Archive

Posts Tagged ‘server’

OpenSSL forked into LibreSSL

OpenSSL forked into LibreSSL

The Heartbleed vulnerability has shone a light on the OpenSSL project, and OpenBSD developers have discovered enough flaws in its code to justify the creation of a fixed fork dubbed LibreSSL.


The OpenBSD project has announced the inevitible outcome of its recent deep-dive into the OpenSSL source code: a full fork of the project, dubbed LibreSSL, to feature a significantly improved codebase.

The OpenSSL cryptographic library made unfortunate headlines earlier this month due to the Heartbleed vulnerability, a nasty bug caused by incautious coding that allowed an attacker to steal memory contents – including, but not limited to, usernames, passwords, and even the entire private key – from any server using the software. With an estimated two-thirds of all webservers using OpenSSL for encryption, that’s a significant target base – and the attack, before it became known to the public, left no trace on the host machine.

OpenSSL is an open source project, meaning anyone can download, examine and modify the source code that drives it. In theory, fans of the open methodology claim, this leads to improved code quality and security – the ‘many-eyes’ theory. In practice, it appears, when an open source project reaches a certain size, individual contributors can become the sole controller of particular sub-sections – with the result that their code goes unchecked by their peers.

OpenBSD is, as the name suggests, an open-source port of the BSD operating system. Designed for maximum security, the project was hit by the Heartbleed bug and vowed to examine the OpenSSL source code more closely in the future. The result has been the exposure of numerous terrifying kludges and bugs in the code – which, it must be remembered, stilldrives two-thirds of the web – in what has been dubbed the OpenSSL Valhalla Rampage. Having found everything from ‘temporary’ compatibility code reaching back more than a decade to a kludge which uses the server’s private key as entropy for the random number generator – potentially exposing the entire private key to any plug-in RNG used on the system, a major security hole – the OpenBSD researchers have reached a conclusion: OpenSSL can’t be trusted.

The result: LibreSSL, a fork of OpenSSL which benefits from the changes made by the OpenBSD project. Announced on a particularly spartan website – ‘donate now to stop the Comic Sans and Blink Tags,‘ its creators exhort visitors – the LibreSSL project will become the default cryptographic library for the OpenBSD 5.6 release. Initially, that will be the only supported operating ssytem; once the codebase has been cleaned of extant bugs and rewritten to improve maintainability and a source of funding secured, LibreSSL will be extended to additional operating systems.

Whether LibreSSL will improve security overall or simply divert resources that could be better used improving the cross-platform OpenSSL directly remains to be seen.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/c2mpS-eB70E/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/7-vIBBtwMLg/

AMD investors positive despite $20M quarterly loss

AMD investors positive despite $20M quarterly loss

AMD’s Q1 2014 financial report shows a drop back into the red with a $20M loss, although investors seem bullish on the company’s future.


AMD’s most recent earnings report has investors impressed, with the company’s stock price rising almost 12 per cent on news of $1.4 billion in sales – despite an overall loss of $20 million for the first quarter of its financial year.

AMD’s quarterly earnings call this week announced $1.4 billion in revenue for Q1 2014, an impressive rise of 28 per cent year-on-year at a time when the global PC market is continuing to shrink – albeit slower than previously. While the quarter-on-quarter shrinkage of 12 per cent might seem like bad news, that’s comparing heavier sales in the run-up to Christmas to the post-Christmas slump; a sequential dip at this time is always to be expected.

A gross profit margin of just 35 per cent, indicative of AMD’s push towards the lower end of the market in CPUs and strong competition from rival Nvidia in GPUs, led to overall operating income of $49 million for the quarter; not enough, sadly, to prevent a loss of $20 million overall. With AMD ending the last quarter on an $89 million profit, that’s a blow – although one significantly less strong than the whopping $146 million loss the company made in the same quarter last year.

