Featured Articles

Latest News

Friday February 22, 2019

Consumer Reports Pulls Tesla Model 3 Recommendation Again

Consumer Reports has a complicated history with the Tesla. The Model S an X weren't exactly loved by the nonprofit testing organization, and Consumer Reports pulled their recommendation for the Model 3 last year after it found serious braking issues with the Model 3. In a remarkable demonstration of Tesla's update system, the flaw was quickly fixed, and Consumer Reports reinstated their recommendation, but New Atlas reports that withdrawn it again. According to the magazine's website, Model 3 owners have "identified a number of problems with their cars, including issues with its body hardware, as well as paint and trim. CR members reported these results in our annual reliability survey, which includes data on about 470,000 vehicles." Consumer reports talks about the Model 3's reliability score in the video below:

Model 3 owners in our spring survey sample reported some body hardware and in-car electronics problems, such as the screen freezing, which we have seen with other Tesla models. The latest survey data also shows complaints about paint and trim issues. In addition, some members reported that the Model 3's sole display screen acted strangely. "The touch screen would intermittently begin acting as if someone was touching it rapidly at many different points," one member wrote in. "This fault would cause music to play, volume to increase to maximum, and would rescale and pan the map in the navigation system." Some owners also complained about glass defects, including cracks in the rear window, in their survey responses. In fact, CR experienced similar problems with its own Model 3. Earlier this year, our test vehicle developed a large crack in its massive rear window during a cold spell when it was parked outside.

Posted by alphaatlas 11:12 AM (CST)

How China's Social Credit System Affects Its Citizens and Businesses

We have previously documented China's social credit system, but a recent report from the National Public Credit Information Centre documents the effect it has had on Chinese citizens and businesses in 2018. The Chinese government has "discredited" 17.46 million people from purchasing plane tickets to travel and restricted another 5.47 million from purchasing high-speed train tickets. In addition to those restrictions, authorities have blocked individuals from "buying premium insurance, wealth management products or real estate, as well as shaming them by exposing their information in public." This pressure to conform encouraged 3.51 million individuals and businesses to pay off taxes, fines, and debts. Some cities rank their citizens on a AAA to D scale where everyone starts out with 1,000 points. There are more than 200 ways to gain or lose points. AAA rated individuals get free medical checkups, free water and other perks. In villages, "information gatherers" document free labor that is performed by fellow villagers. Spending 8 hours to install a new basketball hoop will net an individual 2 points, while donating a TV to the village meeting room is worth 30 points. Another villager has a son serving in the army which is worth 10 points. These points are accumulated and added to the person's "credit score" and are rewarded with extra "rice, cooking oil and cash rewards from the village committee and are lauded on village bulletin boards as role models." Not taking care of elderly parents or littering will deduct points from their credit scores.

In the lobby of Rongcheng People's Hospital, senior staff member Wang Shuhong said she drove more carefully now because traffic infringements cost not just money but also social credit points. "Many from the general public may not know about it, but we public servants do know. It does have a binding effect on us," she said. According to Wang, applicants must have a ranking of A or above to be hired for permanent positions at public institutions. For contractors, such as security guards, B is a minimum. Over 3.59 million Chinese enterprises were added to the official creditworthiness blacklist last year, banning them from a series of activities, including bidding on projects, accessing security markets, taking part in land auctions and issuing corporate bonds, according to the 2018 annual report released by the National Public Credit Information Centre.

Discussion Posted by cageymaru 11:08 AM (CST)

Backblaze Analyzes SSD Reliability

BackBlaze regularly posts failure rates for their substantial collection of hard drives, and according to the results they published last month, they have over 100,000 of them to test. But as we've recently noted, flash memory prices are dropping like a rock, hence solid state drives are quickly becoming a somewhat economical alternative to 7200 RPM spinners. But just how reliable are these drives? According to a recent blog post, BackBlaze thinks that SSDs are "generally" more reliable than HDDs under most workloads, though the factors that affect SSD reliability are different. As their name would suggest, SSDs have no moving parts, hence they're more tolerant to shock, vibration, and temperature changes, but that also means that users get no audible indicators when they do start failing. Flash memory can eventually wear out too, and it can wear out relatively quickly in QLC SSDs, but Backblaze says "SSDs can be expected to last as long or longer than HDDs in most general applications." Unfortunately, the backup company isn't backing up their claims with hard data yet, but other publications have torture tested SSDs before, and I expect it won't be long before Backblaze starts posting SSD failure rates as well. Thanks to AceGoober for the tip.

