Public exploit code has been published for a severe vulnerability which last year affected Hewlett Packard Integrated Lights-Out 4 (HP iLO 4), a tool for remotely managing the company's servers.

HPE "silently released" patches last August, an anonymous reader reports, adding "details only emerged this spring after researchers started presenting their work at security conferences." The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware. But besides being a remotely exploitable flaw, this vulnerability is also as easy as it gets when it comes to exploitation, requiring a cURL request and 29 letter "A" characters, as below:

curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Because of its simplicity and remote exploitation factor, the vulnerability — tracked as CVE-2017-12542 — received a severity score of 9.8 out of 10.

An anonymous reader quotes a report from ZDNet: Arm is teaming up with Samsung's foundry to manufacture the recently announced Cortex-A76 CPU, which the pair say will run at speeds above 3GHz. At that speed the Cortex-A76 will be more powerful than Qualcomm's best Cortex-A75 SoC, the Snapdragon 845, which tops out at 2.8GHz. At launch, Arm said Cortex-A76 chips would even challenge Intel's Core i7 on performance, meaning it could benefit not just smartphones but laptops too, such as "always connected" Windows 10 on Arm devices from HP and Lenovo, which use Qualcomm's Snapdragon 835.

The collaboration will involve the Arm-designed chips being manufactured on Samsung's 7LPP (7nm Low Power Plus) and 5LPE (5nm Low Power Early) process technologies, combined with Arm's Artisan physical IP platform. However, it could still be some time before consumers see these high-powered Arm CPUs in devices. Initial production on the 7LPP process is set to begin in the second half of 2018. Samsung says 5LPE, the process technology after 7LPP, will allow greater area scaling and ultra-low power.

The three biggest PC OEMs -- Dell, HP, and Lenovo -- are now offering AMD Ryzen PRO mobile and desktop accelerated processing units (APUs) with built-in Radeon Vega graphics in a variety of commercial systems. There are a total of seven new APUs -- three for the mobile space and four for the desktop. As AMD notes in its press release, the first desktops to ship with these latest chips include: the HP Elitedesk G4 and 285 Desktop, the Lenovo ThinkCentre M715, and the Dell Optiplex 5055. ZDNet's Adrian Kingsley-Hughes writes about what makes Ryzen PRO so appealing: Ryzen PRO has been built from the ground up to focus on three pillars -- power, security and reliability. Built-in security means integrated GuardMI technology, an AES 128-bit encryption engine, Windows 10 Enterprise Security support, and support for fTPM/TPM 2.0 Trusted Platform Module. One of the features of Ryzen PRO that AMD hopes will appeal to commercial users is the enterprise-grade reliability that the chips come backed with, everything from 18-moths of planned software availability, 24-months processor availability, a commercial-grade QA process, 36-moth warranty, and enterprise-class manageability.

There are no worries on the performance front either, with the Ryzen PRO with Vega Graphics being the world's fastest processor currently available for ultrathin commercial notebooks, with the AMD Ryzen 7 PRO 2700U offering up to 22 percent more productivity performance than Intel's 8th-generation Core i7-8550U in testing carried out by AMD. AMD has also designed the Ryzen PRO processors to be energy-efficient, enabling up to 16 hours of battery life in devices, or 10.5 hours of video playback. The Ryzen PRO with Vega Graphics desktop processors are also no slouches, opening up a significant performance gap when compared to Intel Core i5 8400 and Core i3 8100 parts. AMD also announced that it is sampling its second-generation Threadripper 2900X, 2920X and 2950X products. "For Threadripper Gen2 you can expect a refresh of the current line-up; an 8-core Threadripper 2900X, a 12-core Threadripper 2920X and of course a 16-core Threadripper 2950X," reports Guru3D.com. "AMD will apply the same Zen+ tweaks to the processors; including memory latency optimizations and higher clock speeds."

AMD has something for the datacenter enthusiasts out there too. Epyc, AMD's x86 server processor line based on the company's Zen microarchitecture, has a new promo video, claiming more performance, more security features, and more value than Intel Xeon. The company plans to market Epyc in an aggressive head-to-head format similar to how T-Mobile campaigns against Verizon and AT&T. Given Intel Xeon's 99% market share, they sort of have to...

