“Rowhammer” attack goes where few exploits have gone before, into silicon itself.
“The thing that is really impressive to me in what we see here is in some sense an analog- and manufacturing-related bug that is potentially exploitable in software,” David Kanter, senior editor of the Microprocessor Report, told Ars. “This is reaching down into the underlying physics of the hardware, which from my standpoint is cool to see. In essence, the exploit is jumping several layers of the stack.”
Source: Cutting-edge hack gives super user status by exploiting DRAM weakness
Everyone, including Apple’s competitors, wants to know what Apple has up its sleeve. On one level, there’s doubt being expressed as to whether Apple has anything significant up their sleeves at all (as always, Apple is doomed). And on another level, there’s curiosity as to the specifics of what’s coming.
Source: Transcript of Apple’s earnings call, and one vexing question
Whether you’re working on your own or collaborating with a team, PDF Viewer maximizes productivity, allowing you to view, search, and annotate PDF documents with ease on your iPhone and iPad.
Source: PDF Viewer – Read, Review and Annotate on the App Store
Samsung’s decision to push a sweeping recall of the Galaxy Note 7, based on what turned out to be incomplete evidence, left the South Korean company with little choice but to kill the model later.
Source: The Fatal Mistake That Doomed Samsung’s Galaxy Note
Dear WSJ? What BS Infographic is this? Percent of what?
Device manufacturers should be held accountable for their devices’ behaviors out in the wild. Without clear accountability, we’re going to continue shipping easy-to-use yet wildly vulnerable devices. Examples of manufacturer requirements should include:
- An end to common default passwords. It’s more work, but every device should start with a different administrative password and require that it be set to an even more secure one when first used in the wild. It sounds obvious, but today you can control a huge number of home devices via a simple search for “default password.”
- Impactful alerts for vulnerabilities. These devices will certainly use software that has vulnerabilities, but how does a consumer know these problems are found? Anyone out there constantly hitting refresh on the manufacturer’s device support page to find out? I didn’t think so. Manufacturers must be responsible for getting alerts to their buyers similar to how car makers handle priority vehicle safety recalls. And if the warnings are not heeded within a set amount of time, the device should be disabled.
- Self-patching software. Even the lowest-cost camera, Wi-Fi access point or DVR must ship with self-patching software. We can’t have vulnerability-laden devices all over the place just waiting for the bad guys to take them over. And it’s not the owners’ faults — the patching experience for these devices is often miserable, assuming that you even knew it was needed. It’s time to require that these devices meet a minimum standard around simple and automatic patching.
- Information sharing. It’s both good and bad news that so many internet-connected devices have so much software in common. It’s bad in that a zero-day exploit can instantly put myriad devices at risk. It’s good in that we can more proactively monitor and protect them using common processes and coordinated patches. Device manufacturers should be required to share findings regarding vulnerabilities and attacks with their peers. Done properly, it can help other manufacturers protect their products and give the cyber security industry a head start in preventing any resulting attacks.
Source: Connected devices are easily hacked. Why aren’t we holding manufacturers accountable? – Recode
I would add to this list… in light of the recent DynDNS attack.. and people like Krebs showing a credible link to XiongMai Technologies, and lots of people claiming:
“The components that XiongMai makes are sold downstream to vendors who then use it in their own products.”
Why is their no list of who those DownStream vendors are? So we can remove those devices, because according to them
“The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”
My worry is the fact that names have not been released is this weakness is farther reaching then we even know.
Last year, IBM made a bold decision. The company let its employees choose between a Windows PC or a Mac for their own work machines. IBM staffers prefer Macs, so the company bought up 30,000 of them. This year, IBM has 90,000 Macs in use. But Macs are expensive, as we all know, so IBM must be spending a fortune on making the switch…right? Apparently not.
IBM said Wednesday at the Jamf Nation User Conference that it’s actually saving money on each Mac: $273 to $543 per Mac over four years, compared to a Windows PC over the same time period. And no, that’s not because Microsoft is charging more. Fletcher Previn, IBM’s vice president of workplace as a service (yeah, that’s a real title), said Microsoft is giving IBM its best pricing ever. But Macs are still cheaper over their lifetime, and using them results in fewer service calls.
Source: How switching to Macs is paying off for IBM | Macworld
I asked Chyi what she thinks of the Washington Post’s strategy, which under new owner Jeff Bezos has continued to serve steak—about 500 staff-written pieces a day—as well as hamburger—another 700 clickbaity pieces drawn from wire services or produced in-house. Last year, this strategy pushed the Post’s total unique numbers above the New York Times’ for the first time.
“In the short term, the Washington Post will have more clicks,” she says, but in the long term, clickbait will “actually hurt the brand.” Most of these new uniques stay on the site for a short time, making it difficult to monetize their visits. “Too many newspapers are focused on short-term results,” she says.
Newspapers need to accept that much of their loss of audience is beyond their control, she adds. There’s the overwhelming competition from other media—sports channels, social media, movie channels, Netflix and other streaming services, and even video games. “For things that are under their control, they should make smart decisions.” Listen to readers, she counsels, and find better ways to serve their readers. Reject the idea that the newspaper is a doomed dinosaur.
Source: What If the Newspaper Industry Made a Colossal Mistake?
However, for the first time, I fervently recommend the iPhone 7 Plus over any dedicated point-and-shoot camera. As an entire package, from the shutter release and focal lengths, to the optical image stabilization, to the display’s color reproduction, to the built-in editing features, and to the sharing features at the end of your shot, the iPhone 7 Plus has instantly become my most used camera system.
First, the 56mm lens provides a new type of compression to your photos. Here’s an awesome animation to illustrate what I mean:
The closer you get to the 85mm focal length, the closer you get to a very natural compression for the human face. Aside from the lack of background blur generated in past iPhone cameras, the 28mm compression was the second biggest culprit for horrible iPhone portraiture.
Source: The iPhone 7 Plus — Tools and ToysTools and Toys
Apple is also reorganizing its cloud computing resources to bolster its services business. The company is moving its infrastructure — things like software to process Siri queries and Apple Music downloads — onto a single, Apple-made system, according to people familiar with the matter. Code-named Pie, the platform gives Apple more control and may speed up load times.
Apple has begun moving over parts of Siri, the iTunes Store, and Apple News to the new platform, one of the people said. Apple plans to move other services, including Maps, to its new system over the next few years. Apple has also developed an internal photo storage system dubbed McQueen to gradually end its reliance on Google and Amazon servers, the people said.
The company recently indicated it is taking the cloud more seriously by hiring former Time Warner Cable executive Peter Stern as a vice president leading cloud services.
Source: Apple Is Said to Plan Improved Cloud Services by Unifying Teams – Bloomberg