Podcasts about zombieload

Seit einigen Jahren liest man immer wieder von Spectre, Meltdown, ZombieLoad oder anderen Angriffen auf Schwachstellen in Prozessoren und Hardwareschnittstellen. In dieser Folge des Security-Insider Podcast gehen Chefredakteur Peter Schmitz und Moderator Dirk Srocke diesem Phänomen auf den Grund und lassen sich von Prof. Dr.-Ing. Thomas Eisenbarth von der Uni zu Lübeck erklären, warum Angriffe auf Hardware für Cyberkriminelle so interessant ist, wie genau Seitenkanalattacken funktionieren, was Hersteller und Verbraucher dagegen tun können und wie alles anfing. Weiterführende Informationen zu diesem Thema gibt es übrigens im Artikel auf Security-Insider!

Nyheter Firefox Voice Beta 2 (tack bittin): https://community.mozilla.org/activities/test-firefox-voice/ Firefox 74 ute: https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ Stanford vill låna din dator för att studera coronaviruset: https://www.theverge.com/2020/3/2/21161131/folding-home-volunteers-researchers-coronavirus Nextcloud växer: https://nextcloud.com/blog/nextcloud-doubles-order-intake-and-customer-base-remains-profitable-and-independent/ https://trends.google.com/trends/explore?q=nextcloud,owncloud,seafile,filecloud,sharefile Otrevligheter Nytt säkerhetshål med Intel: https://lviattack.eu/ Tidigare: Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout Trevligheter NymphCast: https://github.com/MayaPosch/NymphCast TimeShift på Linux: https://github.com/teejee2008/timeshift Storybook: https://storybook.js.org/ Utmaningar Alex PinePhone Har flashat PostmarketOS + Phosh ### Sebs Linuxäventyr Rocket League fungerar! Path of Exile strular :( Meta Kanske Spleen i loggan (tack Isak): https://github.com/fcambus/spleen Sidor för att följa Trevlighetspoäng och Utmaningar Contributor-ligan Alex: 1 + 3 = 4 brons Seb: 1 brons TrevligPodcastPlayer Kontakta oss Hemsida: https://trevligmjukvara.se Mail: kontakt@trevligmjukvara.se Twitter: @trevligmjukvara (https://twitter.com/trevligmjukvara) Telegram: Trevlig Mjukvara (https://t.me/trevligmjukvara) Tack till Ljudeffekter från https://www.zapsplat.com/ Musik från https://filmmusic.io "Pixelland" av Kevin MacLeod "NewsSting" av Kevin MacLeod "Toccata and Fugue in D Minor" av Kevin MacLeod "Beautiful World - Epic and Uplifting Motivational Trailer" av Rafael Krux "Black Knight" av Rafael Krux "Pixel Peeker Polka - Faster" av Kevin MacLeod Licens för alla: CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/) Grafik och font i loggan: Ok-emoji: emojione version 2.2.7, https://commons.wikimedia.org/wiki/File:Emojione_1F44C.svg (CC BY 4.0) Font: Sulphur Point av Dale Sattler, https://fonts.google.com/specimen/Sulphur+Point (OFL)

Have you heard about this little thing called Space Force? If so, it's probably through ridicule; the latest branch of the US military has received no shortage of it since it launched at the end of last year. Still, at least it had a better week than Intel, which had to release a patch for a patch for its patch of its ZombieLoad problem. Say that five times fast. This week we also took a look at the most common Mac malware, at least by antivirus firm Kaspersky's reckoning.

This week we look at 15 CVEs this week including the new MDS Attacks/Zombieload and GhostImage a cool attack against vision-based classification systems. We also have discussion about mobile vs desktop security. Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) [00:01:33] Pwn2Own Miami 2020 [00:06:32] Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone https://twitter.com/dinodaizovi/status/1221324029841244161 [00:11:25] Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..." [00:25:49] More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upv68b [00:31:34] MDHex Vulnerabilities [00:42:55] JSSE Client Authentication Bypass (CVE-2020-2655) [00:55:37] Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) [00:58:34] ModSecurity Denial of Service (CVE-2019-19886) [01:02:47] GGvulnz - How I hacked hundreds of companies through Google Groups [01:09:14] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857) [01:14:40] arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork [01:18:54] Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142) [01:21:35] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615) [01:28:41] Information Leaks via Safari's Intelligent Tracking Prevention [01:39:02] GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems [01:44:46] Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups [01:49:26] The Life of a Bad Security Fix [01:51:22] macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image

Computer and Technology News.Topics:Microsoft forced to create a free Windows 7 update just days after updates ended – The VergeMotorola wants you to be careful using the new Razr | EngadgetRivian says its electric vehicles will cost less than first announced | EngadgetMozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNetThe ‘Race To 5G' Is A Giant Pile Of Lobbyist Nonsense | Techdirt5G Action NowIntel Is Patching the Patch for the Patch for Its ‘Zombieload' Flaw | WIREDMagecart gang arrested in Indonesia | ZDNetApple envisions a Mac made from a sheet of curved glass | EngadgetIBM uses AI to predict progress of Huntington's disease symptoms | EngadgetPlague Inc. developer reminds players it is just a game amid coronavirus outbreak – The VergeYouTube is using massive e-sports leagues to take on Twitch in big live-streaming bet – The VergeFor full show notes, check out ComputerAmerica.com!

