Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution. Read more of this story at Slashdot.
View article:
Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update
An anonymous reader writes: Microsoft’s security team has come across a malware family that uses Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it’s part of Intel’s ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. Inside Intel’s ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won’t detected malware using AMT SOL to exfiltrate data. The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer. Details about PLATINUM’s recent targets and attacks are available in a report [PDF] Microsoft released yesterday. Read more of this story at Slashdot.
View the original here:
Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls
PCs are making a comeback, if the news out of Computex 2017 is any indication, and Microsoft wants to make sure they’re all constantly connected . To support that vision, Intel is making its current and future modems compatible with e-SIMs, so future laptops can connect to LTE networks without physical SIM-card trays. That’s because the technology you’d typically find in a SIM card will be embedded into its modems, so you can connect your machine just by entering a phone number and avoid having to fiddle with a tiny tray. The chip maker says it is working on validating “e-SIM-enabled always-connected platforms with multiple carriers using the Intel XMMTM 7260 modem and our upcoming Intel XMM 7360 modem.” At its keynote, Microsoft announced a slew of carriers that will support the e-SIM devices, including T-Mobile, AT&T, Vodafone and other international service providers. The always connected PC project is another part of the two brands’ Project Evo collaboration to deliver Windows devices across multiple product categories. So this could mean e-SIM-enabled speakers or VR headsets in future, too. Click here to catch up on the latest news from Computex 2017!
View post:
Intel adopts e-SIM to support Microsoft’s connected PC vision
Last year at Computex, Intel unveiled its first 10-core consumer CPU , the company’s move into the world of a “megatasking.” It was a pricey chip, launching at around $1, 700, but it satisfied the needs for users who needed to juggle several intensive tasks at once. Now, Intel is upping the ante with a whole new family of processors for enthusiasts, the Core X-series, and it’s spearheaded by its first 18-core CPU, the i9-7980XE. Priced at $1, 999, the 7980XE is clearly not a chip you’d see in an average desktop. Instead, it’s more of a statement from Intel. It beats out AMD’s 16-core Threadripper CPU , which was slated to be that company’s most powerful consumer processor for 2017. And it gives Intel yet another way to satisfy the demands of power-hungry users who might want to do things like play games in 4K while broadcasting them in HD over Twitch. And as if its massive core count wasn’t enough, the i9-7980XE is also the first Intel consumer chip that packs in over a teraflop worth of computing power. If 18 cores is a bit too rich for you, Intel also has other Core i9 Extreme Edition chips in 10, 12, 14 and 16-core variants. Perhaps the best news for hardware geeks: the 10 core i9-7900X will retail for $999, a significant discount from last year’s version. All of the i9 chips feature base clock speeds of 3.3GHz, reaching up to 4.3GHz dual-core speeds with Turbo Boost 2.0 and 4.5GHz with Turbo Boost 3.0. And speaking of Turbo Boost 3.0, its performance has also been improved in the new Extreme Edition chips to increase both single and dual-core speeds. Rounding out the X-Series family are the quad-core i5-7640X and i7 models in 4, 6 and 8-core models. While it might all seem like overkill, Intel says its Core i9 lineup was driven by the surprising demand for last year’s 10-core chip. “Broadwell-E was kind of an experiment, ” an Intel rep said. “It sold… Proving that our enthusiast community will go after the best of the best… Yes we’re adding higher core count, but we’re also introducing lower core counts. Scalability on both ends are what we went after.” As you can imagine, stuffing more cores into a processor leads to some significant heat issues. For that reason, Intel developed its own liquid cooling solution, which will work across these new chips, as well as some previous generations. All of the new Core i9 processors, along with the 6 and 8-core i7 chips, feature scorching hot 140W thermal design points (TDPs), the maximum amount of power that they’ll draw. That’s the same as last year’s 10-core CPU, but it’s still well above the 91W TDP from Intel’s more affordable i7-7700K. Over the past few years, Intel’s laptop chips have been far more interesting than its desktop CPUs. Partially, that’s because the rise of ultraportables and convertible laptops have shifted its focus away from delivering as much computing power as possible, to offering a reasonable amount of processing power efficiently. The new Core i9 X-series processors might not be feasible for most consumers, but for the hardware geeks who treat their rigs like hot rods, they’re a dream come true.
