Category Archives:
Uncategorized

HGST is displaying the world’s first enterprise-class 10 TB HDD and the NVMe SN100 Series PCIe SSDs at the 2015 OCP U.S. Summit. The OCP (Open Compute Project) strives to design the most efficient server, storage and datacenter hardware for scalable computing applications, and the 2015 U.S. Summit is March 10-11 in San Jose, CA. The two HGST products are polar opposites in terms of overall performance and use cases.

The 10 TB HDD utilizes SMR (Shingled Magnetic Recording) in tandem with HelioSeal technology to offer unprecedented density. SMR overlays the tracks on the surface of the platter, much like shingles on a roof, to deliver an incredible density boost. Hermetically sealing the HDD and filling it with helium reduces drag and head flutter, which allows more platters per drive. The host-managed SMR/helium tandem provides the lowest dollar per TB and Watts per TB in the industry. SMR can slow performance, particularly when writing to the drive, and it works best for cold-to-cold storage, active archive, cloud storage and internet media. SMR drives will also be a key component to HGST’s Active Archive Platform.

NVMe is a hot topic as flash continues its meteoric rise in the datacenter. NVMe is a refined PCIe interface specification designed for use with non-volatile memories, such as NAND or the forthcoming PCM and MRAM. Increased performance and lower overhead are the big attractions of NVMe, but industry-standard whitebox drivers and a standardized feature set are other attractive features.

HGST’s Ultrastar SN100 SSDs offer up to 3.2 TB of capacity in the HHHL (Half-Height Half-Length) add-in cards and 2.5″ drive form factors. The high-powered flash additives are geared for cloud, hyperscale and enterprise computing applications, including OLTP, OLAP, HFT and virtualization platforms.

Details are scant on the architecture of the new HGST speedsters, but we do know the SN150 HHHL card comes in 1,600 GB and 3,200 GB capacities, and the diminutive 2.5″ SN100 hotrods come in 800, 1,600 and 3,200 GB capacities. HGST has a broad and proven software portfolio that offers innovative HA clustering and caching features, much like those seen with FlashMAX PCIe SSDs and Virident software solutions. We expect many of those same features will work well with the new SN100 Series.

Source:

http://www.tomsitpro.com/articles/hgst-ultrastar-10tb-hdd-nvme,1-2491.html

Source: Zdnet

http://www.zdnet.com/article/microsoft-is-building-a-new-browser-as-part-of-its-windows-10-push/

United States investigators have concluded that North Korea orchestrated the late November network intrusions that compromised sensitive personal data for tens of thousands of Sony Pictures employees, according to The Wall Street Journal.

Officials are “still gathering evidence and are trying to build a clearer picture of who directed the hacking and how,” the Journal stated, citing unnamed sources “familiar with the investigation.”

ABC News also reported earlier on Tuesday that U.S. officials believed an elite North Korean hacking unit was behind the attack. Investigators traced the intrusions into Sony’s computer network, saying they were “routed through a number of infected computers in various locations overseas, including computers in Singapore, Thailand, Italy, Bolivia, Poland, and Cyprus,” ABC News reported.

Revelations about the scope of the Sony Networks hack appeared in early December when unknown hackers calling themselves the “Guardians of Peace,” or “GOP,” began posting stolen files to the Internet. Among the private data that was stolen and posted online were some 47,000 Social Security numbers belonging to Sony employees—and famous Hollywood stars.

The Journal reported that U.S. investigators “strongly suspect” that the attack was carried out by a North Korean government-backed hacking group known as Unit 121, or alternatively as Bureau 121, which is part of the government’s General Bureau of Reconnaissance and is believed to have been behind cyber attacks aimed at South Korea.

Earlier this month, Re/code reported that North Korea was behind the attack, but thus far, Sony and its security consultants have pointedly refused to confirm that, while North Korea has denied its involvement.

The Journal reported that U.S. officials were concerned over the diplomatic implications of revealing their findings in the Sony hack investigation.

“Within the U.S. government, there has been an internal debate in recent days about when and how to … reveal that belief publicly, because doing so could complicate relations with Japan, and raises the difficult question of how the U.S. should respond to an aggressive act by a foreign government,” the newspaper reported.

The supposed motive for North Korea was anger over The Interview, a Sony Pictures comedy in which bumbling journalists are enlisted by the CIA to assassinate North Korean leader Kim Jong-un.

Earlier this week, the GOP tied the Sony hack to outrage over The Interview.

An email purportedly sent by the Guardians of Peace warns moviegoers to “remember the 11th of September 2011,” and threatens a “bitter fate” to those who attend screenings of The Interview, which is slated to open on Dec. 25 in the United States—though Sony has reportedly considered cancelling that launch date in light of the threats.