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/

Eric hangs out in San Francisco while Jon makes a pen. There's a Facebook Bug, a Confluence Bug and an NSA Advisory, along with some more ransomware notes and something about zombies? Eric reminisces about museums and Jon nostalgizes about Mosaic. WASM! 0:00 - Intro 4:09 - Jon Makes A Pen 8:11 - Facebook Bug 11:53 - Confluence Bug 15:18 - NSA Advisory 17:29 - Pemex Ransomware 21:04 - Zombieload 2 26:24 - The Exploratorium 29:30 - Mosaic Turns 26 33:18 - WebAssembly

A daily look at the relevant information security news from overnight.Episode 197 - 15 November 2019Government phish - https://www.bleepingcomputer.com/news/security/new-threat-actor-impersonates-govt-agencies-to-deliver-malware/Zombieload workaround - https://www.zdnet.com/article/windows-linux-get-options-to-disable-intel-tsx-to-prevent-zombieload-v2-attacks/Patient data breach - https://www.scmagazine.com/home/health-care/open-database-exposes-93m-files-on-patients-of-substance-abuse-facilities/Pranks exposed - https://www.technadu.com/prankdial-com-exposes-138-million-records/84939/Healthcare breaches - https://www.bleepingcomputer.com/news/security/us-health-network-supplier-expose-pii-phi-data-in-breaches/

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/

PC Perspective Podcast #564 - 11/13/2019 Show Topics 00:00:06 - Intro 00:01:51 - News: Threadripper 3960X & 3970X 00:15:00 - News: Ryzen 9 3950X 00:17:22 - News: Ryzen 4000 00:24:20 - News: Intel ZombieLoad Variants 00:29:10 - News: Red Dead Redemption 2 PC Issues 00:33:44 - Sponsor: Capterra 00:35:33 - Review: Datacolor SpyderX Pro 00:47:06 - Review: SilverStone RL08 Case 00:53:01 - Review: Phanteks P360X Case 00:55:48 - Review: Scythe Fuma 2 CPU Cooler 01:03:00 - Picks of the Week 01:23:38 - Outro See the full show notes. Picks of the Week Jeremy: Mission: ISS Josh: NZXT H510 Brett: 16-inch MacBook Pro Sebastian: Digital Stereophony

Join us this week as we look at details on the upcoming third-gen Threadripper processors, take a peak at leaked 3950X benchmarks, review the Datacolor SypderX Pro monitor calibration tool, check out a pair of cases from SilverStone and Phanteks, and more!

A daily look at the relevant information security news from overnight.Episode 195 - 13 November 2019Intel Zombieload - https://techcrunch.com/2019/11/12/intel-cascade-lake-zombieload/IE zero-day patch - https://threatpost.com/microsoft-patches-rce-bug/150136/Orvis.com oops oops - https://www.technadu.com/orvis-com-exposed-hundreds-internal-passwords-pastebin/84732/Adobe critical patches - https://threatpost.com/adobe-critical-bugs-illustrator-media-encoder/150114/Pemex huge ransom - https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/

Die Welt wird immer digitaler und es ist gut, wenn man Informatik-Unterricht an seiner Schule belegen kann. Die Schülerinnen und Schüler des St. Michael Gymnasiums in Ahlen haben diese Möglichkeit und versuchen in den Folgen der Episode der Informatik im Alltag auf den Grund zu gehen.

Viele arbeiten privat oder in der Firma mit Intel Prozessoren. Doch leider werden bei diesen Prozessoren immer wieder Sicherheitslücken entdeckt. Meltdown und Spectre hießen sie im Jahr 2018. In diesem Jahr kam Zombieload hinzu. Der Angriff passiert still und leise, doch der Angreifer kann fast alles auf unseren Rechnern mitlesen. Wie funktioniert so ein Angriff, wo sitzt die Schwachstelle, wie kann man sich schützen und wer wäre ein lohnenswertes Ziel für einen solchen Angriff, das hören Sie in unserem Netzagent. Interviewpartner: Werner Haas, CTO bei cyberus technology in Dresden. Die Firma war an der Entdeckung der Sicherheitslücken Meltdown und Spectre beteiligt. ►► Mehr Netzagent zum Anhören • Bei SWR Aktuell: http://x.swr.de/s/netzagent • In der ARD Audiothek: https://www.ardaudiothek.de/netzagent/62037366 • Bei Spotify: https://open.spotify.com/show/6m6x8uhR2TwQzJsO7GNHnj • Bei Apple Podcasts: https://podcasts.apple.com/de/podcast/swr-aktuell-netzagent/id1466938159 • Bei Google Podcasts: http://x.swr.de/s/netzagentgooglepodcasts ►► #netzagent Neues und Hintergründiges zu Cybercrime und Cyberwar, Datenschutz und Datensicherheit - Wir reden mit Experten über Technik, Politik und Gesetze, die das Internet bedrohen oder sicherer machen.

