Recent Posts

Pages: [1] 2 3 ... 10
1
eBooks all to know / Get 'Cyber Security and Network Security'
« Last post by javajolt on May 18, 2024, 07:24:36 PM »
Digital assaults are quickly becoming one of the most predominant issues on the planet. As digital wrongdoing keeps on expanding, it is increasingly more important to investigate new methodologies and advances that help guarantee the security of online networks.

Ongoing advances and innovations have made great advances for taking care of security issues in a methodical manner. In light of this, organized security innovations have been delivered so as to guarantee the security of programming and correspondence functionalities at fundamental, improved, and engineering levels.

This outstanding new volume of Cyber Security and Network Security covers all of the latest advances, innovations, and developments in practical applications for cybersecurity and network security.

Written and edited by a team of experts in the field, this book is the most comprehensive and up-to-date study of the practical applications of cyber security and network security for engineers, scientists, students, and other professionals.

This team of editors represents some of the most well-known and respected experts in the area, creating this comprehensive, up-to-date coverage of the issues of the day and state of the art.

Whether for the veteran engineer or scientist or a student, this volume is a must-have for any library.

Follow this link to get your copy of 'Cyber Security and Network Security' for this free guide. This link will redirect you to my One Drive account and click Download. [system administrator]

source
2
How often should you switch off your mobile phone completely? This question is not just about saving the battery. It also contributes to the safety of the device. You should know this.


Image: Ton Photographer 4289/Shutterstock.com

Many people need to learn how to use a smartphone properly. After all, these all-rounder devices require regular maintenance and important updates in order to be optimally protected against wear and tear and attacks.

Switching you phone off completely protects it

Surprisingly, this includes a very simple function: switching off the smartphone completely. According to security experts at the NSA, this alone helps to protect the device from hacking attacks. It is now not only common to gain access to smartphones via malicious links, but also via so-called zero-click exploits.

This involves bypassing the smartphone’s security functions step-by-step. Starting with a missed call, then the first installed files that gradually allow access to the system and tap into information. This usually goes unnoticed, but can fortunately be prevented by completely rebooting the device.

So how often should I turn off my phone?

The simple answer from security experts as to how often a mobile phone should be switched off completely is: at least once a week. In the best-case scenario, however, you should remember to reset our phone even more often. This is because, in addition to eliminating the security risk, it also allows the smartphone’s operating system to run all functions smoothly.

By the way: To see how long your device has had to go without switching off, you can easily check the system settings. On Android devices, this can usually be found under “Device” and then “Status.” The uptime is displayed there in hours.

source
3

Microsoft Windows 11 logo with apps everywhere.
It might be because it had something of a rocky start, but it sometimes seems like Windows 11 is only just reaching its maturity, what with the continuing march of added features and substantial Windows 11 updates released over the past year. However, those of you who've only recently made the switch may be surprised to learn the release of Windows 12 might not be far away, as soon as June 2024 if recent reports are to be believed.

According to Taiwanese financial paper The Commercial Times, Acer CEO Jason Chen and the chairman of PC manufacturer Quanta, Barry Lam, were both present at the Medical Taiwan trade show this week, and they appeared to have plenty to say about what they think computing might look like in the near future. However, there's some information here that's got the rumour mill cranking, and it's related to a potential release date for Windows 12.

The article itself opens with the translated line "Microsoft Windows 12 will be launched in June 2024", although there is no given source to backup this claim. However, while there's not a direct quote regarding the potential release from the executives themselves, the paper reports (in regards to Barry Lam), that "he expects that next summer, when Microsoft launches a new generation of Windows operating systems, AI PCs will also be launched one after the other''.

Jason Chen meanwhile was described as optimistic about generative AI and the ongoing progress of AI PCs, which are thought to potentially be a primary focus of Windows 12, with some outlets reporting a possibility that some form of baseline readiness may even be a requirement.

Thinking of upgrading?


Windows 11 Square logo
Speculation aside, this isn't the first time we've heard talk of a potential Windows 12 release next year. Back in October, we reported on similar hints of a 2024 "refresh" from Intel CFO Dave Zinsner, and Microsoft's development cycle update also seemed to tease a 2024 release, with a suggestion that Windows would get a major new release every three years.

