AMD launches powerful new Ryzen laptop CPUs

AMD has announced its new range of mobile CPUs at CES 2019.

The new processors include AMD’s second-generation Ryzen 3000 Series mobile chips for ultrathin and gaming notebooks, Athlon 300 Series CPUs for mainstream laptops, and power-efficient A-Series chips for Chromebook devices.

The company added that users would be able to download and install its Radeon Adrenalin graphics software for compatible CPUs with integrated Radeon graphics.

AMD said its Ryzen 3000 mobile chips are the world’s fastest CPUs for ultrathin laptops, offering improved power efficiency and 4K HDR support for video playback.

The new Ryzen chips will be available in laptops from Q1 2019, with partners including Acer, ASUS, Dell, HP, Huawei, Lenovo, and Samsung – all launching Ryzen 3000-powered notebooks this year.


Ryzen 3000 Series

Below are the specifications of the new Ryzen 3000 and Athlon 300 mobile chips with integrated Vega graphics.

CPUCores/ThreadsBoost/Base ClockTDPGPU Cores
Ryzen 7 3750H 4/8 4.0GHz/2.3GHz 35W 10
Ryzen 7 3700U 4/8 4.0GHz/2.3GHz 15W 10
Ryzen 5 3550H 4/8 3.7GHz/2.1GHz 35W 8
Ryzen 5 3500U 4/8 3.7GHz/2.1GHz 15W 8
Ryzen 3 3300U 4/4 3.5GHz/2.1GHz 15W 6
Ryzen 3 3200U 2/4 3.5GHz/2.6GHz 15W 3
Athlon 300U 2/4 3.3GHz/2.4GHz 15W 3



AMD A-Series

AMD’s new A-Series mobile chips for Chromebooks feature improved web browsing and application performance, and will be implemented in Chromebooks from various manufacturers in 2019.

The specifications for these new chips are below.

CPUCores/ThreadsBoost/Base ClockTDPGPU Cores
AMD A6-9220C 2/2 2.7GHz/1.8GHz 6W 3
AMD A4-9120C 2/2 2.4GHz/1.6GHz 6W 3


AMD Client Compute senior vice president Saeid Moshkelani said that this new processor portfolio will offer improved performance in everyday tasks and compute-heavy processes across the market.

“Enabling breakthrough entertainment experiences, AMD is pleased to enable a wide range of AMD powered notebooks that deliver on those expectations with blazing fast performance, rich graphics, and long battery life,” Moshkelani said.

READ ORIGINAL ARTICLE...

Phishing e-mails, scams force NSFAS to ditch SMS

he National Student Financial Aid Scheme (NSFAS) has announced it will no longer communicate directly with students via SMS during the 2019 academic year.

The decision, said NSFAS in a statement on Thursday, was effective immediately.

The student financial aid scheme said it has also advised students to only use the myNSFAS online self-service portal to view application status or any other information relating to funding.

The move came after the scheme was over the past two weeks targeted in phishing e-mail and text message scams that aim to compromise personal .

"NSFAS identified scams in which fraudsters lure students into providing confidential information via a link to a site controlled by the attackers. The e-mail or text message scam is designed to look like it is a regular message issued by the NSFAS ," said the scheme in the statement.

NSFAS said the unidentified attackers are posing as NSFAS representatives and sending out e-mails requesting applicants and progressing students to update their account information by clicking on an embedded link.

"We would like to warn all the applicants, students and parents to be aware of these fraudsters and take extra  when dealing with their personal information online or over the phone. Any SMS messaging regarding funding received following this message will be from fraudsters and not NSFAS," the scheme said.

NSFAS administrator Dr Randall Carolissen said the scheme was seeing an increase in fraudulent activities, possibly due to the increase in the number of applications for 2019.

"We advise every student that NSFAS will never ask for your account details, password, PIN or OTP over the phone or via e-mail," he said.

"Henceforth, NSFAS will only communicate with applicants and progressing students via the myNSFAS Online Self-Service Portal or via the NSFAS Contact Centre. Call Centre Agents will ensure that suitable precautions are being taken and key security questions are asked to positively identify the person contacted and to build trust."

READ ORIGINAL ARTICLE...

Linux Servers Appear Most Affected by IPMI Enabled JungleSec Ransomware Attacks

SysAdmins, who probably already have much on their plates at the end of the holiday season, have another rather urgent task at hand if they administer servers equipped with Intelligent Platform Management Interface (IPMI) cards. It seems that since November, black hat hackers have been using the cards to gain access in order to install JungleSec ransomware that encrypts data and demands a 0.3 bitcoin payment (about $1,100 at the current rate) for the unlock key.