Bibliai ételkóstoló a holnap induló Művészetek Völgye fesztiválon. A programról Szűcs Boglárkával, környezeti nevelővel, a Károli Gáspár Református Egyetem Ökogyülekezet Kutatóműhelyének tagjával beszélgettünk. A tőzsdenyitás ma Varga Botondnak, az Equilor Befektetési Zrt. üzletkötőjének jutott. IT rovatunkban a Zombieload-támadásról beszélgettünk Erdős Mártonnal, a PCWorld magazin főszerkesztő-helyettesével.

We discuss a number of issues in the news, such as a 17-year old Firefox vulnerability, the threat to end-to-end encryption, and whether Apple should offer a VPN. We also answer listening questions about browser fingerprinting - what is it? we explain - and turning off hyper-threading (we explain that too). AmIUnique Episode 83: Epic disasters: ZombieLoad, WhatsApp, Google 2FA Keys, and Microsoft RDP CPUSetter U.S. officials consider end-to-end encryption crackdown 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device Here’s the next big step Apple should take to protect our privacy Episode 57: The Advantages of Using a VPN, with CyberGhost Amazon confirms Alexa customer voice recordings are kept forever Get 40% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.

Mit der Entdeckung eines der größten Sicherheitslecks stellten Grazer Forscher die IT-Welt auf den Kopf. Einer von ihnen, Daniel Gruss, erzählt im Gespräch mit David Knes die faszinierende Geschichte dahinter.

