21 Oct 2019

feedSlashdot

Microsoft Announces Secured-core PCs To Counter Firmware Attacks

Microsoft today announced a new initiative to combat threats specifically targeted at the firmware level and data stored in memory: Secured-core PCs. From a report: Microsoft partnered with chip and computer makers to apply "security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system." Secured-core PCs will be available from Dell, Dynabook, HP, Lenovo, Panasonic, and Surface. Microsoft hasn't released a full list of Secured-core PCs, but two examples include HPâ(TM)s Elite Dragonfly and Microsoft's Surface Pro X. Firmware is used to initialize the hardware and other software on the device. The firmware layer runs underneath the OS, where it has more access and privilege than the hypervisor and kernel. Firmware is thus emerging as a top target for attackers since the malicious code can be hard to detect and difficult to remove, persisting even with an OS reinstall or a hard drive replacement. Microsoft points to the National Vulnerability Database, which shows the number of discovered firmware vulnerabilities growing each year. As such, Secured-core PCs are designed for industries like financial services, government, and healthcare. They are also meant for workers who handle highly sensitive IP, customer, or personal data that poses higher-value targets for nationstate attackers.

Share on Google+

Read more of this story at Slashdot.

21 Oct 2019 4:51pm GMT

feedArs Technica

Verizon’s 5G network can’t cover an entire basketball arena, either

Verizon 5G can't cover all the seating areas in any NBA or NFL facility.

21 Oct 2019 4:50pm GMT

feedSlashdot

Equifax Used 'admin' as Username and Password for Sensitive Data: Lawsuit

AndrewFlagg writes: When it comes to using strong username and passwords for administrative purposes let alone customer facing portals, Equifax appears to have dropped the ball. Equifax used the word "admin" as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The ongoing lawsuit, filed after the breach, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. "Equifax employed the username 'admin' and the password 'admin' to protect a portal used to manage credit disputes, a password that 'is a surefire way to get hacked,'" the lawsuit reads. The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website. When Equifax, one of the three largest consumer credit reporting agencies, did encrypt data, the lawsuit alleges, "it left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data." The class-action suit consolidated 373 previous lawsuits into one. Unlike other lawsuits against Equifax, these don't come from wronged consumers, but rather shareholders that allege the company didn't adequately disclose risks or its security practices.

Share on Google+

Read more of this story at Slashdot.

21 Oct 2019 4:10pm GMT

feedArs Technica

Google says a fix for Pixel 4 face unlock is “months” away

Google says to use the "lockdown" feature to stop others from unlocking your phone.

21 Oct 2019 4:08pm GMT

feedSlashdot

Lawmakers Slam Apple for 'Censorship' of Apps at China's Behest

U.S. lawmakers from both parties slammed Apple and Chief Executive Officer Tim Cook last week for "censorship of apps" at the "behest of the Chinese government." From a report: Senators Ted Cruz, Ron Wyden, Tom Cotton, Marco Rubio and Representatives Alexandria Ocasio-Cortez, Mike Gallagher and Tom Malinowski expressed concern about the removal of an app that let Hong Kong protesters track police movement in the city. "Apple's decisions last week to accommodate the Chinese government by taking down HKmaps is deeply concerning," they wrote in a letter to Cook, urging Apple to "reverse course, to demonstrate that Apple puts values above market access, and to stand with the brave men and women fighting for basic rights and dignity in Hong Kong." Apple didn't respond to a request for comment on Friday. Apple removed the HKmap.live app from the App Store in China and Hong Hong earlier this month, saying it violated local laws. The company also said it received "credible information" from Hong Kong authorities indicating the software was being used "maliciously" to attack police. The decision, and the reasoning, was questioned widely. Cook, in a recent memo to Apple employees, said that "national and international debates will outlive us all, and, while important, they do not govern the facts."

Share on Google+

Read more of this story at Slashdot.

21 Oct 2019 3:50pm GMT

feedArs Technica

In the Amazon, deforestation is linked to higher malaria rates

Deforestation boosts malaria, while higher malaria rates mean less deforestation.

21 Oct 2019 3:36pm GMT

01 Jan 2009

feedLinux.com :: Features

A new year, a new Linux.com

Many of you have commented that our NewsVac section hasn't been refreshed since the middle of last month. Others have noticed that our story volume has dropped off. Changes are coming to Linux.com, and until they arrive, you won't see any new stories on the site.

01 Jan 2009 2:00pm GMT

31 Dec 2008

feedLinux.com :: Features

Android-powered G1 phone is an enticing platform for app developers

The free and open source software community has been waiting for the G1 cell phone since it was first announced in July. Source code for Google's Android mobile platform has been available, but the G1 marks its commercial debut. It's clearly a good device, but is it what Linux boosters and FOSS advocates have long been anticipating?

31 Dec 2008 2:00pm GMT

30 Dec 2008

feedLinux.com :: Features

Municipalities open their GIS systems to citizens

Many public administrations already use open source Geographic Information Systems (GIS) to let citizens look at public geographic data trough dedicated Web sites. Others use the same software to partially open the data gathering process: they let citizens directly add geographic information to the official, high-quality GIS databases by drawing or clicking on digital maps.

30 Dec 2008 2:00pm GMT