By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

According to an industry leader, Huawei may be the first manufacturer to announce a 3nm chipset Is Huawei about to pull a special card from its sleeve in the battle for smartphone supremacy? According to an industry leader, its flagship processor is about to get a boost, according to a report in GizmoChina. Strangely enough, it has just been a few months since Huawei announced the Kirin 9000 processor. The chipset comes in two variants – the Kirin 9000 and Kirin 9000E – and is found only in the Mate 40 series smartphone, GizmoChina reported. Now, an industry leader has disclosed details about the next flagship Kirin processor which has been reported to be called the Kirin 9010. The info about the new Kirin processor comes from the leaker @RODENT950, and according to the tweet, the next-gen Kirin processor should arrive as the Kirin 9010 and it will be a 3nm chipset, GizmoChina reported. The Kirin 9000 launched as the first 5nm processor for Android devices and after its announcement came the Samsung Exynos 1080 and the Qualcomm Snapdragon 888. While most people will expect Huawei to stick to the 5nm process for at least two years, this leak reveals it is making the jump to 3nm for its next mobile chipset, which if all goes well, should launch this year and possibly appear in the Mate 50 series by Q4, GizmoChina reported. Speculation is that other chip manufacturers such as Qualcomm could follow suit and switch to 3nm for their next-gen flagship chipset if the news about Huawei’s 3nm chipset is true. The San Diego-based company is expected to announce a Snapdragon 888 Plus chipset later this year, which should be a 5nm processor like its sibling but with a higher clock speed, GizmoChina reported. Samsung, on the other hand, has been reported to be skipping the 4nm process and jumping to 3nm. Apple is also expected to announce 3nm processors that will be built by TSMC but it is not expected to arrive until 2022. So there is a chance Huawei may be the first manufacturer to announce a 3nm chipset. Chip processors are defined in nanometers (nm), in which the number defines the distance between transistors and other components within the CPU. The smaller the number, the more transistors that can be placed within the same area, allowing for faster, more efficient processor designs. Smaller transistors also consume less energy, which means lower power consumption. And because of lower power consumption, there’s lower heat dissipation, meaning cooler processors. It isn’t as easy as it sounds though – the process of shrinking these processes. Making smaller transistors requires very precise instruments and machines, which is why processors built on smaller processes will be costlier than older, larger ones.  Moore’s Law, an old observation that the number of transistors on a chip doubles every year while the costs are halved, held for a long time but has been slowing down lately. Back in the late 90s and early 2000s, transistors shrunk in size by half every two years, leading to massive improvements on a regular schedule. But further shrinking has gotten more complicated.  To get better informed visit OUR FORUM.

You can get a Microsoft Account for free, but that doesn't begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a solid baseline of security and protect that account from intruders. What's your most valuable online account, the one most deserving of protection? If you use a Microsoft account to sign in to a Windows PC, that account and its associated email address should be the one you guard most jealously. That's especially true if you use that Microsoft account for OneDrive storage and Office 365 documents. In this post, I list seven steps you can take to help you lock that account down so it's safe from online attacks. As always, there's a balancing act between convenience and security, so I've divided the steps into three groups, based on how tightly you want to lock down your Microsoft account. (It's worth noting that this article is about consumer Microsoft accounts used with Home and Personal editions of Office 365, Microsoft 365, and OneDrive. Security settings for business and enterprise Microsoft 365 accounts are managed by domain administrators through Azure Active Directory, using a completely different set of tools.) Baseline Security is sufficient for most ordinary PC users, especially those who don't use their Microsoft email address as a primary factor for signing in to other sites. If you're helping a friend or relative who's technically unsophisticated and intimidated by passwords, this is a good option. At a minimum, you should create a strong password for your Microsoft account, one that's not used by any other account. In addition, you should turn on two-step verification (Microsoft's term for multi-factor authentication) to protect yourself from phishing and other forms of password theft. When that feature is enabled, you have to supply additional proof of your identity when you sign in for the first time on a new device or when you perform a high-risk activity, such as paying for online purchase. The additional verification typically consists of a code sent as an SMS text message to a trusted device or in an email message to a registered alternate account. Baseline precautions are adequate, but you can tighten security significantly with a couple of extra steps. First, install the Microsoft Authenticator app on your iPhone or Android device and set it up for use as a sign-in and verification option. Then remove the option for using SMS text messages to verify your identity. With that configuration, you can still use your mobile phone as an authentication factor, but a would-be attacker won't be able to intercept text messages or spoof your phone number. The most extreme security, add at least one physical hardware key along with the Microsoft Authenticator app and, optionally, remove email addresses as a backup verification factor. That configuration places significant roadblocks in the way of even the most determined attacker. It requires an extra investment in hardware and it definitely adds some friction to the sign-in process, but it's by far the most effective way to secure your Microsoft account. You need a strong, unique password for your Microsoft account. The best way to ensure that you've nailed this requirement is to use your password manager's tools to generate a brand-new password. Generating a new password ensures that your account credentials are not shared with any other account; it also guarantees that an older password that you might have inadvertently reused isn't part of a password breach. The next step is to save a recovery code. If you're ever unable to sign in to your account because you've forgotten the password, having access to this code will save you from being permanently locked out. On the Microsoft Account Security Basics page, find the Advanced Security Options section and click Get Started. That takes you to the not-so-basic Microsoft Account Security page. Don't leave the Microsoft Account Security page just yet. Instead, scroll up to the Two-Step Verification section and make sure this option is turned on. The setup process is a fairly straightforward wizard that confirms you are able to receive verification messages. If you're using a modern smartphone with an up-to-date version of iOS or Android, you can safely ignore the prompts to create an app password for the mail client on those phones. Microsoft recommends that you have at least two forms of verification available in addition to your password. If you need to reset your password when two-step verification is enabled, you'll need to supply both of those forms of identification or you risk being permanently locked out. A free email address, such as a Gmail account, is acceptable if your security needs are minimal, but a business email address is a much better choice. If necessary, you can have a verification code sent to that address. More complete details can be found on OUR FORUM.