Craig is in the WGAN Morning News with Ken and Matt. This morning,  we got into a whole bunch here about some lawsuits that are in the works on your behalf against Intel. A little bit more about Huawei, but we went into some details on this whole idea of China owning and providing some 97% of precious metals. And those are now getting pulled into this entire trade battle. And some serious time talking about the wake-up call that new grads are going to get when they report for their first job after Graduation. These and more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Intel Has A Problem and So Do You  Colleges Graduates Are Up For Rude Awakening When They Show Up For That New Job The U.S. Has Had Enough of Huawei and China!   --- Transcript: Below is a rush transcript of this segment, it might contain errors. Airing date: 05/29/2019 Intel Vulnerability and Inevitable Lawsuits, Huawei, China and Precious Metals and College Graduates Get A Surprise. --- Craig This morning I was on with, of course, Ken and Matt and we spent some time talking about some of the issues of the day. We got into a whole bunch here about some lawsuits that are in the works on your behalf against Intel. A little bit more about Huawei, but we went into some details on this whole idea of China owning and providing some 97% of precious metals. And those are now getting pulled into this entire trade battle. And some serious time talking about a wake-up call for grads. So a lot this morning, and here we go.   Matt 738 on a Wednesday means Craig Peterson joins us as he does now Craig How are you this morning?   Craig   Hey, good morning doing well, I hear you getting chickens.   Matt No, I'm not getting chickens. But my wife says she wants chickens. I think that this is a fad. But, hey, it's possible, you never know.   Craig Well, we have chickens. I've had them for years. They're easy to take care of, and they do keep the bugs down. If you want to get rid of the ticks, which are nasty this year, then chickens can help, but Guinea hens are supposed to be the best, but they are loud and obnoxious.   Matt Yeah, no, I'm not going be doing that.   Ken Neighbors would love that, of course, a better than the rock concert and whisper.   Ken So, Mr. Peterson, who you, by the way, you can go to Craigpeterson.com any time and get his newsletter and find out all about tech stuff. Doesn't every computer have Intel in it? Everything has Intel Inside. So, are we all screwed here?   Craig Yeah, this is a really, big deal here. And I just don't get it. They seem to be getting a pass. You know, Ken if you if someone came to you, I know you deal primarily with marital laws,   Ken I do.   Craig But if someone came to you says, Hey, I bought this device to do this job. It's advertised to do it. And it's only doing it about half as well as advertised. Would they have a case? Would there be a class action to suit?   Ken Yeah   Craig It doesn't seem to be happening here. Here's what's happened. Pretty much every Intel chip made back to 2011 has a significant security flaw. The industry is putting it in 9.5 out of 10 as far as vulnerabilities go. As far as how bad this is, some Intel chips going back afar as 2007 have these flaws well.  Intel has come out and said okay, well, here's what we're going to do, and we're going to release a patch that you can apply for our chips. If you want to be safe, you have to apply this patch. And you have to turn off hyperthreading. Well, Apple, who uses Intel chips in its desktops and their laptops, has said that doing what Intel tells you to do will force you to lose about 40% of the performance on your computer. That is amazing. It's appalling. And Intel is even said Listen, you know if what we'll do, we'll do some patches for the chips going back to 2011. But 2007 forget about it, you guys must buy a new generation of chips if you have a computer with chips made during those five years, that are vulnerable to what's called ZombieLoad, which is the latest nasty piece of hardware problems from Intel. If you have chips made in those five years, Intel isn't going to do anything for you. It is amazing. Now it depends on your circumstance, you know, you may not be fully exposed to this. But this is the second time that there's been a significant flaw discovered in Intel chip security flaw in the last six months. And this one's even worse than the last one. So Intel saying, "Well, is only classifying it as a medium threat." And frankly, if you have a stack of software protecting your computer, and you have a firewall and next generation one that's inspecting everything coming in, including the JavaScript, etc., etc., then, then you might not be very vulnerable.   Craig But the people that are going to be really, really, really ticked off about this are people who run cloud companies. If you are running your stuff in the cloud, think of it like a salesforce.com, Amazon or Microsoft Azure, which have massive clouds of computers, they have to turn on all of the patches and fixes which means turn off hyperthreading, applying the microcode fixes, etc. They are instantly losing up to 40% of the capability of their server speeds. It is going to result in a huge and more likely a massive lawsuit, I'm sure. We're also going to see I would put money on this gentleman. By the end of this year, Apple will say Adios to Intel, and for their lower end laptops and maybe even some lower end desktops, they will no longer use Intel. But will switch over to a proprietary chip design that they've been using for their iPhones and iPads for a while. More and more companies will be doing that. It was just this week, Intel's most significant competitor AMD released stats on how they don't have these vulnerabilities, right.  There's always something. AMD has some new chips using processes that Intel has not even been able to get close to perfecting yet. So AMD is going to be rising dramatically, Intel's going to be falling sharply. I am not giving any investment advice. Okay. I'm not an investment advisor at all. But I'm talking about their presence in the industry. It is an industry game changer. I think in this case, that whole Intel Inside advertisement they used for so many years is going to bite them. Many people in the IT biz are angry with Intel right now.   Ken Talking to Craig Peterson, our tech guru. He joins us now, as he usually does on Wednesdays. And this is a Wednesday ladies, gentlemen, not a Tuesday, it's the second day of the week for us, but it is the third day of the week. Today Craig, when you graduate from college these days, let's say the class of 2019, for instance,  and you head off into the job market. And you know, for years you've had kind of certain types of prospects and certain expectations about what you have to do after you leave college and go into the quote "real world" end quote. Things are changing in that respect. Do you think that kids are going to be having to deal with a little bit more of a higher expectation as they are entering the workforce?   Craig   Yeah, this is an excellent article from the Wall Street Journal, and I put it up as well for some more information. There Wall Street Journal's call this a wake up call for grads. Entry-level jobs that are out there and of course, there are many of them are, is anything but any more. In business, and we could talk about this for a long time, but these jobs have been at the low-end jobs are saying well forget it, we're not going to pay these minimum wages, it's not worth it to us. We'll automate, right. Case in point, being a McDonald's. Many people had their first job at McDonald's. However, now what we're finding that automation and outsourcing, have taken away so many of the lower end jobs. Even when you look at a business like journalism, you used to have people combing other people's newspapers doing clipping, clipping services to get some ideas, beating the streets reading the letters to the editor. Now, that's entirely automated. So graduates now are expected to operate at a much higher level than they ever have had to perform before. And when you're looking at skills, these technical skills required in jobs, the turnover is just so fast and new skills, that your future employers are going to be expecting you to be productive almost on day one. Gone are the days where an employer will say in reality, we don't expect anything out of an employee for the first three months. And then it'll be six months before we get anything truly productive. We have employers out there right now who are looking for people to start making sales calls. For instance, on day one great example, so much. The Wall Street Journal article had quotes in here from IBM, who has 330,000 people who are saying we need people who can adapt. So, if you are graduating from college, and it's anytime soon, you are going to have to adjust and fast. Gone are the days like with my father, who at how old is he? I think he said he was 18 years old, and he started working for the Royal Bank of Canada retiring at 65, from the Royal Bank of Canada. And then he took a contract doing some third-party work for about five years at the Royal Bank of Canada. Now we're going to be switching jobs quickly. We have some industry leaders who are saying the best advice they can give to the younger kids is switch jobs and change careers be very flexible. And that is an entire shift from the generation before mine. We baby boomers even had, on average three to five careers. So things are changing guys in a massive way.   