Details might be scant for now, but we can get some sort of insight into what Windows 12 might look like if we take a closer look at some of the most recent Windows 11 updates for clues as to where Microsoft might be heading. Certainly the recent focus seems to be pointed squarely at AI integration, and while the Microsoft Copilot AI assistant might not have made a particularly big splash upon its debut it's a safe bet to say it's likely to be a glimpse at things to come.

Let's not also forget MS Paint's Dall-E AI integration and the introduction of AI based text recognition and redaction features recently added to the Windows 11 Snipping Tool. It seems so far like Microsoft might be going all-in on AI for its future releases, and while the usefulness of these additions to the end user is debatable at this point, it's a clear indicator that whatever the next version of Windows might be, AI integration within the OS is likely going to end up front and center, whether we like it or not.

source
4


OpenAI has announced GPT-4o, an update to its GPT-4 language model that brings new features to both the free and paid tiers of its ChatGPT platform. While the functionality was amazing, the voice was breaking a lot. Moreover, the speakers deliberately spoke during the conversation to shut ChatGPT off because it was talking too much.

Previously limited to paid subscriptions, GPT-4o offers free users access to capabilities such as data and code analysis, image processing tools, and real-time language translation. OpenAI also revealed a desktop app.

While the free tier receives a significant upgrade, the paid subscription (ChatGPT Plus) continues to offer advantages. Paid users receive a fivefold increase in daily GPT-4o requests, can faster processing and access to future advanced features.

A key feature of GPT-4o is its enhanced live speech functionality. Unlike earlier models, GPT-4o can directly process speech input. This allows for more natural and interactive conversations with the AI.



GPT-4o goes beyond conversation, demonstrating capabilities in problem-solving and analysis. The model can solve math problems step-by-step, analyze code, interpret graphs, and translate languages in real time. Additionally, it can generate various vocal styles. So, finally, OpenAI didn’t reveal a search engine. In the future, perhaps?

Even though the product was good, it seemed unfinished. Perhaps this was Microsoft’s idea to hack Google’s I/O?

source
5
The Microsoft-backed company also launched the GPT-4o model



OpenAI has finally launched a ChatGPT desktop app, its one-stop app that brings the popular AI chatbot to your desktop. Announced during the “Spring Update” live stream event on Monday, the Microsoft-backed company said that the app will boast a “refreshed UI,” besides the mobile app that’s already available.

The update “feels magic” to Altman, and that’s not baseless at all. OpenAI’s CTO Mira Murati demo-es that the new ChatGPT desktop app will have the Voice mode that’s been exclusive for mobile users for quite some time.



“We’re rolling out the macOS app to Plus users starting today, and we will make it more broadly available in the coming weeks. We also plan to launch a Windows version later this year,” OpenAI says in the official announcement.

The question now, though, will it challenge Microsoft Copilot? Microsoft has poured billions of dollars into OpenAI for years and even uses its model for Copilot. The Redmond company wants the AI assistant tool to be a universal experience for Windows 11 and 10 users, but with the ChatGPT desktop app coming, competition may be getting fiery.

Besides, the Microsoft-backed company also launched its yet “best model ever,” the GPT-4o, and its API. The new flagship model is natively multimodal and is rolling out for folks in both free and ChatGPT Plus paid subscribers, and is rolling out “over the next few weeks.” It can speak to you better than the voice assistant that’s already around.

Rumors on the street have been one thing: OpenAI was set to launch a “ChatGPT search engine.” That honestly does sound like a good idea, even though we do have something similar with Microsoft’s Copilot or even Google Gemini (formerly known as Bard). But, still, being the maker of the GPT-4 model, OpenAI’s ChatGPT does have an upper hand if it decides to launch a search engine.

The rumors said that the search engine would be launched on Monday, May 13, but OpenAI’s bosses Sam Altman and Greg Brockman quickly refuted the idea. When announcing the Spring Update live stream event, these OpenAI’s higher-ups said explicitly that it won’t be a search engine or a GPT-5, but rather an update to ChatGPT and GPT-4.

source
6
Social Media / Twitter's rebranding is now complete, switches URL to X.com
« Last post by javajolt on May 17, 2024, 07:47:53 PM »


Back in October 2022, a multi-billionaire bought the social media platform known as Twitter. No one would have imagined at the time that the name Twitter (and the iconic bird logo) would become a part of history in a couple of years.

