Monday, January 29, 2018
Lenovo's Long Hardware Vulnerability
During a security audit of Lenovo's Enterprise Network Operating System (ENOS), the audit team discovered a vulnerability dating all the way back to 2004. The vulnerability allows attackers to use a mechanism called "HP Backdoor" to bypass authentication and gain administrator-level access to the network device. The vulnerability was established in a firmware update when the ENOS technology was owned by Nortel Networks, who sold it to IBM in 2010, who then sold it to Lenovo in 2014. Lenovo investigated the circumstances surrounding the firmware update and discovered that the bypass function was intentionally added in 2004 by Nortel at the request of its OEM customer. Lenovo removed the vulnerability from the source code and released updated firmware for all the affected products.
Tuesday, January 23, 2018
Microsoft "Andromeda"
Microsoft is re-entering the mobile device market with their new project, codenamed "Andromeda". Andromeda includes software and hardware elements; both a foldable tablet device and a new mobile-friendly variant of Windows 10 designed to run on that device. The tablet will support both touch and pen inputs, and is intended to be used similarly to a journal or notebook. Rumors indicate that Microsoft is targeting a professional audience, including businesspeople, educators, and creators with this project. In that light, it will most likely be a premium product with a premium price.
Monday, January 15, 2018
Meltdown and Spectre
2018 did not start well for processor manufacturers. Two separate vulnerabilities (Meltdown and Spectre) were discovered that targeted the fundamental ways that Intel processors handle memory allocation. A threat actor can exploit these vulnerabilities to gain privileged access to the parts of memory used by programs, where they can then steal sensitive information like credentials or encryption keys. Microsoft, Google, and other major tech companies scrambled to implement protections in their products, which had the unfortunate side effect of slightly to moderately decreasing the efficiency of processors on Windows and Linux machines. Only time will tell how this will affect the processor industry in the future.
Subscribe to:
Posts (Atom)