Matt We have on Craig Peterson. He joins us every Wednesday at 738 even though we have Memorial Day Monday and so this is Tuesday for us. Great, I can't pronounce the company. I keep messing it up who-who the one in China. How do you pronounce that? It comes up with bad we're not buying things from anymore.   Craig   Huawei, Huawei,   Matt Huawei, sort of a salad age.   Ken So, explain to us what that's all about. I mean, are they evil?   Ken  10:52   Is it that bad?   Craig The question is, are they evil? Some companies claim that they are and others that claim that they're not. You might remember this scare a few months back where servers and Amazon and elsewhere were found to have some hardware on the motherboard that was not part of the schematics designed by major manufacturers like Supermicro.  They said to Huawei. We want you to manufacture this product, China, and we want this done this way. Here's a schematics make it and ship it back to us. There have been a lot of scares, some of them turned out to be, pretty much, correct. There was a bit firmware put on the boards, maybe a little hardware that shouldn't have been there. And then we announced a trade ban with Huawei and of course, we're in a big fight with them. The Canadians arrested their CFO just a lot about three or four months ago for the United States, who has a warrant out on their CFO.   Craig The problem is that we getting going here is the installation of 5g hardware, made by Huawei. So there was a ban put in place where we could not make a trade with Huawei anymore. Google said, "okay, we're going to honor that, and we will not sell them Android OS anymore." Other hardware manufacturers that were licensing their technology to them, also pulled it back. And the government realized that Huawei is the number two smartphone maker in the world, now that they have passed Apple.  So, they are going to be hurting people here in the US. Now, military bases have stopped selling Huawei, all of what, almost two years ago, because of some of the questions around them. Here's where we stand right now, if you have a Huawei handset, the US Commerce Department has given them a 90-day reprieve on all of their hardware patches, and software and licenses. So, for 90 days, they can send updates, patch phones that people have purchased and can get everything they need, but when that window closes, Huawei won't be able to get any more updates from Google Android for security and other things.  Huawei is scrambling, maybe to have their little version of Android because it's open source, but it gets very complicated. Intel, Qualcomm Broadcom, they all make chips, they have all pulled out of Huawei. If you have a Huawei phone, you have 90 days to get all your stuff together get patches and maybe to a new operating system. I would recommend if you have Huawei, it might be time to consider moving to a different hardware platform, seriously. As ride with Huawei is not going to be a fun ride.   Matt We're talking to Craig Peterson, our tech guru. He joins us at this time every Wednesday. Craig, ordinarily I'd let you go. But I do have one question for you that I would like to get your perspective on if possible. On Drudge right now, the headline is about rare earth materials. This one isn't on your list of stuff. However, I know that you know that rare-earth materials make up most of our circuits and cell phones.  There's a lot of elements that are necessary for the production of smartphones, electronics in general, right. And virtually all of them come from China. It is not essential because there are places in America where we could do it. There's a, you know, a couple of great places in California, which would be fantastic if they allowed us to use them and we could and dig into the earth. But we don't do that, and we get them mostly from China. And now China due to the trade of dispute between the United States and China,  China is now threatening to slap either tariff or restrict our use rare-earth materials as leverage in the trade war against the United States. Since we're so dependent on it. So, thoughts on that? I mean, you have an entire country, addicted to technology and their smartphones and all these things. And you have a single country, which is a current trade adversary that controlling all of the elements necessary for the production of those things. It seems like a recipe for disaster. Don't you think?   Craig It sounds like it. The last numbers, I saw, show that China has been providing something like 97 percent.   Matt Yep   Craig Yeah of some of these rare earth materials that are used in the manufacturing these electronics. Here's how I've been looking at this because I have been following it. We've got, obviously a bit of a trade war going on. There been a lot of people for years who've been concerned about China, buying up some of these rare-earth plants around the world. We're not that worried in the electronics industry about it, because as you pointed out, we have our own,   Matt Really?   Craig Well, in the short term, there is going to be a hit, no question. But we have our own. Also, on top of that remember much of it, look at the uranium one deal, that uranium is coming from the United States. And ultimately, if we need to gain access to some of the rare-earth materials that are here in the US or, or are in the ground and mined by some of our partners worldwide, all we have to do is call China and say get lost. We don't care if you own it on paper, we are grabbing control of it. And that's what the talk in the industry is right now. That we will use eminent domain to grab back resources in our country and friendly countries to gain access to it because it is critical for both military and civilian use, like our cell phones and computers and the manufacturing of them. Also, there are alternative ways to do some of this manufacturing. And the big one. Number one is it it's so cheap to buy these rare-earth materials from China, we don't even bother recycling most of our gear. And much of the rarer stuff that we need can be recovered from existing electronics. So, that's another angle that we can use to protect ourselves.   Ken Craig Peterson, our tech guru joins us every Wednesday 730. Craig will talk to you next Wednesday. Craig Hey, take care, gentlemen.   Matt   Bye-bye. All right. Thanks a lot,   Craig So, with that, hey, I am going to be making some changes to this podcast. And I hope they're going to be what you guys want to hear. It's going to be a little bit more security focused and a little less of the interviews because I've found that, you know, often I end up talking about the same essential topics on all three different radio stations. So, I'm at the very least,  think I'll do cut it up so that we have the best of the three on the individual topics. I haven't decided yet, and we might have me going through each of the issues individually and not even include a whole bunch from these different radio stations. Anyways, as always let me know what you think text me@craigpeterson.com. I've got to throw this out. My heart goes out to everybody in the Midwest and elsewhere. Tornadoes or other natural disasters have hit them. It's been quite a week, two weeks. I blame it on the Canadians. Okay, Canadians listening. Sorry about that. But anyhow, it is the cold air that's a problem. We have so much cold air that's hitting this warm, moist air that's come up from the Gulf from the south. And that is responsible for causing these storms this year, according to the meteorologists and that makes sense, right? That's what you need for a storm, a cold front hitting a warm front. And the fact that we have such cooling going none from some of this cold air coming from the north and hitting this hot and moist Southern air. It's creating a lot of tornadoes this year. So my heart and prayer go out to everybody impacted. Take care of everybody, and we will be back on Saturday. Bye-bye. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553  

