Month: January 2022

Enlarge / A worker checks a mainboard at a Vingroup production facility in Hanoi, Vietnam. (credit: NHAC NGUYEN/AFP)

US chip supplies are close to the breaking point as a new survey reveals diminished inventories and overstretched fabs.

The numbers put the chip shortage in stark relief. In 2021, companies that purchase semiconductors had less than five days of inventory on hand as opposed to the 40 days of inventory they had in 2019, according to a survey of more than 150 companies conducted by the US Department of Commerce. At the same time, demand was up 17 percent. Many of the companies surveyed said that demand exceeded their internal forecasts.

“We aren’t even close to being out of the woods as it relates to the supply problems with semiconductors,” Commerce Secretary Gina Raimondo said on a press call Tuesday. “The semiconductor supply chain is very fragile, and it’s going to remain that way until we can increase chip production in the United States.”

Enlarge (credit: Getty Images)

Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Trivial to exploit and 100 percent reliable

Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if the app is hacked or malicious or if a user isn’t trusted to have administrative control of a network.

Enlarge

Archaeologists working in Oman's Qumayrah Valley recently unearthed a rare artifact: a stone board game dating back some 4,000 years. The board features grid-like markings (possibly indicating fields) and holes for cups. It was found at a site near the village of Ayn Bani Saidah.

The excavation is part of an ongoing project to study the Iron and Bronze Age settlements in the Qumayrah Valley. The dig is a collaboration between Sultan al Bakri, director general of antiquities at the Ministry of Heritage and Tourism in Oman, and Piotr Bielinski of the Polish Center of Mediterranean Archaeology at the University of Warsaw. The area is one of the least-studied regions of the country, but the archaeological finds thus far indicate that the Qumayrah Valley was likely part of a major trade route between several Arab cities.

There is archaeological evidence for various kinds of board games from all over the world dating back millennia: senet and Mehen in ancient Egypt, for example, or a strategy game called ludus latrunculorum ("game of mercenaries") favored by Roman legions. The board just discovered at the Omani site might be a precursor to an ancient Middle Eastern game known as the Royal Game or Ur (or the Game of Twenty Squares), a two-player game that may have been one of the precursors to backgammon (or was simply replaced in popularity by backgammon).

Enlarge / Neil Young performs on stage at Barclaycard Presents British Summer Time at Hyde Park on July 12, 2019, in London, England. (credit: Jo Hale | Getty Images)

Neil Young has threatened to remove his music from Spotify because he believes the streaming company enables podcaster Joe Rogan to spread “fake information” about vaccines.

In an email to his record label, Warner Records, Young said Spotify “has a responsibility to mitigate the spread of misinformation on its platform.”

“I want you to let Spotify know immediately TODAY that I want all my music off their platform,” he wrote. “They can have Rogan or Young. Not both.”

Enlarge (credit: Getty Images)

Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website.

The malware was a full-featured backdoor that was written from scratch, an indication that the developers behind it have significant resources and expertise. DazzleSpy, as researchers from security firm Eset have named it, provides an array of advanced capabilities that give the attackers the ability to fully monitor and control infected Macs. Features include:

• victim device fingerprinting
• screen capture
• file download/upload
• execute terminal commands
• audio recording
• keylogging

Deep pockets, top-notch talent

Mac malware has become more common over the years, but the universe of advanced macOS backdoors remains considerably smaller than that of advanced backdoors for Windows. The sophistication of DazzleSpy—as well as the exploit chain used to install it—is impressive. It also doesn’t appear to have any corresponding counterpart for Windows. This has led Eset to say that the people who developed DazzleSpy are unusual.