More:
Intel’s Core i9 Extreme Edition CPU is an 18-core beast
For most people, Zephyrus is the Greek god of the west wind, gently bringing spring, and fruit, to the peoples of the world. For gamers, you can be damn sure that definition is going to be quickly supplanted by the one created by ASUS’ Republic of Gamers today. Now, Zephyrus means a pretty damn powerful gaming laptop in a surprisingly slender body, measuring in at just 16.9mm thick when closed, making it the “world’s slimmest.” By way of comparison, Razer’s latest Blade Pro , a high water mark for such laptops, stands at 22.5mm. It appears that ASUS has been one of the principal beneficiaries of NVIDIA’s Max-Q design program that shrinks high-powered gaming laptops. The initiative was announced earlier today, with NVIDIA promising to help laptop makers build devices with top-end internals like the GTX 1080 without the heft. In fact, NVIDIA’s promise is that the first generation of Max-Q laptops will be three times as fast as their immediate predecessors while being three times as thin. Part of that thinness is down to a new thermal design that, when the laptop is open, opens an exhaust port on the underside. That, the company promises, will ensure that your lap won’t get fried when you’re using this on the go. Since Zephyrus ships with the Windows 10 Creators Update, it will take advantage of both Windows Game Mode and Beam’s streaming service. In addition, the device has a new type of trackpad that sits to the right of the keyboard to make life easier for gamers. That trackpad also, apparently, pulls double duty as a numeric keypad for when you need to type out large numbers. Oh, and you’ll be able to customize the keyboard’s lighting scheme that will even let you single out the WASD and QWER keys for night-time fragging sessions. ASUS ROG also wanted to talk about how its laptops aren’t simply for gamers with large wallets when fans of different genres have different needs. A MOBA gamer, for instance, may not need as fast a display as one who’s seriously into FPS. Which is why the company has unveiled a pair of Strix laptops that are tailored specifically to the needs of those two genres. The ROG Strix SCAR Edition is engineered to give FPS gamers a vital edge, with Intel Core i7 processors, NVIDIA GeForce GTX 10 series and an ultrafast, 120Hz, 5ms display. Meanwhile, the ROG Strix Hero Edition is designed for MOBA fans who are geared towards eSports, packing Intel Core i7 processors, NVIDIA GeForce GTX 10 Series graphics and a 120Hz wide-view display with rich color fidelity. This breaking news story is developing, please refresh for more information. Click here to catch up on the latest news from Computex 2017!
Visit link:
ASUS crams a GTX 1080 into a 16.9mm-thick laptop
Computex is right around the corner. While we don’t generally cover PC component updates, this leak about Intel’s plan is interesting. The company is apparently about to unveil a new lineup of desktop CPUs with a new high-end Core i9 CPU with 12 cores. Intel’s plans leaked on AnandTech’s board. It looks like some employee or partner took a photo of a PowerPoint… Read More
View original post here:
Intel could be about to release a very expensive Core i9 CPU
Enlarge (credit: Intel ) A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday , the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Read 5 remaining paragraphs | Comments
View article:
The hijacking flaw that lurked in Intel chips is worse than anyone thought
Enlarge (credit: Intel ) A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday , the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Read 5 remaining paragraphs | Comments
Visit link:
The hijacking flaw that lurked in Intel chips is worse than anyone thought
Enlarge (credit: Intel ) A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday , the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Read 5 remaining paragraphs | Comments
See the article here:
The hijacking flaw that lurked in Intel chips is worse than anyone thought
Enlarge (credit: Intel ) A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday , the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Read 5 remaining paragraphs | Comments
See more here:
The hijacking flaw that lurked in Intel chips is worse than anyone thought