Intel raised the bar in the processing game when this Tuesday they announced the release of the first 32nm processors. The big selling point here, according to the vendor, is the security aspects.
From The Taiwan Economic Times:
According to world`s No.1 chipmaker, the new processors are the industry`s first 32nm enterprise-grade devices integrating security capabilities that enhance data integrity and server virtualization as well as first six-core embedded computing processors. New structures enable the processors to deliver up to 60% greater performance than the 45nm Intel Xeon 5500 cousins, allowing data centers to replace 15 single-core servers with only one Xeon 5600-driven server and achieve a return on their investment in as little as five months.
The big selling points here being cloud computing and the financial sector. The real rub here will be how it will stand up against Joanna Rutkowska this time. Last time this is what happened (.pdf).
(Image used under CC from Josh Bancroft)
One of our personal favs here at the Digest, Diebold, is back in the news.
From slashdot:
“Premier Election Solutions’ (formerly Diebold) GEMS 1.18.19 election software audit logs don’t record the deletion of ballots, don’t always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State’s office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California
Wow.
And this gem,
Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator.
Why…
Read on.
I love stories like the one where a Mac user helped the cops apprehend her laptop thief. But, what if your laptop got pinched? Would you be prepared? Is the hard drive encrypted? Is the data backed up somewhere? Will your accumulated collection of feet pictures cause you some degree of embarrassment?
Well, the feet notwithstanding (ugh), the makers of the Lenovo Thinkpad have added an interesting feature. I thought I wrote about this at the time but, for the life of me I could find it. Ah well.
The feature (taking my methylphenidate) is a chance to brick your stolen laptop and completely piss of the jackass who purloined your loin cooker. Just send it an SMS message and bingo, she’s locked up.
From Dark Reading:
“If a hard drive is turned on and the OS is loaded, the encryption technology makes all the data on the drive available in clear text to the operating system,” Cannady says. “If someone steals my PC off my desk or off the table in Starbucks and I’m logged on and the lid is down in ’suspend’ mode, there’s a chance [the thief] could get that data — even though I have military-grade encryption technology turned on.”
Cannady says the new Lenovo feature lets you send a kill command directly to the laptop, using a mobile phone. “When the kill command is received, the PC will shut down and refuse to turn on again,” he says.
Which would mean something if you knew your system was missing in the first place. If you were unaware well, you’d be pretty much boned. Worse still if the thief happened to have a faraday cage lying around.
Still, a neat feature.
UPDATE: Received this tweet from Amrit at BigFix.
“BigFix can do that, send a “fixlet” to snap a pic using the built-in iSight camera and then email it. One of our custs sent “fixlets” to 5 stolen laptops w/a pop-up that noted the IP & said they wouldn’t call cops if they were returned. The thief called the # in the pop-up and returned the laptops within the hour”
Ah, the fun it would be to get that call.
Um, whoops.
From Consumer Affairs:
A laptop containing personal information on AT&T employees and management was stolen from an employee’s vehicle last month, the company said.
The laptop, which had no encryption or security protection beyond a password lock, contained names, Social Security numbers, and salary information for an undisclosed number of workers.
Employees were notified of the theft on May 22, seven days after the theft, according to privacy watchdog PogoWasRight.org, which first reported the story. In a letter to employees, AT&T said that, “The measures and precautions we put in place to protect the security of company-owned property and our employees’ personal information were not followed.”
AT&T said that the responsible employee “has been disciplined.”
Disciplined you say?
Muawhaha!
Here’s an interesting article. Apparently people have been noticing that their broadband modems have been crashing. It turns out that the culprit could very well be Windows XP with SP3.
From APCMAG:
Broadband modem/router maker Billion says XP SP3 has been causing its BiPAC 5200-series routers to go into a constant crash and reboot cycle.
The company has produced firmware upgrades that solve the problem.
Although Windows XP SP3 has been available for manual download from Microsoft since May 6, it has just hit Windows Update as an automatic upgrade, which will cause unexpected problems for owners of “unpatched” Billion BiPAC 5200 routers, and possibly other brands or models of router.
The affected BiPAC 5200 firmware versions are 2.9.8.x and 2.11.0.x~2.11.33.x.
Reminds me of the problem that Vista caused on wireless networks when it first came out.
OK, this is an odd story developing out of New Jersey. Ed Felton from Princeton has received a thinly veiled threat from the manufacturer of an e-voting machine, Sequoia Voting Systems. The state of NJ had apparently made it known that they were going to furnish Ed with one of the machines to test as they had concerns with it. Now, I’m no fan of e-voting. That whole lack of an audit trail makes me squeamish. Call me old fashioned. Things turned strange when an email was sent to Felton from the vendor. Here is a reprint from Felton’s site in case it happens to get taken down.