The message, published by Fusion.net, was posted on Pastebin and was “accompanied by links to torrent files, similar to the batches sent out on several prior occasions,” Fusion.net said.

http://www.pcmag.com/article2/0,2817,2473854,00.asp

Shred sensitive documents, power up your passwords, stay alert for frauds—these are all good ideas. But even if you do everything possible to stop attempts at stealing your identity, there’s always a chance you’ll take a hit. Maybe you slipped up, or maybe the breach was totally out of your control. No matter how it happened, the moment you realize you’ve been hit with identity theft, there are three things you need to do immediately.

1. Place a Fraud Alert
The Federal Trade Commission offers a fantastic resource for victims of identity theft. It’s also a useful site for those who simply want to know more about the problem and its solutions. According to the FTC, your very first step is to place an initial fraud alert with one of the three big credit reporting agencies: Equifax,Experian, or TransUnion. You only have to place the alert with one of them; the one you choose will pass along the alert to the others. However, the FTC recommends that you confirm that your information should be shared.

Placing this initial fraud alert makes it harder for the thief to set up new accounts in your name. Before extending new credit, a business must contact you and verify your identity. After 90 days, the fraud alert expires. Information from the FTC suggests marking the expiry date on your calendar, so you can renew it if you haven’t resolved your identity problems.

2. Order Credit Reports
You probably know that you’re entitled to an annual free credit report from each of the three agencies. Placing the fraud alert on your file entitles you to a set of three reports even if it hasn’t been a year since your last request.

Don’t go to annualcreditreport.com for this request, and definitely don’t go to one of the look-alike sites that try to make you pay for free reports, or try to steal your identity. You’ll need to contact the three agencies directly. They’ll be able to see that you did indeed file a fraud alert, and will then release the report.

3. File an Identity Theft Report
Identity theft has been a federal offense since 1998. It’s a crime, and you should report it to the police, but there’s more you can do to protect yourself. By combining a government affidavit about the crime with that police report, you create an official Identity Theft Report, which gives you certain important rights.

Fill out an identity theft complaint on the FTC’s website, and include all the details that you know about what happened. When you’ve finished, print the resulting affidavit and take it along when filing the police report.

The report will help you recover from identity theft. It allows you to have fraudulent data removed from your credit report. If businesses are breathing down your neck about collecting debts you didn’t incur, it can put them on hold and prevent them from selling the debt to a collection agency. And you may be able to get information about accounts the thief opened in your name.

You can also place an extended fraud alert, which is a level up from the initial fraud alert mentioned earlier. This alert gets you two free credit reports per year from the three agencies, and it enjoins them to take your name off marketing lists for prescreened credit cards for five years. This is not the same as a credit freeze, which blocks all access to your credit report but generally requires a small payment to each of the agencies.

Going Forward
Taking these three steps as soon as possible should limit the damage an identity thief can do, but it’s only the beginning. The FTC suggests keeping a log of every communication related to your identity theft, whether it’s via mail, email, or phone. You’ll definitely get a lot of use from the agency’s Repairing Identity Theft instructions. Among other things, you can find sample letters and forms, a statement of victims’ rights, and instructions for repairing your credit. Identity theft is definitely a violation, but by following the correct steps you can limit the damage and go on to recover.

BY NEIL J. RUBENKING

DECEMBER 3, 2014

http://www.pcmag.com/article2/0,2817,2472998,00.asp

Talk about quick reflexes. Apple’s new patent could allow future iPhones to automatically safeguard themselves whenever they’re headed toward the ground.

A new USPTO listing shows that Apple has secured the rights to a “protective mechanism for an electronic device,” which would work with the iPhone’s motion sensor and processor to adjust the product’s weight distribution in the midst of a drop.

The patent outlines “a method of protecting a vulnerable area of an electronic device during freefall,” in which the device detects its state of freefall, estimates the distance of the surface below and automatically shifts itself in order to land on, say, one of its edges rather than its shatter-happy screen.

The patent mentions a number of ways in which this “protective mechanism” could work, including some sort of movable mass within the device that would slide around to change the way your smartphone lands on the ground. The filing also makes note of a “thrust mechanism” that would use bursts of gas to reorient the device, as well as a mechanism that would automatically contract a device’s physical buttons during a state of freefall.

While the patent doesn’t apply exclusively to Apple’s iPhone, its description notes that the mechanism is built primarily with mobile devices in mind. Many of the patent’s images show an iPhone-like mockup, though one sketch of a laptop suggests that the technology could come to the company’s MacBooks.

Source: toms hardware

http://www.tomsguide.com/us/apple-iphone-drop-proof-patent,news-19972.html

You can teach an old dog new tricks, provided that dog is a powerful and infamous type of malware. The Citadel Trojan now steals master passwords from the password-management applications Password Safe and KeePass, as well as the enterprise authentication solution Nexus Personal Security Client.

Once it’s infected a computer, Citadel waits until one of these programs is launched, logs keystrokes to steal the master passwords, giving the attackers to every account protected by the password manager. Fortunately, while the Citadel Trojan is widely distributed, this password-seeking variant probably is not.

