Friday, October 24, 2014

UPDATE 2: China's 5-Year Plan Revealed

And China has dedicated the funding and the economic pressure to accomplish those goals, according to IDC.


Thursday, October 23, 2014

UPDATE 1: IBM’s chip business sale gets national security scrutiny

 Retired U.S. Army Brig. Gen. John Adams, who authored a report last year for an industry group about U.S. supply chain vulnerabilities and national security, said the sale "needs to be closely studied and scrutinized."
It's unclear how capable Iran's supercomputing capabilities are at this point; Iran's Amirkabir University of Technology, the home of the IHPCRC, had in 2010 a system with 4,600 CPUs, but it did not identify the processor maker. 
99% BAD HARDWARE WEEK: More about chip hacking read at recent bad hardware week posts. But take chips for granted and don't think who is SUPPLIER of critical rare earth materials is really short sighted national security.

Monday, October 20, 2014

IBM to pay Globalfoundries $1.5 billion to take its fab !

After AMD , IBM becomes fabless too.

Saturday, October 18, 2014

Future of the Ethernet

  10 times faster in the next 10 years.
Well, used to rise faster some 20 years ago.

Friday, October 10, 2014

See invisible: Canon developing multi-layer CCD

Canon's multi-layer CCD. The CCD will be 2/3" diagonally.
99% BAD HARDWARE WEEK: April Fools Or not ? It is however patented in 2011. Perhaps Canon deliver it in 2015.
25 mega pixels x3 color sensor should be great at full frame.  Equivalent at current 24 megapixels at micro 4/3 format too. Lets wait.

Monday, October 06, 2014

How secure your iPhone 5 and 6 are ?

•All attributes are now encrypted (not only password)
•AES-GCM is used instead of AES-CBC

AES-GCM has the following problems:
  • In the case of nonce reuse both integrity and confidentiality properties are violated. If the same nonce is used twice, an adversary can create forged ciphertexts easily.
  • When short tags are used, it is rather easy to produce message forgeries. For instance, if the tag is 32 bits, then after $2^{16}$ forgery attempts and $2^{16}$ encryptions of chosen plaintexts (also of length $2^{16}$), a forged ciphertext can be produced. Creation of forgeries can be instantaneous when enough forgeries have been found.
  • GCM security proof has a flaw. It has been repaired recently, but the new security bounds are far worse for nonces not 12 bytes long;
  • GCM implementations are vulnerable to timing attacks if they do not use special AES instructions. The vulnerability remains even if the AES itself is implemented in constant-time. Constant-time implementations of GCM exist, but they are rather slow.
  • GCM restricts the total amount of data encrypted on a single key to 60 GBytes, which might be undesirable in the future.
99% BAD HARDWARE WEEK: AES-GCM uses 128 bit keys. Thus you can't consider your iPhone 6 data TOP SECRET, but secret. At least under NSA suit B classification. Secret means the same as for iPhone 4 and earlier versions: Open to law enforcement upon request !. SEEMS THAT iPhone IS STILL MORE BENDABLE TOWARD THOSE REQUESTS THAN ADVERTISED BY APPLE !

Saturday, October 04, 2014

XEN bug crashes Amazon and Rackspace clouds

There was substantial speculation about XSA-108 among bloggers, tweeters, and reporters 

In other words, a vulnerability appears to have been found that, rather risk having hackers take advantage of by announcing, has been embargoed until it is fixed.
The vulnerability is due to insufficient bounds checking on the Model-Specific Register (MSR) range while emulating read and write accesses for use by the Advanced Programmable Interrupt Controller (APIC) an affected system. An authenticated, adjacent attacker on a guest operating system could exploit this vulnerability to cause the host operating system to crash, resulting in a DoS condition. An attacker could also use this vulnerability to gain access to sensitive information from the host operating system or other guest operating systems that could be leveraged to conduct further attacks.
XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to 3 KiB of random memory that might not be assigned to the guest. The memory could contain confidential information if it is assigned to a different guest or the hypervisor. The vulnerability does not apply to PV guests.

This page is powered by Blogger. Isn't yours?