AMD continued our momentum by building on the solid foundation we set in the second half of 2013, further transforming the company,‘ claimed AMD president and chief executive Rory Read during the call with press, investors and analysts. ‘Backed by our powerful x86 processor cores and hands-down best graphics experiences, we achieved 28 percent revenue growth from the year-ago quarter. We are well positioned to continue to grow profitably as we diversify our business and enable our customers to drive change and win.

The company’s results show that the PC market slump, while slowing, is continuing to have an impact: AMD’s Computing Solutions business unit’s revenue dropped eight per cent quarter-on-quarter and 12 per cent year-on-year, due to a drop in shipments. Its operating loss, however, was a mere $3 million; down from $7 million last quarter and a painful $39 million in the same quarter last year.

AMD’s Graphics and Visual Solutions business unit is the most interesting story, however: a 15 per cent drop in sequential shipments has been more than offset by an impressive 118 per cent increase year-on-year, attributed to the company’s deals to put semi-custom system-on-chip (SoC) processors in the Microsoft Xbox One and Sony PlayStation 4 consoles. Overall, the division made a $91 million profit for the year, down from $121 million last quarter when Microsoft and Sony purchased their console chips but up from just $16 million in the same quarter last year.

During the conference call, AMD’s Lisa Su, general manager of global business units, confirmed that the company is still in the design stages of a new semiconductor process node. ‘We are 28 [nanometre] this year, we have 20 nanometre in design, and then FinFET thereafter,‘ she claimed in response to an analyst query – suggesting that 20nm parts won’t be available in quantity until 2015 at the earliest, with the 3D FinFET transistor move – designed to compete with Intel’s Tri-Gate Transistor technology – likely to come the year after.

Su also had positive things to say about AMD’s foray into the low-power server market with Cambridge-based ARM’s IP. ‘There’s been a lot of customer interest around Seattle [chips], so certainly for the server guys, the hyper-scale guys and then even some adjacent markets, there’s good customer interest, claimed Su. ‘I’ll say the interest in the platform is quite high and it’s a major milestone for us to introduce our first 64-bit ARM chip into the market.

What we’re doing here is identifying this opportunity long before it has taken place,‘ added Read, ‘and we’re catching it just as the way it is forming. That’s the kind of innovation leadership that we really want to go after. This is going to be an important market over the next three, five years, and we have an opportunity to truly lead in this ARM server ecosystem, and take advantage of our ambidextrous capability. This is spot-on in the strategy.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/mkBO1nkbUQs/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/gs9ezcMdsTg/

Microsoft reissues Windows 8.1 Update 1 via WSUS

Microsoft reissues Windows 8.1 Update 1 via WSUS

Microsoft has resolved the issue with rolling Windows 8.1 Update 1 out via WSUS and appeased customers with a new 120-day grace period, but home users are still facing the 13th of May deadline.


Microsoft has reissued its Windows 8.1 Update 1 patch for Windows Server Update Services (WSUS) users, having resolved a flaw that would prevent client systems from installing future updates.

A mandatory install for all Windows 8.1 users – those without Update 1 will be blocked from downloading security and bug-fix updates starting with next month’s Patch Tuesday on the 13th of May – the update has been the source of more than a little heartache for Microsoft’s customers. As well as the flaw that saw it pulled from WSUS shortly after release, users have reported numerous issues installing the patch and further flaws once the software is installed.

The cause of the WSUS flaw has been isolated, at least, and Microsoft has officially rereleased the update for corporate customers. ‘This means that you can now easily deploy these updates to the computers or servers you manage,‘ explained Microsoft’s Brendan LeBlanc in the company’s announcement. ‘For computers and servers that have already installed these updates, note that Windows Update will re-offer them but it will only install the portion of the update that addresses the fix. Other portions of the update which users have already downloaded and installed will not be downloaded or installed a second time.