For the uninitiated, IPMI is a management interface that's either built into server motherboards or on add-on cards that provides management and monitoring capabilities that are independent of the system's CPU, firmware, and operating system. With it, admins can remotely manage a server to do things like power it up and down, monitor system information, access KVMs, and more. While this is useful for managing off-premises servers in colocation data centers and the like, it also offers an opening for attackers if it's not properly locked.

There's been a lot of uneven reporting on this since BleepingComputer broke the story on Dec. 26, with many sites indicating that the hack only affects Linux servers. While it's true that the majority of servers affected have been running Linux, Windows as well as Mac servers have also fallen victim. At this point it's not clear whether Linux servers appear to be most affected simply because of Linux's dominance in the server market or because attackers are finding the attack easier to successfully manage when targeting Linux machines.

There have also been reports that the exploit only takes advantage of systems using default IPMI passwords, but BleepingComputer reported it had found at least one victim that had disabled the IPMI Admin user and was still hacked by an attacker that evidently gained access by taking advantage of a vulnerability that was most likely the result of IPMI not being configured properly.

Indeed, it appears at this point that poor configuration is how attackers are gaining entry.

The good news is that securing against such attacks should be rather straightforward, starting with making sure the IPMI password isn't the default. In addition, access control lists (ACLs) should be configured to specify the IP addresses that have access the IPMI interface, and to also configure IPMI to only listen on internal IP addresses, which would limit access to admins inside the organization's system.

For Linux servers, it might be a good idea to password protect the GRUB bootloader. After gaining access to Linux servers, attackers have been rebooting into single user mode to gain root access before downloading the malicious payload. At the very least, password protecting GRUB would make reboots difficult.

READ ORIGINAL ARTICLE...

The fastest, most secure browser? Microsoft Edge apparently

Microsoft may have taken the decision to ditch the Edge's browser engine for Google's Chromium too soon.

According to the Security Council of Certificate Authorities (CASC), the current Edge browser is in fact the fastest and more secure browser on the market when it comes to identifying and blocking dodgy websites.

The CASC has put out a set of predictions for 2019 – including the claim that more than 90 per cent of the world's http traffic will be secured over SSL/TLS in 12 months' time – but also reviewed where we are in terms in security now.

And, remarkably, it is Edge, rather than Chrome or Firefox that has the, um, edge when it comes to phishing websites.

The industry group gave Edge a "protection score" of 93.6 per cent, compared with just 87.9 per cent for Chrome and 87.0 per cent for Firefox. The score was created by identifying what percentage of phishing sites each browser identified and blocked over time.

Edge succeeded in identifying 98 per cent of phishing sites and the other two just 96 per cent but the key metric was in how fast they did so – because phishers now understand that their sites will be blocked within days and so focus all their efforts into having a big impact as fast as possible.

Edge outperformed Chrome and Firefox when it came to quickly spotting and blocking: It immediately stops 89 per cent of phishing sites in their tracks; some 10 per cent higher Chrome and 12 per cent more than Firefox.

In two days, Edge had closed off 97 per cent of dodgy sites, with Chrome and Firefox trailing with 95 per cent. Even this improved performance isn't good enough though, complains CASC.

"While browser filters such as Microsoft Smart Screen and Google Safe Browsing do a good job at detecting many phishing sites… most phishing sites are set up and taken down in a matter of hours, not days, this means many thousands of users are not meaningfully protected by browser filters," it said.

Here phishy phishy

Why does this matter? Because, the CASC warns, while some aspects of browser security are getting better, it expects the number of phishing sites to rocket next year. "We predict the problem of encrypted phishing sites that imitate real websites will get significantly worse in 2019," it states.

And it has produced an interesting graph showing the number of malware versus phishing sites from 2012 through to this year. The trends are stark: while malware sites peaked at around 600,000 in 2017, the introduction of new security measures has had a significant impact over 2018, pulling them down to around 100,000. By contrast, phishing has taken off: in one year they have doubled in size from 500,000 to over one million.


"It's not too dramatic to say there has been an explosion of phishing sites using encryption to trick users," the CASC notes, flagging recent findings from another study that show phishing sites are using anonymous and free TLS certificates to circumvent security checks – at least for a time.

"This growth in encrypted phishing has primarily occurred via Domain Validated certificates," the CASC notes. "These certificates can be acquired via automation [and] are anonymous [with] no identity information required."

It's not hard to see an incentive in the CASC pointed out the phishing problem: If browsers gave its members' certificates a higher level of credibility and/or downgraded free alternatives, they would benefit immediately and companies offering free certificates would face a tougher market.