SSDs are a different breed of animal than a HDD and they have their strengths and weaknesses relative to other storage media. The good news is that their strengths -speed, durability, size, power consumption, etc. - are backed by pretty good overall reliability. SSD users are far more likely to replace their storage drive because they're ready to upgrade to a newer technology, higher capacity, or faster drive, than having to replace the drive due to a short lifespan. Under normal use we can expect an SSD to last years. If you replace your computer every three years, as most users do, then you probably needn't worry about whether your SSD will last as long as your computer. What's important is whether the SSD will be sufficiently reliable that you won't lose your data during its lifetime.

Discussion Posted by alphaatlas 10:45 AM (CST)

Intel Officials Allegedly Say that Apple Could Move to ARM Soon

A recent report from Axios claims that Apple is "widely expected" to move their Mac lineup to custom ARM chips in the next few years. The publication cites a Bloomberg report claiming that Apple plans to merge their software stack and app ecosystem across all platforms, though that could theoretically be achieved with ARM ISA emulation on existing x86 processors. However, Axios also said "Although the company has yet to say so publicly, developers and Intel officials have privately told Axios they expect such a move as soon as next year." Thanks to AppleInsider for the tip.

If anything, the Bloomberg timeline suggests that Intel might actually have more Mac business in 2020 than some had been expecting. The key question is not the timeline but just how smoothly Apple is able to make the shift. For developers, it will likely mean an awkward period of time supporting new and classic Macs as well as new and old-style Mac apps. History lesson: Apple has already made several big shifts in the 25-year history of the Mac, moving from Motorola chips to PowerPC processors and then to Intel. It's also moved from the classic Macintosh operating system to the Unix-based Mac OS X.

Discussion Posted by alphaatlas 9:58 AM (CST)

Hayabusa2 Probe Captures Dust From an Asteroid

Japan's Aerospace Exploration Agency just confirmed that a probe sent from the Hayabusa2 spacecraft has successfully touched down on the surface of an asteroid. But unlike the previous bouncing probes that landed on Ryugu, this one fired a "bullet" into the asteroid's surface to collect some dust that, if everything goes according to plan, should return to Earth in a couple of years. The Japanese space agency posted a writeup on the probe's landing site yesterday, and Queen guitarist Brain May even showed on their live stream, which you can see below:

Our original schedule planned for touchdown in late October of last year (2018). However, Ryugu was revealed as a boulder strewn landscape that extended across the entire surface, with no flat or wide-open regions. Before arriving at Ryugu, it was assumed there would be flat areas around 100 meters in size. But far than finding this, we have not even seen flat planes 30 meters across! During the scheduled time for touchdown in late October, we did not touchdown but descended and dropped a target marker near the intended landing site. We were able to drop the target marker in almost the planned spot and afterwards we examined the vicinity of the target marker landing site in detail. Finally, the area denoted L08-E1 was selected as the place for touchdown. L08-E1 will be described later (see Figure 11), but the final area where the touchdown is planned is a region of radius 3m within L08-E1 as shown in Figure 1.

Discussion Posted by alphaatlas 9:14 AM (CST)

EA Australia and ArenaNet Hit With Significant Layoffs

Apparently, its layoff season in the gaming industry. Activision-Blizzard let hundreds of employees go earlier this month, and now, reports that EA and ArenaNet are losing a significant number of employees as well. EA Australia is behind a number of (relatively) high profile mobile titles like Real Racing 3, The Sims and Need for Speed: No Limits, but the studio is reportedly "being refocused on live services" after they lose about a quarter of their staff, and a Kotaku source thinks that it could lead to a studio shutdown. Meanwhile, ArenaNet, who's best known for developing and maintaining Guild Wars 2, told "We can confirm that due to the cancellation of unannounced projects, ArenaNet will make staff reductions," and said "this is part of a larger organizational restructuring within NCSOFT in the west, but the Guild Wars and Guild Wars 2 game services will not be affected, nor is any upcoming game content canceled."