Having perhaps recognised that the rollout of the first major update to Windows 8.1, and a mandatory one at that, hasn’t gone smoothly, LeBlanc also announced a new grace period to win over corporate customers. ‘We’ve decided to extend the timeframe for enterprise customers to deploy these new product updates from 30 to 120 days,‘ LeBlanc explained. ‘In order to receive future updates, all customers managing updates using WSUS, Windows Intune, or System Center Configuration Manager have until August 12th to apply the new updates. For those that decide to defer installation, separate security updates will be published during the 120-day window.

For home users, however, the extended deadline does not apply: anyone outside a WSUS-controlled corporate network who has not installed Windows 8.1 Update 1 by the 13th of May will not be able to download updates until Update 1 is installed.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/tEF1WPK6q2I/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/kT70d-AVC9A/

Intel Q1 financials show data centre growth

Intel Q1 financials show data centre growth

Intel’s Q1 2014 results slightly exceeded analysts’ expectations, but the company’s mobile arm is suffering a significant drop in revenue.


Intel has released its financials for the first quarter of 2014, and things are looking good with better-than-expected results despite its continued struggles to break into the mobile arena and a still-shrinking desktop market.

The company’s official figures for the quarter show $12.8 billion in revenue, exactly matching analysts’ expectations, with a gross profit margin of 59.7 per cent for a total earnings per share of $0.38 – above the $0.37 average expected by analysts. $3.1 billion of this came from the Data Centre Group, responsible for server and high-performance computing (HPC) products, which enjoyed a bumper 11 per cent boost in revenue over the same period last year; the PC Client Group, which targets the still-shrinking PC market, brought in the lion’s share at $7.9 billion, a one per cent drop compared to Q1 2013.

In the first quarter we saw solid growth in the data centre, signs of improvement in the PC business, and we shipped five million tablet processors, making strong progress on our goal of 40 million tablets for 2014,‘ claimed Intel’s chief executive Brian Krzanich during the company’s earnings call. ‘Additionally, we demonstrated our further commitment to grow in the enterprise with a strategic technology and business collaboration with Cloudera, we introduced our second-generation LTE platform with CAT6 and other advanced features, and we shipped our first Quark products for the Internet of Things.

Other highlights include a 10 per cent quarter-on-quarter drop in revenue for the Internet of Things Group which ended the quarter with $482 million in revenue, still an 11 per cent improvement over the same period last year thanks largely to new low-power Atom and Quark processor products. The company’s Mobile and Communications Group, responsible for smartphone and tablet oriented chips, was by far the biggest loser: with just $156 million in revenue, its income was down 52 per cent quarter-on-quarter and a massive 61 per cent compared to Q1 2013.

Investors seem pleased with Intel’s performance in the quarter, with the company’s share price rising 1.08 per cent in pre-market trading to $27.06, still short of its recent April 2012 high of $28.38.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/wmuy1iLfscs/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/6I9NMbCFm50/

LaCie customers hit by data breach

LaCie customers hit by data breach

Storage specialist LaCie has warned customers of a data breach which has resulted in ne’er-do-wells making off with usernames, passwords and credit card details.


Storage specialist LaCie has warned customers of a major data breach that may have compromised their personal data used for purchases between March 2013 and 2014.

The hole in the company’s servers is not, it has been quick to reassure customers, indicative of the security of its storage products in general; no customer data stored on the company’s cloud services or network-connected storage devices is thought to be involved in the breach. Rather, the attack targeted the company’s ecommerce system, making off with transaction information for purchases made in the last year.

On March 19, 2014, the FBI informed LaCie that it found indications that an unauthorised person used malware to gain access to information from customer transactions that were made through LaCie’s website,‘ the company explained to customers in a statement made nearly a month after it was alerted to the breach. ‘We believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorised person may include customers’ names, addresses, email addresses, and payment card numbers and card expiration dates. Customers’ LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords.

