Selasa, 03 September 2019

Enjoy the holiday weekend America? Well-rested? Good. Supermicro server boards can be remotely hijacked - The Register

Virtual USB hub allows attackers to get into BMCs

Tens of thousands of servers around the world are believed to be hosting a vulnerability that would allow an attacker to remotely commandeer them.

The team at Eclypsium says it has discovered a set of flaws it refers to as USBAnywhere that, when exploited, would potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of server boards: the X9, X10, and X11.

BMCs are designed to be a sort of always-on remotely accessible "computer within the computer" that allow admins to connect to a server over the network and perform critical maintenance tasks, like updating the OS or firmware.

Ideally, BMCs are locked down within the network in order to prevent access by anyone outside of the company. In some cases, larger companies even opt to use their own BMC firmware that is fine-tuned for their datacenters and applications.

In a few cases, however, those BMCs are left open to the internet and can be managed over a web interface - usually very easily since they aren't typically designed with security in mind. Here is where the vulnerabilities discovered by SuperMicro come in.

The target of the attack is the virtual media application that Supermicro uses for its BMC management console. This application allows admins to remotely mount images as USB devices, a useful tool to manage servers but also a security liability.

"This means attackers can attack the server in the same way as if they had physical access to a USB port, such as loading a new operating system image or using a keyboard and mouse to modify the server, implant malware, or even disable the device entirely," Eclypsium said.

"The combination of easy access and straightforward attack avenues can allow unsophisticated attackers to remotely attack some of an organization’s most valuable assets." The team found four different flaws within the virtual media service (on TCP port 623) of the BMC's web control interface.

They included the use of plaintext authentication and unauthenticated network traffic, as well as weak encryption and an authentication bypass flaw in the X10 and X11 platforms that allows new clients on the virtual media service to run with the old client's permissions.

Two execs in a server room. Has to have happened some time heh. Photo by Shutterstock

Can we talk about the little backdoors in data center servers, please?

READ MORE

According to Eclypsium, the easiest way to attack the virtual media flaws is to find a server with the default login or brute-force an easily guessed login. In other cases, the flaws would have to be targeted.

"If a valid administrator had used virtual media since the BMC was last powered off, the authentication bypass vulnerability would allow an attacker to connect even without the proper username and password," the report explains.

"Given that BMCs are intended to be always available, it is particularly rare for a BMC to be powered off or reset. As a result, the authentication bypass vulnerability is likely to be applicable unless the server has been physically unplugged or the building loses power."

What's worse, Eclypsium believes that tens of thousands of servers contain this vulnerability and are open to the internet. A quick Shodan search on port 623 turned up 47,339 different BMCs around the world.

Fortunately, there is a fix out. Eclypsium said it has already contacted Supermicro and the vendor has released an update to fix the vulnerabilities. Organizations are advised to contact their server vendor and make sure they are running the latest version of the BMC firmware. ®

Sponsored: Delivering on the multi-cloud dream

Let's block ads! (Why?)


https://www.theregister.co.uk/2019/09/03/supermicro_server_flaw/

2019-09-03 10:00:00Z
CBMiQGh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvLnVrLzIwMTkvMDkvMDMvc3VwZXJtaWNyb19zZXJ2ZXJfZmxhdy_SAURodHRwczovL3d3dy50aGVyZWdpc3Rlci5jby51ay9BTVAvMjAxOS8wOS8wMy9zdXBlcm1pY3JvX3NlcnZlcl9mbGF3Lw

Samsung's Galaxy A90 5G delivers specs and super-fast connectivity - Engadget

Sponsored Links

Samsung

Being expensive, finicky and hard to find, 5G is still the ultimate early adopter tech. Now, Samsung has brought that incredible speed potential within reach by launching the Galaxy A90 5G. Unlike models including the Galaxy Note 10 Plus 5G or OnePlus 7 Pro 5G, it's one of the few non-flagship 5G phones available, so it might be actually hit a reasonable price point.

It would be a stretch, however, to call the A90 5G a mid-tier phone. It's equipped with a Snapdragon 855 processor, up to 8GB of RAM, 128GB of storage and a 6.7-inch, 1080p OLED display, just like we saw from an earlier leak. It's also got a state-of-the-art triple camera setup with a 48-megapixel primary sensor, an 8-megapixel ultra-wide camera, 5-megapixel depth info sensor and 32-megapixel selfie camera. A 4,500 mAh battery should deliver long battery life, and you'll be able to charge it back up at 25W.