Per the source, an email was sent to employees earlier today from ArenaNet parent company NCSoft's CEO Songyee Yoon. "Our live game business revenue is declining as our franchises age, delays in development on PC and mobile have created further drains against our revenue projects, while our operating costs in the west have increased," it reads. "Where we are is not sustainable, and is not going to set us up for future success..." Former Guild Wars 2 writer Jessica Price (who was controversially let go last year following a Twitter exchange) said the layoffs were "not surprising" and added detail on other projects going on behind the scenes at the company as of last year. "[ArenaNet] had two major projects in the works when I was there. One was indefinitely suspended while I was still there. For those of us working on GW2, our mandate was essentially to make it look like there was the same level of resources devoted to GW2, when they were actually steadily moving people off of it onto the other projects.

Discussion Posted by alphaatlas 8:36 AM (CST)
Thursday February 21, 2019

SK Hynix to Spend $107 Billion on Four New Memory Chip Factories

SK Hynix has announced that it is building four new memory chip plants that will cost $107 billion. Construction of the plants will begin in 2022 at a 4.5 million square meter site that is south of Seoul. SK Hynix is expected to invest $49 billion into 2 existing plants. Next-generation chips and DRAM are expected to be manufactured at the sites. Even though there is a downturn in the memory market now, SK Hynix is preparing for cutting edge technologies such as 5G and self-driving vehicles.

"Though there is not enough chip demand for autonomous cars now, I believe there will be much more demand for self-driving vehicles in the next 10 years or as early as in 2023 or 2024," said analyst Kim Young-gun at Mirae Asset Daewoo. "That will create more chip demand for SK Hynix," as will the commercialization of 5G networks over the next few years, Kim said.

Discussion Posted by cageymaru 6:49 PM (CST)

SK Hynix Details Its DDR5 Chip Technology

During the International Solid State Circuits Conference (ISSCC) in San Francisco, SK Hynix chip designer Dongkyun Kim presented a paper on the company's first Double Data Rate 5 (DDR5) chip that features 16Gb 6.4Gb/s/pin SDRAM that runs at 1.1V and measures 76.22mm2. SK Hynix uses a 1ynm, 4-metal DRAM process to manufacture the chips. Dylan McGrath of EE|Times noted that the DDR5 spec hasn't been finalized but is expected to offer "double the bandwidth and double the density of DDR4 along with delivering improved channel efficiency." Samsung was much more secretive with their 10nm-class LPDDR5 SDRAM capable of up to 7.5Gb/s at 1.05V. The JEDEC LPDDR5 standard will "operate at an I/O rate of 6400 MT/s, 50% higher than that of the first version of LPDDR4" and will "boost memory speed and efficiency for applications including smartphones, tablets and ultra-thin notebooks."

DDR5 -- or Double Data Rate 5 -- is still under development at the Jedec standards organization. DDR5 offers double the bandwidth and double the density of DDR4 along with delivering improved channel efficiency. The standard was expected to be finalized last year, but remains a work in progress. DDR5 products are now expected to appear beginning late this year.

Discussion Posted by cageymaru 6:15 PM (CST)

Doug Bowser Named New President of Nintendo of America

Current President of Nintendo of America and 15 year veteran of the company, Reggie Fils-Aime, has announced his retirement on April 15th. In his place, current Senior Vice President of Sales and Marketing, Doug Bowser will succeed Reggie as President of Nintendo of America. Shuntaro Furukawa, President of Nintendo Co., Ltd. praised Reggie Fils-Aime for his business leadership during his tenure. "I really appreciate everything Reggie has done for Nintendo," said Shuntaro Furukawa, President of Nintendo Co., Ltd. "Inside and outside our company, Reggie is known as an exceptional leader. We are grateful that he is leaving the business in good shape with strong momentum." Reggie Fils-Aime left a video message to Nintendo fans on Twitter.

