Subscribe to:

Subscribe to :: ::

Can Any Version Of Windows Get Hacked

February 16, 2018 by  
Filed under Computing

Remember those leaked NSA tools?  Well, they can now hack any version of Windows, not just the old version of Microsoft’s operating system.

Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits – EternalSynergy, EternalChampion and EternalRomance – to work against Windows versions dating back as far as Windows 2000.

Going by the name of ‘zerosum0x0’ on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

While other leaked hacking tools like EternalBlue have been attributed to facilitating the likes of WannaCry and NotPetya, which affected systems running older versions of Windows like Windows 7, the modified exploits can be used against Windows 10 builds.

Windows 10 was originally thought to be immune to the stolen NSA tools leaked by hacker group Shadow Brokers. But unpatched versions of Redmond’s latest OS appear to be vulnerable to attacks that make use of the modified code, not that any have been reported out in the wild.

Naturally, ensuring Windows 10 is up-to-date and patched should make any systems running the software immune to the modified hacking tools. But older versions of Windows that are no longer supported by Microsoft could face attacks that put the modified NSA exploits to use if the operating systems are not updated with patches Redmond pushed out in March 2017.

Plonking his modified code on GitHub with the disclaimer that it’s intended for academic research and the development of cyber defences, Dillon said: “This module is highly reliable and preferred over EternalBlue where a Named Pipe is accessible for anonymous logins (generally, everything pre-Vista, and relatively common for domain computers in the wild).”

The trio of modified exploits also boast remote control and code execution features that could be used to wreak havoc on compromised machines.

If you’ve kept up with patches for more recent versions of Windows, then you should be safe from the exploits.

For companies with large and complex IT estates that aren’t all running the latest software, such modified exploits could cause a headache. Either way, such tweaks to the modified NSA tools show that the Eternal family of exploits is still have some life left into them; jeez, thanks for that NSA.


AMD Faces Legal Issues Over Spectre and Meltdown Bugs

February 16, 2018 by  
Filed under Computing

AMD has been sued by a company because of the way it handled the Spectre and Meltdown bugs.

It is not exactly because of the flaws, but because of the speed at which AMD said that it was not in trouble because its chips did not suffer from the bugs.

Rosen Law Firm is a global investor rights firm, where a class action lawsuit has been kicked off on “behalf of purchasers of the securities of Advanced Micro Devices”. The lawsuit details:

“Defendants during the Class Period made materially false and/or misleading statements and/or failed to disclose that: (1) a fundamental security flaw in Advanced Micro’s processor chips renders them susceptible to hacking; and (2) as a result, Advanced Micro’s public statements were materially false and misleading at all relevant times. When the true details entered the market, the lawsuit claims that investors suffered damages”.

So AMD is in deep trouble over saying: “To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors currently. We expect the security research to be published later today and will provide further updates at that time”.

AMD boldly splitting infinitives which had not been split before said the allegations were without merit and it intends to “vigorously defend against these baseless claims”.

AMD’s current CPUs, Zen core-based products, are entirely immune to Meltdown. Type 2 Spectre attacks that work on AMD hardware are tricky to carry out and need a different set of code for the “same” attack on a different device. AMD Type 1 attacks will not work on Intel or ARM hardware because of implementation differences, and the converse is true too. This means hackers would have to tailor their malware to not just the Type 1/2/3 attack but also for the specific hardware.


SAP Goes Deeper Into The Clouds

February 8, 2018 by  
Filed under Computing

The maker of expensive management software which is so esoteric few people know what it does has designed to invest $2.4 billion to get more practical about clouds.

SAP has announced a $2.4 billion acquisition of Callidus to help it boost revenues from its cloud platform and CEO Bill McDermott said it would streamline its overall business this year to bolster margins.

The German company is midway through a strategic transition, aiming to force the pace on developing its S/4 HANA cloud platform, which now counts 7,900 customers, and wean customers off software sold under license and installed at offices and factories.

The shift has squeezed margins in recent years because the cloud business model is based on subscriptions which take longer to pay off – in contrast to one-off, up-front software licence payments that was the thrust of its business for decades.

