Intel to Deliver Quad-Core Chips for Laptops This Year

Intel says it will ship quad-core chips designed specifically for laptops later this year.

The quad-core chips, most likely for desktop replacement laptops, will be based on the Core 2 Duo microarchitecture and will ship in the third quarter, Intel officials said.

Intel declined comment on chip details, though enthusiast Web sites reported the chip is Intel’s Core 2 Extreme QX9300. The chips will be manufactured using the new 45-nanometer process.

After Montevina Launch

The chip will be released after Intel’s Centrino 2 platform, code-named Montevina, is launched in the second quarter. Montevina is an upgrade to the current Centrino mobile platform that puts WiMax and Wi-Fi networking capabilities on a single chip. Montevina will include processors based on the Core 2 microarchitecture and the quad-core notebook processor could be included in the platform.

The initial quad-core laptops will be desktop replacements, weighty laptops that will appeal to gamers and office workers requiring processing power, said Nathan Brookwood, principal analyst with Insight 64. The chips won’t reach smaller notebooks like the MacBook Air anytime soon, Brookwood said.

Read the rest of this story…

Posted in Hardware | No Comments

Secure USB sticks cracked

Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. It turns out that an easy-to-find tool allows nosy parties to get around the protection in some products.

Many secure USB sticks consist of three components: flash memory for data, a fingerprint sensor and a microcontroller that processes USB traffic, communicates with the flash memory, and controls the sensor. The flash memory itself is divided up into several logical partitions. The controller provides access to a public partition when connected to a PC. The pre-installed software on this partition then runs to perform fingerprint detection and authentication. If the fingerprint is valid, the microcontroller then provides access to the protected partition as a mapped drive on the PC.

That’s the theory. In practice, USB sticks with the USBest UT176 and UT169 controllers from Taiwan’s Afa Technology provide access to the protected partition without any authentication. All you need to do is use the PLscsi tool to send a single USB command – Command Descriptor Block – to the stick for access to the public partition to be replaced by access to the protected one. At first, this flaw seemed to be an undocumented back door, but some sniffing with a USB monitor tool revealed it to be a major design flaw: the controller on the stick does not decide whether to provide access to the partition; the software running on Windows does. The software on the PC uses another command to decide whether read-only write access is possible. Based on the manufacturer’s descriptions, you’d expect the biometrics and access control to take place entirely within the stick’s microcontroller, an 8032 derivative.

Read the rest of the article…

Posted in Hardware, Security | No Comments

Block Downloading of Files in Internet Explorer

For security reasons one might want to disable or block downloading through Internet Explorer. There could be several other reasons for this including building a secure Internet kiosk, protecting your PC from malicious files, etc.

So far as I know, this should work with IE 6 or 7. I tested it on IE 7 running Windows Vista Ultimate (please don’t flame me ;)).

Copy and paste the following into notepad and save it as disabledownloadsie.reg:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
“1803″=dword:00000003

Run the disabledownloadsie.reg to enable blocking of downloads in Internet Explorer.

The settings are:
3 = disabled
0 = enabled

Read the rest of this story…

Posted in Coding, Internet, Security | No Comments

Seven Power-Saving Tips

1. Dial down your screen brightness. The brighter your screen, the more power it uses.

2. Turn off your system completely at the end of the day, instead of putting it in sleep mode.

3. If you (still) have a CRT, consider upgrading to an LCD. An LCD uses about 1/3 of the power (and causes less eyestrain to boot).

4. Forgo the screen saver. Most monitors no longer are in danger of having images burned into them, and screen savers actually use up monitor power.

5. If you’ll be away from your computer or other devices for a long period of time (say, while on vacation), consider unplugging them completely.

6. Look for the Energy Star certification when purchasing new computer systems or elec-tronic devices.

7. Enable any power-saving features on your computers, monitors, and peripherals such as printers.

Source…

Posted in General BS, Hardware | No Comments

2117966(dot)net – Mass iframe injection

Published: 2008-03-14,
Last Updated: 2008-03-14 15:33:49 UTC
by Kevin Liston (Version: 1)

Situation:

Over 10,000 legitimate websites have been compromised and now have an iframe that will direct visitors to a malicious website hosted on 2117966(dot)net. The malicious website attempts to exploit the vulnerability described in MS06-014 and a number of ActiveX vulnerabilities.

Successful exploitation result in the installation of a password-stealing malicious program that attempts to steal the logon credentials from websites and online games.

Recommended immediate action:

Block 2117966(dot)net at your web proxy

Recommended follow-up action:

Inspect your web proxy logs for visitors to 2117966(dot)net. This will indicate who is potentially exposed. Check these systems to verify that their patches are up-to-date. Systems that are successfully compromised will begin sending traffic to 61.188.39.175
(http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080313). Search your proxy logs for systems generating those requests and reimage the infected machines.

Protecting Browsers:

A properly-patched system should not be at-risk from this attack.  It is recommened to use a browser that does not support ActiveX.

Protecting Webservers:

Until details become available on how the iframe was injected, we have no recommendations.

Missing information:

We currently do not have details on how the iframes were placed on the websites.  If you are responsible for cleaning-up or investigating one of  the defacements, please contact us if you have information on how the compromise occurred.

Source…

Posted in Coding, Internet, Security | No Comments