"Nintendo owns a part of my heart forever," Fils-Aime said. "It's a part that is filled with gratitude - for the incredibly talented people I've worked with, for the opportunity to represent such a wonderful brand, and most of all, to feel like a member of the world's most positive and enduring gamer community. As I look forward to departing in both good health and good humor, this is not 'game over' for me, but instead 'leveling up' to more time with my wife, family and friends."

Discussion Posted by cageymaru 4:37 PM (CST)

Researchers Find a 19 Year Old Bug In WinRAR

Security researchers from Checkpoint have reportedly discovered a bug in WinRAR that just might be older than you. According to their bug report, recent version of WinRAR shipped with an ancient "unacev2.dll" file designed to decompress the equally ancient ACE archive format. A bug in the .dll lets malicious archives extract files to any location on the user's system, including the user's startup folder, which would allow an attacker to remotely execute arbitrary code during the next startup. WinRAR has removed the vulnerable .dll file in the program's latest release, as no one unpacks ACE archives anymore, and it seems that the security researchers may have claimed a substantial bug bounty in the process. Thanks to The Register for spotting the exploit.

A few months ago, our team built a multi-processor fuzzing lab and started to fuzz binaries for Windows environments using the WinAFL fuzzer. After the good results we got from our Adobe Research, we decided to expand our fuzzing efforts and started to fuzz WinRAR too. One of the crashes produced by the fuzzer led us to an old, dated dynamic link library (dll) that was compiled back in 2006 without a protection mechanism (like ASLR, DEP, etc.) and is used by WinRAR. We turned our focus and fuzzer to this "low hanging fruit" dll, and looked for a memory corruption bug that would hopefully lead to Remote Code Execution. However, the fuzzer produced a test case with "weird" behavior. After researching this behavior, we found a logical bug: Absolute Path Traversal. From this point on it was simple to leverage this vulnerability to a remote code execution. Perhaps it's also worth mentioning that a substantial amount of money in various bug bounty programs is offered for these types of vulnerabilities.

Discussion Posted by alphaatlas 12:05 PM (CST)

Obsidian Talks About the Style and Setting of The Outer Worlds

While reading reviews about and commentary on Fallout 76, one of the most common opinions I run into is "We just want more Fallout: New Vegas." In other words, it seems that many players crave the stories and character-based worldbuilding that the single player Fallout experiences delivered, and that Fallout 76 largely skips. In a previous interview, Obsidian mentioned that The Outer Worlds is basically the New Vegas sequel they always wanted to make, and two recent interviews from Game Informer really drive that point home. The first, which dives into the universe of The Outer Worlds, reveals that the game will feature a Fallout-esque constructed world and similar over-the-top jabs at society, and the "1930s Dieselpunk Deadwood" theme mentioned in another interview could easily describe the Mojave desert in New Vegas.

The Outer Worlds is first and foremost a rollicking outer space adventure, but like the original Fallout that Cain and Boyarsky helped create, one of the magic ingredients is a healthy dose of social commentary (often couched in absurdist humor)... Boyarsky: Dieselpunk is very 1930s, and I was like "That's unfortunate, because that almost feels like what we want." I just threw out "Dieselpunk Deadwood," and then we were like, "That's what we have to somehow encapsulate." ...This is where we, as far as the environment goes, really hit where we wanted to go with the project.

Discussion Posted by alphaatlas 11:42 AM (CST)

Intel's MESO Transistor Project Could See Results in Two to Five Years

Late last year, Intel announced that they were working on a new type of transistor that could offer a massive performance leap over current CMOS chips. "MESO" transistors, as they call them, could operate at voltages as low as 100mV, but at the time, Intel said the technology was at least a decade away from commercialization. Today, in an interview with VentureBeat, an Intel researcher said he is "excited about spin-off results MESO is likely to produce within the next two to five years." AI accelerators are supposedly less complicated an more fault tolerant that traditional chip designs, and MESO's characteristics are "coincidentally' well suited to neural network architectures, meaning they could hit the market sooner rather than later.