McDermott claimed his cloudy strategy was now bearing fruit after SAP broadly stabilised its operating margins in the fourth quarter at 35.2 percent.

Acquiring U.S. sales software firm Callidus will help SAP become the market leader in front-office software used in sales and marketing, building on its strength in back-office software that is used by companies to maintain control over far-flung multinational operations.

McDermott said SuccessFactors, the human resources application acquired by SAP for $3.4 billion in 2011, would be entirely migrated to the cloud this year.

“This year, the entire company will be on one platform,” McDermott told Reuters after SAP announced 2017 results that met its twice-raised guidance but came in just shy of analyst expectations.

He described Callidus as a “tuck-in” deal that would not move the needle on revenues but that he valued for the company’s market leadership and innovation.

As Callidus was on the cloud, it would help SAP achieve a 2020 goal of having “predictable” revenues of 70 to 75 percent of the total. These grew by one percentage point to 63 percent in 2017.

“We did that to get another cloud revenue stream in the mix,” McDermott said.

SAP reiterated a forecast for 2020 of non-IFRS operating profit of 8.5 to 9.0 billion euros on revenue of 28 to 29 billion euros.

The world economy is “about as good as it gets”, the 56-year-old American said, pushing back against fears that rising trade protectionism could hurt globally diversified businesses like SAP.

All of SAP’s regional businesses are growing at double digits, McDermott said, highlighting “hyper growth” in China.

SAP said it expected total non-IFRS revenue of 24.6 to 25.1 billion euros for 2018, in line with Wall Street Predictions.

But the outlook also highlighted that the company expects margins to increase faster in 2018. Revenue is set to grow by around 5 to 7 percent, excluding currency translation effects, it said while operating profit is poised to increase by 8 to 11 percent.

It forecast 2018 non-IFRS operating profit of 7.3 to 7.5 billion euros, adding that the implementation of IFRS 15, a new accounting rule on revenue recognition, would add 200 million euros to profits.


Raspberry Pi Team With Darktrace

February 7, 2018 by  
Filed under Computing

Raspberry Pi has got pretty serious about protecting its intellectual property and has tasked artificial intelligence (AI) security firm Darktrace to keep hackers at bay.

You wouldn’t expect cybercriminals to go after Raspberry Pi given its friendly nature of supporting the teaching of coding to kids and providing kits to nerds with a hard-on for building all manner of computerized contraptions.

But clearly, the UK company is feeling a little paranoid. And we guess it has a right to, as the IP of Raspberry Pi is now rather valuable given the company, which began life as a quiet Cambridge startup, has shifted 15 million of its low-cost computers and sees no slowing down of appetite for various Pis.

Keeping things firmly in Blighty, Raspberry Pi has signed up to Cambridge-based Darktrace’s Enterprise Immune System.

So while Raspberry Pi keeps adding slices to its microcomputer ecosystem, it will do so under the protection of cybersecurity kit that uses AI-based algorithms to learn the normal pattern of devices on a network so it can spot unusual activity, which would be indicative of a hacker getting up to no good within the network.

According to Darktrace, as soon as the Raspberry Pi turned on the switch in its security software, the clever components identified several vulnerabilities in Raspberry Pi’s network. The system grassed up the security holes to the network admins who were able to plug the holes.

Raspberry Pi founder Eben Upton was clearly impressed: “Darktrace’s AI technology for cyber defense is a game-changer. It provides us with full visibility into our network, including any connected personal devices, and other weak spots.”

We hope the security tech gives Upton and his team the scope to not worry about security and get cracking on with more Raspberry Pi machines, perhaps doing a little more than just soldering on a header to the Raspberry Pi Zero W.


Cybercriminals Increasingly Focusing On Crytocurrencies

February 2, 2018 by  
Filed under Around The Net

Bitcoin’s burgeoning popularity and the emergence of about 1,500 other digital coins or tokens have drawn more hackers into the red-hot cryptocurrency space, expanding opportunities for crime and fraud, cybersecurity firm Digital Shadows warned in a report on Thursday.

“Cybercriminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily,” said Rick Holland, vice president of strategy at Digital Shadows.

Digital currencies have quickly grown into a more mainstream asset class over the last two years as corporations and financial institutions have expanded use of the underlying blockchain technology.

With weekly launches of new alternative coins, or “altcoins,” cybercriminals have developed several schemes to defraud cryptocurrency holders. “Crypto jacking”, account takeovers, mining fraud, and scams against initial coin offerings (ICOs) have all grown more common, the report said.

In crypto jacking, cybercriminals secretly take over another computer user’s browser and use it to fraudulently mine or create cryptocurrencies, according to Digital Shadows’ report. Miners use special software to solve math problems and are issued a certain number of bitcoins or cryptocurrenices in exchange.

Crypto Jacker software allows users to clone popular websites and initiate spam campaigns.

The cybersecurity company said criminals also perpetrate mining fraud using botnets, collections of internet-connected devices, which may include PCs, servers, and mobile devices that are infected and controlled by a common type of malware. Users are often unaware a botnet has infected their system.

Botnets were first used to mine bitcoin in 2014. The process was too complex to be financially viable, but botnets have made a comeback because newer cryptocurrencies like Monero are easier to “mine”, Digital Shadows said.

The company said botnets could be rented for $40. It said one such offering had “flown off the shelves” with almost 2,000 rentals so far.

 Cybercriminals have also been drawn to the surging initial coin offering market, the report said. ICOs have raised roughly $5 billion for various startups and projects in 2017, according to data from Crunchbase. That is up exponentially from just $100 million in 2016.

Rather than selling scam tokens, criminals target legitimate currencies, either by stealing funds from ICOs or by manipulating prices through the type of “pump and dump” schemes often used with penny stocks and other less-liquid assets, the report said.

Is Sega’s Sonic Game Leaking User Information On Android Devices

February 2, 2018 by  
Filed under Gaming

Sega has said it’s ‘investigating’ claims that its Sonic games for Android are leaking user data to dodgy servers.

Security firm Pradeo Lab said last week that it a trio of Sonic games – Sonic Dash, which has been downloaded between 100 to 500 million times, and Sonic the Hedgehog Classic and Sonic Dash 2: Sonic Boom, both of which have been installed between 10 to 50 million times – have been leaking users’ geolocation and device data.

Pradeo’s research shows that the three Android apps “geolocate users and relay their position,” “leak device data,” and “send data to an average of 11 distant servers.”

While the majority of these have a legitimate tracking and marketing purpose, three of the servers are uncertified, and two are linked to a variant of ‘Android/Inmobi.D’, which Symantec claims is an unwanted advertisement library that comes bundled with certain Android applications. 

In addition to geolocation data, the three Sonic apps are also said to be leaking mobile network information such as service provider name and network type, and device information including manufacturer, battery level, the maximum level of battery, and operating system version number.

As if that wasn’t bad enough considering the app shave been downloaded from Google Play up to 550 million times, Pradeo warns that the three apps contain 15 Open Web Application Security Project (OWASP) flaws. 

“Among the vulnerabilities detected in the analyzed Sega apps, we identified two critical ones that make them highly vulnerable to Man-In-The-Middle attacks (X.509TrustManager and PotentiallyByPassSslConnection),” Pradeo said.

Related: Kaspersky uncovers ‘world’s most powerful Android spyware tool’

“The other OWASP vulnerabilities detected can result in denial of service, sensitive data leakage and clearly show encryption weaknesses.”

In a statement given to ZDNet, Sega has said it’s looking into the vulnerabilities and will take “prompt corrective action”.

“Sega works diligently to address any technical issues that could compromise customer data,” a spokesperson for the company said.

“If any third-party partners are collecting, transmitting, or using data in a manner that is not permitted by our agreement with the third party or Sega’s mobile privacy policy, prompt corrective action will be taken.”