Twitter's official rebranding to X started in July last year with a new logo available across its web version and mobile apps, followed by name changes for the services and official social media accounts operated by the company. TweetDeck became X Pro, Twitter Blue became X Premium, and the official @X handle was taken away from its owner.

Fast forward to now, Twitter's journey to X is complete as Elon Musk announced on the platform that "All Core systems are now on X.com." As part of the change, it will display the URL X.com instead of Twitter.com when you visit the social media platform using your web browser.



The social media platform has also put a notice on its sign-up page stating," We are letting you know that we are changing our URL, but your privacy and data protection settings remain the same." However, the URL shift has been gradual over the months since July last year when Elon Musk announced the rebranding.



At the time of writing, there are places where the old URL is still visible, for instance, the premium signup page for X Pro.

X.com isn't a new brand; it has been associated with Musk for more than two decades now. Musk founded an online bank called X.com in 1999, which later merged with Confinity to become PayPal.

Musk took charge as X Corp's CEO (then Twitter Inc.) after purchasing the company but later hired NBCUniversal's Linda Yaccarino. The billionaire's idea is to turn X into a one-stop shop with offerings such as job listings, video streaming, AI chatbot, and more. There were rumors of an X stock trading app in development but Elon Musk denied those claims.

source
7
All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels?


Paul Souders/Getty Images
In a new white paper, Vendor Kernels, Bugs and Stability, the infrastructure software and Rocky Linux company CIQ presents a compelling argument that Linux vendor kernels are plagued with security vulnerabilities due to the flawed engineering processes that backport fixes.

While this may shock some, it's an open secret in the Linux community. As Greg Kroah-Hartman, Linux stable kernel maintainer and a prominent member of the kernel security team, recently said: To be secure, you should always use the latest long-term stable kernel. The key word here is "latest." It's not enough to use an LTS. You must use the most up-to-date release to be as secure as possible.   

Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable."

Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level."

Jonathan Corbet, Linux kernel developer and LWN editor-in-chief, agreed: "In the kernel, just about any bug, if you're clever enough, can be exploitable to compromise the system. The kernel is in a unique spot in the system ... it turns a lot of ordinary bugs into vulnerabilities."

What CIQ engineers Ronnie Sahlberg, Jonathan Maple, and Jeremy Allison did was to put hard numbers behind this position. Their paper shows that -- with current engineering practices -- almost all vendor kernels are inherently insecure and that securing those kernels is impossible.

That's because Linux vendor kernels have been created by taking a snapshot of a specific Linux release and then backporting selected fixes as changes occur in the upstream git tree. This method, designed in an era when out-of-tree device drivers were prevalent, aims to enhance stability and security by selecting changes to backport. This paper examines how this works in practice by analyzing the change rate and bug count in Red Hat Enterprise Linux (RHEL) 8.8, kernel version 4.18.0-477.27.1, comparing it to upstream kernels from kernel.org.

Although the programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses.

Their analysis of the RHEL 8.8 kernel reveals 111,750 individual commits in the change log. This data, while not detailing the content or size of the commits, provides a general understanding of the backporting process. Initially, there was a steady rate of backporting, but this decreased around November 2021 and again significantly in November 2022, corresponding with the release of RHEL 8.5 and RHEL 8.7, respectively. This pattern, the authors believe, reflects a shift toward more conservative backporting to enhance stability as the major release cycle progresses.

Their examination found 5,034 unfixed bugs in RHEL 8.6; 4,767 unfixed bugs in RHEL 8.7; and 4,594 unfixed bugs in RHEL 8.8.

These figures represent known bugs with upstream fixes that have not been backported to RHEL. The earlier cessation of backporting in RHEL 8.6 and 8.7 has led to more unfixed bugs compared to RHEL 8.8. Red Hat's practice of not publishing the complete source code changes adds complexity, resulting in possible false positives and negatives in the data CIQ had to work with. Despite these limitations, CIQ reports that manual checks suggest a high accuracy in identifying missing fixes.

