Oct 04
The VA also reported fewer hospitals earning the lowest one-star ratings.
Oct 04
The mail, allegedly sent by William Clyde Allen III to Trump and top military chiefs, were thought to contain ricin.
Oct 04
U.S. prosecutors on Thursday announced charges against seven Russian intelligence officers accused of cyberattacks against agencies investigating Russian doping and the poisoning of a former British spy.
Oct 04
No, this isn’t the wild bug-eyed Nokia phone with five rear cameras we’ve been hoping to see, but it’s something arguably just as important. That’s because the new Nokia 7.1 is simply a well-built phone with solid specs for a very reasonable price.
Oct 04
Today, Netflix released the first official trailer for the third season of Marvel’s Daredevil starring Charlie Cox, Vincent D’Onofrio, Elden Henson and Deborah Ann Woll. All thirteen episodes will be available worldwide starting October 19th.
Oct 04
Chinese chip spying report shows the supply chain remains the ultimate weakness
Posted in: Today's ChiliThursday’s explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into datacenters operated by dozens of major U.S. companies.
We covered the story earlier, including denials by Apple, Amazon and Supermicro — the server maker that was reportedly targeted by the Chinese government. Amazon said in a blog post that it “employs stringent security standards across our supply chain.” The FBI and the Office for the Director of National Intelligence did not comment, but denied comment to Bloomberg.
Much of the story can be summed up with this one line from a former U.S. official: “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
It’s a fair point. Supermicro is one of the biggest tech companies you’ve probably never heard of. It’s a computing supergiant based in San Jose, Calif. with global manufacturing operations across the world — including China, where it builds most of its motherboards. Those motherboards trickle throughout the rest of the world’s tech — and were used in Amazon’s datacenter servers that powers its Amazon Web Services cloud and Apple’s iCloud.
One government official speaking to Bloomberg said China’s goal was “long-term access to high-value corporate secrets and sensitive government networks,” which fits into the playbook of China’s long-running effort to steal intellectual property.
“No consumer data is known to have been stolen,” said Bloomberg.
Infiltrating Supermicro, if true, will have a long lasting ripple effect on the wider tech industry and how they approach their own supply chains. Make no mistake – introducing any kind of external tech in your datacenter isn’t taken lightly by any tech company. Fears of corporate and state-sponsored espionage has been rife for years. It’s chief among the reasons why the U.S. and Australia have effectively banned some Chinese telecom giants — like ZTE — from operating on its networks.
Having a key part of your manufacturing process infiltrated — effectively hacked — puts every believed-to-be-secure supply chain into question.
With nearly every consumer electronics or automobile, manufacturers have to procure different parts and components from various sources across the globe. Ensuring the integrity of each component is near impossible. But because so many components are sourced from or assembled in China, it’s far easier for Beijing than any other country to infiltrate without anyone noticing.
The big question now is how to secure the supply chain?
Companies have long seen supply chain threats as a major risk factor. Apple and Amazon are down more than 1 percent in early Thursday trading and Supermicro is down more than 35 percent (at the time of writing) following the news. But companies are acutely aware that pulling out of China will cost them more. Labor and assembly is far cheaper in China, and specialist parts and specific components often can’t be found elsewhere.
Instead, locking down the existing supply chain is the only viable option.
Security giant Crowdstrike recently found that the vast majority — nine out of ten companies — have suffered a software supply chain attack, where a supplier or part manufacturer was hit by ransomware, resulting in a shutdown of operations.
But protecting the hardware supply chain is a different task altogether — not least for the logistical challenge.
Several companies have already identified the risk of manufacturing attacks and taken steps to mitigate. BlackBerry was one of the first companies to introduce root of trust in its phones — a security feature that cryptographically signs the components in each device, effectively preventing the device’s hardware from tampering. Google’s new Titan security key tries to prevent manufacturing-level attacks by baking in the encryption in the hardware chips before the key is assembled.
Albeit at start, it’s not a one-size-fits-all solution. Former NSA hacker Jake Williams, founder of Rendition Infosec, said that even those hardware security mitigations may not have been enough to protect against the Chinese if the implanted chips had direct memory access.
“They can modify memory directly after the secure boot process is finished,” he told TechCrunch.
Some have even pointed to blockchain as a possible solution. By cryptographically signing — like in root of trust — each step of the manufacturing process, blockchain can be used to track goods, chips, and components throughout the chain.
Instead, manufacturers often have to act reactively and deal with threats as they emerge.
According to Bloomberg, “since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected.”
Williams said that the report highlights the need for network security monitoring. “While your average organization lacks the resources to discover a hardware implant (such as those discovered to be used by the [Chinese government]), they can see evidence of attackers on the network,” he said.
“It’s important to remember that the malicious chip isn’t magic — to be useful, it must still communicate with a remote server to receive commands and exfiltrate data,” he said. “This is where investigators will be able to discover a compromise.”
The intelligence community is said to be still investigating after it first detected the Chinese spying effort, some three years after it first opened a probe. The investigation is believed to be classified — and no U.S. intelligence officials have yet to talk on the record — even to assuage fears.
Oct 04
Today a bunch of specs for the Samsung Galaxy A9 were spilled, divining a vision of the Galaxy S10 in the process. The Galaxy strategy for the year 2019 and forward is one of feature spread. As suggested by Samsung earlier this year, their new way of thinking is to bring top-tier features to midrange phones first, then to perfect … Continue reading
Oct 04
It’s a day of big changes for Blizzard, as Mike Morhaime has announced that he’s stepping down from his role as president of the company. Morhaime has been with Blizzard since the beginning, being one of the company’s co-founders along with Allen Adham and Frank Pearce. Blizzard has enjoyed a lot of success with Morhaime at the helm, so this … Continue reading
Oct 04
When it comes to action cameras, one particular name stands out from the rest of the crowd: GoPro. It is often used as a noun by many casual users to describe any action camera without having to be specific, which is proof enough that GoPro has done a great job in delivering quality action cameras that stand the test of time (and feeling of wanderlust). Their latest flagship product would be the HERO7 Black, carrying a $399 price tag while raising the ante when it comes to video stabilization courtesy of its standout feature, HyperSmooth.
With the HyperSmooth video stabilization feature, you will find that capturing and manipulating your digital video with the HERO7 Black becomes easier than ever before. In addition, it boasts of Live Streaming, TimeWarp Video, SuperPhoto, improved audio, and face, smile and scene detection. HyperSmooth has been touted by GoPro to be the best in-camera video stabilization ever featured in a camera, although we are quite confident that such hallowed status will change with subsequent generations of the GoPro action camera range. For now though, it will remain at the top of the hill, allowing users to capture professional-looking, gimbal-like stabilized video without the expense or hassle of a motorized gimbal. Not only that, HyperSmooth will work equally well underwater and in high-shock and wind environments where gimbals fail.
Knowing how we are all social creatures, GoPro has also ensured that the HERO7 Black action camera ends up with the distinction of being the first GoPro to be able to perform live stream, letting you share what is going on in real time to Facebook, Twitch, YouTube, Vimeo and other platforms internationally. This lets you show the rest of the world what you are up to at that point in time without any of the shaky cam movements.
Ultimately, at that price point, you get to enjoy stunning image quality of 4K video and 12MP photos, and with it being rugged enough to handle video shoots underwater without a housing for up to 33 feet, it is a no-brainer as to which action camera one should purchase.
Press Release
[ GoPro HERO7 Black is the new action camera flagship copyright by Coolest Gadgets ]
Who's in charge here?
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.