An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates last week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System). The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel’s Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor “at the request of a BSSBU OEM customer.” In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of “HP backdoor.” The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM’s BNT portfolio in 2014. Read more of this story at Slashdot.
See more here:
Lenovo Discovers and Removes Backdoor In Networking Switches
Slashdot reader #9, 219 Guy Smiley shared this report on a new breed of high-density flash storage. The Inquirer reports: Intel has unveiled a brand new form factor for solid state disc drives (SSDs)… Intel Optane’s new “ruler” format will allow up to a petabyte of storage on a single 1U server rack… By using 3D-NAND, the ruler crams in even more data and will provide more stability with less chance of catastrophic failure with data loss. The company has promised that the Ruler will have more bandwidth, input/output operations per second and lower latency than SAS… As part of the announcement, Intel also announced a range of “hard drive replacement” SSDs — the S4500 and S4600 0 which are said to have the highest density 32-layer 3D NAND on the market, and are specifically aimed at data centres that want to move to solid state simply and if necessary, in stages. Read more of this story at Slashdot. 
Upon close inspection of the Windows 10 build that Microsoft accidentally pushed to insiders last week, several users are reporting discovering the reference of a new Windows 10 SKU. From a report: In a leaked slide, Microsoft describes the edition as “Windows 10 Pro for Workstation” with four main capabilities: 1. Workstation mode: Microsoft plans to optimize the OS by identifying “typical compute and graphics intensive workloads” to provide peak performance and reliability when Workstation mode is enabled. 2. Resilient file system: Microsoft’s file system successor to NTFS, dubbed ReFS, is enabled in this new version, with support for fault-tolerance, optimized for large data volumes, and auto-correcting. 3. Faster file handling: As workstation machines are typically used for large data volumes across networks, Microsoft is including the SMBDirect protocol for file sharing and high throughput, low latency, and low CPU utilization when accessing network shares. 4. Expanded hardware support: Microsoft is also planning to allow Windows 10 Pro for Workstation on machines with up to 4 CPUs and a memory limit of 6TB. Windows 10 Pro currently only supports 2 CPUs. Read more of this story at Slashdot. 
An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.