Latest Tech News

Academic researchers from multiple universities recently discovered a new Spectre-like method of extracting secrets from modern Intel processors. However, Intel says that the original Spectre mitigation fixes these flaws, too.

A group of researchers from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google, discovered that a feature in the branch predictor called the Path History Register (PHR) can be tricked to expose sensitive data. 

Thus, they dubbed the vulnerability “Pathfinder”.

Extracting AES encryption keys

"Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks," Hosein Yavarzadeh, the lead author of the paper, told The Hacker News.

"This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction."

For those with shorter memory, Spectre was a side-channel attack that exploited branch prediction and speculative execution in processors, allowing attackers to read sensitive data in the memory. 

PHR’s job is to keep a record of the last branches taken. It can be fooled to induce branch mispredictions and thus cause a victim program to run unintended code paths. As a result, sensitive data gets exposed. 

In the research paper, the academics demonstrated extracting the secret AES encryption key, and leaking secret images during libjpeg image library processing.

Intel was tipped off in November last year, and released a security advisory addressing the findings, in April this year. In the advisory, Intel said that Pathfinder builds on Spectre v1, adding that the previously released mitigations address this problem, as well.

AMD’s silicon seems to be immune to Pathfinder, the researchers concluded.

Those interested in learning more can read the entire paper on this link. 

More from TechRadar Pro

• A customer managed to get the DPD AI chatbot to swear at them, and it wasn’t even that hard
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

from TechRadar - All the latest technology news https://ift.tt/rwl0aWF

Best Mattress Deals: Early Memorial Day Sales Offer $2,000-Plus Discounts - CNET

Casper, Helix, DreamCloud, Bear and others make up these early Memorial Day mattress deals.

from CNET https://ift.tt/9NBL6eO

Latest Tech News

BIG-IP Next Central Manager (NCM), a centralized management and orchestration platform for F5’s BIG-IP product family, was vulnerable to two major flaws which allowed malicious actors to take over its managed assets.

The bugs, which have since been patched, are described as an SQL injection vulnerability, and an OData injection vulnerability. 

They are tracked as CVE-2024-26026 and CVE-2024-21793, and are found in the NCM API. By abusing these bugs, threat actors could run malicious SQL statements on vulnerable endpoints from a distance.

Thousands of potential victims

Cybersecurity firm Eclypsium found and reported the flaws, and the researchers also published a proof-of-concept exploit, which demonstrates how a rogue admin account, created by an attacker, remains invisible in the Next Central Manager, granting persistence on the vulnerable endpoint.

"The management console of the Central Manager can be remotely exploited by any attacker able to access the administrative UI via CVE 2024-21793 or CVE 2024-26026. This would result in full administrative control of the manager itself," the researchers explained. "Attackers can then take advantage of the other vulnerabilities to create new accounts on any BIG-IP Next asset managed by the Central Manager. Notably, these new malicious accounts would not be visible from the Central Manager itself."

F5’s NCM allows IT teams to manage devices such as application delivery controllers (ADCs), firewall solutions, and other network appliances. It provides capabilities for configuration management, policy enforcement, monitoring, and reporting across distributed environments. According to Shodan’s figures, there are more than 10,000 F5 BIG-IP devices with open management ports.

F5 also shared a workaround for admins who are unable to install the patch at this time. Per the company’s instructions, restricting Next Central Manager access to trusted users over a secure network sorts out the problem

There is no evidence of in-the-wild exploitation, Eclypsium confirmed.

Via BleepingComputer

More from TechRadar Pro

• This cloud security software used by many enterprises is being hacked, so patch now
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

from TechRadar - All the latest technology news https://ift.tt/tT8fpO9

Best Portable Mini Bluetooth Speakers for 2024: Top Compact Waterproof Wireless Speakers - CNET

Here are our picks of the best small Bluetooth speakers for great audio on the go, many of which cost less than $100.

from CNET https://ift.tt/khKblyY

Latest Tech News

We love crazy tech projects here at TechRadar Pro - Some of our recent favorites include an enthusiast getting ChatGPT to run on a NAS, and the person who transformed AMD's Ryzen 7 5800X3D processor into a storage device with read-write speeds to rival some of the best SSDs.

The latest idea to cross our desks comes from Gabriel Ferraz, a computer engineer and TechPowerUp's SSD database maintainer, who turned a 512GB QLC SATA III SSD into a 120GB SLC one.

You probably know this, but just as refresher, SLC NAND holds one bit of data per cell, resulting in faster data writing, lower power consumption, and higher cell endurance than QLC NAND which stores four bits per cell. QLC NAND is denser and cheaper, but with the downside of compromised longevity and speed.