Microsoft Stops Installing Spectre Patch After Bug Reported

January 30, 2018 by  
Filed under Computing

This pastweekend, Microsoft released an update that disables a patch to IntelCPUs after reports that the patch — meant to fix a design flaw known as Spectre — caused unexpected reboots and other problems. Intel called a halt to installations of the patch one week ago, but Microsoft’s new update goes a step further and disables the patches on any computers that already had them installed.

It’s the latest development in the rocky recovery process from the Spectre flaw. Researchers revealed in early January that hundreds of millions of chips made by Intel and AMD or built on Arm designs were designed in a way that could allow hackers to access sensitive information, such as passwords and encryption keys, essential to the security of a computer and its contents. That included the Spectre flaw as well as a similar flaw called Meltdown.

Since then, some updates to chips made by Intel and AMD were revealed to cause their own problems. What’s more, Intel faces concerns that the updates, even if implemented correctly, will slow down computer performance.

Microsoft’s new update, released Saturday, comes on the heels of Intel’s quarterly financial disclosures. On Friday, Intel wrote in a press release that patches to its chips “may result in adverse performance, reboots, system instability, data loss or corruption, unpredictable system behavior, or the misappropriation of data by third parties.”

In its announcement of the disabling update, Microsoft urged users to stay informed about the status of a patch for Spectre. “We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions,” Microsoft said.

‘Jackpotting’ ATM Cash Theft Hits America

January 30, 2018 by  
Filed under Around The Net

ATM makers are sounding the alarm that a scheme in which cyberthieves force machines to spit out cash like a winning slot machine has arrived in the United States.

It’s not the first time we’ve heard of hackers making ATMs spew out cash like a casino slot machine. We actually saw so-called “jackpotting” demonstrated last summer at the Black Hat security conference and it’s reportedly been a real threat for banks in Europe and Asia for a couple years now.

But a Saturday report from security expert Brian Krebs marks the stateside arrival of the crime, in which thieves install malicious software and/or hardware at ATMs that forces the release of the cash. Up until now, such attacks “have somehow eluded US ATM operators,” Krebs said.

“But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States,” Krebs wrote.

On his website, Krebs on Security, he reported that the US Secret Service has warned financial institutions about the attacks in the past few days and notes that ATM maker NCR sent an alert about the threat to its customers.

Reuters later confirmed alerts were sent out to customers of both NCR and ATM maker Diebold Nixdorf, noting that neither company identified any victims or how much money has been lost. Both companies confirmed to CNET that those alerts went out offering customers guidance on how to protect their machines. The Diebold alert sent to its customers on Friday notes that the attacks were first reported in Mexico and target one of its out-of-production models.

The Secret Service notice, according to Krebs, said hackers have targeted stand-alone ATMs “routinely located in pharmacies, big-box retailers, and drive-thru ATMs.”

The Department of Justice didn’t immediately respond to a request for comment about the Secret Service’s warnings.


Forty Thousand OnePlus Customers Impacted By Credit Card Breach

January 30, 2018 by  
Filed under Technology

OnePlus has said that 40,000 customers were affected by the breach that forced it to stop accepting credit card payments on its website.

OnePlus on Friday emailed an update to its customers, saying that 40,000, or a “small subset” of its total customer base”, were potentially affected. It remains unclear, however, how many saw their payment information used for fraudulent purchases.

The findings of its ongoing investigation, which it’s carrying out with a third-party security firm, reveal that malicious script was injected into the payment page code, and allowed the as-yet-unknown attackers to see customer’s credit card numbers, expiration dates, and security codes.

While customer reports of fraudulent purchases have only started to show up in the past week, OnePlus says that the script has been running since November – just ahead of the launch of the OnePlus 5T.

This means that those who made a purchase on the OnePlus website between November 2017 and 11 January 2018 may be at risk. However, the firm notes that those who paid via PayPal, or who paid with previously saved credit card details, should not be impacted.

“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down,” OnePlus said.

“We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.”

The firm notes that it’s offering affected customers and offering a year of credit monitoring service for free, and advises that those who believe they’re at risk check bank statements for any suspect charges.