Sender: Smith, Ed [address redacted]@sequoiavote.com
To: felten@cs.princeton.edu, appel@princeton.edu
Subject: Sequoia Advantage voting machines from New Jersey
Date: Fri, Mar 14, 2008 at 6:16 PMDear Professors Felten and Appel:
As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.
Very truly yours,
Edwin Smith
VP, Compliance/Quality/Certification
Sequoia Voting Systems
Interesting reaction.
Green you say?
From Silicon dot com:
Microsoft chief executive Steve Ballmer has claimed that more efficient use of IT is one of the company’s main priorities for the future, despite the fact the company has been widely criticised for producing processor-hungry software.
Speaking at the CeBit technology show in Hanover, the Microsoft boss described how the software maker is collaborating with German nuclear power provider Yello Strom. Yello Strom’s managing director Martin Vesper demonstrated a “Yello-saving counter” – a Vista widget that lets consumers monitor their home power via a PC.
Ballmer explained PCs and other technology still consume far too much electricity. He said: “The lowering of energy consumption is as important for us as new uses of software and IT for the environment.”
And a great deal of this is due to the requirements that are needed to run Vista in the first place. Throwing a can of paint on Vista will not make it green.
From Computerworld:
USB flash drives are very small, very portable, very convenient — and very easy to lose. In fact, the question to ask these days isn’t how to avoid losing your flash drive, but how to make sure your data is safe when you do. As a result, Computerworld decided it was time to look at seven USB flash drives that are outfitted with security features to keep your data safe.
We did what most IT managers and users would do and asked some of the top vendors for their most secure USB flash drives. All but one of these products use some form of the Advanced Encryption Standard (AES) encryption, either 128-bit or 256-bit (according to experts, there’s not much of a difference between 128-bit and 256-bit levels of AES encryption for ordinary purposes, as neither has yet been broken).
There was some variation in the implementation of the encryption on these drives — some use AES keys derived from a user’s password, while others use encryption keys generated by a hardware-based random number generator.
Our three reviewers — Bill O’Brien, Rich Ericson and Lucas Mearian — did not test the encryption algorithms themselves (that’s a subject for another article), but did test the drives’ performance, I/O rates, and CPU utilization.
Read on for the full piece. (thx. Ben)
Article Link
Tags: Secure Storage, Secure Data, Data Security, USB Drives
Just in.
From the Standard:
U.S. and Canadian law enforcement authorities have seized more than US$78 million worth of counterfeit Cisco Systems networking equipment in an ongoing investigation into imports from China, the U.S. Department of Justice and other agencies announced Friday.
The coordinated operation, begun in 2005, has resulted in more than 400 seizures of Cisco hardware and labels, the DOJ said in a news release. The operation targets the illegal importation and sale of counterfeit network hardware such as routers, switches and network cards. One of the operation’s goals is to protect the public from network infrastructure failures associated with the counterfeits, the DOJ said.
“Counterfeit network hardware entering the marketplace raises significant public safety concerns and must be stopped,” Assistant Attorney General Alice Fisher of the DOJ’s Criminal Division, said in a statement. “It is critically important that network administrators in both private sector and government perform due diligence in order to prevent counterfeit hardware from being installed on their networks.”
The agencies that worked together on the operation included the U.S. Federal Bureau of Investigation’s Cyber Division, U.S. Immigration and Customs Enforcement (ICE), U.S. Customs and Border Protection (CBP) and the Royal Canadian Mounted Police (RCMP).
$2 million worth of the bust was captured in Toronto today. No word on who exactly was selling it at this point.
Tags: Fake Cisco Gear, Chinese Cisco Gear, Operation Cisco Raider, China Cisco, CSCO
From the Times Online UK:
‘Chip and PIN’ cards which require customers to enter a four-digit code before purchasing goods may not be as safe as previously thought, according to research.
Customers may unwittingly be handing over their card details and pin number when using the new terminals, which have been widely rolled out at supermarkets, service stations and other outlets, a group of computer security academics has claimed.
According to the research, with a relatively simple 10 minute procedure a merchant can program a chip and PIN terminal to capture all the information needed to clone a chip and PIN card, as well as the customer’s PIN number.
The fraudster would then be free to make withdrawals from the customer’s bank account, as well as commit identity fraud, the group said. The researchers, from the Computer Laboratory at the University of Cambridge, said they had no evidence to suggest the problem was widespread, though they were aware of several instances of it happening, including one at a Shell garage in 2006.
They said the vulnerability was caused by manufacturers’ failure to build appropriate encryption technology into the devices, known as PIN-entry devices (PEDs), which meant that information passed between the card and the device unprotected.
Tags: Chip And PIN, PIN Number