So, we're not looking at a doggy, middling device here, especially considering the 5G internet speeds. The Galaxy A90 5G will arrive in Korea tomorrow, and make an appearance in other countries afterwards. Samsung has yet to reveal the price, but it should be a lot less than the Galaxy Note 10+ 5G.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Let's block ads! (Why?)


https://www.engadget.com/2019/09/03/samsung-galaxy-a90-5g/

2019-09-03 08:58:53Z
52780369465419

IFA 2019: 5G, laptops, streaming news and more at Europe's biggest tech show - CNET

acer-thronos-ifa-2018-product-photos-11

Acer's Predator Thronos gaming chair captured our attention at IFA 2018

Tyler Lizenby/CNET

IFA, Europe's premiere consumer tech tradeshow, is a lot like the Consumer Electronics Show (CES) held here in the US every January. It's a massive showcase for companies to show off their latest products in front of international media and hordes of showgoers. Its official dates this year are from September 6th to the 11th, and press coverage begins on the September 4th with the first media day. 

Familiar names like Amazon, Samsung, Electrolux, LG, Lenovo, and Qualcomm will be front and center at IFA, alongside other companies perhaps less familiar to American audiences, but all contributing to the carnival-like atmosphere in Berlin. Unlike CES, IFA is open to the general public, which makes the mood more festive, with a crowd that's ready to be impressed.

What's the biggest news that will happen at IFA this year? It might be centered around mobile phones. 

The global roll-out of 5G, the next generation in cellular phone connectivity will be top-of-mind for every mobile phone company. With press conferences from Samsung, LG (who already introduced new K Series phones for the show), Sony, Huawei and, for the first time at IFA, Nokia, I would expect every manufacturer to at least pay lip service to the coming 5G shift, if they don't outright announce phones that support it. Even Deutsche Telekom, Europe's largest cell phone service provider, has a press conference slot. While most Americans won't care about the particulars of German cell phone service, the pace of global transformation to 5G will impact product development from all the core technology providers like Qualcomm (who has a press conference of its own on Friday) to the handset makers.

We're also looking for any evolution of foldable screen technology, and this week could even result in the reemergence of the Samsung Galaxy Fold. According to a leak in the South Korean press last week, Samsung is set to reintroduce the world to the foldable smartphone that needed a do-over on September 6th. That's the first day the show is open to the public, but also a day after Samsung's official IFA press conference, when it usually makes all of its news at the show. With the iPhone 11 event scheduled for the following Tuesday, September 10th, the timing is right for Samsung to steal some of Apple's thunder. The rumor also says that Samsung will only release the revamped Fold in South Korea initially, which would lessen its impact with American consumers. 

On the laptop front, Intel has a new generation of six-core laptop processors coming to market, code-named Comet Lake. You can expect laptop makers from Lenovo, Acer, and others to follow Dell, who already announced its Comet Lake-equipped XPS 13 laptop this past week. A new Chromebook line from Lenovo also emerged before the show. Personally, I'm also hoping for something similar to the $30,000 Acer Thronos gaming chair that we saw last year. Acer has the first major press conference at the show, scheduled for 4:30am ET on Wednesday, Sept 4th, so hopefully, they will kick this off with something equally ridiculous.

For TVs, usual suspects like LG or Samsung haven't tipped their hands to any IFA TV news, but perhaps more interesting than the hardware right now are the content streaming services. Roku CEO Anthony Wood will deliver one of the keynote speeches for the show on Saturday, September 7th (Huawei, Qualcomm, and Turkish appliances manufacturer Arçelik comprise the others). It seems likely that Roku will announce some kind of European expansion to its streaming services. 

Amazon might have similar news coming to Berlin. Last year, we saw the expansion of Alexa into various third party speakers, along with various gadget announcements. Amazon will have a press event at this year's show, which suggests we might get more news than the typical product showcase Amazon brings to IFA. Like Roku, though, any major Amazon announcements at IFA may be tailored to a European audience, perhaps along the lines of European service expansion.

Beyond just the day-to-day product news, you can look for CNET's team in Berlin to bring you plenty of product news too, of course, but there's a lot more to trade shows than just the next gadget, and we'll tell you about everything we can find at IFA 2019 that's worthwhile. I can't wait for you to see what we have to show you. 

Let's block ads! (Why?)


https://www.cnet.com/news/ifa-2019-5g-laptops-streaming-news-and-more-at-europes-biggest-tech-show/

2019-09-03 07:28:00Z
CAIiEHYXkat96JhuRWaSUApMEzEqEwgEKgwIACoFCAow4GowoAgwkRo

Samsung's new Galaxy A90 aims to make 5G more affordable - TechRadar

After details of the Galaxy A90 5G leaked less than 24 hours ago, Samsung has confirmed that the third of its smartphones to get the 5G treatment won't be an expensive flagship, but will instead come from its mid-range Galaxy A series.