Credit card payments will remain suspended on the store until the investigation is complete, with customers able to purchase items through PayPal in the meantime.


Alphabet Unveils New Cybersecurity Business Chronicle

January 25, 2018 by  
Filed under Around The Net

Alphabet Inc has unveiled Chronicle, a cybersecurity business developed in its X incubation unit in February 2016 that is focusing on developing digital “immune systems” for customers.

Chronicle becomes the third company spun out of X and into the holding company Alphabet, joining self-driving vehicle technology company Waymo and life sciences company Verily as independent units alongside Google.

Stephen Gillett, a former Symantec Corp chief operating officer serving as Chronicle’s chief executive, said in a blog post that the new business is developing software to analyze corporate computer usage data and identify malicious programs that have infiltrated the system.

The technology is being tested at an unspecified number of Fortune 500 companies, he said.

Chronicle also houses VirusTotal, a virus-scanning tool Google acquired in 2012.

Selling cybersecurity services broadens Alphabet’s expanding efforts to become a player in enterprise technology. Google is a distant rival to Inc in offering cloud computing infrastructure and Microsoft Corp in both cloud services and workplace productivity software but is heavily investing to catch up as it seeks to grow revenue outside of its online advertising sales business.

“We’ll have our own contracts and data policies with our customers, while at the same time having the benefit of being able to consult the world-class experts in machine learning and cloud computing (among many other topics) that reside in other parts of Alphabet,” Gillett said.

Chronicle aims to go beyond the “dozens of security tools” organizations already use, the company said, by conducting automated data analysis to reduce the time it takes to discover an incident to minutes from hours or days.

The company would seek to lower customers’ data storage costs to make its technology affordable, Gillett said.

Astro Teller, head of Alphabet’s X, said his team pursued cybersecurity technology after noticing that dealing with cyber attacks had become a “yeah, yeah” problem, as in “yeah, yeah, a lot of people have diabetes, there are things to manage it.”

“The reality for most companies today when it comes to cybersecurity is reactive: find and clean up the damage,” Teller said in a blog post. “The real moonshot, which is still several years away, is predicting and deflecting cyber attacks before they infiltrate an organization’s network.”

Gillett, also a former Starbucks Corp chief information officer, co-founded Chronicle with former Google cybersecurity leaders Shapor Naghibzadeh and Mike Wiacek. Gillett met them after becoming executive-in-residence at GV, Alphabet’s venture capital investment arm, in 2015.


Kaspersky Discovers More Android Spyware

January 24, 2018 by  
Filed under Around The Net

Kaspersky has uncovered what it claims is the world’s most powerful Android spyware tool,

According to Kaspersky, the spyware tool, dubbed ‘Skygofree’, enables attackers to crack Android devices and exfiltrate WhatsApp messages.

The tool dates back to 2014, and it’s able to take audio from a smartphone’s microphone when it’s in a certain location. According to Kaspersky, attackers can also force infected devices to surreptitiously connect to particular WiFi networks to enable even more data slurping.

The app can get access to encrypted WhatsApp messages, thanks to a Google accessibility service, too.

“The payload uses the Android Accessibility Service to get information directly from the displayed elements on the screen, so it waits for the targeted application to be launched and then parses all nodes to find text messages,” said Kaspersky.

“Essentially, Accessibility Services provide a nice route into other applications as they have permission to do so, via an application programming interface (API).”

Although Kaspersky has refrained from laying blame, researchers did find links to Rome-based technology company Negg, one of a nest of software vendors in Italy that specialise in legal hacking tools, the most high-profile of which was Hacking Team. 

Archived copies of Negg’s website provide further insight into its alleged links to the spyware, according to Forbes, which suggests that the company offered cybersecurity and app development services.

While this information doesn’t point to surveillance tools, the company has developed its own forensics offerings in the past and has used these capabilities to collect evidence from computers.

And, according to Forbes, two years ago the company was on the lookout for Android and iOS software engineers. It needed a candidate who had “knowledge of the techniques of dynamic and static analysis of malware”.