LaCie has not confirmed how the data was stored; while credit card information should be encrypted, password are better stored as salted one-way hashes which become much harder for an attacker to crack. Either way, those with LaCie accounts are advised to change their passwords, both on the LaCie service itself and anywhere else where the same or similar password was used, and to keep a close eye on their credit card statements for unauthorised activity.

As a precaution, we have temporarily disabled the ecommerce portion of the LaCie website while we transition to a provider that specialises in secure payment processing services,‘ the company added. ‘We will resume accepting online orders once we have completed the transition.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/kUdHLE5Wj1A/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/TCFYdO3oknA/

Windows 8.1 Update 1 installation problems continue

Windows 8.1 Update 1 installation problems continue

Microsoft’s Windows 8.1 Update 1, a mandatory patch for future security updates, is proving a pain for some users who are unable to install it on their systems despite recent patches.


Microsoft is continuing to address problems with Windows 8.1 Update 1, its first major update to the operating system formerly known as Windows Blue and a mandatory install for anyone who wants to continue to receive security updates in the future.

Released earlier this month, Windows 8.1 Update 1 introduces a number of tweaks and improvements to Microsoft’s flagship OS including user experience enhancements for those who eschew touch-screen interfaces in favour of the traditional keyboard and mouse. While the biggest of these improvements, the reintroduction of the Start Menu which was removed in Windows 7 after its introduction way back in Windows NT 4.0, has been held back for a future release the mandatory nature of Windows 8.1 Update 1 makes it quite literally a must-install for Windows 8.1 users.

Sadly, all is not well with the update. Last week Microsoft was forced to pull the update from WSUS following reports that it would prevent the installation of future updates for corporate users. Now, the company is working to patch additional issues with the update – some of which prevent its installation altogether.

One bug, which presents the error code 0x800f081f during installation, has already seen a patch released on Windows Update; a second patch has been provided for users who are finding that installing Windows 8.1 Update 1 prevents Internet Information Services (IIS), Microsoft’s web server package, from being uninstalled at any time.

Despite these patches, problems with the update still remain. Many users are taking to the Microsoft support forums to claim that, despite the updated patch being released to Windows Update, Windows 8.1 Update 1 still fails to install. A work-around suggested in the forums has been noted by some to improve matters, removing a damaged version of the package so a fresh copy can be downloaded, but others report that the process makes no difference to their systems.

With Microsoft planning on enforcing installation of Windows 8.1 Update 1 by refusing security updates to anyone still on plain old Windows 8.1 starting on the next Patch Tuesday in May, the race is on for the company to fix the flaws and get the update rolled out to all its customers.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/As3OtmNiUio/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/2iThaWdH3Jo/

Microsoft pulls Windows 8.1 Update 1 from WSUS

Microsoft pulls Windows 8.1 Update 1 from WSUS

Microsoft’s Windows 8.1 Update 1, a required update for future security fixes, has been pulled from its corporate WSUS distribution service following the discovery of an update-blocking flaw.


Microsoft has withdrawn Windows 8.1 Update 1 from its Windows Server Update Services (WSUS) platform over reports that it causes client systems to ignore future patches, even as it warns that machines without the update will be left behind at the end of the month.

A major update for Windows 8.1, previously codenamed Windows Blue, Windows 8.1 Update 1 adds a number of enhancements and improvements to Microsoft’s flagship operating system. Many of these address criticisms regarding the user experience, which many still claim is weaker than Windows 7 when used on a device without a touch-screen display. Although some enhancements are being held back for future release – in particular the reintroduction of the Start Menu, dropped in Windows 8 in favour of the tile-based Start Screen – it’s considered a major update for the platform.

It’s major enough, in fact, that Microsoft is mandating its installation: computers running Windows 8.1 without Update 1, the company has advised, will cease receiving updates at the end of the month – including critical security updates. Those who want to remain protected, then, are gently encouraged to make sure that the update has been installed before the month is out.