Contrary to the assumption that bugs are quickly fixed upstream, many persist for extended periods before resolution. This delay impacts kernel quality, as the slowing back-porting process results in an increasing number of known, unfixed bugs, which undermines kernel stability and security over time.

Since Linux kernel developers have taken over managing Linux's Common Vulnerabilities and Exposures (CVEs), 270 new CVEs in March 2024 and 342 in April 2024 have been reported. These have already been fixed in the stable Linux kernel git branch.

Still, the sheer numbers underscore the importance of using stable upstream kernels for enhanced security. The volume of new CVEs and the lack of an embargo period for fixes necessitate a proactive approach from organizations in evaluating and addressing these vulnerabilities.

Besides, although RHEL 8.8 hasn't been actively developed since late 2022, about 10% of all newly discovered bugs still affect it. RHEL 8.8's last major set of bug fixes came in May 2023. The same is true of other, older (but still supported) enterprise Linux distros. More troubling still, according to CIQ: "Some of the missing fixes we examined are explicitly disclosed as being exploitable from user space."

Therefore, the CIQ team concluded the traditional vendor kernel model, characterized by selective backporting, is flawed. The growing number of known, unfixed bugs suggests that vendor kernels are less secure than upstream stable kernels. The team advocates for a shift toward using stable kernel branches from kernel.org for better security and bug management.

According to the authors, "this creates a strong incentive" for security-conscious customers to adopt stable kernels over vendor-specific ones. They assert, "We believe that the only realistic way for a customer to know they run a kernel that is as secure as possible is to switch to a stable kernel branch." 

This paper is not a critique of the dedicated Linux vendor kernel engineers. Instead, it's an invitation for the industry to rally behind kernel.org stable kernels as the optimal long-term solution. Such a shift would allow engineers to focus more on fixing customer-specific bugs and enhancing features rather than the labor-intensive backporting process.

Therefore, they have four critical conclusions:

   • The vendor kernel model is broken and beyond repair.

   • Vendor kernels are inherently insecure, with late-cycle stabilized vendor kernels being particularly vulnerable.

   • The sheer number of known open bugs makes analyzing or classifying them all impractical.

   • Upstream stable kernels offer significantly better protection against security vulnerabilities and bugs in the kernel code.

So, will vendors do this? For all the good security reasons to move to upstream stable kernels, there are counter-arguments, which boil down to this: If you're always upgrading to the most recent kernel, you may also run into stability problems. A program that works just fine with the 4.18.0-477.27.1 kernel might not work with 4.18.0-477.27.1.el8_8. Of course, in that specific case, the newer kernel fixed an important security bug.

It all comes down to a delicate balancing act between security and stability. Some top Linux kernel developers and CIQ are coming down on the side of security. We'll see what the rest of the Linux vendor community has to say.

source
8


This should work on 23H2 as well as 24H2 once its released.
9
Intel / Intel issues advisories for 90 security vulnerabilities
« Last post by javajolt on May 17, 2024, 10:01:09 AM »
Including critical level 10 for AI tools - An exciting Patch Tuesday for Intel.


(Image credit: Intel)

In keeping with industry tradition, Intel released 41 security advisories, for over 90 vulnerabilities, yesterday on Patch Tuesday. The advisories covered flaws across Intel's world of products, primarily on the software side — including one maximum-level vulnerability in Intel Neural Compressor.

The "critical" severity vulnerability found in Neural Compressor received a CVSS score of 10.0, which is the maximum level of severity that can be awarded to a security risk. Intel's Neural Compressor is open to an escalation of privilege attack via remote access on all updates before the current release, which were rushed out for Patch Tuesday. Neural Compressor is not on most computers, but those with AI-engineering workflows should check their computers for the software. Neural Compressor is a tool for optimizing AI language models and decreasing size and increasing the speed of LLMs.

The remaining exploits have severity levels that range from medium to high. High-level exploits are found in the UEFI firmware of server products, Arc & Iris Xe Graphics software, and a random collection of Intel software products. The high-level flaws contain risks of privilege escalation attacks, DoS attacks, or information disclosure.