Khosrowshahi: CPUs, which are the most commonplace when you're building silicon, are oddly enough the hardest thing to build. But in AI, it's a simpler architecture. AI has regular patterns, it's mostly compute and interconnect, and memories. Also, neural networks are very tolerant to inhomogeneities in the substrate itself. So I feel this type of technology will be adopted sooner than expected in the AI space. By 2025, it's going to be biggest thing... Young: If we can get these improvements in power-performance - MESO will be a 10 to 30 times better power-performance or energy-delay product - but let's say we only get a 2X improvement. That gives us, for a given power into the device, a 2X performance benefit, so it's a huge leg up on the competition. That's what drives this. Not only is this good for my company but it's an opportunity for the industry. The research is open, because we have so much heavy lifting to do with these materials. But if this is a thing that we as an industry can get a hold of, this could be a game changer for the semiconductor industry. It will take it through this curve that has been flattening. We may accelerate again. And that would be really neat.

Discussion Posted by alphaatlas 11:01 AM (CST)

Zilog Z8000 Architect Passes Away

Dr. Bernard Peuto, the mind behind Zilog's Z8000 and Z8 processors, passed away this month, and the Electronic Engineering Journal just posted a writeup on his history with Zilog. Just before the wild success Zilog Z80, the company hired Dr. Pueto as their twelfth employee in early 1976. With mainframe experience under his belt, the report says he quickly went to work on Zilog's 16 bit designs, but the company faced stiff competition from Motorola and Intel. Far more than a simple obituary, the article is a dive into the history of Zilog and their contemporary competitors, and is definitely worth a read. Thanks to cageymaru for the tip.

Despite all of these acquisitions, Littlefuse/Zilog still sells versions of Dr. Peuto's Z8000 and Z8 processors. The Z8 microcontroller was reborn in the early 2000s as the enhanced Z8 Encore! and the Z8 Encore! XP Flash-based microcontroller families. Meanwhile, the 40-pin and 48-pin versions of the Z8000 microprocessor are still available as the Z16C02 and Z16C01, although perhaps not for too much longer, as you really need to dig deep into the Littlefuse/IXYS/Zilog site to find these parts. (Actually, I let Google dig into it.) Part of Dr. Peuto's significant technical legacy is deeply rooted in the Z8000 and Z8 processor architectures. Another part is tied to the Computer History Museum in Mountain View, California where Dr. Peuto served as a trustee for 17 years. He was also a member of the museum's executive and finance committees. As a result of that work, he was named a Trustee Emeritus in 2017. That's not a bad legacy to leave, my friends.

Discussion Posted by alphaatlas 10:30 AM (CST)

HTC Reveals the Vive Focus Plus

Today, HTC announced an update to their standalone, enterprise-focused VR headset. The Vive Focus Plus incorporates 2 6DoF controllers instead of one, which they claim helps bring the headset up to par with PC VR devices and makes porting applications to the Focus easier. The new headset also "rests easier on consumers' heads" than the original Vive focus, but HTC mentioned that it will use the same Qualcomm Snapdragon 835 processor as its predecessor. That isn't surprising, seeing how it will maximize compatibility with existing apps, but the 835 is already 2 generations behind Qualcomm's latest and greatest processors. Thanks to cageymaru and VentureBeat for spotting the report.

Blurring the lines between reality and virtual reality, Vive Focus Plus brings users greater comfort and full enterprise support. Resting easier on consumers’ heads, Vive Focus Plus offers comfort and lays the groundwork for extended sessions in VR needed by commercial customers. The headset also ships with several professional features including Kiosk Mode, Gaze Support, and device management tools to remotely enroll, monitor, and manage multiple headsets all at once. The headset will be available for purchase starting in Q2 2019 on in 25 markets worldwide, supporting 19 languages. In most markets, the product will include an enterprise license for use at no additional cost.

Discussion Posted by alphaatlas 9:49 AM (CST)

Intel Wants to Take You on a Graphics Odyssey

Intel's discrete GPU is still years away, but they're already trying to get the graphics community involved. Chipzilla previously made calls for graphics experts to join their team, but yesterday, Intel Graphics launched a more consumer-centric campaign. Functionally, Intel Graphics' "Odyssey" appears to be a mailing list for gaming-related promotions and giveaways right now, but TechRadar mentions that Intel will send out "invites to company-sponsored events" via the newsletter sometime in the future. As spammy as this effort may or may not seem, we've noted that Intel has totally revamped their public-facing image over the past year, and I prefer this effort to reach out to the community over the company's previous policies of keeping development close to their chest.