Insiders claim that Negg has worked with the Italian authorities more recently. The researchers said: “They’re working with the police now, I presume to fill the gap left behind by Hacking Team at this point.”

These claims are congruent with Kaspersky’s research, which suggests that the tool originates from Italy. Dubbed ‘Skygofree’ by Kaspersky, the company said it’s one of the most powerful examples of Android spyware it’s ever come across.

“As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [and] never-before-seen surveillance features,” claimed the company when it released its research on Tuesday.


Mozilla Mandates Encrypted Connections For Certain Features

January 23, 2018 by  
Filed under Around The Net

Mozilla has decreed that future web-facing features of Firefox must meet an under-development standard that requires all browser-to-server-and-back traffic be encrypted.

“Effective immediately, all new features that are web-exposed are to be restricted to secure contexts,” wrote Mozilla engineer Anne van Kesteren in a post to a company blog. “A feature can be anything from an extension of an existing IDL-defined object, a new CSS property, a new HTTP response header, to bigger features such as WebVR.”

Secure contexts, dubbed a “minimum security level,” is a pending standard of the W3 (World Wide Web Consortium), the primary standards body for the web. Secure contexts’ main purpose, according to its documentation: “Application code with access to sensitive or private data be delivered confidentially over authenticated channels that guarantee data integrity.”

In practice, that means traffic must be encrypted to prevent “man-in-the-middle” attacks in which hackers siphon insecure browser-server traffic by getting between the two and listening.

Henceforth, any newly-introduced Firefox feature that relies on browser-to-server communication will work only across HTTPS connections. Older features and/or technologies will continue to operate across unencrypted HTTP links on a “case-by-case basis,” said van Kesteren. He also pledged that Mozilla would provide developer tools to “ease the transition to secure contexts.”

The move isn’t out of the blue: Mozilla first announced intentions to require HTTPS in April 2015. The first item of business then was “setting a date after which all new features will be available only to secure websites,” which this week’s missive scratched off the to-do list. Nor was Mozilla flying solo on the tactic, as others, notably Google, have been pressuring sites to convert from HTTP to HTTPS since 2014.

(Mozilla has been in that hunt as well with its sponsorship of the Let’s Encrypt project, which provides free certificates to secure sites. By Mozilla’s tally, 66% of all Firefox-loaded pages were encrypted this month.)

The next opportunity for Firefox to introduce a new feature or technology that would be immediately affected by its announcement will be Jan. 23, when version 58 is to ship.

Google Pulls Nearly 60 Apps With Pornographic Malware

January 16, 2018 by  
Filed under Consumer Electronics

Google yanked nearly 60 apps that contained hidden pornographic malware from its Play Store after a security research company found the code. Many of the games were aimed at kids.

Researchers at Check Point Software Technologies reported the malware last week. Dubbed AdultSwine, the malware displayed pornographic images that looked like ads but were designed to prompt users to download fake security software. The users were then encouraged to click on other links they would have to pay for.

Google moved immediately to kick the apps off of Google Play.

“We’ve removed the apps from Play, disabled the developers’ accounts, and will continue to show strong warnings to anyone that has installed them,” Google said in an emailed statement. “We appreciate Check Point’s work to help keep users safe.” Google added that the issue doesn’t exploit vulnerabilities in its Android security, and that users’ devices weren’t affected.

The affected apps have so far been downloaded between 3 million and 7 million times, the researchers said, citing Google Play data.

Along with encouraging users to download scareware and pay for premium services, AdultSwine also stole credentials, according to Check Point.

It did this by contacting the developers’ Command and Control server once the app was downloaded, sending data about the infected device and receiving instructions on what to do next. The instructions include displaying the bogus ads, scaring users to install fake security apps and charging victims for services they didn’t request or receive.

It might, for example, show an ad saying “the user is entitled to win an iPhone by simply answering four short questions,” Check Point explained. “Should the user answer them, the malicious code informs the user that he has been successful, and asks him to enter his phone number to receive the prize. Once entered, the malicious code then uses this number to register to premium services.

