USB devices such as mice, keyboards and thumb-drives may be used to hack into personal computers in a potential new class of attacks that evade all known security protections, a top computer researcher has revealed.
Karsten Nohl, chief scientist with Berlin’s SR Labs, noted that hackers could load malicioussoftware onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.
“You cannot tell where the virus came from. It is almost like a magic trick,” said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.
The finding shows that bugs in software used to run tiny electronics components that are invisible to the average computer user can be extremely dangerous when hackers figure out how to exploit them. Security researchers have increasingly turned their attention to uncovering such flaws.
Nohl said his firm has performed attacks by writing malicious code onto USB control chips used in thumb drives and smartphones. Once the USB device is attached to a computer, the malicious software can log keystrokes, spy on communications and destroy data, he said.
Computers do not detect the infections when tainted devices are inserted into a PC because anti-virus programs are only designed to scan for software written onto memory and do not scan the “firmware” that controls the functioning of those devices, he said.
Nohl and Jakob Lell, a security researcher at SR Labs, will describe their attack method at next week’s Black Hat hacking conference in Las Vegas in a presentation titled: “Bad USB – On Accessories that Turn Evil.”
Thousands of security professionals gather at the annual conference to hear about the latest hacking techniques, including ones that threaten security of business computers, consumer electronics and critical infrastructure.
Intel’s 5th generation Core processor family is condemned Broadwell and it is coming in Q4 2014 to select thin and light notebooks. It launches with the Y-series processor line (4.5W TDP) and it will expand to the H-series processor line with a max TDP of 47W by Q2 2015.
Naturally the new core is getting new graphics. The Y-processor line that launches first will come with Intel HD Graphics 5300 and this is the part that we meant when we said that 2014 Broadwell won’t be the full Monty. The first Broadwell core is not getting the new 6000 series Iris graphics core. That was the main compromise that Intel had to face in order to bring this processor to market in late 2014.
The follow up U-processor line will get two new graphics cores. The first one is Intel Iris Graphics 6100 and the second one is Intel HD Graphics 6000. There will another option as well , in the form of Intel HD Graphics 5500. The U-processor line limited to 15W to 28W SKUs is launching already in Q1 2015 and it will get the new 6000 series core.
The H-Processor line will get the fastest graphics option and the fastest core called Intel Iris Pro Graphics 6200 seems to be the fastest option available. The H-processor line will also come with the Intel HD Graphics 5600 core.
Sadly, we didn’t get more about the actual specification. We just have the official designations and a timeframe, but at least we know when to expect them.
The kit includes development boards, a USB programmer and access to the software development kit (SDK), which includes example applications that aim to accelerate the development of new low-power connected Internet of Things (IoT) products, CSR said.
“We are seeing Bluetooth Smart underpinning many more products as the Internet-of-Things shifts from concept to reality,” said CSR IoT leader Rick Walker. “By launching the CSRmesh Development Kit we are equipping developers with the tools they need to innovate and take advantage of the many opportunities offered by the IoT. We are helping them to bring networked devices to market as quickly and simply as possible.”
CSRMesh, which combines a configuration and control protocol with CSR’s Bluetooth Smart devices including the CSR101x family, has already been adopted by several lighting manufacturers, including Samsung, for its smart bulb lighting solutions.
The CSRmesh protocol works by using Bluetooth Smart to send messages to other Bluetooth Smart devices in the network, which in turn relay them onward, allowing messages to be addressed to individual devices or groups of devices. It is also possible for devices to belong to multiple groups.
Control of the devices is via any smartphone or tablet that supports the Bluetooth Smart standard, or via standard control devices such as light switches or control panels that have been Bluetooth Smart enabled.
The SDK is initially offered with software supporting networked lighting applications, with updates for home automation and other IoT applications based on CSRmesh due later in the year.
The CSRmesh Development Kit is now available from selected CSR distributors from $299, or about £180, and features three CSRmesh Bluetooth Smart development boards, one USB programmer, batteries and a setup guide. Additional development boards can be purchased from $49 each, or about £30.
“Developers can also purchase additional CSRmesh Development Boards to expand their mesh development and testing,” CSR said. Below is a video of what is possible with CSRMesh for lighting.
Intel’s 5th Core processor family, codenamed Broadwell, will launch in three lines for the mobile segment. We are talking about upcoming Broadwell 14nm processors that will start appearing in Q4 2014 and will continue to launch trough the first half of 2015.
