Forgot your password?
Close
typodupeerror

Submission + - How to make any AMD Zen CPU always generate 4 as a random number (theregister.com)

Submitted by headlessbrick
headlessbrick writes: Google researchers have discovered a way to bypass AMD's security, enabling them to load unofficial microcode into its processors and modify the silicon’s behaviour at will. To demonstrate this, they created a microcode patch that forces the chips to always return 4 when asked for a random number.

Beyond simply allowing Google and others to customize AMD chips for both beneficial and potentially malicious purposes, this capability also undermines AMD’s secure encrypted virtualization and root-of-trust security mechanisms.

Comment Re: Weakness (Score 1) 421

Oh boy... are you one of those people who also talked about carpet bombing? When Israel doesn't have a single bomber since the early 70s? Not one.

Israeli Air Force twitted on 12 Oct 2023: Dozens of fighter jets and helicopters attacked a series of terrorist targets of the Hamas terrorist organization throughout the Gaza Strip. So far, the IAF has dropped about 6,000 bombs against Hamas targets. https://x.com/IAFsite/status/1... That may or may not count as carpet bombing. My point is you don't really need a bomber for it.

Submission + - LastPass informs on a security incident, source code compromised (infosecurity-magazine.com)

Submitted by alfabravoteam
alfabravoteam writes: Password management company LastPass has published information about a security incident

"We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information", reads the official message published.

They also clarify that no user data was lost. "We never store or have knowledge of your Master Password,” the firm said in an FAQ. “We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password", they inform. Hence, no action is required to users to follow.

Submission + - Taiwan Restricts Russia, Belarus To CPUs Under 25 MHz Frequency (tomshardware.com)

Submitted by Anonymous Coward
An anonymous reader writes: From now on, Russian and Belarusian entities can only buy CPUs operating at below 25 MHz and offering performance of up to 5 GFLOPS from Taiwanese companies. This essentially excludes all modern technology, including microcontrollers for more or less sophisticated devices. Due to restrictions imposed on exports to Russia by the United States, United Kingdom, and the European Union, leading Taiwanese companies were among the first to cease working with Russia after the country started full-scale war against Ukraine in late February. This week Taiwan's Ministry of Economic Affairs (MOEA) formally published its list of high-tech products that are banned from exportation to Russia and Belarus, which prevents all kinds of Taiwan-produced high-tech devices as well as tools used to make chips (whether or not they use technologies originated from the U.S., U.K., or E.U., which were already covered by restrictions) to be exported to the aggressive nation. [...]

Starting today, Russian entities cannot buy chips that meet one of the following conditions from Taiwanese companies, reports DigiTimes:

— Has performance of 5 GFLOPS. To put it into context, Sony's PlayStation 2 released in 2000 had peak performance of around 6.2 FP32 GFLOPS.
— Operates at 25 MHz or higher.
— Has an ALU that is wider than 32 bits.
— Has an external interconnection with a data transfer rate of 2.5 MB/s or over.
— Has more than 144 pins.
— Has basic gate propagation delay time of less than 0.4 nanosecond.

In addition to being unable to buy chips from Taiwanese companies, Russian entities will not be able to get any chip production equipment from Taiwan, which includes scanners, scanning electron microscopes, and all other types of semiconductor tools that can be used to make chips locally or perform reverse engineering (something that the country pins a lot of hopes on).

Submission + - Lead even more dangerous than previously thought (theguardian.com) 1

Submitted by Bruce66423
Bruce66423 writes: "Last week, a massive new study concluded that lead is 10 times more dangerous than thought, and that past exposure now hastens one in every five US deaths.... The study found that deaths, especially from cardiovascular disease, increased markedly with exposure, even at the lowest levels. It concluded that lead kills 412,000 people a year – accounting for 18% of all US mortality, not much less than the 483,000 who perish as a result of smoking."

NB — another instance where scientific experts were proved disastrously wrong...

Submission + - Java 9 is out (oracle.com)

Submitted by rastos1
rastos1 writes: Oracle today announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world’s most popular programming platform.

Slashdot Top Deals

Money cannot buy love, nor even friendship.

Close