Medium-severity vulnerabilities were found in Meteor Lake Core Ultra processors and a large range of Intel's software lines, including the Processor Diagnostic Tool, Graphics Performance Analyzers, and the Extreme Tuning Utility. Users who are concerned can rest assured that security updates have been rolled out for all vulnerabilities — but any listed software should be double-checked to ensure it is running the latest update. For the full list of vulnerabilities released this Patch Tuesday, take a look at Intel's Security Center.

Patch Tuesday is an industry-wide tradition in which major software and hardware manufacturers release the month's security updates on the second Tuesday of each month. This Patch Tuesday was particularly busy for Intel, which typically enjoys a fairly tame Patch Tuesday. We haven't reported on an Intel security fix of such high severity since Downfall in 2023.

Intel has been fighting for market dominance recently, as AMD continues its rise in market share as generations progress and AMD continues to beat Intel in performance.

source
10
Huawei / Huawei denies plans for Kirin X-series PC processors
« Last post by javajolt on May 16, 2024, 07:18:35 PM »

(Image credit: Huawei)
The US recently revoked Huawei's access to Intel processors for its products, and shortly thereafter, a leaked document from Huawei shared by Chinese media revealed that the company had a new plan called the 'Taishan Battle' for PC processors, reports Cailian News Agency. However, in a rare move, Huawei has denied the report and called it 'fake news.' The supposed plan included launching Huawei's HiSilicon Kirin X-series processors and supporting platform this year, and Huawei's rare rebuttal gives us some insight into the company's actual plans.

The report originally emerged from the Huawei Pollen Club, stating that He Tingbo and Yu Chengdong of Huawei HiSilicon Semiconductor and the Consumer Business Group had announced the plan. This initiative was supposedly aimed at speeding up the development and release of PC processors in the wake of the revoked Intel export licenses that left Huawei without a steady chip supply for its PC lineup.

Huawei officials categorically denied the report, describing it as unfounded. Journalistic investigations supported this by confirming that multiple sources within the company had not received any communications related to PC processors.

For now, Huawei says it will use processors it has already procured to build its PCs, meaning it will leverage its existing stockpile. However, some of Huawei's computers aimed at the domestic market already use processors from China-based chipmaker Phytium. Furthermore, the company is working with Phytium to unify the software and hardware infrastructure of the China-native Kunpeng and Phytium CPUs.

Oddly, Huawei strongly denies that it is developing its higher-end CPUs for laptops that would compete with Intel or AMD. That isn't too surprising, though—Huawei has a history of hiding its suppliers, and even its own chip models, from prying Western eyes that might bring about more sanctions on its products.

There are many reasons for Huawei to develop its own PC processors. On the one hand, this will ensure that the company can differentiate itself from other PC makers. On the other hand, this will reduce risks for Huawei's PC division amid tightening U.S. export controls. On May 8th, the U.S. government withdrew export licenses from semiconductor giants Intel and Qualcomm, effectively barring them from selling to Huawei. The Department of Commerce confirmed the revocation of these licenses, impacting undisclosed American companies. Intel has already cut its quarter forecast due to the revocation of the license.

Last month, it was reported that Huawei was developing a next-generation Kirin processor for PCs. The new PC chip is expected to feature eight Arm cores — four high-performance next-gen Taishan V130 cores and four energy-efficient cores. It also features a significantly enhanced Mailiang 920 GPU with 10 clusters, promising a major upgrade over the previous Kirin 9000s. This chip aims to rival Apple's M3 in multi-threading performance and near M2 levels in graphics, supporting up to 32GB of memory, which hints at a 128-bit interface. Moreover, Huawei is said to be considering expanding its Kirin lineup with "Pro" and "Max" versions, including additional cores, a more powerful GPU, and expanded memory capacity.

Despite having a smaller share of the global PC market than Apple, which means that it may have no economic reasons to develop its own processors, Huawei's development of high-performance Kirin CPUs aligns with China's goal of achieving self-sufficiency in semiconductors. These processors are poised to replace AMD and Intel components in PCs used by government agencies, enhancing national technological independence.

source
Pages: [1] 2 3 ... 10