The 5th generation Core 5Y70 and three other similar parts belong to the Y-line of processors. these are BGA processors with 4.5W TDP and they draw significantly less power than the Y-line of processors belonging to the Haswell generation. The Haswell Y-processor line has a TDP of 11.5W and 4.5W – 6W Scenario Design Power (SDP). Since Intel is doing fine with 4.5W TDP on Broadwell it doesn’t use the imaginary SDP rating for the 5th generation of Core processors.
Y, U and H-processor lines
The second to come is the U-Series line that comes in BGA and TDPs ranging from 15W to 28W. Remember Broadwell 5th generation Core has graphics inside as well, so these power figures sound quite good. It replaces U-series line of Haswell 4th generation parts that also has a TDP of 15W to 28W.
The last of 5th generation mobile processor family is the H-processor line that comes with BGA and whooping 47W TDP. This one is meant for the high end systems and Intel has U processor line with Haswell with the same TDP and a lower TDP version that had 37W maximum thermal dissipation.
No Broadwell M-series 37W, 47W and 57W parts?
One might notice that Intel doesn’t mention the M-processor line that is available in Haswell flavour, but this processor line is not mentioned in the current roadmap.
Broadwell 5th generation Core U-series line starts in Q1 2015, Broadwell 5th generation Core Y-series line starts in Q4 2015, while the H-series line starts appearing in Q2 2015.
Bay Trail-M also known as N-processor line with its 7.5W to 4.3W TDP and 4.5W and 2.5W Scenario Design Power will stick around until it gets replaced by more efficient Braswell designs in Q1 2015.
Facebook has confirmed that it will be deleting the messaging feature from its mobile app over the next few days, and requiring people to use its standalone Messenger app instead.
The change follows through on a plan announced in April and for now affects Facebook’s mobile app on iOS and Android. You’ll be able to send and receive messages on the desktop as before.
“In the next few days, we’re continuing to notify more people that if they want to send and receive Facebook messages, they’ll need to download the Messenger app,” a Facebook spokeswoman said in an email.
The company’s goal is to make Messenger the best mobile service for messaging, she said, and avoid any confusion that might arise from having two mobile products for the same thing.
The move may also greatly increase the number of people who use Facebook Messenger.
CEO Mark Zuckerberg said on the company’s earnings call last week that Facebook was looking to turn Messenger into an important business.
Messenger has more than 200 million monthly active users — just under a fifth of Facebook’s total user base. As well as sending text messages, it can handle Internet-based voice calls, group chat, and exchanging photos and short videos.
Facebook started the switch to Messenger a few months ago in a handful of countries, mostly in Europe, and the results have been positive, it said.
Still, it’s unclear how the change will sit with people who’ve grown accustomed to using the main Facebook app for messaging. You’ll still be notified in the Facebook app when you receive a message, but you’ll have to open Messenger to view it and respond.
Facebook says the change will help improve the performance of both the apps over time. It’s already working to improve Messenger; the company recently hired former PayPal president David Marcus as part of a push to build new capabilities for Messenger, possibly including payments.
AMD’s upcoming Carrizo APU might not make it to the desktop market at all.
According to Italian tech site bitsandchips.it, citing industry sources, AMD plans to limit Carrizo to mobile parts. Furthermore the source claims Carrizo will not support DDR4 memory. We cannot confirm or deny the report at this time.
If the rumours turn out to be true, AMD will not have a new desktop platform next year. Bear in mind that Intel is doing the exact same thing by bringing 14nm silicon to mobile rather than desktop. AMD’s roadmap previously pointed to a desktop Carrizo launch in 2015.
AMD’s FM2+ socket and Kaveri derivatives would have to hold the line until 2016. The same goes for the AM3+ platform, which should also last until 2016.
Not much is known about Carrizo at the moment, hence we are not in a position to say much about the latest rumours. AMD’s first 20nm APU will be Nolan, but Carrizo will be the first 20nm big core. AMD confirmed a number of delays in a roadmap leaked last August.
The company recently confirmed its first 20nm products are coming next year. In all likelihood AMD will be selling 32nm, 28nm and 20nm parts next year.
Top executives at Dell and BlackBerry Ltd scoffed at the threat posed by the alliance, arguing the tie-up is unlikely to derail the efforts of their own companies to re-invent themselves.
“I do not think that we take the Apple-IBM tie-up terribly seriously. I think it just made a good press release,” John Swainson, who heads Dell’s global software business, said in an interview with Reuters in Toronto last week.
PC maker Dell and smartphone maker BlackBerry are in the midst of reshaping their companies around software and services, as the needs of their big corporate clients morph.