#21 - ZombieLoad, New Vulnerabilities from SandboxEscaper, and WhatsApp 0-Day. by FortiGuard Labs

It’s been a busy couple of weeks in the news including ZombieLoad and the Huawei debacle, and Joe tries to convince himself that 32-bit x86 Linux isn’t dead.   News Plasma 5.16 – Wireguard GUI in NM & Wayland Remote Desktop & KItinerary continues & Elisa 0.4 Released Xfce 4.14pre1 released! Google pulls Huawei’s Android... Read More

It’s been a busy couple of weeks in the news including ZombieLoad and the Huawei debacle, and Joe tries to convince himself that 32-bit x86 Linux isn’t dead.   News Plasma 5.16 – Wireguard GUI in NM & Wayland Remote Desktop & KItinerary continues & Elisa 0.4 Released Xfce 4.14pre1 released! Google pulls Huawei’s Android... Read More

HN02 we report on the latest Zomebieload, Fallout, and RIDL attacks that affect intel processors. We also go over the stackoverflow hack, and Forbes is infected with magecart malware. Show notes can be found at https://www.exploitbrokers.com/podcasts/HN02

Techpodcastfestival 2.0 op zaterdag 22 juni in De Balie in Amsterdam Follow-up Bert Aerts stuurde ons via de Slack een link naar een Radiolab aflevering waarin wordt uitgelegd hoe bomen met elkaar communiceren. Koogeek Smart Door and Window Sensor, blijkbaar enkel te vinden bij AliExpress? Het is niet altijd een goed idee om dit soort dingen via AliExpress te bestellen… Eind juni verschijnt er een pc-versie van Heavy Rain. Onderwerpen Beveiligingslekken in Intel CPU’s. Is dit het einde van Hyper-Threading? Het lek heeft ondertussen al een creatieve naam: Zombieload en een blogpost die in wat meer detail gaat. Huawei or the highway, kopt The Verge. “Op vraag van het Amerikaanse ministerie van economische zaken heeft Google met onmiddellijke ingang de banden verbroken met Chinese telecomspeler en smartphonemaker Huawei.”, de korte samenvatting van Datanews. Microsoft verwijdert Huawei hardware uit hun online winkel. NXP stopt deels met leveren van een deel van zijn productaanbod. KPN verwijdert Huawei uit kern van 5G netwerk. Tips Maarten: Tante Jos, over de Nederlandse verzetsstrijdster Jos Gemmeke Toon: Typora Ruurd: Chunky en Regenmelding Steven: Beyond the Tablet: Seven Years of iPad as My Main Computer Aftershow Game of Thrones spin-offs

The week started out with a bang, or several of them really. Remember Meltdown and Spectre, the vulnerabilities that affected basically every Intel processor from the last decade? There's a related attack called ZombieLoad—yes, ZombieLoad—with similarly broad and bad impact. Serious stuff! But honestly not even the worst disclosure of the week. That distinction probably goes to Cisco.

В 210 выпуске BeardyCast Андрей и Антон обсудили возможное будущее Huawei и свежеанонсированный OnePlus 7 Pro, подвели итог под «Игрой престолов» (без спойлеров) и поделились впечатлениями от фильма «Холодная война». 00:00:00 ⋅⋅⋅ Вступление 00:00:41 ⋅⋅⋅ Huawei без сервисов Google 00:12:25 ⋅⋅⋅ Уязвимость ZombieLoad в процессорах Intel 00:20:27 ⋅⋅⋅ Складной компьютер Lenovo 00:24:04 ⋅⋅⋅ OnePlus 7 Pro и OnePlus 7 00:42:01 ⋅⋅⋅ Pixel 3a и Pixel 3a XL спонтанно выключаются. Помогает перезагрузка 00:46:27 ⋅⋅⋅ «Игра престолов» 00:55:26 ⋅⋅⋅ Сериал «Чернобыль» 01:00:16 ⋅⋅⋅ Фильм «Холодная война» 01:02:00 ⋅⋅⋅ Заключение и прощание   → Почта editor@beardycast.com → Patreon Patreon → Наши подкасты The Big Beard Theory | BeardyBuilding | Похоже, я фотограф | Батина Консоль | Специальный подкаст ИНВИТРО → Соцсети @BeardyShow | @BeardyTheory | Telegram

Hoy hablamos sobre el impacto mundial que pueden tener las restricciones del gobierno de los EEUU a Huawei. También, te desmentimos algunos rumores en torno a ZombieLoad, le decimos adios a Game Of Thrones y mucho más!

On this episode of This Week in Linux, we’ll check out some Distro News from Peppermint OS, ArcoLinux, LuneOS & IPFire. We got a couple apps to talking about like Nextclou0…d and a new Wallpaper tool that has quite a bit of potential. We’ll take a look at what is to come with the next… Read more

After Intel on Tuesday revealed a new class of speculative execution vulnerabilities, which impact all its modern CPUs, the researcher who was part of the team that discovered one of these flaws is sounding off on the disclosure process behind it. The speculative execution flaw, ZombieLoad, is an attack related to CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That's because this attack leaks the most data – attackers are able to siphon data from system applications, operating system and virtual machines.  ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including Meltdown). Gruss talks about how the team first discovered the attack.

in den Medien aktuell häufig zu lesen/hören/... doch was macht Zombieload überhaupt? Dies erkläre ich euch kurz und knackig in der aktuellen Folge

in den Medien aktuell häufig zu lesen/hören/... doch was macht Zombieload überhaupt? Dies erkläre ich euch kurz und knackig in der aktuellen Folge

ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway.

ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway. Plus the impact of Google suspending business with Huawei, the recent ChromeOS feature silently dropped, and more.

ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway.

ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway. Plus the impact of Google suspending business with Huawei, the recent ChromeOS feature silently dropped, and more.

ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway.

ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway. Plus the impact of Google suspending business with Huawei, the recent ChromeOS feature silently dropped, and more.

This week we look at updates to cover the latest Intel CPU vulnerabilities (MDS - aka RIDL, Fallout, ZombieLoad), plus other vulnerabilies in PostgreSQL, ISC DHCP, Samba and more, whilst special guest this week is Seth Arnold from the Ubuntu Security Team to talk Main Inclusion Review code audits.

Pierre und Marius reden über ZombieLoad, EuGH Urteil zur Arbeitszeiterfassung, WhatsApp Hack, Google Titan Security Keys, Angriff auf TeamViewer und vieles mehr!

This week, Amazon's new robots can replace its warehouse workers, San Francisco bans facial recognition, spyware in your systems right now (and how to fix it), new stuff from Google's I/O web developer conference, and much more.  Headlines Exclusive: Amazon rolls out machines that pack orders and replace jobs San Francisco Bans Facial Recognition Technology Silicon Valley will soon get its own stock exchange Update WhatsApp now to avoid spyware installation from a single missed call Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws Audible Book of the Week Future Histories: What Ada Lovelace, Tom Paine, and the Paris Commune Can Teach Us About Digital Technology By Lizzie O'Shea Sign up at AudibleTrial.com/TheDrillDown Music Break: We Are Never Ever Getting Back Together by Taylor Swift Hot Topics Supreme Court deals Apple major setback in App Store antitrust case It's Time to Break Up Facebook Chris Hughes's Call to Break Up Facebook: 5 Takeaways Breaking Up Facebook Is Not the Answer Zuckerberg says breaking up Facebook “isn't going to help” Music Break: Let's Stay Together  by Al Green Final Word The 8 biggest announcements from the Google I/O 2019 keynote The Drill Down Video of the Week Google I/O 2019 event in 13 minutes Subscribe! The Drill Down on iTunes (Subscribe now!) Add us on Stitcher! The Drill Down on Facebook The Drill Down on Twitter Geeks Of Doom's The Drill Down is a roundtable-style audio podcast where we discuss the most important issues of the week, in tech and on the web and how they affect us all. Hosts are Geeks of Doom contributor Andrew Sorcini (Mr. BabyMan), marketing research analyst Dwayne De Freitas, and Vudu product manager Tosin Onafowokan.

William is back to talk with Victor all about Zombieload, Intel, and the road to 5G.

This week was filled with flaws, flaws and more flaws: From a zero-day under active exploit in the WhatsApp messaging app, to Patch Tuesday glitches addressed by Microsoft. Threatpost breaks down the top vulnerabilities of the week, including: A WhatsApp zero-day vulnerability being exploited in targeted spyware attacks Several Cisco vulnerabilities, including a critical remote code-execution (RCE) vulnerabilities in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager; and an unpatched, high-severity Secure Boot flaw that was disclosed on Monday A new class of speculative execution vulnerabilities in all modern Intel CPUs, dubbed Microarchitectural Data Sampling (MDS) A Microsoft patch released on Patch Tuesdayfor an elevation-of-privileges vulnerability rated important, which is being exploited in the wild Apple rolling out 173 patchesin various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch.  

It's been a busy week for security vulnerabilities. ZombieLoad affects all recent Intel processors, and Apple has issued a fix for it. A serious WhatsApp vulnerability made the evening news because it was so dangerous. And Google and Microsoft had a few issues as well. WhatsApp exploit let attackers install government-grade spyware on phones (https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/) Facebook's brief explanation of the WhatsApp vulnerability (https://www.facebook.com/security/advisories/cve-2019-3568) You probably weren’t a target of the WhatsApp surveillance hack (https://techcrunch.com/2019/05/14/whatsapp-vulnerability-risk/) Buffer overflow (Wikipedia) (https://en.wikipedia.org/wiki/Buffer_overflow) Remote code execution, or arbitrary code execution (Wikipedia) (https://en.wikipedia.org/wiki/Arbitrary_code_execution) Secure Real-time Transport Protocol (Wikipedia) (https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol) Microsoft Issues Urgent Fix For Windows In First XP Patch Since WannaCry (https://www.forbes.com/sites/kateoflahertyuk/2019/05/15/microsoft-issues-urgent-fix-for-windows-in-first-xp-patch-since-wannacry/) Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered (https://www.theregister.co.uk/2019/05/15/google_titan_bluetooth_key_security_flaw/) Apple security updates (https://support.apple.com/en-us/HT201222) Episode 13: Is My Computer's CPU Secure? (discussion of Meltdown and Spectre) Additional mitigations for speculative execution vulnerabilities in Intel CPUs (https://support.apple.com/en-gb/HT210107) How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities (https://support.apple.com/en-gb/HT210108) SGX enclaves (https://software.intel.com/en-us/blogs/2016/06/06/overview-of-intel-software-guard-extension-enclave) CPUSetter (https://www.whatroute.net/cpusetter.html) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.