That’s easier said than done for corporate customers, however: Microsoft has pulled the update from its WSUS platform, which allows for distribution of approved software patches within an internal network, following reports of a serious flaw. When installed on a Windows 8.1 system, the computer loses the ability to check the WSUS server for future updates.

Although the flaw only affects servers running encrypted HTTPS connections, which is not the default, but with the latest TLS 1.2 functionality disabled, which is the default, the flaw is serious enough for the update to be removed from distribution. Although it will still be available through Windows Update for home users, WSUS administrators are asked to wait for an updated version to be released; those who have already deployed the flawed update can either enable TLS 1.2 if running WSUS on Windows Server 2008 R2 or disable HTTPS altogether if running on any other platform.

Microsoft has not offered a date for the patch’s rerelease.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/fXtN_8XCmhE/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/nLH_p3IfWDA/

Synology DS214SE NAS Box Review

Synology DS214SE NAS Box Review

Manufacturer: Synology
UK Price (as reviewed): £119.98 (inc VAT)
US Price as reviewed): $154.99 (ex Tax)

If you want an out-of-the-box solution for some enhanced network storage with a sprinkling of things such as cloud storage, file streaming and iTunes servers, then a NAS box is likely to appeal to you. There are other options, most notably HP’s Microserver and FreeNAS, both of which can be cheaper but have the downside of a relatively steep learning curve and not quite as much finesse as a high-end NAS box.

The downside for NAS boxes, then, is their price, at least as far as some of the better examples from QNAP and Synology are concerned. Basic models usually start at around £160 for the popular J-series Synology models, but the good thing is that while they were usually a bit slower than their professional-based siblings, they cost half the price and offered all the same software features.

Synology DS214SE NAS Box Review Synology DS214SE NAS Box Review
These are extensive too, so we were more than a little surprised to hear from Synology who had seen our recent TRENDnet TN-200 review and said they had something that was much cheaper than their usual offerings but still offered the bulging feature set that most competitors, the TN-200 included, lack.

Synology DS214SE NAS Box Review Synology DS214SE NAS Box Review
The DS214SE retails for just £120 – that’s cheaper than we’ve seen the DS213j in sales and a good £40 less than we normally expect to see one of the company’s budget models hit the shelves at. So what’s it lacking to come in at such a low price? It features a similar specification to the DS213j, with an 800MHz Marvell Armada 370 single-core CPU and 256MB DDR3 – both a step down from the DS213j, which has double the RAM and a slightly faster CPU.

Synology DS214SE NAS Box Review Synology DS214SE NAS Box Review
The rest of the specification is identical, though, with Synology’s trademark 92mm fan, two USB 2 ports (you still have to opt for one of the premium models to get USB 3), plus a fairly no-frills chassis with a slide-off case revealing the two 3.5in bays. The DS214SE also supports 5TB individual hard disks, bringing the total capacity to 10TB depending on your array configuration.

Specifications

  • Local connections Front: None, Rear: 2 x USB 2, LAN
  • Network connections 1 x Gigabit Ethernet
  • Storage Up to 2 x 5TB hard disk (not included)
  • Cables 1.5m Cat 5 Ethernet,
  • Cooling1 x 92mm fan
  • Features FTP server, webserver, photo server, music server, independent download (via HTTP, FTP and BitTorrent), iTunes and UPnP media sever, DLNA, print server, storage server for external USB hard disks, surveillance server
  • Dimensions (W x D x H) 100mm x 165mm x 225mm
  • Accessories None

Article source: http://feedproxy.google.com/~r/bit-tech/hardware/~3/_Cc2tvTbQ_Q/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/v3E2buA-sHI/

Web hit by OpenSSL ‘Heartbleed’ vulnerability

Web hit by OpenSSL 'Heartbleed' vulnerability

Versions of cryptographic library OpenSSL since 2012 are vulnerable to the ‘Heartbleed Bug,’ which allows an attacker to silently steal the contents of system memory.