Many security experts recommend use of password managers to ensure that each of an individual’s online accounts have strong, unique passwords. It’s a lot easier to have the program remember dozens of long, complicated passwords, especially when all you have to remember is the master password that unlocks the password manager.

However, password managers also create a single point of failure. If the user forgets the master password, he loses access to every covered account; if an attacker manages to learn the master password, she gets access to all those accounts.

The fact that Citadel can do this isn’t the fault of the password managers. Any typed information can be stolen by a keylogger. But master passwords are the crown jewels of passwords, compromising many accounts in one fell swoop.

The Citadel Trojan is primarily a banking Trojan used by multiple online criminal groups. Once it has infected a PC, Citadel connects to a remote server, called a command-and-control server, via which attackers can send it specific commands and updates.

This variant of Citadel Trojan was discovered on a single PC by data-security company IBM Trusteer, which said the PC in question was infected with the Citadel variant before Trusteer’s security software was installed on it.

Trusteer guessed that the Citadel variant may be part of a targeted attack, one meant for a specific person or group of people. Nevertheless, the fact that the variant can target third-party password managers (instead of browser-based password vaults, as has been more commonly seen in malware) may represent a significant new trend.

“[The Citadel variant] might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions,” writes Dana Tamir, Trusteer’s director of enterprise security, on IBM’s security blog Security Intelligence.

IBM Trusteer researchers found three new processes in the Citadel software: Personal.exe (which targets the Nexus Personal Security Client), PWsafe.exe (which targets Password Safe, an open-source password manager created by encryption expert Bruce Schneier), and KeePass.exe, which targets KeePass, also an open-source password manager.

Source: Toms Hardware

http://www.tomsguide.com/us/citadel-trojan-password-managers,news-19942.html

Source: ScienceAlert

http://www.sciencealert.com/watch-japan-s-built-a-maglev-passenger-train-that-travels-500-km-hour

Researchers from Palo Alto Networks uncovered the largest malware attack against iOS devices, and the first attack of its kind to affect non-jailbroken devices on such a large scale. According to the report, there have been 467 infected Mac OS X applications that have been downloaded 356,104 times from the Chinese app store, Maiyadi, since March of this year. This malware is called WireLurker and is described as a “new era in OSX and iOS malware” by the researchers who discovered it.

The way this malware works is by infecting users’ Macs when they download an infected app from the Maiyadi app store and then connect their iPad or iPhone to the Mac through a USB cable.

After the two are connected, the Trojan installs infected iOS apps on the mobile devices through Apple’s “Enterprise Provisioning Profile” feature, which is normally used by businesses to install apps on their employees’ devices.

In this case, however, the feature was used to allow the malware to bypass the iPhone or iPad’s security. The user would still have to agree to use the app, but once he or she would click on “continue,” the infected app would be installed.

“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” said Ryan Olson, Palo Alto Network’s intelligence director.

“The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”

The researchers said that the malware was able to steal “a variety of information” from the mobile devices, including phone numbers from the Contact app and the user’s Apple ID. The malware would also repeatedly make requests to the attacker’s command-and-control server.

Apple has already issued a statement about this attack:

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” it said.

“As always, we recommend that users download and install software from trusted sources.”

The bad news is that it seems Apple only blocked the infected apps, but at best that’s a short term solution. Apple will need to send an update to iOS that further restricts the use of Enterprise Provisioning Profile in consumer iPhones and iPads so that the devices won’t be able to install such infected apps anymore.

Because Apple doesn’t have such a solution out yet, it’s unclear whether this could fix the malware problem for the jailbroken devices, too. iOS devices that are jailbroken are usually much more vulnerable to infection because the user has administrator privileges, which means the attackers do, too.

To minimize the effect of this malware, the researchers who uncovered it recommended that the users:

• Do not download Mac apps from third-party stores
• Do not jailbreak iOS devices
• Do not connect their iOS devices to untrusted computers and accessories, either to copy information or charge the machines
• Do not accept requests for a new “enterprise provisioning profile” unless it comes from an authorized party, for example the employer’s IT department

The past few months have not been good to Apple from a security point of view. From the hacking of celebrity iCloud accounts, to having Chinese users’ traffic intercepted by the Chinese government, to this rather widespread malware infection of non-jailbroken iOS devices, it’s becoming clear that increasingly more attackers are attempting to infect or hack Apple devices.

Despite all of the security checks Apple has implemented in its hardware and software, it was only a matter of time before malicious hackers would turn their attention to iOS and Macs, given the rising popularity of these devices, globally. Apple may be able to fix these issues as quickly as they appear, but they can’t put the cat back in the bag. More hackers have their eyes on Apple’s devices now, and there’s little doubt that there will be more such attacks in the future.

Source: Toms Hardware

http://www.tomshardware.com/news/wirelurker-new-apple-malware-era,28033.html