5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

Promotional image of computer processor.

Enlarge / An 8th-generation Intel Core Processor. (credit: Intel)

Virtually all Intel chips released in the past five years contain an unfixable flaw that may allow sophisticated attackers to defeat a host of security measures built into the silicon. While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

The flaw resides in the Converged Security and Management Engine, a subsystem inside Intel CPUs and chipsets that’s roughly analogous to AMD’s Platform Security Processor. Often abbreviated as CSME, this feature implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit—which provides protection preventing the malicious modification of static random-access memory—to implement early enough in the firmware boot process. That failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.

Jeopardizing Intel’s root of trust

Because the flaw resides in the CSME mask ROM, a piece of silicon that boots the very first piece of CSME firmware, the vulnerability can’t be patched with a firmware update.

Read 9 remaining paragraphs | Comments

Source:

Biz & IT – Ars Technica

Coronavirus Reportedly Spreads To Venice, California

Twitter user Scott Bell is reporting that his uncle from Venice, California, has tested positive for the coronavirus. According to Bell, “he was skiing in the Italian alps with 6 other guys,” 4 of which, including his uncle, now have the coronavirus. One is reportedly in a coma and two others are sick. Bell says his uncle “has not present any symptoms as of yet,” but has chosen to self-quarantine himself. From the thread: A few days later they tested him and yesterday he found out he’s positive. Meanwhile, they’ve told my aunt to wear a mask, stay 10 feet away from my uncle, and otherwise she is free to move about the community. And, she has — to grocery stores, the hair salon, etc. […] Believe me, I’m upset to hear that she did this. The crazier part is that they have not tested her, and will not, and again – advised her she is free to move at-will. This is how our health dept. is leading this effort. In an updated tweet, Bell says his aunt is now quarantined and the guy in the coma “is starting to improve.”

Here’s a screenshot of the thread:

Read more of this story at Slashdot.

Source: Slashdot

Microsoft Releases PowerShell 7 for Windows, macOS and Linux

Microsoft has announced that its cross-platform automation tool and configuration framework PowerShell 7 is now generally available. From a report: Available for Windows, macOS and Linux, PowerShell 7 sees Microsoft moving from .NET Core 2.x to 3.1 which enables greater backwards compatibility with existing Windows PowerShell modules thanks to the resurrection of numerous .NET Framework APIs. The cross-platform nature of PowerShell 7 means that Ubuntu, openSUSE, Fedora, Debian and other Linux distro are embraced. Joey Aiello, product manager of PowerShell, says: “If you weren’t able to use PowerShell Core 6.x in the past because of module compatibility issues, this might be the first time you get to take advantage of some of the awesome features we already delivered since we started the Core project!”

Read more of this story at Slashdot.

Source: Slashdot

Scientists Turn To Tech To Prevent Second Wave of Locusts in East Africa

Scientists monitoring the movements of the worst locust outbreak in Kenya in 70 years are hopeful that a new tracking program they will be able to prevent a second surge of the crop-ravaging insects. From a report: The UN has described the locust outbreak in the Horn of Africa, and the widespread breeding of the insects in Kenya, Ethiopia and Somalia that has followed, as “extremely alarming.” The UN’s Food and Agriculture Organization has warned that an imminent second hatch of the insects could threaten the food security of 25 million people across the region as it enters the cropping season. Kenneth Mwangi, a satellite information scientist, based at the Intergovernmental Authority on Development climate prediction and applications centre, based in Nairobi, said researchers were running a supercomputer model to predict breeding areas that may have been missed by ground monitoring. These areas could become sources of new swarms if not sprayed.

“The model will be able to tell us the areas in which hoppers are emerging,” said Mwangi. “We will also get ground information. These areas can become a source of an upsurge, or a new generation of hoppers. It becomes very difficult and expensive to control, which is why we are looking to prevent an upsurge. The focus will be on stopping hoppers becoming adults, as that leads to another cycle of infestation. We want to avoid that. We want to advise governments early, before an upsurge happens.” So far, the supercomputer, funded by $45 million of UK aid as part of its Weather and Climate Information Services for Africa programme, has successfully forecast the movement of locusts using data such as wind speed and direction, temperature, and humidity. The model has achieved 90% accuracy in forecasting the future locations of the swarms, Mwangi said.

Read more of this story at Slashdot.

Source: Slashdot

Humorous Highway Signs Aim To Steer Drivers Safely Down The Old Town Road

Drive down any U.S. interstate and there’s a good chance you will see a pun or a funny reference on the next electronic message board you spot. From a report: Such messages have become ubiquitous across the country lately. But besides getting a snicker, what’s behind these roadside bits, and are they making drivers behave any differently? They are known as Dynamic Message Signs, and they usually remind drivers about speed limits or traffic delays. Though the technology has been around for decades, in recent years states across the country have been taking a different tack with their messaging in a bid for more eyeballs.

A recent message that was flashing out across Illinois expressways is a perfect example of this. It read, “Got The Munchies? Get Food Delivered. Don’t Drive High!” Since Illinois legalized marijuana this year, transportation officials have been trying to get people to avoid driving stoned, so why not appeal to a stoner’s love for snacking? Elmo Bruggink, an Illinois tourist from the Netherlands, weighed in on the message. His home country is a place that has long been dealing with drivers who smoke weed, but Bruggink said officials haven’t tried humor yet.

