Tuesday, August 11, 2015

Samsung's 256-gigabit chip puts multi-terabyte flash drives in your PC

Source: http://www.engadget.com/2015/08/10/samsung-256-gigabit-flash-chip//

Samsung 850 EVO SSD

Think that Samsung's 2TB solid-state drives are pretty capacious? They're just the start of something bigger. The Korean tech giant has started manufacturing the first 256-gigabit (32GB) 3D vertical flash memory, doubling its previous capacity record. The new tech should turn multi-terabyte SSDs into practical options for your home PC, and help phone makers cram more storage into tight spaces. You might get more bang for your buck, to boot -- Samsung's manufacturing is 40 percent more productive, so you likely won't pay twice as much for twice the headroom. The company plans to make this 256-gigabit flash through the rest of 2015, so you'll probably see it crop up in a lot of products (from Samsung and otherwise) over the months ahead.

Filed under: ,

Comments

Source: Samsung Tomorrow

Tags: flash, samsung, ssd, storage, v-nand, vnand

Read More...

Monday, August 10, 2015

Motorola is the next to patch Android's big video security flaw

Source: http://www.engadget.com/2015/08/08/motorola-patches-stagefright-flaw//

Moto G third-generation

Chalk up one more big Android phone maker racing to patch its devices against that nasty Stagefright video security flaw. Motorola has explained that it will not only fix the vulnerability in phones from 2013 onward (such as the original Moto X and the Droid line), but make sure that its latest hardware is secure almost from the word go. Both the Moto X Style and Moto X Play will be secure on launch, while the recently-shipped third-generation Moto G is getting its update "soon."

The company doesn't say whether or not it's hopping on the monthly security patch bandwagon. However, it does add that it's working with Google and carriers to "simplify the process" of getting that code into your hands going forward. Between this and expected fixes for phones from Google, HTC, LG, Blackphone creator SGP and and Sony, you probably won't have to worry if you're carrying a recent or reasonably well-known device. The real question is whether or not other brands and older (or lower-end) hardware will get the same kind of attention -- you don't want to remain at risk simply because you bought the 'wrong' model.

Filed under: , , ,

Comments

Source: Motorola

Tags: android, droidmaxx, droidmini, droidturbo, droidultra, lenovo, mms, mobilepostcross, motog, motox, motoxplay, motoxstyle, patch, security, stagefright, update

Read More...

Old Intel chips are vulnerable to a fresh security exploit

Source: http://www.engadget.com/2015/08/08/intel-memory-sinkhole-flaw//

An old Intel Core i5 processor

If you have an old, Intel-based computer hanging around, you might want to get rid of it post-haste. Security researcher Chris Domas has discovered a vulnerability in the x86 architecture of Intel processors made between 1997 and 2010 (pre-Sandy Bridge) that lets an attacker install software in a chip's protected System Management Mode space, which governs firmware-level security. Yes, that's as bad as it sounds: an intruder could not only take more control than you typically see in attacks (including wiping firmware), but infect your PC even if you wipe your hard drive and reinstall your operating system. Domas has only tested against Intel-made CPUs so far, but AMD processors could be vulnerable as well.

A would-be hacker needs low-level OS access to get in, so you at least won't face a direct assault -- you need to fall prey to another attack before this becomes an option. However, this vulnerability might be difficult or impossible to fix in a timely fashion. While it's theoretically possible to patch a computer's BIOS (or on relatively recent systems, UEFI) to prevent these attacks, the chances of that happening are slim. What's the likelihood that your motherboard maker will support a product that's at least 5 years old, or that most people are both willing and able to apply firmware upgrades? Not very high, we'd reckon. Although the inexorable march of time will eventually take care of this flaw, the only surefire solution is to upgrade your computer.

Filed under: , ,

Comments

Via: PCWorld

Source: Black Hat, GitHub

Tags: core, cpu, intel, memorysinkhole, nehalem, pentium, processor, security

Read More...

Saturday, August 08, 2015

Researchers find major security flaw with ZigBee smart home devices

Source: http://www.engadget.com/2015/08/07/zigbee-security-flaw//

Hue bridge

Manufacturers of smart home devices using the ZigBee standard are aiming for convenience at the expense of security, according to researchers from the Austrian security firm Cognosec. By making it easier to have smart home devices talk to each other, many companies also open up a major vulnerability with ZigBeee that could allow hackers to control your smart devices. And that could be a problem if you rely on things like smart locks or a connected alarm system for home security. Specifically, Cognosec found that ZigBee's reliance on an insecure key link with smart devices opens the door for hackers to spoof those devices and potentially gain control of your connected home.

"Tests with light bulbs, motion sensors, temperature sensors and even door locks have also shown that the vendors of the tested devices implemented the minimum of the features required to be certified," Cognosec's Tobias Zillner writes. Even worse, he points out that there's no way for consumers to make their smart devices more secure. In the end, he blames the push for ZigBee to be easy to use as the big reason why companies have been lax with security.

For anyone who's had worries about the vulnerability of the connected home, Cognosec's findings basically present the worst case scenario for ZigBee. Since it affects a wide variety of devices, it's unclear how quickly manufacturers will be able to come up with a fix. We've reached out to the ZigBee Alliance, whose members include major companies like Samsung, Sony and ARM, and will report back with their response.

[Photo credit: Tom Raftery/Flickr]

Filed under:

Comments

Via: TechCrunch

Source: Cognosec

Tags: hacks, security, smarthome, Zigbee

Read More...

Tuesday, August 04, 2015

Hackers could take complete control of your computer if you use 'the Netflix for pirated movies'

Source: http://www.businessinsider.com/hacker-proves-popcorn-time-is-not-safe-from-attack-2015-8

Popcorn Time Streaming App

Popcorn Time, the Netflix-like website for pirated movie content, may be vulnerable to a hack attack, TorrentFreak reports. This is according to a Greek security researcher named Antonios Chariton who published a blog post this past weekend.

Using a series of techniques, Chariton wrote that he demonstrated how "someone can get complete control of a computer assuming they have a Man In The Middle position in the network."

A 'man-in-the-middle' attack is when a hacker intercepts a data request between two machines. It is then able to swap the intended data for something malicious. So, if an attacker is able to execute one of these intercepting attacks, he or she can wreak havoc on the computer running Popcorn Time.

The attack is based on the clever way Popcorn Time avoids being banned by internet service providers (ISPs). The application is able to connect directly to the CloudFlare network. This, put in the simplest of terms, means that if an ISP wants to block the Popcorn Time program it would have to ban the entire CloudFlare website and not just the pirated content program. This is a smart way to avoid widespread ISP blocks.

The problem, however, is that the connection to CloudFlare is made over the HTTP protocol, and it's been shown that HTTP is just not secure.

Chariton didn't mince his words: "HTTP is insecure. There's nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don't run inside a web browser."

Because of HTTP's vulnerability, Chariton wrote that he was able to inject malicious code into a victim computer using Popcorn Time.

Popcorn Time penned a blog post responding to these claims. It assured users that they “don’t need to worry.” For one, man-in-the-middle attacks are “very unlikely,” and require a hacker gaining access into a victim’s personal network.

The site does admit that there are some security issues to be dealt with. It says it will release a fix to these shortly, but adds that what Chariton brought to light isn't as dire as it may seem.

SEE ALSO: The malware that's been holding gamers' files hostage for $500 is now even more destructive

Join the conversation about this story »

NOW WATCH: All the incredibly useful things you didn't know your iPhone headphones could do










Read More...