Security researchers have released details of a serious vulnerability in the popular OpenSSL cryptographic library which exposes encrypted internet services to information disclosure attacks.

Continuing a terrible year for information security, what with the verification flaw in GnuTLS and Apple’s infamous goto fail bug, the OpenSSL project has confirmed that versions of its software since 2011 have held a serious vulnerability which has been dubbed the ‘Heartbleed Bug,’ and which can be used to read a system’s memory remotely – gathering secret keys which can then be used to decrypt previously-transmitted information.

It’s a serious flaw; OpenSSL is the standard library for driving SSL and TLS encryption in a variety of software packages and information appliances; Apache and nginx, two of the most popular server packages around accounting for an estimated 66 per cent of all web servers, use OpenSSL; the library is also commonly used in other encrypted systems such as virtual private network (VPN) appliances, point-of-sale (PoS) systems and messaging servers.

The Heartbleed Bug works by exploiting the heartbeat extension of the Transport Security Layer (TLS) protocol; attackers are able to read unlimited system memory in 64KB chunks, with exploitation leaving no trace on the system. These memory chunks can be reassembled and analysed to gather usernames, passwords, encryption keys, and other privileged information which should not be exposed to the public.

The OpenSSL project has confirmed that the code responsible for the flaw has been present in its software since 2011 and available to the public since the release of OpenSSL 1.0.1 in March 2012. Since then, the 1.0.1 branch has become widespread, shipping by default with numerous operating systems including Ubuntu Linux and OpenBSD. While the project has released a fixed version, OpenSSL 1.0.1g, this will take time to distribute – leaving servers with less proactive admins vulnerable to attack.

Ironically, those who have not upgraded in a while may be protected against the flaw: the older OpenSSL 1.0.0 and 0.9.8 branches are unaffected, having been frozen before the bug was introduced.

More details of the flaw are available at Heartbleed.com.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/KQOOD9J4GU0/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/r9yrmPjlo-0/

GlobalFoundries rumoured to be sniffing around IBM’s fabs

GlobalFoundries rumoured to be sniffing around IBM's fabs

GlobalFoundries has been named as the strongest contender in a deal to purchase IBM’s unwanted semiconductor fabrication facilities.


GlobalFoundries has been named as a possible buyer for IBM’s unwanted chip-making facilities, although a deal is not considered imminent thanks to IBM’s high asking price.

Once a subsidiary of AMD, GlobalFoundries was created in 2008 as a joint partnership btween AMD and the Advanced Technology Investment Company (ATIC). All AMD production would continue in the fabs it once owned, but AMD would pay GlobalFoundries for the privilege. In 2012, its final financial ties were severed when its spin-off agreed terms to purchase AMD’s stake outright. Since then, AMD has continued to use GlobalFoundries thanks largely to pre-signed wafer supply agreements still in place.

IBM, meanwhile, is looking to exit the fabrication business thanks to declining interest in the company’s Power architecture for mainstream products. With its fabs sold IBM would, it is claimed, look towards service provision rather than hardware sales for its profit. The news came on the back of IBM’s sale of its low-end x86 server division to Lenovo, the Chinese technology giant which also bought the rights to IBM’s consumer PC business.

The Wall Street Journal, quoting unnamed sources ‘familiar with the matter‘, claims that talks are in progress for GlobalFoundries to buy the now-unwanted IBM plants. Another company named as a bidder for the facilities is Intel, but with the company having recently opted to abandon a fully-finished fabrication plant due to a lack of demand for its capacity, GlobalFoundries is considered to be in a stronger position.

The WSJ’s sources warn that a deal is unlikely to happen imminently, however. IBM is claimed to be looking for at least $2 billion for the facilities, while bidders including GlobalFoundries and Intel have yet to offer substantially more than half that price.

Neither GlobalFoundries nor IBM have commented publicly on the claims.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/bSw-vGG_7zk/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/7GNWXiaqM-0/