Following the earlier Galaxy S10 5G and the Galaxy Note 10 5G, the A90 5G aims to offer the same future-ready connectivity that Samsung’s more premium handsets include, but at a much lower cost.

Although official pricing has yet to be announced at this stage, it's set to launch in Korea tomorrow (September 4, 2019) and is rumored to cost around 900,000 KRW – or about $740 (£610 / AU$1,100). Whatever the final pricing, the Galaxy A90 5G will almost certainly come in at below the Galaxy S10 5G, which carries a recommended price of $1,299 / £1,099 / AU$1,999.

With that said, the cost of the mid-range market has shifted considerably in recent years – the Samsung Galaxy A70 costs £369 in the UK (AU$649, around $445) and the Galaxy A80 will set you back £579 (around $700 / AU$1,030), which is arguably pushing into premium territory.

Considering the A90 5G will be packing a Qualcomm Snapdragon 855 – the Qualcomm's latest chipset that's found in many current Android flagships – along with a 6.7-inch FHD+ (1,080 x 2,400) AMOLED display, this handset will likely be the most expensive ‘mid-range’ phone available... if it can still even be considered for the category at all.

Samsung Galaxy A90 5G

(Image credit: Samsung)

Some other features confirmed for the A90 5G include a triple-camera array, with a 48MP primary camera alongside another two dedicated to depth-of-field tricks and ultra wide shots, respectively. 

Those are backed up by a variety of AI tools to help optimize your snaps, and a 32MP front-facing camera with a similar arsenal of selfie-improving software tricks is housed in a small notch on the front.

Samsung also promises a dedicated Game Booster mode, 6GB or 8GB of RAM, 128GB of storage (plus a microSD card slot), a 4,500mAh battery with 25W Super Fast Charging, on-screen fingerprint scanner, face recognition, and compatibility with the brand’s DeX mode.

Samsung has announced that the Galaxy A90 5G will be available in black or white from September 4 in Korea and “will expand to additional markets thereafter”. Australia is among those confirmed markets, but actual pricing and availability information was still TBC at the time of writing.

Let's block ads! (Why?)


https://www.techradar.com/news/samsungs-new-galaxy-a90-aims-to-make-5g-more-affordable

2019-09-03 06:13:00Z
52780369465419

Potential Benchmark for iPhone XR Successor Shows 4GB RAM, Moderate Performance Gains - Mac Rumors

A new Geekbench result posted this evening purportedly reveals performance data for the next-generation iPhone XR set to debut at next week's media event.

The result, spotted by forum member EugW, lists a model number of "iPhone12,1" running iOS 13.1 with a motherboard identifier of N104AP. Back in May, Bloomberg reported that the next-generation iPhone XR was internally codenamed N104, while 9to5Mac reported in July that the device would carry the model number iPhone12,1.


If legitimate, the result reveals a few details about the iPhone XR successor and its A13 chip. First, the result shows approximately 4 GB of RAM for the device, which would be an increase over the 3 GB found in the current iPhone XR and in line with predictions from noted analyst Ming-Chi Kuo. The iPhone XS and XS Max already include 4 GB of RAM, and there have not been any solid rumors suggesting their successors will see an increase.

Moving on to the A13 itself, the result indicates it continues to include six cores, presumably in an identical setup compared to the A12 with two high-performance cores and four high-efficiency cores.

The A13's high-performance cores are shown running at 2.66 GHz in today's result, compared to 2.49 GHz in the A12, leading to an approximately 12–13 percent gain in single-core performance for the A13 with a score of 5415, compared to an average 4796 for the A12 in the iPhone XR.

Interestingly, the A13's multi-core score of 11294 is nearly identical to the A12's average score of 11192, although Geekbench's developer John Poole tells us there could be some throttling due to thermal limits as similar situations have been seen with the A12 in the iPhone XS and XR, so we may have to wait for more data to see where the A13 truly tops out.

Careful observers will note oddly low figures for the L1 and L2 caches on this A13, but Poole tells us Geekbench has difficulty telling whether the cache values it reads are for the high-performance or high-efficiency cores, particularly on unreleased hardware for which the software hasn't been optimized.

While we can't confirm whether the Geekbench result is legitimate, as results certainly can be faked, all of the data appears reasonable or explainable and Poole tells us "there's nothing obviously wrong with the result."

We'll know more with the unveiling of all three of the new iPhones at Apple's media event on September 10, although Apple is unlikely to share specifics on chip speeds and RAM amounts. It won't take long, however, for additional data to surface confirming specs for the new devices.