Even if you really wanted to buy a Windows phone, Microsoft has run out of Windows Phone devices to sell to you. From a report: I've been watching the number of Windows Phone options on the Microsoft Store website dwindle for over two years now. I was honestly expecting them to disappear completely more than six months ago. It's 2018, and there are still two remaining phones. Last night, they both flipped over to "out of stock." The HP Elite x3 with dock, normally $799 but on sale for $299, and the Alcatel Idol 4S, normally $299 but on sale for $99.99, are officially out of stock. The third option for $169, the Alcatel Idol 4S with VR Goggles, is of course also out of stock.

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."

Last week, Apple introduced a refreshed 9.7-inch iPad with Apple Pencil support. iFixit has published its teardown of the device this morning, and as The Verge points out, schools won't like how difficult it is to repair. From the report: The takeaway from all this is that the new iPad isn't going to be any easier to repair than prior generations, which were already borderline unrepairable. If an iPad breaks, there's almost no chance that a district will be able to repair it in-house; whereas on cheaper Chromebooks, there's a possibility an IT team could open them up to make some basic fixes. It's a weak point that it's hard to see Apple ever addressing. And since schools aren't exactly forgiving environments for a lent-out device, how well the iPad holds up to drops and dings, and how expensive it is to fix, are bound to be factors in a school's decision on which devices to adopt. Mac Rumors highlights the key findings from iFixit's teardown: The new iPad's lack of waterproofing, non-replaceable charging port, zero upgradeability, and use of glue throughout the internals added up to a "repair nightmare." iFixit then pointed towards the HP Elite x2 1012 G1 tablet, which got a perfect repairability score of 10 out of 10, summarizing that "Apple's 'education' iPad is still a case of won't -- not can't." One of the iPad's advantages in terms of repairability comes in the form of its digitizer panel easily separating from the display. iFixit pointed out that in the event that either component should break, repair will be easier for schools and educators. The sixth-gen iPad has the same battery as the previous model, with 32.9 Wh capacity. iFixit noted that while this allows Apple to reuse existing manufacturing lines to reduce waste, the battery is still locked behind a "repair-impeding adhesive" that greatly reduced the iPad's repairability score. Apple has provided easy battery removal before, in the 12.9-inch iPad Pro, but iFixit hasn't seen anything like it since. Ultimately, iFixit gave the 2018 iPad a repairability score of 2 out of 10, favoring the fairly easy repair options of its air-gapped, non-fused display and digitizer glass, but taking marks off for its heavy use of adhesive and sticky tape.

Verizon is planning on launch a Palm-branded smartphone later this year, an anonymous source told Android Police. The rumor backs up what a TCL executive said last August, when they confirmed that the company would launch a Palm phone this year. From the report: Sadly, we don't know anything about the phone itself at this time (well, we know it runs Android), but the fact that TCL is working with Verizon is telling. The carrier was a longtime Palm partner, selling most of the brand's webOS handsets all the way through the Pre 2. Verizon had intended to carry the ill-fated Pre 3, but the phone was cancelled by Palm's then-buyer HP before it could be released in the U.S. TCL acquired the rights to the Palm name back in 2015, and it's starting to get something of a reputation for reviving dead and dying brands: the Chinese firm manufactures BlackBerry handsets, which have received a surprising amount of attention in the mainstream press.

LG has released an open-sourced version of webOS that's freely available to anyone that wants to download and poke around the code. From a report: The release of webOS Open Source Edition is meant to act as a catalyst to drive further adoption of webOS beyond LG televisions, smart refrigerators, and the occasional never-to-be-released smartwatch. So, devices like webOS tablets and set-top boxes as pictured in the LG-supplied image above. This is the second time an open-source version of webOS has been released, the first coming under the failed tenure of HP back in 2011. LG's cross-town rival Samsung develops and uses the open-sourced Tizen operating system on a variety of devices including smartwatches, televisions, Blu-ray players, and robotic vacuums.

HP has announced a trio of slightly-odd products intended for use in hospitals. From a report: The new HP EliteOne 800 G4 23.8 Healthcare Edition All-in-One PC and HP EliteBook 840 G5 Healthcare Edition Notebook are computers intended for use in the healthcare industry. The EliteBook will ship with software called "Easy Clean" that disables the keyboard, touchscreen and keypad "to facilitate cleaning with germicidal wipes while the device is still on." HP said it's scoured the market and thinks it is the only vendor on the planet with a laptop capable of handling "up to 10,000 wipes with germicidal towelettes over a 3-year period." The All-in-One boasts no antibacterial features, but does have both RFID and biometric authentication, handy features in an environment where PCs can't be left unlocked to preserve privacy. That requirement means PCs are logged on to many more times a day than the average machine, making the presence of Windows Hello facial recognition more than a gimmick. Oddly, both come with the disclaimer that they're "not intended for use in diagnosis, cure, treatment or prevention of disease or other medical conditions."

