Monday, October 20, 2014

IBM to pay Globalfoundries $1.5 billion to take its fab !


After AMD , IBM becomes fabless too.
___________________________  
99% BAD HARDWARE WEEK:


Saturday, October 18, 2014

Future of the Ethernet

  10 times faster in the next 10 years.
___________________________
99% BAD HARDWARE WEEK:
Well, used to rise faster some 20 years ago.



Friday, October 10, 2014

See invisible: Canon developing multi-layer CCD

Canon's multi-layer CCD. The CCD will be 2/3" diagonally.
 
___________________________  
99% BAD HARDWARE WEEK: April Fools Or not ? It is however pattented in 2011. Perhaps Canon deliver it in 2015.
25 mega pixels x3 color sensor should be great at full frame.  Equivalent at current 24 megapixels at micro 4/3 format too. Lets wait.

Monday, October 06, 2014

How secure your iPhone 5 and 6 are ?


•All attributes are now encrypted (not only password)
•AES-GCM is used instead of AES-CBC


AES-GCM has the following problems:
  • In the case of nonce reuse both integrity and confidentiality properties are violated. If the same nonce is used twice, an adversary can create forged ciphertexts easily.
  • When short tags are used, it is rather easy to produce message forgeries. For instance, if the tag is 32 bits, then after $2^{16}$ forgery attempts and $2^{16}$ encryptions of chosen plaintexts (also of length $2^{16}$), a forged ciphertext can be produced. Creation of forgeries can be instantaneous when enough forgeries have been found.
  • GCM security proof has a flaw. It has been repaired recently, but the new security bounds are far worse for nonces not 12 bytes long;
  • GCM implementations are vulnerable to timing attacks if they do not use special AES instructions. The vulnerability remains even if the AES itself is implemented in constant-time. Constant-time implementations of GCM exist, but they are rather slow.
  • GCM restricts the total amount of data encrypted on a single key to 60 GBytes, which might be undesirable in the future.
___________________________  
99% BAD HARDWARE WEEK: AES-GCM uses 128 bit keys. Thus you can't consider your iPhone 6 data TOP SECRET, but secret. At least under NSA suit B classification. Secret means the same as for iPhone 4 and earlier versions: Open to law enforcement upon request !. SEEMS THAT iPhone IS STILL MORE BENDABLE TOWARD THOSE REQUESTS THAN ADVERTISED BY APPLE !


Saturday, October 04, 2014

XEN bug crashes Amazon and Rackspace clouds

There was substantial speculation about XSA-108 among bloggers, tweeters, and reporters 

In other words, a vulnerability appears to have been found that, rather risk having hackers take advantage of by announcing, has been embargoed until it is fixed.
The vulnerability is due to insufficient bounds checking on the Model-Specific Register (MSR) range while emulating read and write accesses for use by the Advanced Programmable Interrupt Controller (APIC) an affected system. An authenticated, adjacent attacker on a guest operating system could exploit this vulnerability to cause the host operating system to crash, resulting in a DoS condition. An attacker could also use this vulnerability to gain access to sensitive information from the host operating system or other guest operating systems that could be leveraged to conduct further attacks.
 
XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to 3 KiB of random memory that might not be assigned to the guest. The memory could contain confidential information if it is assigned to a different guest or the hypervisor. The vulnerability does not apply to PV guests.
___________________________  
99% BAD HARDWARE WEEK:

Friday, October 03, 2014

BadUSB – Turning devices evil


Proof-of-Concept. We are not yet releasing the modified USB controller firmwares. Instead we are providing a proof-of-concept for Android devices that you can use to test your defenses: BadAndroid-v0.1
___________________________  
99% BAD HARDWARE WEEK:

Thursday, October 02, 2014

Boeing in problems with displays


Boeing had previously issued an alert in November 2012 after an aeroplane operator and wi-fi vendor noticed interference caused by the installation of an in-flight internet system.
The "phase 3" display units were found to be susceptible to the same radio frequencies used to transmit data via wi-fi.
In addition, the Federal Aviation Administration (FAA) said it was concerned that the screens could be disrupted by mobile satellite communications, cellular signals from phones, and air surveillance and weather radar.

___________________________  
99% BAD HARDWARE WEEK: So called blind flight ? MH370 ? :(

METADATA: What NSA XKeyscore program takes anyway from your apsolutely protected PC ??



MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Office\11.0\PowerPoint\Recent File List

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1708537768-920026266-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (3) (Browser: Cache, nothing done)
 
___________________________  
99% BAD HARDWARE WEEK: Yes including Chrome private mode browser. The only thing I managed to protect are cookies in Firefox protected mode AFTER EXCLOUDING cookies from browser cache ?? Of course then you can't access any email or interactive account, so what use ?
But, wait a minute. What is actually metadata ?

This page is powered by Blogger. Isn't yours?