Swainson, who spent over two decades in senior roles at IBM, said, “I have some trouble understanding how IBM reps are going to really help Apple very much in terms of introducing devices into their accounts. I mean candidly, they weren’t very good at doing it when it was IBM-logoed products, so I do not get how introducing Apple-logoed stuff is going to be much better.”
While conceding that Apple products hold more allure, Swainson said they lack the depth of security features that many large business clients like banks covet.
IBM and Apple could not immediately be reached for comment.
BlackBerry Chief Executive John Chen similarly downplayed the threat of the alliance in an interview with the Financial Times, likening the tie-up to when “two elephants start dancing.”
A new survey commissioned by IHS in partnership with Gamer Network has shown that E3 gave a huge boost to the number of people interested in buying a Wii U, with purchasing intent growing by 50 per cent over the course of the event.
Around one thousand core gamers were surveyed on various purchase intentions before and after the LA show, revealing that, whilst Nintendo’s platform started out with the lowest number of people looking at buying it, it saw the biggest benefit from the show’s exposure. 20 per cent of respondents now intend to buy the machine, equal to those who are looking at an Xbox One, which saw a seven per cent increase in popularity.
Sony’s PS4, a clear leader going in to E3, lost ground to its competitors, sinking below 30 per cent of respondents.
In terms of anticipated games, consumers are champing at the bit for 2015′s third-party releases, with Warner’s Arkham Knight leading the charge with an incredible 60 per cent of those surveyed intending to buy the game for at least one platform. Gamers are slightly less excited for 2014′s titles, but Activision’s Destiny is the narrow leader for this year, edging out AC: Unity and GTA V with just under 50 per cent. Both Battlefield Hardline and CoD: Advanced Warfare are lagging behind slightly.
As might be expected, purchasing intent is higher amongst first-party exclusives for current platform owners. On PS4, Uncharted 4 was the most popular game both before and after E3 with 76 per cent of PS4 owners expected to buy it. On Xbox One, it’s Halo which pays the piper, garnering support from 77 per cent of One owners. Over on the Wii U and amazing 89 per cent of owners expect to buy the new Zelda game when it’s released. None of these platform-exclusive heavy hitters will land until 2015 at the earliest, which IHS predicts will increase pre-Christmas reliance on multi-platform games for Microsoft, Sony and, to a lesser extent, Nintendo.
“Although there are other exclusive titles coming in 2014 or already available,” the report reads, “none hold the influence that these leading titles have in terms of selling console hardware, with the exception of Mario Kart 8 for Wii U. As a result, the success of console sales this holiday shopping season will depend more heavily on the total value and content proposition including exclusive content offered by multi-platform games rather than a single, very influential system-selling exclusive. This factor will impact the marketing strategies of the platform holders as we move into 2014′s main shopping season.”
Oracle has launched a service to deliver data from the cloud collected from multiple sources in order to drive business intelligence and decision-making.
Initially the firm is delivering products using data from marketing and social media, letting enterprise customers use this information for business benefit without having to worry about its source or management.
Oracle’s Data as a Service (DaaS) is a suite of offerings that are intended to provide data that can simply be plugged into any relevant application the customer requires. It is being delivered as part of the Oracle Cloud, alongside the firm’s existing infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) offerings.
The first offerings are Oracle DaaS for Marketing, giving users access to a vast array of anonymised user-level data gathered from many sources; and Oracle DaaS for Social, which delivers enriched social media data providing intelligence on customers, competitors and market trends.
According to Oracle Data Cloud GM Omar Tawakol, the service enables customers to separate their own data from existing application siloes, enrich it with data from external sources, and then feed it into a variety of different applications to drive more informed decisions.
Takawol said the platform is based on Oracle’s leading data products, combined with assets Oracle gained through its acquisition of data marketing firm BlueKai earlier this year.
“We believe this is the next revolution in how applications can become more useful, by being enriched with data not just from that application itself, but from others within the enterprise and from outside the boundaries of the organisation itself,” he said.
But Oracle’s proposition is more than just providing a raw data feed for customers to subscribe to: the firm claims that it can deliver cleaned-up data to comply with data-protection and privacy regulations across the globe, and can also aggregate social data by identifying the same users across different social networks.
In effect, Oracle appears to be offering a service similar to the US government’s PRISM intelligence-gathering platform, but intended for business intelligence and marketing purposes.
Speaking at Oracle’s launch event, Ovum analyst Tom Pringle said that the timing is right for such DaaS offerings to come to market, but warned that it is early days for this kind of service and that potential pitfalls lay in the way, such as privacy concerns.
“Data has moved out of the IT department and into the boardroom, so it is now front and centre for organisations around the world. As more and more business processes have shifted into becoming online services, DaaS becomes a natural extension of that,” he said.
