News Posts matching "bug"

Return to Keyword Browsing

AMD Confirms its Platform Security Processor Code will Remain Closed-Source

Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.

WannaCry: Its Origins, and Why Future Attacks may be Worse

WannaCry, the Cryptographic Ransomware that encrypted entire PCs and then demanded payment via Bitcoin to unlock them, is actually not a new piece of technology. Ransomware of this type has existed nearly as long as the cryptocurrency Bitcoin has. What made headlines was the pace with which it spread and the level of damage it caused to several facilities dependent on old, seldom-updated software (Hospitals, for example). It's not a stretch to say this may be the first cyberattack directly attributable to a civilian death, though that has not been concluded yet as we are still waiting for the dust to settle. What is clear however is WHY it spread so quickly, and it's quite simple really: Many users don't have their PCs up to date.

Google Project Zero Finds Windows Vulnerabilty, "Worst in Recent Memory"

Google's Project Zero has found yet another critical Windows Vulnerability, this time going so far as to call it "Crazy Bad" in a lone tweet by Google security researcher Tavis Ormandy. Tavis went on to elaborate that the vulnerability "works against a default install, [you] don't need to be on the same LAN, and it's wormable."

Sounds like the stuff of nightmares from a security perspective, right? The good news is Google's policy is to give companies 90 days to patch bugs like this before revealing the exploits details. The idea is to pressure developers to fix vulnerabilities before the reveal, so users remain protected and companies are forced to act rather than adopt a "wait and see" approach. Microsoft however, does not have the best follow-up reputation, having left at least two major security bugs unpatched for the entire 90-day security-flaw reveal window as recently as this year.

NSA's Windows Exploit "DoublePulsar" Being Actively Utilized in the Wild

The "DoublePulsar" exploit exposed recently as part of the leaked NSA-derived hacking toolkit posted online, is set to become one of the more significant issues related to the leak. Not because it is unpatched, because it has been patched for roughly a month, but rather because according to a threatpost.com report, few users are as up to date as they should be.

Microsoft Advises Against Installing The Creators Update Manually

Apparently, Microsoft is alerting would-be Creators Update takers that doing so manually (as in, before its automatic update roll-out through Windows Update itself) may result in a bad first experience. Microsoft is therefore suggesting that the majority of Windows 10 users should wait for the Windows Update version of the (ahem) update, due to concerns with some hardware compatibility problems.

In a blog post, Microsoft give the example of a user who reported issues between a Bluetooth connectivity accessory (Broadcom-based) for their PC and Windows 10 Creators Update, which resulted in Microsoft blocking all machines with similar hardware from being able to update until issues are solved. I for one must say I manually updated my system on April 7th and found nothing wanting, so these really do seem like hardware-specific snags. Microsoft is apparently doing everything in its power to make sure adopters of the latest version of Windows find a hassle-free experience on the other side of their screens, which is commendable. This does seem like a sensible solution to the problem, with power users (or simply users who don't care about warnings and are confident on their success and hardware compatibility) still being able to update, while less tech-savy customers are left waiting for a proven version for their hardware configuration. Here's hoping that doesn't take long, since the 3D-version of Paint really brought back childhood joy (for some of us, at least.)

Source: Blog.Windows.com, Tom's Hardware

AMD Preparing BIOS Update to Fix FMA3 Freezes on Ryzen CPU Family

AMD has acknowledged an issue in which applications utilizing FMA3 code (basically compute and floating point heavy applications) can freeze Ryzen-based desktops. According to AMD, a fix is already on the way in the form of a basic bios update that will be issued to motherboard vendors, who will then most assuredly update their boards with the fix. If you want to be sure your Ryzen based system is not affected by this or numerous other teething issues, making sure you are running the latest BIOS will go a long way towards easing your experience with your new platform.

AMD Ryzen Machine Crashes to a Sequence of FMA3 Instructions

An AMD Ryzen 7-1800X powered machine was found to be crashing upon execution of a very specific set of FMA3 instructions by Flops version 2, a simple open-source CPU benchmark by Alexander "Mystical" Yee. An important point to note here is that this little known benchmark has been tailored by its developer to be highly specific to the CPU micro-architecture, with separate binaries for each major x64 architecture (eg: Bulldozer, Sandy Bridge, Haswell, Skylake, etc.), and as such the GitHub repository does not have a "Zen" specific binary.

Members of the HWBot forums found that Ryzen powered machines crash on running the Haswell-specific binary, at "Single-Precision - 128-bit FMA3 - Fused Multiply Add." The Haswell-specific binary (along with, we imagine, Skylake), adds support for the FMA3 instruction-set, which Ryzen supports, and which lends some importance to the discovery of this bug. What also makes this important is because a simple application, running at user privileges (i.e. lacking special super-user/admin privileges), has the ability to crash the machine. Such a code could even be executed through virtual machines, and poses a security issue, with implications for AMD's upcoming "Naples" enterprise processor launch.

Intel's Skylake and Kaby Lake-based Systems Vulnerable to USB Exploit

At this year's CCC hacker congress, researchers from Positive Technologies have released information, which documents vulnerabilities in Intel's Skylake and Kaby Lake series processors' handling of USB 3.0-based debugging - which could be used to attack, corrupt, and even subvert a user's system.

