Security firm finds some Macs vulnerable to 'firmware' attacks

(Reuters) – Since 2015, Apple Inc (AAPL.O) has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on — before the operating system has even booted up — firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

”Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,“ the company said in a statement. ”In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

Reporting by Stephen Nellis; Editing by Leslie Adler

Our Standards:The Thomson Reuters Trust Principles.

Tech

Someone Is Trying to Scrub Trump’s Name From the Wikipedia Page of Lieberman’s Law Firm

There’s a Wikipedia edit war going on right now on the page of the law firm of Kasowitz, Benson, Torres & Friedman. That wouldn’t be notable except for the fact that someone is trying to scrub Donald Trump’s name from the page and Joe Lieberman is a special counsel at the firm. Lieberman is a frontrunner to head the…

Read more…


All articles

NUMBERS OF DESKTOP AND SERVER COMPUTING REQUIRED IN AN OFFICE OF 12 EMPLOYEE OF A FIRM AND IDENTIFY THEIR DIFF?

Question by jamesbond007: NUMBERS OF DESKTOP AND SERVER COMPUTING REQUIRED IN AN OFFICE OF 12 EMPLOYEE OF A FIRM AND IDENTIFY THEIR DIFF?
pls can anyone help me with this assignment cos i need to submit it tommorrow.it is very imporatant and carries 100 mark.thank you as do,you can elaborate on it.

Best answer:

Answer by Zarn
You haven’t even begun to give the depth of detail necessary to fully answer your question. I’m assuming this is an assignment given in a specific course or something similar. In that case, you’re probably supposed to use some kind of given process in order to determine “desktop and server computing” (a phrase which does not mean what you think it means, by the way).

Though an exacting answer would need a lot more information, such as what the firm’s business is, what demands the firm has to uptime, and so on, a simple answer for a pretty good system would be:

* 12 desktop computers (one per employee), 2 in backup (kept updated with the standard image, or at least simple to replace).
* 2 servers onsite, where one serves as the main server and the other one is a hot backup.
* One server kept in the cloud or at least offsite, for emergencies and off-site backup.

It’s pretty simple to explain this – always have at least one computer per employee that works with computers, always plan for at least 20% fail rate, and have one onsite and one offsite contingency plan in case of problems.

What do you think? Answer below!

Cloud Security Firm Alert Logic Names VP of Business Development

Cloud Security Firm Alert Logic Names VP of Business Development
By Justin Lee, September 20, 2011 (WEB HOST INDUSTRY REVIEW) — Cloud security services provider Alert Logic (www.alertlogic.com) announced on Tuesday it has named Rohit Gupta in the newly established position of vice president of business development.
Read more on Web Host Industry Review

Liquid Web Launches New Cloud Management Tool
Managed web hosting company Liquid Web has launched a new, yet-to-be-named management interface for its customers that's aimed at giving enterprise customers more control over how they provision and manage their IT resources.
Read more on Cloud IT Pro

European Security Firm SecPoint Releases Cloud Penetrator Scanner

European Security Firm SecPoint Releases Cloud Penetrator Scanner
By Nicole Henderson, September 22, 2011 (WEB HOST INDUSTRY REVIEW) — Security provider SecPoint (www.secpoint.com) announced on Thursday that it has released its Cloud Penetrator to prevent hackers from entering web servers and stealing data.
Read more on Web Host Industry Review

Event showcases cloud-computing apps to businesses
As their core product, Web hosting, continues to become an inexpensive commodity, data centers will need to find other premium services to offer their customers, Swanburg said. Cloud computing began as a way to rent heavy-duty computing power by
Read more on AZ Central.com

Cloud Firm Salesforce.com Names President, EMEA and EVP, EMEA Sales

GigaOm Structure 2009
cloud web hosting
Image by Kevin Krejci
Panel:
Building the Perfect Host for Web Apps

Panelists:
James Lindenbaum, Heroku
David Lipscomb, NetSuite
Lew Moorman, Rackspace Hosting
Matt Mullenweg, WordPress
Javier Soltero, SpringSource

Cloud Firm Salesforce.com Names President, EMEA and EVP, EMEA Sales
By Nicole Henderson, September 14, 2011 (WEB HOST INDUSTRY REVIEW) — Cloud computing provider Salesforce.com (www.salesforce.com) announced on Wednesday that it has named Miguel Milano president, EMEA and executive vice president, EMEA sales.
Read more on Web Host Industry Review (blog)

Security Firm Alert Logic Launches Cloud Acceleration Partner Program
By Nicole Henderson, September 14, 2011 (WEB HOST INDUSTRY REVIEW) — Cloud security services provider Alert Logic (www.alertlogic.com) announced on Wednesday that it has launched its Cloud Acceleration Partner Program for technology partners to
Read more on Web Host Industry Review (blog)