But privacy and legal rights are “growing in the public consciousness”, Pringle said, and warned that any misstep over use of harvested public data could pose a “danger to the reputation” of the business involved.
“It’s still early days for what is basically an entirely new category of service, and what path it will take is not clear,” he said.
Oracle DaaS for Marketing is available now in a new subscription model, while Oracle DaaS for Social currently has limited availability, the firm said. Oracle did not specify pricing for the new services, and had not responded to requests from The INQUIRER at the time of writing.
Microsoft’s Internet Explorer (IE) has seen a 100 percent explosion of reported security vulnerabilities in just six months, according to security firm Bromium labs.
Bromium has studied the security vulnerability market intensely and found that in the last six months Microsoft released more security patches than it had during the entire last decade. Internet Explorer also leads in publicly reported exploits.
“Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first six months of 2014,” it said. “As timelines to the next version of the latest Internet Explorer shrink, times to the next security patches have also shrunk.”
It is not all bad news for Microsoft, though, and the report said that Adobe Flash is the most targeted in-browser software product, adding that this often gives attackers new vectors into IE.
“End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks,” said Bromium chief security architect Rahul Kashyap.
“Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.”
There’s good news for Oracle, however. While its Java platform was “the notorious king” of malware and zero-day attacks in 2013, there have been no reported zero-day exploits targeting Java so far in 2014.
Bromium Labs’ report (PDF) is called “Endpoint Exploitation Trends H1 2014″ and is available now.
Finland, Australia, Japan, Sweden, Denmark, South Korea and the U.S. had wireless broadband penetration of more than 100 percent as of December 2013, the Organization for Economic Cooperation and Development said Tuesday. That means there was more than one wireless broadband subscription per person, usually because consumers have more than one mobile device that can go online. The U.S. just barely crossed the bar, while Finland led the group with more than 123 percent penetration.
Across all 37 OECD countries, wireless broadband penetration rose to 72.4 percent as total subscriptions grew 14.6 percent. The group spans North America, Australia, New Zealand, and much of Europe, as well as Japan, South Korea, Turkey, Israel, Mexico and Chile. It’s sometimes treated as a barometer of the developed world.
Wired broadband subscriptions also grew in 2013, reaching an average of 27 percent penetration. That means there was just over one wired subscription per four people: Wired broadband services, such as cable and DSL (digital subscriber line), typically are shared. Switzerland led in that category with 44.9 percent penetration, followed by the Netherlands and Denmark. The U.S. had just under 30 wired subscriptions per 100 people, while Turkey came in last with just over 11.
DSL still makes up a majority of wired broadband subscriptions, at 51.5 percent, followed by cable with 31.2 percent. Fiber-optic grew to a 16.7 percent share, gradually replacing DSL services. Fiber more than doubled its share of the market in the U.K. and also gained strongly in Spain, Turkey and France. While those countries still have relatively low fiber penetration, Japan and Korea continued to lead the OECD for that technology. Nearly 70 percent of all wired broadband in Japan goes over fiber, and almost 65 percent in Korea.
The OECD has compiled some of its broadband statistics on a portal page. For all the technologies it tracks, the group uses a generous definition of broadband as a service capable of at least 256K bits per second downstream.
Intel has announced the Drive Pro 2500 series of solid state disk (SSD) drives that are “self encrypting”, which the firm says makes them more secure against data breaches.
Aimed at businesses, the Intel SSD Pro 2500 series will come in a 2.4in 7mm form factor with 120GB, 180GB, 240GB, 360GB and 480GB capacities, M.2 80mm size with 180GB, 240GB and 360GB capacities, and M.2 60mm size with 180GB or 240GB capacities.
Intel promises that each form factor type will provide random input/output operations per second (IOPS) of up to 48K/80K and sequential read/write data transfer speeds of up to 540/490MBps.
“[The] Solid State Drive Pro 2500 series [has] over [six times] higher performance with new advanced low power modes yielding an optimized user experience and longer battery life,” Intel said in a press briefing.
In terms of power, the drives will have an active wattage of 195mW, idle 55mW and devsleep of 5mW. The drives will also ship with Intel vPro-capable remote manageability features.
Intel said that the reason behind the launch of the self encrypting SSDs is due to rise of data breaches affecting businesses having “significant financial consequences”.
Intel said the average cost of data breach incident is in the region of $3.4m (£2m), with malicious attacks being the main cause. The firm also said that lost laptops are a concern and the average cost of a lost unencrypted device is $50,000 (£30,000) including intellectual property loss, data breaches, lost productivity, replacement and legal costs, so the need for businesses to encrypt data is more pressing than ever.