It can happen in the blink of an eye. You put your Android phone down on a counter at the checkout stand or feel a slight bump as you get off the subway, only to later realize your phone is missing. Regardless of how you lose it, be it theft or a simple mistake, losing your phone is a stressful experience. Losing your phone cuts off your access to the rest of the world; it is likely the most personal device you own. Replacing it is a costly nuisance. In the event your phone goes missing, don't panic! There are tools built into every Android phone that make it possible to lock and track down a lost phone with ease. But first, you'll need to take some steps now to set yourself up for success if and when your phone does go missing -- even if you only left it in the house. You can take a few steps now to be ready if you lose your phone. Do yourself a favor and turn on passcode and fingerprint authentication. Do yourself another favor and don't use facial recognition on your Android device. On most Android devices, the technology used for facial recognition can be easily tricked with something as simple as a photo of your face. Google's Pixel 4 and Pixel 4 XL are the exceptions here, as they use a more reliable system similar to Apple's Face ID. Next, create your passcode and set up fingerprint authentication in the Settings app under the Security section. I realize scanning a fingerprint or entering a PIN code every time you want to use your phone can be inconvenient, but the idea of someone having access to your photos, banking apps, email, and the rest of your personal info is downright scary. An extra step to unlock your phone is worth the effort when you consider the potential impact of exposing your personal info to a stranger.  Any time you sign in to an Android device with a Google account, Find My Device is automatically turned on. Google's free Find My Device service is what you'll use should your phone ever go missing to track, remotely lock, and remotely erase it. Check to make sure Find My Device is enabled on your Android phone by opening the Settings app and going to Security & Location > Find My Device. Alternatively, if your device doesn't have a Security & Location option, go to Google > Security > Find My Device. Find My Device should be turned on. If not, slide the switch to the On position. Finally, double-check that the ability to secure and remotely erase the device is turned on by going to android.com/find on your computer, selecting your phone, and clicking Set Up Secure & Erase. A push alert will be sent to your phone -- tap it to finish the setup process. Samsung has long offered a Find My Mobile service to help Galaxy phone owners track down their lost phones. The service is separate from Google's Find My Device offering, and is something you can -- and definitely should -- set up. Not only does it give you a backup service you can use to track down a lost phone, but it also gives you tools that Find My Device doesn't have. With Samsung's service, you can do things like forcing remote backups or see if someone has swapped out your SIM card. You'll need to use your Samsung account to set up Find My Mobile. However, more recently, Samsung announced a new service called SmartThings Find. The new feature works like Apple's Find My app by crowdsourcing the location of a lost device, even if it's offline, but telling nearby Galaxy devices to look for its Bluetooth signal and report its location if it's found. All of which, of course, is done anonymously. As for SmartThings Find, you'll need to have a Galaxy device running Android 8 or newer. The setup process should already be taken care of as long as you're running the latest version of the SmartThings app. I had to go into the Galaxy Store app and update it myself, but once I did that the main page of the SmartThings app had a map showing the last location of my Galaxy Buds ($80 at Amazon), along with other Samsung devices that are linked to my account below the map. If it's not set up automatically, you may have to tap on a SmartThings Find button and follow the prompts to register your device. Once it's turned on, you can view the location of your device(s) by opening the SmartThings app and select SmartThings Find. Read this how-to in its entirety on OUR FORUM.

