With the rise of the crowd funding the consumer electronic world has been given an interesting kick in a new direction. We are now seeing some very interesting tech from companies that we might never have heard of if it were not for crowd funding. This has both good and bad consequences, although the good do outweigh the bad at this stage. One item that was brought to our attention is SVET. If you are not familiar with SVET is it a new type of lighting technology that claims it is healthier than any other light in use.
It seems that the US Air Force has taken a pretty big hit when it comes to the storage of the data related to internal investigations. The system that they have been using has had a glitch that resulted in the loss of around 12 years of data. Normally this would only be a big deal until the backup was restored, but… there was no back up of this data as a complete set. There might be subsets of this data in other systems scattered throughout the US Air Force systems, but even that is not for sure.
AMD might have some demo Zen silicon to show off at their expected press conference during Computex. This is the rumor that is coming from multiple sources at the moment. If true, this would be good for AMD for a couple of reasons. The first is the most obvious; they would have a real product to show off to the press. This will, of course, generate a lot of press and conversation about Zen. It will also get consumers eager for Zen, if, the demos can showcase performance that compares to current Intel hardware in the same class at a price point that is competitive.
We have written numerous articles on how bad corporate mentality is shaping security and risking your data, but we have one more to share with you today. We can also guarantee that this will not be the last one we write about. According to news reports the company EagleSoft has responded to a security researcher (part time) by asking the FBI to treat him like a criminal, instead of just fixing the issue as reported. The researcher’s name is Justin Shafer and his crime was reporting unencrypted patient data left on an open FTP server by EagleSoft. The FTP server did not require a logon to access the data, but EagleSoft, in order to protect themselves are trying to play this off as a criminal act.
It seems that the recent $81 million dollar attack against the Bangladesh Central Bank might have also been about the Seth Rogan Movie “the interview”... ok, not really, but the attack that happened at Sony in 2014 seems to have many things in common with the recent attack that resulted in the theft of $81 million. During the Sony attack the initial blame was centered on the release of the Interview, but that was never confirmed and seemed to be way off base.
Three years ago today DecryptedTech published an article calling out a software distribution company for installing Bitcoin mining software on subscribers’ systems. We highlighted the danger of the trust people put in web services by allowing agent software to run on their systems in order to use a service. Now we hear about a French company Tuto4PC that has taken this one step further and included some nasty little surprises in a utility they require for use of their free tutorial service. The discovery was made by Cisco’s Talos Security Intelligence group and, of course, is being refuted aggressively by the guys at Tuto4PC.
All good things must come to an end. In April of 2013 we published an article that Apple and their iOS based devices would begin to slide in 2016. It was in response to a survey/analysis claiming that Apple would reclaim the crown from Google by 2016 and dominate through 2018. For some reason the technical and financial press were jumping at the announcement for Windows phone 8.x. The fact that Windows phone held a single digit market share at the time did not seem to matter to them.
There is nothing like finding out that all of your protections are useless. This is almost what happened when security researchers found a massive hole in the Windows App Locker protection. Although the news that there is a flaw in any software, much less Windows will come as no surprise it is still a little odd that this one made it through QA testing. The flaw is one that very simple and has already been seen in the wild over the last couple of days. All you need to do to execute code on a system is to direct Regsvr32 to a remotely hosted file. Security researcher Casey Smith found this handy little tidbit of information and states that you do not even need to elevate privileges to get it to work.
It looks like AMD is trying to develop a new revenue stream and also create some additional competition for Intel. Ever since AMD bet the farm on purchasing ATi they have been taking a back seat to Intel. The reasons are many, but one of the big ones was not having enough money for R&D for multiple concurrent projects. After the ATi buy failed to yield results quickly they had to start cutting corners. R&D and marketing were some of the first places hit. Now, many years (and a number of CEOs) later AMD is still fighting to be relevant. They have some solid ideas, but just to not have the capital to put them all on the table at once.
One of the dangers of pointing anything out about the security, or lack of security, with a product or service is the chance that someone will not like what you say and come after you. This is what is happening with Chris Vickery. If you do not know who Vickery is we can give you some background. Vickery is a security researcher that has been focusing on systems and services that cater to kids and parents. He has uncovered some rather unsettling information about a number of products that leak information about kids. The revelations are very disturbing to say the least.