3000% endurance increase

Ferraz's idea was to trade capacity for massively improved performance and endurance. He took 512GB a Crucial BX500 SSD which has a Silicon Motion SM2259XT2 controller and NAND flash dies from Micron. Using an app called MPtools for the Silicon Motion SM2259XT2 controller, he identified the precise die used in the SSD and inputted in new die reference numbers.

Was it worth it? Well, while Ferraz lost a lot of drive space, he says “the SSD endurance jumps to 4000 TBW (write cycles), which is about a 3000% increase. Additionally, performance increased as well.”

Ferraz explains his process here, and you can also watch him perform his clever trick in the video below, which includes benchmarking results.

More from TechRadar Pro

• These are the best SSDs available now
• 2PB SSD storage in your computer? Why not
• 1200TB SSD modules are in the pipeline thanks to Pure Storage

from TechRadar - All the latest technology news https://ift.tt/2n9ZR3g

Disney Plus to Add a Tile for ESPN Later This Year - CNET

The move follows the streaming service's addition of a Hulu tile.

from CNET https://ift.tt/0hI2Jaf

Latest Tech News

Nvidia has transformed into an AI superpower, becoming the third most valuable company in the world off the back of it, so it's perhaps no surprise other tech giants are looking on in envy and shifting their focus to follow suit.

During its recent earnings call, Samsung reported a consolidated operating profit of $4.8 billion in Q1 - a tenfold increase YoY - and company executives revealed a change in focus going forward. 

The plan is now to concentrate on producing HBM and DDR5 memory and high-capacity SSD chips for the enterprise market, rather than targeting consumer PCs and mobile devices.

Meeting demand

"We plan to increase supply of HBM chips in 2024 by more than threefold versus last year," Kim Jae-june, Samsung’s memory business vice president, said on the call, reported the Korea Economic Daily. “We have already completed talks with our clients on this year's supply of HBM chips. In 2025, our HBM chip production will double from this year. Our talks on the 2025 volume with our customers are also going well.”

Samsung, currently ranked 23 in the world, has already invested heavily in HBM but currently trails behind its archrival, SK Hynix, in this area. SK Hynix recently announced plans to construct the world’s largest chip factory and has begun a partnership with Taiwanese foundry TSMC to produce HBM4.

Samsung said it anticipates a 50% increase in server DRAM production in Q2, and double output of server SSD in terms of bit growth. The company believes robust demand for AI chips will continue and stretch chip supplies throughout the year.

The South Korean tech giant also revealed it will commence mass production of its 8-layer HBM3E chips this month.

More from TechRadar Pro

• Nvidia planning to focus on AI, leaving consumers behind
• Samsung to showcase 280-layer QLC NAND flash memory chip
• Nvidia's AI dominance will be the death knell for its GeForce graphics cards

from TechRadar - All the latest technology news https://ift.tt/5NlTV9i

Latest Tech News

A prominent hardware leaker has alleged that while Thunderbolt 4 will come as standard for Intel Core Ultra 200 CPUs on Z890, that the upcoming CPU generation will miss out on Thunderbolt 5. 

As spotted by Videocardz, hardware leaker Golden Pig Upgrade has claimed that Intel Arrow Lake will miss out on Thunderbolt 5 support for Z890 motherboards after all, despite its unveiling last year. If true, it's disappointing news considering that Intel 14th Gen missed out on Thunderbolt 5 at release, too. 

As a frame of reference, both Thunderbolt 3 and Thunderbolt 4 are capped at 40 Gbps which means there's no great increase in the two technologies despite their seven-year age gap. In contrast, Thunderbolt 5 can achieve double this at 80 Gbps which can be increased to 120 Gbps through Bandwidth Boost. 

Also alleged by Golden Pig Upgrade is that Ultra Core 200 CPUs will feature just four Xe cores baked onto the chip which is half of what's currently available through Meteor Lake for laptops. This is unlikely to be too big a deal considering most (if not all) users will pair the processor with one of the best graphics cards, but it's worth noting. 

We can take the alleged specs for the Arrow Lake flagship as a point of comparison. It's believed that the Intel Core Ultra 9 285K will feature 24 cores and 24 threads with a maximum boost clock of up to 5.5 GHz and a 125W TDP. In contrast, the current-generation Intel Core i9-14900K features 24 cores and 32 threads up to 6 GHz. It's certainly a different approach moving to Disaggregated architecture from Hybrid.