Let's block ads! (Why?)


https://www.macrumors.com/2019/09/02/geekbench-a13-iphone-xr-2019/

2019-09-03 03:33:00Z
52780370854090

Senin, 02 September 2019

You can now waste $139 on a wooden case for your precious Apple Card - The Verge

By now you’ve probably heard that storing your fancy new Apple Card in leather risks discoloring it. That rules out carrying the card around in a traditional wallet or purse, so why not carry around a small wooden case for your card instead? That’s what Kerf is suggesting, and it’s produced a dead-tree vessel that’s meant to hold precisely one Apple Card. Prices start at $39 for a simple box made out of maple, jumping to $139 if you want a case made of “Figured Walnut” with a custom image printed on it.

There are too many exorbitant little details on this product page for a wooden box to try and list them all, but here are some of my faves:

  • Although the case is designed for the Apple Card, Kerf is kind enough to admit that it “will also work with other credit cards.” Finally, an Apple accessory with no ecosystem lock-in.
  • This case, which looks as thick as a regular multi-card holder, “holds one card only.” Kerf has a more optimistic view, however, and boasts that it’s only as thick as the company’s current iPhone cases.
  • Most companies like to talk about the years of research and development they pour into their products. Kerf brags about spending “a week looking at the smallest details” of its card case.
  • Kerf also produces a range of wooden iPhone cases, and you better believe it thinks the Apple Card case would look great alongside them.

Finally, please just imagine the look on the shop assistant’s face when it looks like you’re going to pay for lunch with an over-engineered box of fancy cigars.

The new cases are all made to order, and (probably) won’t discolor your Apple Card. Kerf says you should expect them to ship within 1-3 weeks of your order date.

Let's block ads! (Why?)


https://www.theverge.com/tldr/2019/9/2/20844377/apple-card-wooden-case-leather-discoloration

2019-09-02 12:15:18Z
CAIiEEvU-XcPsQcsg0oUFW6UnLgqFggEKg4IACoGCAow3O8nMMqOBjD38Ak

Apple AR Glasses Evidence Found in iOS 13 Code - Tom's Guide

New evidence of stereoscopic AR functionality in the latest Cupertino’s internal builds of iOS may indicate that Apple is still working on its fabled AR glasses — codenamed “Garta” — despite rumors to the contrary.

Reportedly, internal builds of iOS 13 contain an app that puts the iPhone screen into a head-mounted stereoscopic mode. The documentation, according to MacRumors, points at two modes: “worn” and “held”.

A text file in the release talks about an augmented reality shell for stereoscopic AR apps called “StarBoard” and speaks about a device codenamed “Garta”. The internal iOS 13 beta code is also packed with references to StarBoard, including strings like “ARStarBoardViewController” and “ARStarBoardSceneManager.”

So perhaps the rumors of its demise have been greatly exaggerated after all. Or maybe these are documentation and code leftovers and the glasses have been shelved for now until new AR technology comes through.

Could the Apple Glasses be previewed next week?

A report by Ming-Chi Kuo — the most reliable Apple analyst with an impeccable track record — claimed that Apple was going to start making the glasses as soon as the end of 2019, using the iPhone as its graphics processing unit rather than being a standalone product. If Kuo was right, maybe we will see a preview of the AR glasses at the September 10 event after all.

Think about it. That floating 3D translucent logo in the event invite could be a direct reference to AR objects floating in space. And since it has the same colors as the original Apple logo in the Macintosh, maybe this is a throwback reference at being as revolutionary as the original Mac was — which will tie nicely with the invite’s legend: “By innovation only.”

MORE: iPhone 11 Launches Sept. 10: What to Expect From Apple's Big Event

(Image credit: Apple)

On the other hand, a Digitimes report published in the summer claimed that Apple had cancelled the product because it didn’t have the necessary technology to make it as revolutionary as Apple was envisioning.

Incidentally, the only reference I have found for “Garta” on the internet is “a badger-like mammal native to Iraq” reported by local residents of Basra, Iraq — “its appearance is dog or badger like but with a ursine like head, short hands, 15-cm-long claws, long hair, its genitals similar to a human, and appears every nighttime where it will attack residents of Basra.” However, there’s no zoological record of such a creature. In other words: the garta is Iraq’s Big Foot. 

Maybe the Apple Glasses could be Apple fans’ own elusive legend that will never be found — at least for now. Still, I hope that at least we can see a preview of the AR glasses this month, with a launch in 2020. One can dream.

Let's block ads! (Why?)


https://www.tomsguide.com/news/apple-ar-glasses-evidence-found-in-ios-code

2019-09-02 10:54:00Z
52780368823421