An anonymous reader quotes a report from TechCrunch: There's an interesting concept making its way around Mobile World Congress. Two gadgets offer cameras hidden until activated, which offer a fresh take on design and additional privacy. Vivo built a camera into a smartphone concept that's on a little sliding tray and Huawei will soon offer a MacBook Pro clone that features a camera hidden under a door above the keyboard. This could be a glimpse of the future of mobile design. Cameras have long been embedded in laptops and smartphones much to the chagrin of privacy experts. Some users cover up these cameras with tape or slim gadgets to ensure nefarious players do not remotely activate the cameras. Others, like HP, have started to build in shutters to give the user more control. Both DIY and built-in options require substantial screen bezels, which the industry is quickly racing to eliminate.

With shrinking bezels, gadget makers have to look for new solutions like the iPhone X notch. Others still, like Vivo and Huawei, are look at more elegant solutions than carving out a bit of the screen. For Huawei, this means using a false key within the keyboard to house a hidden camera. Press the key and it pops up like a trapdoor. We tried it out and though the housing is clever, the placement makes for awkward photos -- just make sure you trim those nose hairs before starting your conference call. Vivo has a similar take to Huawei though the camera is embedded on a sliding tray that pops-up out of the top of the phone.

Rei writes: With an estimated 8,670 Model 3s delivered, a race is on as competitors and owners work to figure out its limits and explore the tech behind it. Many-time Tesla teardown expert "Ingineerix" has posted a series of videos and discussed his findings on Reddit. Among them: what appears to be the industry's first switched reluctance motor, a massive "smuggling compartment" allocated for a future front-wheel motor, no physical fuses (all solid-state), significant wiring harness length reductions via the use of multiple body controllers, a swappable crash energy absorption system, a liquid-cooled compute unit, and redundant controllers for all safety-related systems. He followed up by posting a screenshot of the car tricked into "factory mode" to reveal its internal specs, including a 1200A max discharge current, 370kW max discharge power, and a 76 kWh pack with 72,5kWh usable. Meanwhile, Munro and Associates tore down a Model 3 for an undisclosed, "not Tesla" client, releasing a video criticizing its build quality and for difficulty in accessing the HV cables in the event of an accident (Munroe's claims were dismissed by Ingineerix). Meanwhile, engineers from German automakers were extremely impressed by what they found during their teardown -- particularly the power electronics system, which they described as "compact, expandable, fully integrated, modular, easily accessible, well-protected, reasonably priced and astonishingly clever in many details." Other owners have been putting their cars on dynamometers to measure their power. Drag Times suffered some skid and measured a conflicting 281 / 327.6 hp with 552 lb-ft torque. Contrarily, Tesla Repair Channel found consistent readings around 250hp when starting from 30mph, but consistently around 390 hp when starting from 10mph. The reason for the discrepancy is not yet clear.

Intel, along with Dell, HP, Lenovo, and Microsoft said Thursday that the companies expect the first 5G Windows PCs to become available during the second half of 2019. From a report: That's about the same time that Intel plans to begin shipping its XMM 8000 commercial modems, marking the company's entrance into the 5G market. Intel will show off a prototype of the new 5G connected PC at Mobile World Congress show in Barcelona. In addition the company will demonstrate data streaming over the 5G network. At its stand, Intel said that it will also show off eSIM technology -- the replacement for actual, physical SIM cards -- and a thin PC running 802.11ax Wi-Fi, the next-gen Wi-Fi standard.

Intel has released new microcode to address the stability and reboot issues on systems after installing its initial mitigations for Variant 2 of the Meltdown and Spectre attacks. From a report: The stability issues caused by Intel's microcode updates resulted in Lenovo, HP, and Dell halting their deployment of BIOS updates last month as Intel worked to resolve the problems. Intel initially said unexpected reboots were only seen on Broadwell and Haswell chips, but later admitted newer Skylake architecture chips were also affected. Microsoft also said it had also seen Intel's updates cause data loss or corruption in some cases.

An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."

HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.