As the 116th Congress comes to an end, the annual defense authorizing legislation (NDAA) is among its most important pending matters — and tucked within it is the most important internet issue that you’ve probably never heard of. While not as visible as COVID relief or continuing government funding, the massive Fiscal Year 2021 NDAA Conference Committee report addresses many important defense and non-defense issues, including the naming of military bases after Confederate officers, limits on the President’s ability to withdraw troops from Germany and Afghanistan, a threatened presidential veto over the absence of a repeal of Section 230 and much more — to say nothing of the roughly $740 billion in military programs the law would authorize for the current fiscal year. Amid these, both the House and Senate bills and the Conference Report address an important internet issue that is not much discussed and not much understood outside of a small circle of industry, scholarly, military, intelligence, and law enforcement experts. The resolution of the issue (which won’t get the kind of attention that creating a new “National Cyber Director” will get) could have an enormous impact on the shape and future of the entire internet — far beyond the military and defense communities. Labeled “information sharing,” to put it most simply, it’s whether the U.S. Government (or any government) should regulate and control information about cyber threats that is shared by internet (and other) companies with U.S. military, law enforcement, and intelligence agencies — or whether the sharing of cyber threat information by internet companies should continue to be voluntary and led by industry. The issue is often addressed in vague terms, but at its core, it divides American industry, the tech sector, and even the internet industry itself — and its resolution will establish basic rules for how the internet is regulated by the U.S. government and most other governments. The Fiscal 2021 NDAA Conference Report partly addresses this issue and partly postpones it. That’s not surprising, given its complexity and enormous implications for the shape of the internet. Aside from the political fact that nearly everyone supports “cooperation on cybersecurity” between government agencies and internet companies, the debates over mandatory versus voluntary cooperation is further complicated by the fact that serious cyber threats to the U.S. originate not only from a foreign military attack but also from anyone from a bored high school student to a professional crime ring. Cyber threats from any of these could jeopardize large parts of our economy or social structure. So, a major underlying issue in mandatory versus voluntary “information sharing” is that the problem that’s being addressed is not just defending against a foreign military attack on the United States. It is, arguably, defending against any type of cyber threat from anyone. The details are quite complex, but the core issue has been hotly debated for over a decade and even echoes policy debates over industry regulation that go back to the 1980s. Like several other cybersecurity issues, the issue of “information sharing” was highlighted by the recent report of the Cyberspace Solarium Commission, which looked at the full scope of cyber threats to the U.S. and set forth a wide range of proposals to improve America’s cybersecurity. The Commission singled out companies that are part of the “defense industrial base” (which could include quite a large swath of the internet industry) and concluded that they and other internet companies need some form of new, mandatory information sharing for the national security of the United States. Historically, there have been many — mostly in intelligence, law enforcement, and the military — who believe that major internet companies should be legally required to rapidly share information about cyber threats with law enforcement, military, and intelligence agencies. These advocates of mandatory and regulated information sharing are supported by some defense contractors and many businesses that depend on the integrity of the internet for their business. Generally, their view is that whatever drawbacks this form of regulating the internet may have are a small price to pay for the significant increase in security and stability that mandatory and regulated information sharing would offer. For more visit OUR FORUM

In just the last two months, the cybercriminal-controlled botnet known as TrickBot has become, by some measures, public enemy number one for the cybersecurity community. It's survived takedown attempts by Microsoft, a supergroup of security firms, and even US Cyber Command. Now it appears the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware. Security firms AdvIntel and Eclypsium today revealed that they've spotted a new component of the trojan that TrickBot hackers use to infect machines. The previously undiscovered module checks victim computers for vulnerabilities that would allow the hackers to plant a backdoor in deep-seated code known as the Unified Extensible Firmware Interface, which is responsible for loading a device's operating system when it boots up. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive, planting malicious code there would allow TrickBot to evade most antivirus detection, software updates, or even a total wipe and reinstallation of the computer's operating system. It could alternatively be used to "brick" target computers, corrupting their firmware to the degree that the motherboard would need to be replaced. The TrickBot operators' use of that technique, which the researchers are calling "TrickBoot," makes the hacker group just one of a handful—and the first that's not state-sponsored—to have experimented in the wild with UEFI-targeted malware, says Vitali Kremez, a cybersecurity researcher for AdvIntel and the company's CEO. But TrickBoot also represents an insidious new tool in the hands of a brazen group of criminals—one that's already used its foothold inside organizations to plant ransomware and partnered with theft-focused North Korean hackers. "The group is looking for novel ways to get very advanced persistence on systems, to survive any software updates and get inside the