From The Blog

Thursday, 10 February 2022 12:31

Nvidia-ARM Deall off Citing Regulatory Challenges

Written by

In September 2020 Nvidia announced that it was in talks to acquire ARM Holdings from SoftBank Group Corp. The deal was not surprising, but it did send waves through the industry. The concerns around this deal were and are the same as the ones currently surrounding the Microsoft-Activision deal. Given the level of competition in the industry, would Nvidia use its new purchase to create roadblocks for their competition? Nvidia has always maintained that they would never do anything like this, but their assurances were never enough to get past regulators.

The Threat Landscape is an interesting topic of discussion. It is a constantly changing thing and even the best predictions can often fall short of the actual threat. This is because in most cases, the attackers are a step ahead of the defenders. They have the advantage, to coin a D&D phrase, they won the initiative roll. Defenders are always waiting to see what might happen, they plan without really knowing what the attackers are going to do which means they have to be secure everywhere (not really a possibility). To help them put their resources in the right places, most security teams rely on threat intelligence feeds and an understanding of the Threat Landscape.

The news has been abuzz about the $65+ Billion-dollar purchase of Activision/Blizzard by Microsoft. It has been seen as an opening shot in a new stage in the console wars and is, even now, under review by the FTC. However, there are rumors that Mandiant and Microsoft are in talks about a potential acquisition of the Incident Response company. These rumors come on the heels of an announcement by Mandiant that they are partnering with NextGen XDR developer SentinelOne. Where to start on this one…

UEFI (Unified Extensible Firmware Interface) was designed to replace the old and outdated BIOS (Baic Input Output System). The older BIOS setup was slow and not very secure. It gave attackers several entry points for infection and persistence at that level. The older BIOS standard was also susceptible to attack and compromise (think the Chernobyl BIOS virus). Something new needed to be put in place to help speed things up and help account for more complex hardware and software. Hence the UEFI was born.

Facebook has not had the best history when it comes to handling online bullying, social stalking and even sexual abuse and exploitation. They do have and are continuing to develop tools to fight against this, but for the most part they do not take a very proactive role in policing this type of behavior. To some it seems that they spend more time “fact checking” and policing opinions than they do addressing any truly bad behavior. It is up to the user to make sure they are practicing good and safe habits when using Facebook or Instagram, not the platform.

Wednesday, 09 February 2022 08:34

Follow Us

The concept of the app as opposed to the application is one of those nuanced distinctions that miss many people. When it comes to a mobile device an app is a bundle that that allows the installation of an application and its dependencies like an Android APK or Linux installer package. On Windows this has been a foreign concept as the thick application installer has been the defacto for so long. The .exe and .msi application is just how things get done. With the launch of Windows 8 and the “Microsoft Store” the app came to Windows.

The rise of the smart device meant that more and more people were going to be using these for more than just communication. Mobile banking, mobile home automation, mobile car monitoring, you name it, there is probably an app for it. With this new and powerful accessibility there comes risk. Attackers know that mobile security is not exactly where it should be, and that people are more trusting on their phones than they might be on their laptops and desktops (maybe). We also have the issue with how mobile apps access the information they have permissions to and display it to the user. To call mobile device security a mess would be a gross understatement.

Back in the late 90s’ the first macro viruses appeared on the scene. The leveraged a feature of Microsoft Office that allowed a malware developer to execute programmed instructions via the office interface. This new option opened a lot of avenues for inserting a malicious payload on to a target system. Now some 20+ years later Microsoft is finally really doing something about this hole in their Office product. The are blocking all downloaded/external macros by default.

There has been a lot of talk about Meta’s The Reality Labs department losing $10 Billion on devilment of Metaverse. Mant articles have focused on the negative and the overall amount of money lost while others have chosen to focus on more positive or normalized effects of the loss and what is means long term. The argument seems to be split in a couple of ways. The first is that $10 Billion is not a devastating loss in terms of R&D on a potential defining product for a company that made $117+ Billion in 2021. The second is that a $10 Billion dollar loss on a new product is a bad thing and might be an indication of a lack of true acceptance.