Post Syndicated from Cliff Robinson original https://www.servethehome.com/microsoft-azure-cobalt-200-launched-with-132-arm-neoverse-v3-cores/
The Microsoft Azure Cobalt 200 is out, using 132 Arm Neoverse V3 cores for a next-generation TSMC 3nm compute option in Azure
The post Microsoft Azure Cobalt 200 Launched with 132 Arm Neoverse V3 Cores appeared first on ServeTheHome.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/microsoft-etches-microfluidic-channels-directly-into-silicon-chips-intel/
Microsoft is etching microfluidic channels directly into silicon in research to cool future generations of AI accelerators
The post Microsoft Etches Complex Microfluidics Channels Directly into Silicon Chips appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/09/microsoft-still-uses-rc4.html
Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/picking-servers-cpus-for-databases-in-2025-is-still-complex-amd-oracle-microsoft/
Picking CPUs for databases is still a topic of great complexity in 2025 with CPU vendors making different chips catering to database licenses
The post Picking Servers CPUs for Databases in 2025 is Still Complex appeared first on ServeTheHome.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/microsoft-azure-hardware-security-to-help-thwart-the-worlds-3rd-largest-gdp/
At Hot Chips 2025, Microsoft went into its Azure Hardware Security that it uses to help keep its cloud services secure
The post Microsoft Azure Hardware Security to Help Thwart the World’s 3rd Largest GDP appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/07/microsoft-sharepoint-zero-day.html
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide:
The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects SharePoint Servers that infrastructure customers run in-house. Microsoft’s cloud-hosted SharePoint Online and Microsoft 365 are not affected.
Here’s Microsoft on patching instructions. Patching isn’t enough, as attackers have used the vulnerability to steal authentication credentials. It’s an absolute mess. CISA has more information. Also these four links. Two Slashdot threads.
This is an unfolding security mess, and quite the hacking coup.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/hot-chips-2025-preliminary-schedule-released/
The Hot Chips 2025 preliminary schedule is out with less than three months left until the annual conference
The post Hot Chips 2025 Preliminary Schedule Released appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/05/signal-blocks-windows-recall.html
This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.
Post Syndicated from John Lee original https://www.servethehome.com/how-to-see-if-ecc-is-working-in-windows-quickly/
We have a quick guide to check if ECC is working on a platform when you have ECC memory installed but want to check in Windows
The post How to See if ECC is Working in Windows Quickly appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/04/ai-vulnerability-finding.html
Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code:
Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.
Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.
The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device.
Nothing major here. These aren’t exploitable out of the box. But that an AI system can do this at all is impressive, and I expect their capabilities to continue to improve.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/mapping-licensing-for-virtualization-is-cool-now-amd-vmware-microsoft-windows-citrix-red-hat/
For a long time, we have been focusing a lot on the hardware costs of new processors but missing the virtualization license costs. Part of that is simply due to the number of virtualization licenses and support models. Recently, we purchased the most popular barebones server and the most popular server processor on Newegg to […]
The post Mapping Licensing for Virtualization is Cool Now appeared first on ServeTheHome.
Post Syndicated from Cliff Robinson original https://www.servethehome.com/microsoft-majorana-1-topological-qubit-quantum-computer-shown/
Microsoft Majorana 1 uses a new state of matter and exotic particles to build a better and more scalable qubit for quantum computing
The post Microsoft Majorana 1 Topological Qubit Quantum Computer Shown appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/02/on-generative-ai-security.html
Microsoft’s AI Red Team just published “Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful:
- Understand what the system can do and where it is applied.
- You don’t have to compute gradients to break an AI system.
- AI red teaming is not safety benchmarking.
- Automation can help cover more of the risk landscape.
- The human element of AI red teaming is crucial.
- Responsible AI harms are pervasive but difficult to measure.
- LLMs amplify existing security risks and introduce new ones.
- The work of securing AI systems will never be complete.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/01/microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme.html
Not sure this will matter in the end, but it’s a positive move:
Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content.
The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said Steven Masada, the assistant general counsel for Microsoft’s Digital Crimes Unit. They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use.
It was a sophisticated scheme:
The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft’s AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company’s Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them.
Slashdot thread.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/this-is-the-microsoft-azure-hbv5-and-amd-mi300c-nvidia/
At SC24 we saw the custom 96 core AMD MI300C HBM3 CPU and four-socket system powering the Microsoft Azure HBv5 instances
The post This is the Microsoft Azure HBv5 and AMD MI300C appeared first on ServeTheHome.
Post Syndicated from Rohit Kumar original https://www.servethehome.com/cisco-8102-dpu-12-8t-switch-with-amd-pensando/
We saw the Cisco 8102-DPU a 12.8T switch that can house up to eight AMD Pensando DPUs for 1.6T of programmable service acceleration
The post Cisco 8102-DPU 12.8T Switch with AMD Pensando appeared first on ServeTheHome.
Post Syndicated from Cliff Robinson original https://www.servethehome.com/new-microsoft-azure-nvidia-gb200-systems-shown/
Microsoft Azure NVIDIA GB200 systems are huge, with two thirds of the aisle space being dedicated to cooling the NVIDIA rack
The post New Microsoft Azure NVIDIA GB200 Systems Shown as Two-Thirds Cooling appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/09/microsoft-is-adding-new-cryptography-algorithms.html
Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article:
The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren’t vulnerable to Shor’s algorithm when the keys are of a sufficient size.
The ML in the ML-KEM name refers to Module Learning with Errors, a problem that can’t be cracked with Shor’s algorithm. As explained here, this problem is based on a “core computational assumption of lattice-based cryptography which offers an interesting trade-off between guaranteed security and concrete efficiency.”
ML-KEM, which is formally known as FIPS 203, specifies three parameter sets of varying security strength denoted as ML-KEM-512, ML-KEM-768, and ML-KEM-1024. The stronger the parameter, the more computational resources are required.
The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it’s based on “stateful hash-based signature schemes.” These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/microsoft-maia-100-ai-accelerator-for-azure/
We learned more about the Microsoft Maia 100 which is the company’s AI accelerator to run OpenAI models at lower costs
The post Microsoft MAIA 100 AI Accelerator for Azure appeared first on ServeTheHome.