core of the firmware," says Kremez. If they can successfully penetrate a victim machine's firmware, Kremez adds, "the possibilities are endless, from destruction to basically complete system takeover." While TrickBoot checks for a vulnerable UEFI, the researchers have not yet observed the actual code that would compromise it. Kremez believes hackers are likely downloading a firmware-hacking payload only to certain vulnerable computers once they're identified. "We think they've been handpicking high-value targets of interest," he says. The hackers behind TrickBot, generally believed to be Russia-based, have gained a reputation as some of the most dangerous cybercriminal hackers on the internet. Their botnet, which at its peak has included more than a million enslaved machines, has been used to plant ransomware like Ryuk and Conti inside the networks of countless victims, including hospitals and medical research facilities. The botnet was considered menacing enough that two distinct operations attempted to disrupt it in October: One, carried out by a group of companies including Microsoft, ESET, Symantec, and Lumen Technologies, sought to use court orders to cut TrickBot's connections to the US-based command-and-control servers. Another simultaneous operation by US Cyber Command essentially hacked the botnet, sending new configuration files to its compromised computers designed to cut them off from the TrickBot operators. It's not clear to what degree the hackers have rebuilt TrickBot, though they have added at least 30,000 victims to their collection since then by compromising new computers or buying access from other hackers, according to security firm Hold Security. AdvIntel's Kremez came upon the new firmware-focused feature of TrickBot—whose modular design allows it to download new components on the fly to victim computers—in a sample of the malware in late October, just after the two attempted takedown operations. He believes it may be part of an attempt by TrickBot's operators to gain a foothold that can survive on target machines despite their malware's growing notoriety throughout the security industry. "Because the whole world is watching, they've lost a lot of bots," says Kremez. "So their malware needs to be stealthy, and that's why we believe they focused on this module." To learn more visit OUR FORUM.

Windows 10 isn’t as sluggish and bloated as some versions that have come before. Which means you shouldn’t have any serious performance complaints. Then again, why leave free performance on the table by running unnecessary services? There’s a long list of Windows 10 services that most users don’t need. So you can safely disable these unnecessary Windows 10 services and satisfy your craving for pure speed. Some Common Sense Advice First, Windows services all have specific jobs. Some of these jobs are critical for your computer to work properly. If you disable a Windows service that’s needed for the normal operation of your computer, you can get locked out of your machine or may have to undo what you’ve done. We tested disabling all the unnecessary services listed below via the Services app on our computer. However, we can’t take any responsibility for something going wrong with your specific machine. Don’t mess around with random services not listed here and always create a system restore point or system backup before making changes. We rate a process as “safe to disable” if it doesn’t affect the core functionality of your computer, but we don’t recommend that you actually disable every single one of these services since they are not harmful and can be useful too. Do you have a printer? Do you ever use it? Printers are becoming a niche item as we all transition to paperless documentation and use smartphone cameras to scan documents. If you don’t use a printer then you can safely disable the print spooler. This is a service that manages and queues print jobs. Without any print jobs to process, it just sits there using up RAM and CPU time. Windows Image Acquisition is the service that waits until you press the button on your scanner and then manages the process of getting the image where it needs to go. This also affects communication with digital cameras and video cameras that you connect directly to your computer, so be aware of that if you need this function. Unbelievably, there are actually plenty of businesses that still use fax machines. Fax usage is very niche, however, so it’s almost certain that you don’t need fax services on your computer. If you are one of the five people sending and receiving faxes from your computer, well then this doesn’t apply to you. Also, buy a scanner instead. It’s safe to disable the Bluetooth service if you don’t need it. It can be a precaution against Bluetooth attacks too. These days Bluetooth devices such as mice, game controllers, and headphones are common. So only a small number of users who never use Bluetooth should consider this. Windows Search is safe to disable and can have a noticeable effect on your performance because it also disables the Windows search indexer. It’s not something we recommend most people do, however. Instant, fast search performance is one of the best features of Windows 10. It’s an option if you don’t make much use of Windows search or your CPU is really slow. Go ahead and disable it to see if it boosts performance. Windows sends an error report back to Microsoft when things go wrong. Microsoft uses this information to fix problems in future updates. Some people have a privacy issue with this and choose not to send reports. If you don’t want to send error reports to Microsoft, you can go beyond selecting Don’t send every time and disable the entire service. Disabling these services won’t give you drastic speed boosts. Though, you can get an extra frame or two out of your video games or open even more tabs in your browser. There are several more services you can stop. But, we strongly recommend against messing with the Windows services you are unsure about. It’s especially risky to disable services that are essential to your hardware, such as those related to your graphics card. Always research a given Windows service before you disable it. For more Windows 10 Services that can be disabled visit OUR FORUM.