Not the best impression for Arrow Lake 

Should Intel Arrow Lake miss out on Thunderbolt 5, that would mean that we would likely have to wait until Lunar Lake in laptops and Panther Lake in desktops to get ahead. 

The new connectivity standard would mean not only increased bandwidth for external GPUs and SSDs but also boosting higher resolutions and framerates of up to 540Hz and enhanced multi-monitor in 4K and 8K (via Intel). 

You may also like...

• With iPads leading and AI teasing, this could be the strangest Apple event ever
• Microsoft just gave us a first look at the future of its DNS services
• Five ways to keep up with the AI revolution

from TechRadar - All the latest technology news https://ift.tt/VTobvul

Latest Tech News

During Western Digital's recent Q3 earnings call, CEO David Goeckeler disclosed that the ever-growing need for higher capacity and speedier data access from customers across the world is pushing the company to expand its solid-state capacities.

The company chalked up a profitable quarter, with revenues soaring over forecast to $3.46 billion, a 29% YoY rise. The company managed to turn around a streak of losses, reporting a $135 million profit. These achievements are in stark contrast to rival Seagate, which posted an 11% YoY reduction in its revenues to $1.66 billion.

Goeckeler underlined that Western Digital's improved financial performance was a result of the company's efforts to offer a more diversified product range. He also said that WD was committed to delivering larger SSD capacities off the back of growing demand for AI-related applications. He said customers “want them [SSDs] in much bigger capacity points, 30- and 60-terabyte capacity points.”

HAMR HDD technology

Reporting on the third quarter results, Blocks & Files wrote “WD currently ships DC SN640 TLC PCIe gen 3 SSDs with up to 30.72 TB capacity and PCIe gen 4 SN650 and 655 drives with 15.36 TB. We now expect 60 TB SSDs to be announced by WD later this year.”

Without going into details of the exact capacities being worked on, Goeckeler said the company was expanding the size of the drives in line with what customers were demanding, stating WD is “increasing capacity and going through a qualification on that. So, we're in that process with customers.”

He also discussed hard-drive recording (HAMR) technology, including the issues surrounding it, stating, “we've been working on HAMR for quite some time. We understand HAMR extremely well. We understand all the issues with HAMR, and what it takes to get it qualified. Clearly, we're doing that all behind the scenes, because we have a product portfolio with the best TCO we can offer in the market today, and we can do that all the way up to 40 terabytes.” Western Digital’s rival Seagate recently announced the results of an experimental test that showed one of its hard drives using HAMR could run continuously for over 6,000 hours.

More from TechRadar Pro

• These are the best SSDs you can buy right now
• 2PB SSD storage in your computer? Why not
• Here’s the chip that could make 100TB SSDs mainstream in 2024

from TechRadar - All the latest technology news https://ift.tt/Elp72q8

I'm Ditching Extra Baggage Fees on My Next Trip, With These Products - CNET

Going on a summer getaway but don't want to pay extra for a carry-on or suitcase? Here's what I'm using to pack everything into a single personal item.

from CNET https://ift.tt/nFb82VK

The Best Apple Cider Vinegar Drinks to Get Your Daily Fix - CNET

Drinking ACV has benefits galore, but it's not always the easiest to down. These six apple cider vinegar-based beverages take the bite out of this healthy elixir.

from CNET https://ift.tt/4QjqH5g

Latest Tech News

As ever, a new month means a new range of movies and shows on Hulu. Out of everything that's coming in May 2024, we've picked out four movies that cover a range of genres, all with over 90% on Rotten Tomatoes. 

In addition to two Wes Anderson classics perfect for relaxed viewing, we've selected a family favorite from the '80s, and a historical drama from last year. 

This is just a taste among the other new Hulu movies this month, but they're an ideal place to start!

Big (1988) 

RT score: 98%
Director: Penny Marshall
Runtime: 104 minutes
Age rating: PG
Available to stream from: May 1

A classic straight from the '80s and a childhood favorite among dads everywhere, Big tells the story of 12-year-old Josh Baskin (David Moscow) with a huge crush on a girl who rejects him for being too short. When he wishes to be 'big' to a Zoltar machine, he wakes up the next morning as a fully grown man (Tom Hanks) and must navigate the world as an adult. He moves to New York and lands a job, but the pressures of living in the grown-up world get to him, and he finds himself longing for his childhood back. 