Pixel 3a: Is this the best camera phone you can buy for $400??? Zombieload attacks Intel CPUs. “It’s 2019. Do I really need to run Antivirus???” (Yes.) Travel gear upgrade: new cables mean faster charging! We have a lot to learn about Linux Gaming! All that and more in TekThing episode 229 with Patrick Norton and Shannon Morse! All the shownotes and links for episode 229!

Hier werden Sie „kurz informiert“ mit Isabel Grünewald Neue Sicherheitslücken in Intel-Prozessoren Nach Spectre und Meltdown kommt der neue Seitenkanalangriff ZombieLoad, der die Abschottung der Speicherbereiche gleichzeitig laufender Prozesse überwindet. ZombieLoad-Malware kann Daten anderer Prozesse auslesen, selbst wenn diese in einer anderen virtuellen Maschine laufen. Vorbedingung ist allerdings, dass sowohl Malware als auch Angriffsziel auf demselben Prozessorkern laufen. Während die jüngsten Intel-Prozessoren vor ZombieLoad bereits geschützt sind, gibt es für ältere Microcode-Updates. Auch Betriebssysteme und Hypervisoren brauchen Patches. Christchurch Call soll Kampf gegen Online-Extremismus beflügeln Mehrere Regierungen und Konzerne haben in Paris den Christchurch Call unterzeichnet, eine unverbindliche Erklärung zum Kampf gegen Extremismus im Netz. Die USA fielen durch Abwesenheit auf. Der Christchurch Call ist eine Reaktion auf den Livestream der Ermordung von 51 Muslimen in der neuseeländischen Stadt Christchurch durch einen Einzeltäter. Die Unterzeichnenden wollen die Wurzeln von Terror und gewalttätigem Extremismus angehen: Durch Bildung und Kampf gegen Ungleichstellung sollen die Gesellschaften inklusiver und widerstandsfähiger werden. Medien sollen zur Einhaltung ethischer Standards ermuntert werden. Microsoft Paint mit neuen Tastaturkurzbefehlen Das Urgestein MS Paint ist doch nicht tot. Nun bekommt die Software sogar neue Funktionen, kleine nur, aber immerhin. Einige neue Eingabe-Funktionen sollen für mehr Barrierefreiheit sorgen. So lässt sich Paint künftig auch ausschließlich mit der Tastatur bedienen. Dadurch können auch körperlich eingeschränkte Nutzer, die keine Maus verwenden können, mit Paint Spaß haben. Trump verbietet Telekomgeschäfte mit Firmen "gegnerischer" Staaten US-Präsident Trump hat den Nationalen Notstand hinsichtlich der Telekommunikation ausgerufen. Die Maßnahmen richten sich gegen Huawei. Das US-Handelsministerium erklärte, dass es ausreichend Anlass zu der Annahme gebe, Huaweis Aktivitäten liefen den nationalen Sicherheitsinteressen oder außenpolitischen Interessen der USA zuwider. Wer US-Technik an Huawei verkaufen oder transferieren wolle, müsse dafür künftig eine Lizenz erwerben. Diese könne verweigert werden, wenn nationale Sicherheitsinteressen berührt seien. Diese und weitere aktuelle Nachrichten finden Sie ausführlich auf heise.de

Richard Stroffolino and Tom Hollingsworth are discuss the IT news of the week on the Gestalt IT Rundown. They talked about a major Cisco security vulnerability, an interesting acquisition by VMware, and why 2019 is the year of Linux on Linux on the Desktop. New Friendly Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/

Comente o episódio em 15 de maio de 2019 (http://cocatech.com.br/15-de-maio-de-2019) ZombieLoad, Pégasus, NuPoupança e muito mais. Mais dicas de explodir o cérebro? Sim, Eu Quero Explodir Meu Cérebro. Assine no YouTube:

There’s a new major chip flaw called ZombieLoad, the major tech companies sign on to the so-called Christchurch Call to Action, San Francisco bans facial recognition tech, is Google effectively deprecating search, and did Beyonce make $300M on Uber? Sponsors: Tech.FidelityCareers.com WeWorkRemotely.com Links: New secret-spilling flaw affects almost every Intel chip since 2011 (TechCrunch) Facebook changes livestream rules after New Zealand shooting (CNN) White House declines to back Christchurch call to stamp out online extremism amid free speech concerns (Washington Post) San Francisco passes city government ban on facial recognition tech (TechCrunch) Google’s combining all its travel planning features under a site called Trips (The Verge) New native Discovery ad campaigns from Google monetize Discover feed for first time (Search Engine Land) Beyoncé Is Going To Make Bank From Uber Going Public (Yahoo Finance)

This week, several separate teams of researchers disclosed new speculative execution attacks against Intel processors. Dennis Fisher spoke with Daniel Gruss of TU Graz in Austria, one of the researchers who developed the Zombieload attack and helped work on some of the others, as well.