Enlarge / The Trusted Execution Environment means that, even if the application and operating system are compromised, the green code and data can’t be accessed. (credit: Microsoft ) Microsoft announced today a new feature coming to its Azure cloud platform named “Confidential Compute.” The feature will allow applications running on Azure to keep data encrypted not only when it’s at rest (in storage) or in transit (over a network) but when it’s being computed on in-memory. This ability to encrypt data when it’s in-use means that it can be kept secure even from Microsoft’s administrators, government warrants, and hackers. Confidential Computing will have two modes: one is built on virtual machines, while the other uses the SGX (“Software Guard Extensions”) feature found in Intel’s recently introduced Skylake-SP Xeon processors. Both modes will allow applications to ringfence certain parts of their code and data so that they operate in a “trusted execution environment” (TEE). Code and data that are inside a TEE cannot be inspected from outside the TEE. The virtual machine mode uses the Virtual Secure Mode (VSM) functionality of Hyper-V that was introduced in Windows 10 and Windows Server 2016. With VSM, most parts of an application will run in a regular virtual machine atop a regular operating system. The protected, TEE parts will run in a separate virtual machine containing only a basic stub operating system (enough that it can communicate with the regular VM) and only those parts of the application code that need to handle the sensitive data. Read 4 remaining paragraphs | Comments
Read the original:
Azure Confidential Computing will keep data secret, even from Microsoft
Taringa, also known as “The Latin American Reddit, ” has been compromised in a massive data breach that has resulted in the leaked login credentials of almost all of its over 28 million users. The Hackers News reports: The Hacker News has been informed by LeakBase, a breach notification service, who has obtained a copy of the hacked database containing details on 28, 722, 877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 — which has been considered outdated even before 2012 — that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5? LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords successfully within just a few days. The data breach reportedly occurred last month, and the company then alerted its users via a blog post: “It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators.” the post (translated) says. “At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.” Read more of this story at Slashdot. 
Slashdot reader cdreimer quotes the New York Times: Alkaline batteries can be made far more cheaply and safely than today’s lithium-ion batteries, but they are not rechargeable… Ionic Materials could change that equation with an alkaline battery the company said could be recharged hundreds of times. One additional benefit of the company’s breakthrough: An alkaline battery would not be as prone to the combustion issues that have plagued lithium-ion batteries in a range of products, most notably some Samsung smartphones. Cheaper and more powerful batteries are also considered by many to be the driver needed to make the cost of renewable energy technologies like wind and solar competitive with the coal, gas and nuclear power that support the national energy grid. The company “has demonstrated up to 400 recharge cycles for its prototypes, ” and it’s now even investigating aluminum-based alkaline batteries which would also be lighter than lithium-ion batteries. The company is backed by Sun Microsystems co-founder Bill Joy, who also envisions the batteries being used in electric cars. Read more of this story at Slashdot. 
The Document Foundation has released LibreOffice 5.4. Again, it’s on time, arriving six months after the release of LibreOffice 5.3. From a report: LibreOffice 5.4 is “the last major release of the LibreOffice 5.x family, ” and like other point releases is a major one, adding features across all components and incrementally improving compatibility with Microsoft Office document formats. Highlights include a new standard color palette based on the RYB (Red Yellow Blue) color model. File format compatibility improvements include better support for EMF vector images and higher quality rendering of imported PDF files (with support for embedding video in exported PDFs from Writer and Impress). Also added is OpenPGP key support for signing ODF documents in Linux. LibreOffice Writer adds new context menu items for working with sections, footnotes, endnotes and styles. Users can now import AutoText entries from Microsoft Word .dotm templates. The full structure of bulleted and numbered lists is now preserved when pasted as plain text, and users gain the ability to create custom watermarks for their documents via the Format menu. Read more of this story at Slashdot.