The Point of Sale (PoS) station is probably one of the most targeted devices in recent years. There are multiple reasons for this: older operating systems, the need to POS users to have admin rights, generic logons for the “windows” accounts, and more. Most PoS softare is very resistant to attempts to properly secure it including getting all sorts of bent out of shape when you try to apply restrictive security policies to them. I have even seen them stop working because the removable drive mount option is removed from USB ports using a group policy object.
Back in August of 2014 while covering DEFCON 22 we sat in on a talk about how insecure the UEFI BIOS was and how it could potentially grant a malicious person ring zero access to your system. The talk was given by Corey Kallenberg and Xeno Kovah and they showed just how easy it would be to plant non-removable malware into the UEFI BIOS as well as how easy it would be to kill the BIOS remotely by affecting only two lines of code in the BIOS.
We have talked about some of the challenges that AMD is facing due to poor sales (and bad leadership), but many of these challenges have not been as evident as what is happening in the GPU world. Although we have talked a little bit about AMD’s next generation cards from the top of the heap, we have not really looked at what is happening with the rest of the line.
So, remember that comment Microsoft made about upgrading non-genuine version of Windows 7 and 8.x to Windows 10? Well we finally have some more information on that. Sadly the new information causes more confusion than it clears up. According to Microsoft the non-genuine upgrades will “not be supported by Microsoft or a trusted partner”. This is interesting as we do not know of any pirate that has ever gone to Microsoft or a trusted partner for help with their illegal copy of Windows.
During NVIDIA’s recent GTC announcements the world was shown the new Titian X with 12GB of GDDR5. This impressive monster of a card has shown that it has a large amount of power to push your games and other graphical information. While the Titian X received adoration and several very positive reviews from the technical press there was another story that was also very important. This was the conversation about NVIDIA’s next GPU, Pascal.
Microsoft is making a bold move with Windows 10 and we are not just talking about a redesign of the OS here. It seems that they would really like people to move from Windows 7 and 8.x to Windows 10. To entice you they are offering free upgrades to anyone with a qualifying system. What makes things even more interesting is that there is talk that the upgrade will even be available to non-genuine versions of Windows. This last bit is very much out of pattern for Microsoft, but we have a pretty good idea of why they are doing it.
Despite a valiant attempt to label P2P transfers and BitTorrent as the devil Microsoft and others are looking to move this direction for updates and other services. In the latest build of Windows 10 the new P2P updating mechanism was found hiding out as an option in the code. Fortunately Microsoft does give you a few options when it comes to this new feature.
According to recent reports The Pirate Bay has suddenly become available in the UK for almost all ISPs. The change happened when the Pirate Bay moved to CloudFlare and turned on HTTPS Strict. Once this was done things turned around for the notorious site. What is interesting is that ISPs that were previously blocking the site do not appear to be scrambling to get it back under control. The exact reason for the sudden reappearance of the site is unclear, but speculation is that using CloudFlare’s HTTPS Strict made all the difference.
Gasp! There has been another published attack on the TOR Project. This time the attack and compromise technique comes from the gang at Princeton. The Princeton team claims that their new methods are around 95% successful and only require traffic in one direction. The information that they have presented is interesting and certainly could be used to grab information from users of the anonymous service, but it is not really new and not surprising to hear about.
Data collection, monitoring, storage, and mining are simply part of our online lives. If you connect to a site, it is going to collect some information about you. If nothing else it will collect the session information (IP address, time on site, pages read etc.), but will not use that for anything more than understanding traffic. Other sites will collect and maintain more information than that and in extreme cases you will get much more collected than that. However, no one seems to know what use this data is being put to and if there is any benefit to the collection at all.