Security firm finds some Macs vulnerable to 'firmware' attacks

(Reuters) – Since 2015, Apple Inc (AAPL.O) has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on — before the operating system has even booted up — firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

”Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,“ the company said in a statement. ”In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

Reporting by Stephen Nellis; Editing by Leslie Adler

Our Standards:The Thomson Reuters Trust Principles.

Tech

Half of the top 100 retail sites had slow load times during AWS’s S3 outage, vendor finds

Yesterday Amazon Web Services had a bad day. And when AWS has a bad day, so do a lot of other sites.

Vendor Apica is a website monitoring services that keeps a close eye on some of the top retail websites around the country. All in all, the retail website Apica tracks had trouble dealing with the elevated errors rates AWS reported in S3 starting around mid-day Eastern Time.

+MORE AT NETWORK WORLD: 5 Lessons from Amazon’s S3 cloud blunder, and how to protect yourself from the next outage +

To read this article in full or to leave a comment, please click here


All articles

This website finds the perfect reaction GIF to express your selfies

Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f367715%2f64c49753-6eb4-4378-8df6-52606d7cdc54

Feed-twFeed-fb

Even with all the crap going on in the world, you can always count on the internet to come up with something stupidly wonderful to distract you from reality and cheer you up.

Alex Holachek’s “Reaction GIF Generator” (via BoingBoing) isn’t your typical GIF generator. In what must have been a clever napkin idea, Holachek decided it would be brilliant to combine the randomness of Giphy with Microsoft’s Emotion API, which uses machine learning to detect between eight distinct, universal emotions (anger, contempt, disgust, fear, happiness, neutral, sadness, and surprise).

The result of his mashup is this hilarious GIF generator that analyzes your selfie and then spits out a GIF to match your facial expression. Read more…

More about Emotions, Microsoft, Generator, Reactions, and Selfie


All articles

RISC Networks Finds That IT Teams Require More Effective Data than…

Leader in Cloud and Data Center Analytics to demonstrate new Application Centric Visualization technology at AWS re:Invent 2015 in Las Vegas from October 6 – 9, 2015

(PRWeb September 24, 2015)

Read the full story at http://www.prweb.com/releases/2015/09/prweb12979745.htm

RSS-4


All articles