The Odyssey is built around a passionate community, focused on improving graphics and visual computing for everyone, from gamers to content creators. And we want voices like yours to help guide us. We're committed to listening to the community, and in return you will get closer to the inner workings of visual technology development than ever before. You'll hear the latest reports first and you'll have access to some amazing offers and exclusive giveaways. The Odyssey is about how we'll work together to build the visual computing solutions you really want. You also have the opportunity to receive the Intel Gaming Access newsletter which gives gamers a VIP pass to killer deals and freebies, preferred beta access, the latest gaming news, and more.

Discussion Posted by alphaatlas 9:19 AM (CST)

Samsung Unveils a Folding Smartphone

What's old is new again. While smaller manufacturers have already "launched" a new generation folding phones, and bigger ones like Xiaomi have teased folding prototypes, Samsung officially unveiled the aptly names "Galaxy Fold" at the Samsung Unpacked event yesterday. Unlike your old flip-phone, the Galaxy Fold features a flexible 7.3 inch display that takes up the phone's entire unfolded face, and it's powered by a "7nm, 64-bit processor" that has more cores and just as much RAM as the desktop I'm typing on. Some sources claim the unspecified processor is a Qualcomm Snapdragon 855, but Samsung could also follow in the footsteps of the conventional Galaxy lineup and use their home-brewed Exynos 9820 outside the U.S.

The internal screen does not merely bend. It folds. Folding is a more intuitive motion, and a more difficult innovation to deliver. Samsung invented a new polymer layer and created a display around 50 percent thinner than the typical smartphone display. The new material makes Galaxy Fold flexible and tough, built to last...No matter which way you hold-or fold-the device, a camera will be ready to capture the scene, so you never miss the moment. With six lenses-three in the back, two on the inside and one on the cover-the Galaxy Fold camera system has flexibility built in. Galaxy Fold introduces a new level of multitasking, allowing you to use other apps during a video call.

Discussion Posted by alphaatlas 8:47 AM (CST)

Tesla Demonstrates Its New Security System Called Sentry Mode

As we reported before, Tesla has added a new security feature to its cars called Sentry Mode. Sentry Mode uses the car's cameras to monitor its environment to detect potential threats. It will display a message on the touchscreen and record the encounter if the threat is minimal. But if it determines that the threat is severe, Sentry Mode will perform the same actions, but also play loud music through the car's stereo system and sound an alarm. Tesla has released a video of the security system in action.

If a car switches to "Alarm" state, owners will also receive an alert from their Tesla mobile app notifying them that an incident has occurred. They'll be able to download a video recording of an incident (which begins 10 minutes prior to the time a threat was detected) by inserting a formatted USB drive into their car before they enable Sentry Mode.

Discussion Posted by cageymaru 7:51 AM (CST)
Wednesday February 20, 2019

Disney Removes Advertising from YouTube in Response to Child Exploitation Videos

The Walt Disney Company, Epic Games, Nestle SA and other corporations have removed their advertising from YouTube in response to a video that detailed how criminals are using the YouTube comments section to run a "soft-core pedophilia ring." Video blogger Matt Watson showed evidence of how these pedophiles are encouraging children to do challenges and upload them. When the videos are uploaded by the child, the criminals upload a copy on their own channel(s). There they create timestamps to the parts that show the children in compromising positions. Also they bombard the comments section with links to pedophilia on other websites and hidden videos. The worst part is that pedophiles are using YouTube's algorithm to find the videos. For example, by searching for bikinis and then clicking on a video of a child, the algorithm "locks" the user into these videos in the recommended section. By interacting with the pedophiles in the comment section, the algorithm shows more disturbing content. Matt Watson calls it a wormhole. YouTube knows this activity is happening, but only disables the comment section of the videos. According to Matt Watson, Youtube doesn't remove the offensive videos or accounts that uploaded them. After the uproar happened, YouTube is now removing the content shown in the blogger's video. But what of the countless others out there? The link to the video from Matt Watson is NSFW and can be found in the Bloomberg article.