Rushmore (1998)

RT score: 90%
Director: Wes Anderson
Runtime: 93 minutes
Age rating: R
Available to stream from: May 1

The first of two Wes Anderson movies in our list, and Anderson's sophomore directorial feature with recurring actors across his filmography. Jason Schwartzman stars in his first feature film as Max Fischer, a private school student whose academic performance is weak but knack for his extracurricular activities keeps him occupied. The arrival of new teacher Miss Cross (Olivia Williams) turns Max's world around, and he must find a way to cope with his feelings while navigating life on academic probation. 

The Promised Land (2023)

RT score: 96%
Director: Nikolag Arcel
Runtime: 127 minutes
Age rating: R
Available to stream from: May 1 

Arcel's historical drama was submitted as Denmark's entry for Best International feature at this year's Academy Awards, but while it didn't receive the nomination it still left a lasting impact on audiences. In 1755 Denmark, soldier Ludwig Kahlen (Mads Mikkelsen) seeks to make a wealthy man of himself by following the king's order to cultivate the land. When landowner Frederik De Schinkel (Simon Bennebjerg) rebels against the king's order, he plans to execute a ruthless revenge. 

Fantastic Mr Fox (2009)

RT score: 93%
Director: Wes Anderson
Runtime: 88 minutes
Age rating: PG
Available to stream from: May 1 

Rushmore's Jason Schwartzman and Bill Murray join George Clooney and Meryl Streep in Anderson's first animated feature, adapted from the beloved children's book by Roald Dahl. Together with their son Ash (Schwartzman), Mr Fox (Clooney) and Mrs Fox (Streep) live peacefully inside a tree, but their new human farmer neighbors Boggis, Bunce, and Bean threaten their safety. Going behind his wife's back, Mr Fox plots to raid the farm of their produce. 

You might also like

• The best Hulu shows: 36 great TV series you can stream in May 2024
• Hulu: how to sign up, apps, devices, shows, plans, and Hulu + Live TV explained
• Disney Plus and Hulu are getting two new shows about creative legends in puppets and fashion: here's when you can stream them

from TechRadar - All the latest technology news https://ift.tt/YfU2GmM

Best Family Phone Plans for April 2024 - CNET

Looking for a wireless plan with multiple lines doesn't need to be difficult. We break down the best family plan deals from AT&T, Verizon and T-Mobile.

from CNET https://ift.tt/JbEnhdP

Latest Tech News

It was hard not to shed a tear when MediaWorkstation disappeared, taking its wild six-screen a-X2P workstation laptop with it. 

The company’s workstation laptop promised to be an incredible, and ridiculous, powerhouse, with two AMD EPYC Genoa Zen 4 CPUs, two full-size GPUs, up to 3TB DDR5 RAM, one M.2 NVMe boost SSD, and five storage drives.

But if you still have a yearning to own a laptop with half a dozen screens attached to it, then we have good news.

Choice of screen resolutions

Acme Portable's Megapac L3, the successor to the company’s FlexPAC III, is available to buy and while it only – only! – comes with three 24-inch displays, it can be combined with the company’s ML3 triple display accessory, for a grand total of six screens. 

If you're noticing similarities between this system and the discontinued a-X2P beast, it's because MediaWorkstation was once a reseller for Acme Portable and had been looking to push the limits of what could be achieved with the platform.

The Megapac L3’s 3x 23.8-inch displays come in a choice of resolutions - UHD (3840x2160) with up to 800 nits brightness, Full HD (1920x1080) with up to 1000 nits, or WUXGA (1920x1200) with 1000 nits, all featuring an optional touchscreen.

It's powered by a single/dual Intel Xeon, Intel Core, AMD Ryzen or AMD EPYC CPU, with up to 1TB DDR4 RAM and up to 150TB storage. There are seven expansion slots, and it comes with an 850W auto-switching power supply, although there are 1000W or 1200W PSU’s available.

The dimensions for the three screen Megapac L3 are 16.39-inches high, 22.96-inches wide and 11.98-inches deep, with a weight of 52.82 lbs. It  comes with a 105-key keyboard with an integrated touchpad, padded rolling transit case, and can be customized to military specifications.

There’s no pricing available on the website, but if you want the Megapac L3, with three or six screens, you can contact them with your requirements.

More from TechRadar Pro

• These are the best mobile workstations around
• This bonkers laptop has 7 built-in screens
• World’s most powerful mobile workstation has six monitors

from TechRadar - All the latest technology news https://ift.tt/PQr87Rc

Over 60 of the Best Star Wars Gifts for 2024: Top Picks For May the Fourth - CNET

Lose yourself in a galaxy far, far away while searching for the best Star Wars gifts around.

from CNET https://ift.tt/S2GeKEp