (https://securityledger.com/2018/01/two-years-later-dangerous-vulnerability-lays-bare-gps-data/)

Data including a GPS enabled device’s location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device’s location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices.

The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. (https://0x0.li/trackmageddon/#advisories)

Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services (https://0x0.li/trackmageddon/0x0-20171222-gpsui.net.html), many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices.

Alas, news about the security holes is not new. In fact, the security holes in ThinkRace’s GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time (https://www.zxsecurity.co.nz/presentations/201607_Unrestcon-ZXSecurity_Vechile-Tracking.pdf). Temple’s research focused on one type of device: a portable GPS tracker that plugged into a vehicle’s On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.

Slashdot Top Deals

I program, therefore I am.

Close