"Any content --including comments -- that endangers minors is abhorrent and we have clear policies prohibiting this on YouTube. We took immediate action by deleting accounts and channels, reporting illegal activity to authorities and disabling violative comments," a spokeswoman for YouTube said in an email.

Discussion Posted by cageymaru 7:28 PM (CST)

Password Manager Vulnerabilities Exposed

A report from Independent Security Evaluators (ISE) showed that password manager security is acceptable in non-running states, but are vulnerable to memory attacks when in running states. Products from 1Password4, 1Password7, Dashlane, KeePass, and LastPass were tested in the report. For example, 1Password4 properly scrubbed old password entries from memory when it loaded a new entry; this meant that only one password was exposed at a time. But the master password remained obfuscated in memory and a bug allowed the master password to be stored in memory in a cleartext form; even when locked. In another example, 1Password7 decrypted and loaded all the individual passwords in the running state and didn't scrub the individual passwords, master password or the secret key when transitioning from the unlocked to locked state! Dashlane exhibited good security practices until the user changed an entry. Then it exposed the "entire database plaintext in memory and it remains there even after Dashlane is logged out of or 'locked'." The entries remained in memory for more than 24 hours. KeePass was decent until a simple strings dump from the process memory of KeePass was performed. There it exposed all entries that had been interacted with. LastPass performed as well as KeePass. ISE concluded that while "it is evident that attempts are made to scrub and sensitive memory in all password managers. However, each password manager fails in implementing proper secrets sanitization for various reasons." The password manager vendors responded to the report from ISE. LastPass says it patched its issues and KeePass noted that the basic underpinnings of Windows affected its ability to scrub the password entries as "Windows and .NET may make copies of the data (in the process memory) that cannot be erased by KeePass." Dashlane noted that "if an attacker has full control of a device at the lowest operating systems level, they can read any and every information on the device." 1Password's spokesperson took the same stance with "An attacker who is in a position to exploit this information in memory is already in a very powerful position. No password manager (or anything else) can promise to run securely on a compromised computer."

In this paper we will examine the inner workings as they relate to secrets retrieval and storage of 1Password, Dashlane, KeePass and LastPass on the Windows 10 platform (Version 1803 Build 17134.345) using an Intel i7-7700HQ processor. We examine susceptibility of a password manager to secrets exfiltration via examination of the password database on disk; memory forensics; and finally, keylogging, clipboard monitoring, and binary modification. Each password manager is examined in its default configuration after install with no advanced configuration steps performed. This paper is not meant to criticize specific password manager implementations; however, it is to establish a reasonable minimum baseline which all password managers should comply with.

Discussion Posted by cageymaru 5:10 PM (CST)

Here Is the Samsung Unpacked Press Event

The Samsung Unpacked Press Event is live.

Welcome to the next generation. #SamsungEvent #Unpacked.

Discussion Posted by cageymaru 1:35 PM (CST)

ASUS Maximus XI Apex Motherboard Broken Down

Actually Hardcore Overclocking just posted a detailed analysis of an ASUS Maximus XI Apex LGA 1151 motherboard, and overall, it looks like great board. In the YouTuber's own words, the motherboard's VRM setup is "overkill," yet it's significantly cheaper than other LGA 1151 motherboards from Asus with inferior VRM setups. This particular board has several features designed exclusively for LN2 runs, but also has other features water or air overclockers would appreciate, like a dual BIOS setup and only 2 DDR4 DIMM slots for maximum memory overclocking performance. Check out the analysis below:
Discussion Posted by alphaatlas 12:33 PM (CST)

Japanese Government Will Hack Their Citizen's IoT Devices

Numerous security experts have (justifiably) expressed concern with the security of IoT devices that enter the market every day, But today, the Japanese government is doing something about it, as they will start testing the security of their own citizen's IoT devices. "NOTICE," as they call it, will identify internet-connected IoT devices with "weak password settings," and notify the relevant telecommunications carrier, who in turn will notify the owners of the vulnerable device. IEEE Spectrum, who spotted the notice, notes that the government recognized IoT as a national security thread in 2015, and that they probably don't want any security trouble at the 2020 Olympics, when the whole world is watching.

