HP 的 audio driver 內含 Keylogger

HP 被發現 2015 年簽出來的 audio driver 內含 keylogger (yeah,因為有數位簽名,所以賴不掉...):「[EN] Keylogger in Hewlett-Packard Audio Driver」。完整的報告在「modzero Security Advisory: Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package. [MZ-17-01]」這邊。

keylogger 記錄後會寫到 local file 裡。來拉板凳...

Backblaze 再次發表各家硬碟耐用程度...

今年年初 (一月) 的時候發表過一次「各家硬碟的耐用程度...」引起爭議厚的最新力做,九月再發表一次:「Hard Drive Reliability Update – Sep 2014」。

灰色部份是一月的數據,其他顏色是九月的數據。文中有考慮是否要換成企業級的硬碟 (enterprise drives),但兩個評估的答案是否定的。

第一個評估是成本考量,就算一般硬碟以三年保固期有 15% 的 failure rate,相較於企業級 0% failure rate 計算 (於是直接算成 10 年),成本是不划算的:

Today on Amazon, a Seagate 3 TB “enterprise” drive costs $235 versus a Seagate 3 TB “desktop” drive costs $102. Most of the drives we get have a 3-year warranty, making failures a non-issue from a cost perspective for that period. However, even if there were no warranty, a 15% annual failure rate on the consumer “desktop” drive and a 0% failure rate on the “enterprise” drive, the breakeven would be 10 years, which is longer than we expect to even run the drives for.

更何況企業級硬碟的情況根本沒什麼差:

The assumption that “enterprise” drives would work better than “consumer” drives has not been true in our tests. I analyzed both of these types of drives in our system and found that their failure rates in our environment were very similar — with the “consumer” drives actually being slightly more reliable.