But the point is still valid: we are getting a more secure internet thanks to secure certificates and browsers put up warnings if websites don't have one, but companies offering free certificates risk undermining that improvement because they have become the focus of online criminals.

Logging

One interesting point in the report: the CASC predicts that in 2019 there will be "a major state-sponsored attack on Certificate Transparency (CT) logs causing Internet outages."


That's referencing Chrome and Safari's requirement that certificates be logged before they are trusted by the browsers. Firefox has said it will join the initiative soon. In order to smooth things, certificate authorities will "pre log" their certificates before they officially issue them so a website is trusted from day one. But the CASC warns, that makes the log a tempting target.

CT logging represents a "single point-of-failure for websites worldwide," the CASC warns, "after all, if a website can’t obtain or renew a certificate recognized as logged and therefore 'trusted' by the browsers, that website will essentially be brought down and can no longer communicate with users."

As such, a denial of service attack on the key CT logs are likely to attract "the kind of attack that a state-sponsor could launch for the purpose of shutting down major websites around the world."

CASC points out that one suspected attack happened just last month, when Google's CT logs were hit hard for over an hour. Google publishedits post-mortem on the incident this week and noted that the attack was actually the result of additional traffic generated by it migrating the logs from C++ to Trillian: something that its automated system interpreted as an attack.

Regardless, the point remains the same: CT logs could be a very effective way of disrupting the global internet. The CASC didn't offer a solution in its post. 

READ ORIGINAL ARTICLE...

Windows 10 can carry on slurping even when you're sure you yelled STOP!

Updated A feature introduced in the April 2018 Update of Windows 10 may have set off a privacy landmine within the bowels of Redmond as users have discovered that their data was still flowing into the intestines of the Windows giant, even with the thing apparently turned off.

In what is likely to be more cock-up than conspiracy, it appears that Microsoft is continuing to collect data on recent user activities even when the user has explicitly said NO, DAMMIT!

First noted in an increasingly shouty thread over on Reddit, the issue is related to Activity History, which is needed to make the much-vaunted and little-used Timeline feature work in Windows 10.

Introduced in what had previously been regarded as one of Microsoft's flakiest updates – prior to the glory of the October 2018 Update, of course – Timeline allows users to go back through apps as well as websites to get back to what they were doing at a given point.

Use a Microsoft account, and a user can view this over multiple PCs and mobile devices (as long you are signed in with that same Microsoft account). The key setting is that "Send my activity history to Microsoft" check box. Uncheck it and you'd be forgiven for thinking your activity would not be sent Redmondwards. Right?


Except, er, the slurping appears to be carrying on unabated.

The Redditors reported that if one takes a look at the Activity History in the Privacy Dashboard lurking within their account, apps and sites are still showing up.

The fellows over at How To Geek have speculated the issue may be something to do with Windows' default diagnostic setting, which is set to Full and will send back app and history unless changed to Basic. Of course, Windows Insiders have no option but to accept Full, although a bit of slurping is likely to be the least of their problems.

A thread at TenForums has also provided a guide to turning the thing off, ranging from tinkering with Group Policies through to diving headlong into the Registry. Neither are options likely to appeal to users who would expect that clearing the "Send data" box would stop data being sent.

Deliberate slurpage, or a case of poor QA and one team not talking to the other aside, it isn't a great look for Microsoft and users are muttering about potential legal action. Privacy lawyers will certainly be taking a close look – after all, the gang at Redmond are already under scrutiny for harvesting data and telemetry from lucky users of Windows 10.

Google has been on the receiving end of a sueball for slurping location data from user's phones and providing an over-complicated way to turn off the "feature".

It is all a bit of a mess and has left users unsure of what is being collected and when. We have contacted Microsoft to find out how it plans to deal with the situation (ideally before 2018's privacy bogeyman, GDPR, makes an appearance) and will update if a response is forthcoming. ®

Update 13 December 16.45UTC

Microsoft got in touch to insist it is committed to privacy and transparency, but admitted there is indeed a bit of naming problem, with "Activity History" cropping up in both Windows 10 and the Microsoft Privacy dashboard.

Marisa Rogers, Privacy Officer at the software giant, told us: "We are working to address this naming issue in a future update."

The slurpage collection is of course for your benefit and Rogers added that users have "controls to manage your data."

As for turning the thing off, Microsoft confirmed that, yes, you have to go to two places to actually stop your Activity History being shared with Redmond:

1. Under Settings->Privacy->Activity history: ensure the setting "Let Windows sync my activities from this PC to the cloud" is not checked

2. Under Settings->Privacy->Diagnostics & feedback: ensure Diagnostic data is set to Basic


READ ORIGINAL ARTICLE...
Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted

download