Read more of this story at Slashdot.

Source: Slashdot

“Project Sandcastle” brings Android to the iPhone

Closeup photograph of a hand holding a smartphone.

Enlarge / Android, on the iPhone. (credit: Forbes)

Android can run on just about everything—phones, watches, TVs, cars, microwaves, the Nintendo Switch—but one thing it really hasn’t been able to run on in a while is the iPhone. A third-party effort called Project Sandcastle is setting out to change that and build Android for the iPhone. The group already has beta builds out for the iPhone 7 and 7+.

You might recall, many years ago, that a Linux and Android on iPhone port was in the works for the original iPhone. This project is being brought to you by David Wang and Chris Wade, the same people who did that original port. Wang and Wade are the co-founders of Corellium, a company that is currently being sued by Apple for selling access to virtual machines that run iOS. The two say Corellium’s iPhone VM and debugging helped the project get up and running quickly.

Android ports often get a big development boost thanks to the shared hardware of the ARM ecosystem. Something like the Nintendo Switch normally wouldn’t have a scrap of pre-existing Android code to its name, but the Switch’s Nvidia Tegra SoC is also used in Android devices, and this shared hardware means there’s already a considerable codebase to start from. This is true of most devices, since Qualcomm, Nvidia, Mediatek, and others all sell their SoC to a wide consumer base—if you want to port Android to something, a good first step is to find another device with similar hardware that already runs Android and start with that code base. This strategy doesn’t work for the iPhone, though—it has an Apple SoC, which is only used in Apple devices, so there is truly no pre-existing Android code to work from. You’ve got to write drivers from scratch.

Read 3 remaining paragraphs | Comments

Source: Tech – Ars Technica

TCL Unveils Trifold and Rollable Smartphones

A year ago, we started to see the first wave of foldable devices and they were … disappointing. But companies are not backing down. TCL is already looking ahead with a pair of foldable and rollable prototypes that imagines what the future of phones could look like. From a report: One is a trifold variant with two hinges, while the other is even crazier — it is rollable! Yes, TCL has designed a phone that gets larger by utilizing a flexible display that rolls and unrolls — it looks to be quite genius, actually. “At just 9mm in thickness, this portable concept re-imagines the standard smartphone design, with a rollable AMOLED display that uses internal motors to extend the 6.75-inch screen to a 7.8-inch display size with the press of a button. This allows for an entirely new device user experience that includes split screen and multi-tasking UI enhancements customized by TCL. Thanks to a larger axis and rolled display, the device has no wrinkles or creases which are commonly found with foldable AMOLEDs. When not in use, a motor-driven sliding panel utilizes advanced mechanics to conceal the flexible display,” says TCL.

Read more of this story at Slashdot.

Source: Slashdot

For $3, a ‘Robot Lawyer’ Will Sue Data Brokers That Don’t Delete Your Personal and Location Info

In January, a new law gave consumers the power to stop companies collecting their personal information. The law, known as the California Consumer Privacy Act (or the CCPA), can be a powerful tool for privacy, but it comes with a catch: Consumers who want to exercise their CCPA rights must contact every data broker individually, and there are more than a hundred of them. But now they have an easier option. From a report: On Thursday, a startup called DoNotPay unveiled a service it calls Digital Health that automates the data-deletion process. Priced at $3 a month, the service will contact more than 100 data brokers on your behalf and demand they delete your and your family’s personal information. It will also show you the types of data the brokers have collected — such as phone number or location info — and even initiate legal proceedings if the firms fail to comply. The monthly fee also gives subscribers access to DoNotPay’s other automated avenging services, like appealing parking tickets in any city, claiming compensation for poor in-flight Wi-Fi, and Robo Revenge, which sues robocallers.

Read more of this story at Slashdot.

Source: Slashdot

Defense Contractor CPI Knocked Offline by Ransomware Attack

A major electronics manufacturer for defense and communications markets was knocked offline after a ransomware attack, TechCrunch reported Thursday. From the report: A source with knowledge of the incident told TechCrunch that the defense contractor paid a ransom of about $500,000 shortly after the incident in mid-January, but that the company was not yet fully operational. California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. The company confirmed the ransomware attack. “We are working with a third-party forensic investigation firm to investigate the incident. The investigation is ongoing,” said CPI spokesperson Amanda Mogin. “We have worked with counsel to notify law enforcement and governmental authorities, as well as customers, in a timely manner.”

Read more of this story at Slashdot.

Source: Slashdot

Live Facial Recognition Is Coming To US Police Body Cameras

Wolfcom, a company that makes technology for police, is pitching body cameras with live facial recognition to law enforcement groups across the United States, OneZero reported Thursday. From a report: It’s a move that pushes against industry norms: Axon, the largest manufacturer of body cameras in the United States, declared last year that it would not put the invasive technology in its hardware, citing “serious ethical concerns.” NEC, which sells live facial recognition elsewhere in the world, has also not sold it to U.S. law enforcement. Wolfcom claims to have sold body cameras to at least 1,500 police departments, universities, and federal organizations across the country. It has been developing live facial recognition for the Halo, Wolfcom’s newest body camera model, according to documents and a video obtained by OneZero through public records requests. This new initiative makes Wolfcom the first major body camera provider in the United States to pursue live facial recognition, a controversial stance given a nationwide push from privacy advocates to ban the technology.

Read more of this story at Slashdot.

Source: Slashdot