The survey is to check whether the password setting in each IoT device is easily guessed (e.g., "123456", "password", etc.), and the survey will not intrude into the device or acquire information other than that required for the survey. As for the information obtained by the survey, strict safety control measures will be taken in accordance with NICT's implementation plan approved by the Minister for Internal Affairs and Communications.

Discussion Posted by alphaatlas 12:18 PM (CST)

Intel Confirms that FinFET MRAM is Production Ready

Late last year, EE Times published a report claiming that Intel was already shipping MRAM products to undisclosed customers. At the time, Intel only confirmed that their MRAM was "production ready" and didn't elaborate any further. But now, the news outlet says that Intel presented a paper on their embedded MRAM at the International Solid-State Circuits Conference. The fast, non-volatile 7Mb memory arrays reportedly achieve "10-year retention at 200C" and have "demonstrated write endurance of more than 1E06 cycles and read disturb error rate of more than 1E12 cycles." While EE Times calls the 22FFL process the MRAM arrays are built on a "22nm" process, semantics in the world of semiconductors are fuzzy, and Wikichip believes that 22FFL actually has more in common with Intel's 14nm processes. "Analysts" still believe that Intel is shipping products with MRAM, but the chip company hasn't elaborated on any of them yet.

According to Intel's ISSCC paper, each 0.0486-um2 transistor to one magnetic tunnel junction (1T1MTJ) MRAM bit cell is 216 x 225 nm2, with two polysilicon word lines. The tunnel-magneto-resistance ratio of the MTJs is 180% at 25C, with a target device-critical dimension between 60 nm and 80 nm. Wei said that the eMRAM design is also tolerant of wide variations in supply voltage. The design achieves a 4-ns read sensing time at 0.9 V but is also capable of 8-ns read sensing time at 0.8 V, she said... In a separate ISSCC paper presented Tuesday, Intel also described the development of resistive RAM (ReRAM) as a low-cost option for embedded non-volatile memory for SoCs used in IoT and automotive. The embedded ReRAM technology - also implemented in a 22-nm FinFET process - demonstrate what the company says is the smallest and highest-density ReRAM subarray and material innovations to allow low-voltage switching without impact to transistor reliability.

Discussion Posted by alphaatlas 11:36 AM (CST)

Gamers Love Call of Duty 15's New Loot Boxes

After a 4 month absence, loot boxes have finally come to Black Ops 4, and players couldn't be happier... Just kidding. Call of Duty fans in the game's subreddits and other communities aren't pleased with the new microtransaction changes, to say the least, and Eurogamer's writeup on the system largely reflects the opinion of other CoD playing journalists across the web. The publication says that Black Ops 4's crate system "feels particularly grubby," as they don't display probabilities and sometimes contain duplicate items. Additionally, some of the rewards affect gameplay and progression, and some weapons are only attainable through opening loot boxes.

Much of the anger at these loot boxes stems from the growing feeling that Black Ops 4 is buckling under the pressure to generate more money for publisher Activision. Here we have a full price video game with a userbase-splitting آ£39.99 season pass for DLC maps, a take on Fortnite's incredibly successful battle pass called the Contraband progression system, the ability to pay to complete tiers on the Contraband progression system, Special Orders you can pay real world money for, individual cosmetic items you can spend real world money on directly, and even reticles as microtransactions. It's convoluted, confused and inescapably money-grabbing - and it's also a real shame as the core game underneath all these alternative revenue streams remains fantastic. Indeed, the controversy around loot boxes threatens to overshadow the meaningful changes made this week to Blackout, Black Ops 4's battle royale, which feels like it's being squeezed between Respawn's Apex Legends and the ongoing popularity of Fortnite and PUBG as Treyarch struggles to freshen up the experience often enough.

Discussion Posted by alphaatlas 10:43 AM (CST)

More News