Set bug panic meters to 'important'
By John Leyden 30th July 2009
Intel has warned that some of its motherboards contain a flaw in their BIOS setup that creates a privilege escalation vulnerability. As a result of the security bug, users already logged in as administrators could change code running in System Management Mode. SMM is a privileged operating environment that operates outside of operating system control, creating a possible mechanism (at least in theory) for mounting rootkit-style attacks on vulnerable systems. Exploiting the bug would probably require physical access to affected systems, a fair amount of skill and not a little luck in locating a vulnerable box. Desktop and server systems are both potentially affected by the bug, described by Intel as "important", so the flaw still merits close attention. BIOS updates designed to mitigate against attack are available for vulnerable Intel motherboards, as explained in an advisory by the chip giant issued on Wednesday.
Read more here -->Link
Also read this -->Intel Confirms SSD Data Corruption Issue, Suspends Shipments Pending Firmware Update
Thursday, July 30, 2009
More Holes Found in Web's SSL Security Protocol
By Robert McMillan, Jul 30, 2009
Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet. At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers. This type of attack could let an attacker steal passwords, hijack an on-line banking session or even push out a Firefox browser update that contained malicious code, the researchers said. The problems lie in the way that many browsers have implemented SSL, and also in the X.509 public key infrastructure system that is used to manage the digital certificates used by SSL to determine whether or not a Web site is trustworthy. A security researcher calling himself Moxie Marlinspike showed a way of intercepting SSL traffic using what he calls a null-termination certificate. To make his attack work, Marlinspike must first get his software on a local area network. Once installed, it spots SSL traffic and presents his null-termination certificate in order to intercept communications between the client and the server. This type of man-in-the-middle attack is undetectable, he said.
Read more here -->Link
Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet. At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers. This type of attack could let an attacker steal passwords, hijack an on-line banking session or even push out a Firefox browser update that contained malicious code, the researchers said. The problems lie in the way that many browsers have implemented SSL, and also in the X.509 public key infrastructure system that is used to manage the digital certificates used by SSL to determine whether or not a Web site is trustworthy. A security researcher calling himself Moxie Marlinspike showed a way of intercepting SSL traffic using what he calls a null-termination certificate. To make his attack work, Marlinspike must first get his software on a local area network. Once installed, it spots SSL traffic and presents his null-termination certificate in order to intercept communications between the client and the server. This type of man-in-the-middle attack is undetectable, he said.
Read more here -->Link
Adobe confirms Flash contains Microsoft dev code bug
By Gregg Keizer July 29, 2009
Adobe stepped forward yesterday to acknowledge that it's the first major third-party vendor to have used Microsoft's flawed development code in its products. According to multiple security advisories posted to its site on Tuesday, the Windows versions of Adobe's Flash Player and Shockwave Player harbor vulnerabilities because Adobe used a buggy Microsoft code "library" during their development. It's no surprise that Flash Player is vulnerable to attack. Three weeks ago a pair of German researchers reported finding numerous third-party applications that contain the flawed library code, and named Flash as an example. Adobe patched Shockwave Player yesterday, and will follow that tomorrow with a previously-scheduled update for the far-more-popular Flash Player. "We evaluated the impact of the vulnerable versions of the Microsoft Active Template Library (ATL) on the Adobe product portfolio [and] determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL," said Wendy Poland, of Adobe's security team in an company blog entry.
Read more here -->Link
Adobe stepped forward yesterday to acknowledge that it's the first major third-party vendor to have used Microsoft's flawed development code in its products. According to multiple security advisories posted to its site on Tuesday, the Windows versions of Adobe's Flash Player and Shockwave Player harbor vulnerabilities because Adobe used a buggy Microsoft code "library" during their development. It's no surprise that Flash Player is vulnerable to attack. Three weeks ago a pair of German researchers reported finding numerous third-party applications that contain the flawed library code, and named Flash as an example. Adobe patched Shockwave Player yesterday, and will follow that tomorrow with a previously-scheduled update for the far-more-popular Flash Player. "We evaluated the impact of the vulnerable versions of the Microsoft Active Template Library (ATL) on the Adobe product portfolio [and] determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL," said Wendy Poland, of Adobe's security team in an company blog entry.
