Úvodní stránka » Blogy a osobní weby » Battery for Lenovo ThinkPad X300

Battery for Lenovo ThinkPad X300

“We need that first crack and we’ll look and look to find it,” he said. “There’s a reason its called and advanced persistent threat; we’ll poke and poke and wait and wait until we get in.”The goal is to find weak points, whether they be within the network architecture, or in staff who maybe work from home or bring in unauthorized devices. There’s also areas where the target network interconnects with other computer systems, like heating and ventilation controllers, which can be useful for an attack.Companies need to pay particular attention to cloud providers, he said. Once you use a cloud company you are essentially handing your data over to them and relying on their security, so he warned due diligence is even more important than usual.For the initial exploitation phase the key attack vectors are malware attachments in email, injection attacks from websites, and removable media – the latter being particularly useful for penetrating air-gapped systems that aren’t even on the network; Iran found that out the hard way with Stuxnet.Another common attack vector is common vulnerabilities and exposures (CVEs) that haven’t been patched, he said. Companies need to make automatic patching the norm to protect themselves against nation-state hackers he warned. As for zero-day flaws, he said they are overrated.“A lot of people think that nation states are running their operations on zero days, but it’s not that common,” he said. “For big corporate networks persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive.”

As for the NSA’s own collection of zero-day exploits, Joyce said that in fact the agency had very few and each new one was discovered was evaluated by an outside committee to see when software manufacturers should be informed to build a patch. The NSA doesn’t have the final decision on this, he claimed.To protect against this admins need to lock things down as far as possible; whitelisting apps, locking down permissions, and patching as soon as possible, and use reputation management. If a seemingly legitimate user is displaying abnormal behavior, like accessing network data for the first time, chances are they have been compromised, he said.Reputation-based tools are particularly useful against malware, Joyce explained. Signature-based antivirus won’t protect you against a unique piece of attack code, but when used in conjunction with reputation databases it can be effective – if code or a domain hasn’t been seen before there’s a high chance it’s dodgy.It’s amazing how often simple issues come up and allow access to target networks, he explained. Things like administrator credentials being left embedded in scripts, how many networks are unsegmented, and how often suspicious activity reported in network logs got missed.

He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain un-patched even after the earlier warning.Once inside a network, the next stage is to establish persistence, primarily by establishing software run lines or subverting other applications. Application whitelisting is key to locking down this phase of an attack he said.A 0-day security breach at Lincolnshire County Council has exposed locals’ medical records, addresses, and bank details, claimed an anonymous tipster, though the council denies any data was stolen.The breach was reported by The Lincolnite, which stated anonymous reports from inside the council suggested a major breach of its main adult care system had spaffed the sensitive personal information of constituents.Talking to The Register this morning, a council spokesperson denied that any data had been lost and claimed an email attachment with a zero-day exploit had managed to infect its internal system after being sent to multiple members of staff.In addition, The Lincolnite reported that another system which stored staff details and bank details, as well as the G Drive, which holds various other documents and forms, had been breached.According to the local paper’s source, emails were not initially affected by the breach, however the attackers’ access seems to have been extended to include them.

The council’s response has been to order staff to close their computers and turn the power off.Judith Hetherington Smith, the council’s CIO, told the local paper that the council closed down our systems very quickly to protect the data and are investigating the cause but at this stage have found no evidence of any breach.A spokesperson for Lincolnshire County Council added that, as a precautionary measure, [we] have suspended IT use until the extent of it is clear.As part of a campaign into UK councils’ cyber security conducted last year, The Register was told that Lincolnshire County Council’s AV solution(s) – the specifics of which the council declined to disclose – had thrown up 196,553 malware alerts in 2015.The Register has learned that the council has outsourced its IT operations to Serco since last April, although what AV solutions the outsourcer company uses has not been disclosed.The council told us that there had been 32 malware infections, via email, over that period. The areas and machines affected were not recorded, however. Faster, longer battery life, chip-based security – innovation is alive and well in its sixth-generation Core chips, Intel claims, with the company officially launching its sixth-generation Core vPro processors on Tuesday, wrapped in a series of changes it claimed would inevitably drive sales.

Two and a half times the performance of a fifth-gen CPU-powered laptop, three times the battery life, and four times faster wake-up are the promises. Also, we’re looking forward to Intel authenticate – multi-factor authentication that also works with PINs and biometrics in association with a smartphone.If the phone strays further than a specified Blue-toothy connection distance from the i7 vPro machine in question, it locks you out. No more PCs going walkies in public places, mid-session documents, and data open to plunder.PC makers are lining up behind the chips, claiming about 200 business PC designs – 160 for vPro and 30 ultra book designs. Machines are coming from Acer, Dell, Hewlett-Packard, Lenovo and others in a variety of form factors – 2 in 1s, ultra books, and desktops, you name it.The thrust is very much the business user, with Intel citing one Gartner analyst claiming the chips make PCs part of businesses’ overall security solution with users more secure and productive than ever.Innovation is still the industry’s muse: as a phrase it’s over used, often mischaracterised, and its application frequently divorced from cold, hard market realities. Explaining recent years’ falling PC sales and the eclipse of the PC by the tablet, vice president and general manager of Intel’s business client platform division, Tim Garrison, told The Register he believes the “innovation” on display now will shift boxes.

“Years ago we got in trouble [because] there wasn’t much innovation going into the PC. It was the same old PC we’d had for generations and people said ‘I don’t see a future here’, said Garrison. “Since then, with the sixth generation core, you see so much more innovation going on.”However, the PC market’s structural dynamics, which have blighted sales for the last few years, are still in place. PC makers, and those middlemen in the channel responsible for getting devices into the hands of buyers, remain saddled with a backlog of unsold PCs using old chips.They’ve been stuck for a variety of reasons: consumers flocking to new tablets, businesses holding out on Windows XP and Windows 7 on old PCs, and OEMs and channel partners burned by buying big into Microsoft’s promises on Windows 8.That was a version of Windows where Microsoft was playing the “innovation” card – innovation around the touch interface, which ultimately proved about as popular as John Lennon proclaiming the The Beatles were more popular than Jesus.Gartner this week reckoned 232 million traditional PCs would be shipped in 2016, equating to a 1.7 per cent drop on 2015. In the last quarter of 2015, 22.5 million PCs shipped into third-party sellers in EMEA, according to the research giant, a decline of 16.1 per cent year-on-year.

Napsat komentář