Data breaches are also becoming a bigger concern on a personal level, too, as it has emerged that cyber crooks are increasingly turning to “sextortion” attacks in which they blackmail victims with the threat of exposing explicit photographs or messages.
Security experts warned that cyber criminals might try to befriend victims and trick them into sharing pictures, or may use malware to target victims’ webcams and take pictures themselves in order to acquire blackmail material.
Western Digital has announced an upgrade of its WD Red range, providing a single brand structure across consumer and enterprise.
The WD Red range is aimed primarily at network attached storage (NAS) applications, and is joined by a new WD Red Pro line. Both sub-ranges are controlled by upgraded firmware called NASware 3.0.
At a briefing last week, Western Digital’s UK country manager Jermaine Campbell explained that the new firmware will be able to instruct the drive to work in different ways according to the function it is performing at the time, therefore adapting its performance to best use system and energy resources.
In addition, it increases the number of bays supported from five to eight without performance impact, with the Pro range able to support up to 16 bays and rack mounted configurations.
3D Active Balance combines firmware instruction with a new flexible drive head to provide vibration protection and judder compensation for improved reliability.
The consumer range introduces 5TB and 6TB capacities to the range, joining the existing 1TB, 2TB and 4TB models. The Pro range is available in 2TB and 4TB versions. The five platter 6TB version is, WD claims, a first to market for a NAS specific drive.
Campbell explained that “the market wants high capacity” and confirmed that WD still believes that “platter based drives offer the best combination of performance and price”.
Pricing for the drives ranges from $399 for the 5TB and $440 for the 6TB, backed by a three-year warranty. The Pro range starts at $224 for 2TB up to $299 for 4TB with a five-year warranty.
WD Red drives can also be found in the company’s Mycloud range of consumer NAS devices with personal cloud functionality.
There were 632 million Internet users in China in June, according to the government-linked China Internet Network Information Center (CNNIC).
Although China has long reigned as the country with the world’s largest Internet population, the services are still struggling to take off in the rural areas, where about 450 million people never go online, said the CNNIC in its bi-annual report.
Total Internet penetration in China is at 46.9 percent. This is far lower than the U.S, which has a penetration rate of 87 percent, according to Internet World Stats.
Many of these non-Internet users in China have low education levels, and have little need to surf the Web, the research group added. To increase adoption, the CNNIC recommended that the country focus on teaching rural elementary students Internet skills.
The slowing growth in Internet usage in China follows a rapid rise in the Internet population there, from just 94 million over a decade ago. Most of the growth has taken place in the country’s urban areas, where the Internet market has begun to mature.
In June, China had 527 million users who went online with mobile phones, which have now overtaken PCs, including both notebooks and desktops, as the most popular way to reach the Internet, the CNNIC said.
Online messaging, search engines, and news are the country’s top Internet services. But social networking sites are facing a decline in popularity, with their user numbers falling by 7.4 percent to 257 million in the last six months. The sites are struggling to innovate, and meet the demands of users, CNNIC said in its report.
Lenovo on Friday said it would continue selling sub-10-in. Windows tablets in the U.S., backing away from statements it made the day before, when it said it was pulling the ThinkPad 8 from the North American market and had discontinued offering a model of the Miix 2.
“We will continue to bring new Windows devices to market across different screen sizes, including a new 8-inch tablet and 10-inch tablet coming this holiday,” Lenovo said in a press release published on its website Friday.
“Our model mix changes as per customer demand, and although we are no longer selling ThinkPad 8 in the U.S., and we have sold out of Miix 8-inch, we are not getting out of the small-screen Windows tablet business as was reported by the media (emphasis in original),” the statement continued.
On Thursday, the IDG News Service — like Computerworld, owned and operated by IDG – reported the withdrawal of the ThinkPad 8 and the 8-in. Miix from the U.S. market. The ThinkPad 8 had debuted in January at prices starting at $449, and the similarly-sized Miix had launched in October 2013.
Lenovo told IDG News that it was diverting remaining stocks of the ThinkPad 8 to other countries, including Brazil, China, and Japan, where demand was stronger for smaller Windows 8.1-powered tablets.
The China-based company, which has made impressive gains in the global market — it was the world’s largest personal computer seller during the second quarter, ahead of Hewlett-Packard and Dell, according to IDC — did not say exactly when it would return with an 8-in. device. If it begins selling the unnamed device in October, typical of OEMs that seed the channel then for the holiday sales season, it will have been absent from the market for two or more months.