Read more here -->Link
AMD finally steps up and offers CrossFire Pro, Genlock/Framelock support
by Theo Valich 7/29/2009
In a run up to next week's Siggraph 2009 conference in New Orleans, AMD launched its most powerful FirePro card to date - FirePro V8750 2GB. This successor to 2900XT-based V8650 2GB is based on RV770 architecture [Radeon 4870], but features 2GB of ultra-fast GDDR5 memory. The card boasts 115.2 GB/s of memory bandwidth, a record in the world of professional graphics - given that previous fastest card had 102 GB/s [nVidia Quadro FX 5800], it just goes to show the advantages of GDDR5 memory over previous memory standards. AMD is pitching this card against Quadro CX and FX4800, which is visible in the output department too: V8750 comes with single DVI-I output and two DisplayPorts, just like FX4800. It looks like the new standard for visual professionals is two displays connected via DisplayPort and a DVI output for legacy displays or a HDMI adapter. But AMD didn't just release one single card. Starting with FirePro V8750, the company is now finally supporting multiple graphics cards, using ATI CrossFire Pro technology. By using CrossFire Pro-approved cable, you can connect two graphics cards and enjoy in 1600 shader processors rendering a single viewport in a visual app such as 3ds Max, AutoCAD, Maya, modo, Pro/Engineer, CATIA or the newcomer, MachStudio Pro.
Read more info here -->Link
In a run up to next week's Siggraph 2009 conference in New Orleans, AMD launched its most powerful FirePro card to date - FirePro V8750 2GB. This successor to 2900XT-based V8650 2GB is based on RV770 architecture [Radeon 4870], but features 2GB of ultra-fast GDDR5 memory. The card boasts 115.2 GB/s of memory bandwidth, a record in the world of professional graphics - given that previous fastest card had 102 GB/s [nVidia Quadro FX 5800], it just goes to show the advantages of GDDR5 memory over previous memory standards. AMD is pitching this card against Quadro CX and FX4800, which is visible in the output department too: V8750 comes with single DVI-I output and two DisplayPorts, just like FX4800. It looks like the new standard for visual professionals is two displays connected via DisplayPort and a DVI output for legacy displays or a HDMI adapter. But AMD didn't just release one single card. Starting with FirePro V8750, the company is now finally supporting multiple graphics cards, using ATI CrossFire Pro technology. By using CrossFire Pro-approved cable, you can connect two graphics cards and enjoy in 1600 shader processors rendering a single viewport in a visual app such as 3ds Max, AutoCAD, Maya, modo, Pro/Engineer, CATIA or the newcomer, MachStudio Pro.
Read more info here -->Link
Yahoo committed seppuku today
By Jason 7/30/09
The once proud warrior of the internet space laid down its sword, knelt at the feet of Microsoft and gutted itself today. There was no honor in this death, it was one brought by the shame of losing to Google and a lack of faith in one’s ability to compete in the space they created. To be clear, Yahoo didn’t need to do this deal, Microsoft did. Ultimately Yahoo will look back at this moment as the second–and perhaps fatal–mistake in their epic history. Search is the most important business of the 21st century and owning a commanding lead in second place is not insignificant. At one time Yahoo was the number one search engine and portal. However, they didn’t see the value in search and decided to syndicate that piece of their business to a small company called Google. For a couple of years we all experienced Google in Yahoo’s wrapper. Our only indication of who made this wonderful tool was a tiny “Powered by Google” logo on the top right of the page. We noticed and we learned. The thought leaders went directly to Google and dragged everyone but the laggards (Yahoo’s current 20% market share) with us. Yahoo accelerated the ascent of the master. Had Yahoo not given their search franchise over to Google back then, there is a good chance that the race for the most important business of the 21st century would be a dead heat. Certainly it would be closer. Today, with their Microsoft deal, Yahoo again undervalues their search asset. Again, they will be “Powered by…” and again they will destroy their brand and its value.
Read more info here -->Link
The once proud warrior of the internet space laid down its sword, knelt at the feet of Microsoft and gutted itself today. There was no honor in this death, it was one brought by the shame of losing to Google and a lack of faith in one’s ability to compete in the space they created. To be clear, Yahoo didn’t need to do this deal, Microsoft did. Ultimately Yahoo will look back at this moment as the second–and perhaps fatal–mistake in their epic history. Search is the most important business of the 21st century and owning a commanding lead in second place is not insignificant. At one time Yahoo was the number one search engine and portal. However, they didn’t see the value in search and decided to syndicate that piece of their business to a small company called Google. For a couple of years we all experienced Google in Yahoo’s wrapper. Our only indication of who made this wonderful tool was a tiny “Powered by Google” logo on the top right of the page. We noticed and we learned. The thought leaders went directly to Google and dragged everyone but the laggards (Yahoo’s current 20% market share) with us. Yahoo accelerated the ascent of the master. Had Yahoo not given their search franchise over to Google back then, there is a good chance that the race for the most important business of the 21st century would be a dead heat. Certainly it would be closer. Today, with their Microsoft deal, Yahoo again undervalues their search asset. Again, they will be “Powered by…” and again they will destroy their brand and its value.
Read more info here -->Link
Subscribe to:
Posts (Atom)