"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "

An anonymous reader writes: The Spectre and Meltdown mess continues with Dell now recommending their customers to not install the BIOS updates that are supposed to resolve the Spectre (Variant 2) vulnerabilities. These updates have been causing numerous problems for users including performance issues, boot issues, reboot issues, and general system stability. Due to this, Dell EMC has updated its knowledgebase article with a statement advising customers to not install the BIOS update and to potentially rollback to the previous BIOS if their computers are exhibiting "unpredictable system behavior". ZDNet reports that HP too has issued a similar advisory. The computer manufacturer pulled its softpaqs BIOS updates with Intel's patches from its website, and said it would be releasing a BIOS update with a previous version of Intel's microcode on Thursday.

An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates last week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System).

The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor "at the request of a BSSBU OEM customer." In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of "HP backdoor." The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.

An anonymous reader writes: It was another rough quarter for the global PC market, as fourth quarter unit sales dropped 2%, according to preliminary results from Gartner. In the U.S. things were even bleaker, with sales down 8%. HP was the only big name maker to post a sales increase in the U.S. and globally. It also passed Lenovo to grab the top spot globally and increased its lead in the U.S. over Dell. Apple saw Mac sales globally up 1.4%, but in the U.S. sales were down 1.6%. Dell gained less than 1% globally but fell more than 12% in the U.S. Lenovo sales dipped slightly globally, but its market share increased slightly, to 22% of the worldwide market.

An anonymous reader shares a report: The push behind the Always Connected PC vision has been ramping up in recent weeks, with manufacturers like HP, ASUS, and Lenovo all joining the fray with their own LTE PCs based on Qualcomm's Snapdragon platform. Now, Microsoft and Qualcomm have announced the first batch of mobile operators that will actively support Always Connected PCs around the world. These initial carriers will help to bring "easy and affordable connectivity plans to consumers on advanced LTE wireless networks," Microsoft and Qualcomm said in a press release. Throughout the first half of 2018 and beyond, the companies say, mobile operators in China, Italy, the UK, and the U.S. will officially support Always Connected PCs. Here's a look at the carriers you can expect to roll out support in each region: China -- China Telecom, Italy -- TIM (Telecom Italia), U.K. -- EE, U.S. -- Sprint, Verizon. In addition to supporting connected PCs on their LTE networks, you can expect each operator to stock Always Connected PCs in their retail store, Qualcomm and Microsoft say.

MojoKid writes: At CES 2018, Intel unveiled more details of its 8th generation Intel Core processors with integrated AMD Radeon RX Vega M graphics. Like cats and dogs living together, the mashup of an Intel processor with an AMD GPU is made possible by an Embedded Multi-Die Interconnect Bridge (EMIB), which provides a high-speed data interconnect between the processor, GPU and 4GB of second-generation High-Bandwidth Memory (HBM2). Intel is delivering 8th generation H-Series Core processors in 65W TDP (laptops) and 100W TDP (desktops) SKUs that will take up 50 percent less PCB real estate, versus traditional discrete configs. Both the mobile and desktop variants of the processors will be available in Core i5 or Core i7 configurations, with 4 cores and 8 threads, up to 8MB of cache and 4GB of HBM2. The 65W mobile processors can boost up to 4.1GHz, while the Radeon RX Vega M GL GPU has base/boost clocks of 931MHz and 1011MHz, respectively. The AMD GPU has 20 compute units and memory bandwidth checks in at 179GB/s. Desktop processors ratchet the maximum boost slightly to 4.2GHz, while the base/boost clocks of the Radeon RX Vega M GH GPU jump to 1063MHz and 1190MHz, respectively. Desktop GPUs are also upgraded with 24 CUs and 204GB/s of memory bandwidth. Intel says that its 8th generation Core i7 with Radeon RX Vega M GL graphics is up to 1.4x faster than a Core i7-8550U with an NVIDIA GeForce GTX 1050 GPU in a notebook system. System announcements from Dell and HP are forthcoming, with availability in the first half of this year. Intel has also launched a new NUC small form factor gaming mini PC based on the technology as well.

An anonymous reader shares a report: Amazon's Alexa recently arrived on headphones and even toilets, but it's about to become much more ubiquitous by hitting Windows 10 PCs later this year. HP, ASUS and Acer have revealed that the voice assistant is coming to various models, including ASUS's ZenBook and VivoBook lineup, the HP Pavilion Wave, and select Acer Spin, Swift, Switch and Aspire notebooks. Amazon will release a special Alexa app in the spring, and laptop builders are tapping Intel's Smart Sound tech to make sure that the app can pick up your voice when you're not right next to your PC. "Hands-free access to Alexa on PCs can be helpful to customers in many ways, like making it simple to interact with your smart home, get news or weather, set timers, and more," Amazon Alexa VP Steve Rabuchin said in a statement.