This vulnerability allows attackers to bypass typical security mechanisms - both at the hardware and at the OS level - by using a new debugging interface, which could allow them to install malware and/or rewrite the system's firmware and BIOS. The exploit is currently undetectable using existing security tools, and according to the researchers, this mechanism can be used on a hacked system regardless of the OS installed.

AMD Releases Radeon Software Crimson Edition 16.2.1

AMD released the latest version of Radeon Software Crimson Edition. Version 16.2.1 is marked "non-WHQL" and hence should be a beta. The driver comes with a CrossFireX profile for "Far Cry Primal," along with a variety of game-specific bug fixes for "Fallout 4," and "Rise of the Tomb Raider." It also fixes an issue of choppy display on systems with both FreeSync and CrossFire being enabled. Grab the drivers from the links below.
DOWNLOAD: AMD Radeon Software Crimson Edition 16.2.1 for Windows 10/8.1/7 64-bit | Windows 10/8.1/7 32-bit

AMD Releases Radeon Software Crimson Edition 15.12 WHQL

AMD released the WHQL-signed version of Radeon Software Crimson Edition 15.11.1 as the new 15.12 WHQL. It addresses a variety of game-specific issues, including rendering errors on Star Wars: Battlefront; bugs on Fallout 4; texture-compression issues with Just Cause 3; poor CrossFire performance with Call of Duty: Black Ops 3. It also addresses a critical issue in which the driver would either spool fan-speeds all the way up to 100% on load, or lock them down at 30%, causing certain GPUs to overheat. A variety of bugs specific to the Radeon Settings app were also addressed.

DOWNLOAD: AMD Radeon Software Crimson Edition 15.12 WHQL for Windows 10 64-bit | Windows 10 32-bit | Windows 8.1 64-bit | Windows 8.1 32-bit | Windows 7 64-bit | Windows 7 32-bit

NVIDIA Releases GeForce 344.16 WHQL Drivers

Well, that was fast! NVIDIA gave WHQL signing to the GeForce 344.16 Beta drivers it released earlier this week. The drivers still support just GeForce GTX 980 and GTX 970 graphics cards. The release notes document (PDF) is still not clear on exactly what these drivers bring to the table, over the recently released 344.11 WHQL, but we believe it could be an important bug-fix specific to NVIDIA's new GPUs.
DOWNLOAD: GeForce 344.16 WHQL

28 nm struggles: TSMC & GlobalFoundries

Making silicon chips is not easy, requiring hugely expensive fabs, with massive clean-room environments and at every process shrink, the complexity and difficulty of making the things goes up significantly. It looks like TSMC and GlobalFoundries are both having serious yield problems with their 28 nm process nodes, according to Mike Bryant, technology analyst at Future Horizons and this is causing a rash of non-working wafers – to the point of having nothing working with some chip designs submitted for production. It seems that the root cause of these problems are to do with the pressures of bringing products to market, rather than an inherent problem with the technology; it just takes time that they haven't got to iron out the kinks and they're getting stuck: "Foundries have come under pressure to release cell libraries too early – which end up with designs that don't work," Bryant said. In an effort to try and be seen to treat every customer equally, TSMC is attempting to launch ten 28 nm designs from seven companies, but it's not working out too well: "At 45-nm, only NVIDIA was affected. At 28-nm any problems for TSMC will be problems for many customers" said Bryant.

NVIDIA Investigates TDR Issues, Requests Sample Cards

Guru3D reports on a post from NVIDIA tech support on NVIDIA's forums regarding TDR issues (Timeout Detection & Recovery problem (display stopped responding but has successfully recovered)). These problems centre around Battlefield 3 and Windows Media Centre, which NVIDIA can't reproduce, so it looks like the problems may be with specific card models. NVIDIA rep ManuelG posted:

Bitcoin & Password Stealer Trojan For Mac Now Available!

Hot on the heels of our previous story of Apple Macs falling prey to a DDoS trojan, we now have another Mac trojan come on the market, as explained by Sophos. Yes, the Apple platform must indeed be becoming more popular to get this one. It's an unfortunate fact of life that the popularity of any computing platform, including smartphones, can be judged by the number of criminals who will attack it. This little nasty, called OSX/Miner-D or 'DevilRobber', hijacks Mac OS X to perform various tricks, which include minting Bitcoins (the virtual and now virtually worthless currency) stealing usernames and passwords (of course) taking screenshots and stealing the victim's Bitcoin wallet while it's at it, if there is one. And for good measure:
it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history.
So, now the criminals also know about all the sites one has visited, eroding user privacy even more. It looks like this malware has covered all the bases, but wait, there's more.

SandForce BSOD Firmware Bug: Fix Finally Available

Finally a fix for the BSOD/disconnect bug that has been plaguing users for months is available for SF-2200 based SSDs. OCZ uses these, has been testing this new firmware for several weeks and now believes that it's fit for release. The new firmware is at version 2.15 for OCZ drives and 3.3.2 for drives that SandForce's standard numbering system. As with any firmware update, it should be used cautiously, all data backed up and perhaps used on a non-mission critical Windows install for a while, for confidence. Note that there may be more unresolved issues and new ones introduced.
Return to Keyword Browsing