Affected apps include Five Nights Survival Craft, with between 1 million and 5 million downloads, and Mcqueen Car Racing Game, which has been downloaded at least 500,000 times. A full list of apps can be found here.

Intel Cloud Customers Ready To Flee Over Security Concerns

January 11, 2018 by  
Filed under Computing

Some of Intel Corp’s data center customers, whose thousands of computers run cloud networks, are looking for other microchips from the market leader’s rivals to build new infrastructure after the discovery of security flaws affecting most chips.

Whether Intel sees a slew of defectors or is forced to offer discounts, the company could take a hit to one of its fastest growing business units. Intel chips back 98 percent of data center operations, according to industry consultancy IDC.

Security researchers last week disclosed flaws, dubbed Meltdown and Spectre, that could allow hackers to steal passwords or encryption keys on most types of computers, phones and cloud-based servers.

Microsoft Corp said on Tuesday the patches necessary to secure the threats could have a significant performance impact on servers.

Intel will help customers find the best approach in terms of security, performance and compatibility, it said in a statement on Tuesday. “For many customers, the performance element is foremost, and we are sharply focused on doing all we can to ensure that we meet their expectations.”

Alternatives include Advanced Micro Devices, which shares with Intel a chip architecture called x86, or chips based on technology from ARM Holdings or graphics processing chips, which were developed for different tasks than Intel and AMD’s central processing units, or CPUs.

 For Gleb Budman’s company, San Mateo-based online storage firm Backblaze, building with ARM chips would not be difficult.

“If ARM provides enough computing power at lower cost or lower power than x86, it would be a strong incentive for us to switch,” said Budman. “If the fix for x86 results in a dramatically decreased level of performance, that might increasingly push in favor of switching to ARM.”

Infinitely Virtual, a Los Angeles-based cloud computing vendor, is counting on Intel to replace equipment or offer a rebate to make up for the loss in computing power, Chief Executive Adam Stern said in an interview.


Samsung Starts Mass Producing 10nm DDR4

January 11, 2018 by  
Filed under Computing

Samsung confirmed that it has started mass production of second generation 10-nanometer class, 8-gigabit (Gb) DDR4 DRAM.

Samsung claims that the new 8Gb DDR4 will offer the highest performance and energy efficiency for a DRAM chip.

Samsung Electronics’ president of Memory Business, Gyoyoung Jin, said in a statement: “By developing innovative technologies in DRAM circuit design and process, we have broken through what has been a major barrier for DRAM scalability. Through a rapid ramp-up of the second-generation 10nm-class DRAM, we will expand our overall 10nm-class DRAM production more aggressively, in order to accommodate strong market demand and continue to strengthen our business competitiveness.”

The fresh 10nm-class 8Gb DDR4 claims to be not only 30 percent more productive over the firm’s first-generation 10nm-class 8Gb DDR4, but boasts 10 percent better performance levels and 15 percent better energy efficiency. This, Samsung claims, is thanks to the use of an advanced, proprietary circuit design technology.

“The new [chip] can operate at 3,600 megabits per second (Mbps) per pin, compared to 3,200 Mbps of the company’s 1x-nm 8Gb DDR4”, the company said.

“To enable these achievements, [we have] applied new technologies, without the use of an EUV process. The innovation here includes use of a high-sensitivity cell data sensing system and a progressive ‘air spacer’ scheme.”

This newly devised data sensing system can be found in the cells of the new DRAM chip enabling “a more accurate determination” of the data stored in each cell, which apparently leads to a considerable increase in the level of circuit integration and manufacturing productivity.

The new 10nm class DRAM uses an air spacer that has been placed around its bit lines to decrease parasitic capacitance.

Samsung said that using the air spacer facilitates not only a higher level of scaling, but also rapid cell operation, advances that the firm plans to use in future chip developments and to accelerate faster introductions of next-generation DRAM chips and systems, including DDR5, HBM3, LPDDR5 and GDDR6.

These would be used in enterprise servers, mobile devices, supercomputers, HPC systems and high speed graphics cards, the firm said.


Next Page »