Technology Sectors

Market Sectors

Homepage

Peraton Names Former DHS Under Secretary Reginald Brothers as Executive Vice President and Chief Technology Officer

HERNDON, VA – Peraton has announced the appointment of Dr. Reginald Brothers as executive vice president and Chief Technology Officer, effective February 19, 2018.

As Chief Technology Officer, Brothers will lead a new organization responsible for strategic planning, technology solutions, business development, and mergers and acquisitions (M&A) for the company.

Most recently, Brothers was a principal with The Chertoff Group, a premier global advisory firm focused on security and risk management. Prior to that role, he served as Under Secretary for Science and Technology, Department of Homeland Security, where he was responsible for a science and technology portfolio that included basic and applied research, development, demonstration, testing and evaluation with the purpose of helping DHS operational elements and the nation’s first responders achieve their mission objectives.

From 2011 to 2014, he served as the Deputy Assistant Secretary for Research, Department of Defense, where he was responsible for policy and oversight of the Department’s science and technology programs and laboratories. Earlier in his career, Brothers held senior technology leadership roles in the Defense Advanced Research Projects Agency (DARPA) and the Communications and Networking business area at BAE Systems.

“Reggie brings a truly unique perspective to Peraton,” said Stu Shea, Peraton CEO. “From his successful career in government and the private sector, he possesses a deep understanding of the mission and technology requirements of our DoD and homeland security customers. We will look to Reggie to further strengthen, differentiate, and align Peraton’s technology development, customer engagement, and M&A activities across the markets we serve.”

He earned a B.S. in electrical engineering from Tufts University, an M.S. in electrical engineering from Southern Methodist University, and a Ph.D. in electrical engineering and computer science from the Massachusetts Institute of Technology.

 

About Peraton

Peraton provides innovative, reliable solutions to the nation’s most sensitive and mission-critical programs and systems. Peraton has significant experience providing highly differentiated space, intelligence, cyber/SIGINT, defense, homeland security, electronic warfare and secure communications solutions, and has become a trusted partner on missions that are critical to the security priorities of the United States. Capabilities include complex software and technology services and solutions, as well as end-to-end mission operations capabilities, including software systems development, offensive and defense cyber operations, modeling & simulation, mission management, and Quick Reaction Capabilities (QRC) / Research & Development. The company is headquartered in Herndon, VA, with approximately 3,500 employees across the U.S. and Canada.

Evonik and Siemens to generate high-value specialty chemicals from carbon dioxide and eco-electricity

Evonik and Siemens are planning to use electricity from renewable sources and bacteria to convert carbon dioxide (CO2) into specialty chemicals. The two companies are working on electrolysis and fermentation processes in a joint research project called Rheticus. The project was launched today and is due to run for two years. The first test plant is scheduled to go on stream by 2021 at the Evonik facility in Marl, Germany which produces chemicals such as butanol and hexanol, both feedstocks for special plastics and food supplements, for example. The next stage could see a plant with a production capacity of up to 20,000 tonnes a year. There is also potential to manufacture other specialty chemicals or fuels. Some 20 scientists from the two companies are involved in the project.

In the fermentation process—here at lab scale—, special bacteria are converting CO-containing gases to valuable chemicals through metabolic processes. (Copyright: Evonik Industries AG)

"We are developing a platform that will allow us to produce chemical products in a much more cost-effective and environmentally-friendly way than we do today", explains Dr. Günter Schmid, technical project responsible of Siemens Corporate Technology. "Using our platform, operators will in future be able to scale their plants to suit their needs." The new technology combines multiple benefits. It not only enables chemicals to be produced sustainably, it also serves as an energy store, can respond to power fluctuations and help stabilize the grid. Rheticus is linked to the Kopernikus Initiative for the energy transition in Germany which is seeking new solutions to restructure the energy system. The Rheticus project will receive 2.8 million euros in funding from Germany's Federal Ministry of Education and Research (BMBF).

"With the Rheticus platform, we want to demonstrate that artificial photosynthesis is feasible", adds Dr. Thomas Haas, who is responsible for the project in Evonik's strategic research department Creavis. Artificial photosynthesis is where CO2 and water are converted into chemicals using a combination of chemical and biological steps, in a process similar to how leaves use chlorophyll and enzymes to synthesize glucose.

Siemens and Evonik are each contributing their own core competencies to this research collaboration. Siemens is providing the electrolysis technology, which is used in the first step to convert carbon dioxide and water into hydrogen and carbon monoxide (CO) using electricity. Evonik is contributing the fermentation process, converting gases containing CO into useful products by metabolic processes with the aid of special micro-organisms. In the Rheticus project, these two steps – electrolysis and fermentation – are scaled up from the laboratory and combined in a technical test facility.

"Rheticus brings together the expertise of Evonik and Siemens. This research project shows how we are applying the Power-to-X idea", says Dr. Karl Eugen Hutmacher from the BMBF. Using electricity to generate chemicals is an idea from the Power-to-X concept. As one of the four pillars of the Kopernikus Initiative, the idea is to help convert and store renewable, electrical energy efficiently. At the same time, the Rheticus platform also contributes to the reduction of carbon dioxide levels in the atmosphere, as it uses CO2 as a raw material. Three tons of carbon dioxide would be needed to produce one tonne of butanol, for example.

Evonik and Siemens see great future potential in the Rheticus platform. It will make it simple to scale plants to the desired size – the chemical industry will be able to adapt them flexibly to local conditions. In future, they could be installed anywhere where there is a source of CO2 – power plant waste gas or biogas for instance.

"Its modular nature and flexibility in terms of location, raw material sources and products manufactured make the new platform attractive for the specialty chemicals industry in particular", says Haas. "We are confident that other companies will use the platform and integrate it with their own modules to manufacture their chemical products", adds Schmid.

 

Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for 170 years. The company is active around the globe, focusing on the areas of electrification, automation and digitalization. One of the world's largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. The company is also a leading provider of medical imaging equipment – such as computed tomography and magnetic resonance imaging systems – and a leader in laboratory diagnostics as well as clinical IT. In fiscal 2017, which ended on September 30, 2017, Siemens generated revenue of €83.0 billion and net income of €6.2 billion. At the end of September 2017, the company had around 377,000 employees worldwide. Further information is available on the Internet at www.siemens.com.

Evonik is one of the world leaders in specialty chemicals. The focus on more specialty businesses, customer-orientated innovative prowess and a trustful and performance-oriented corporate culture form the heart of Evonik's corporate strategy. They are the lever for profitable growth and a sustained increase in the value of the company. Evonik benefits specifically from its customer proximity and leading market positions. Evonik is active in over 100 countries around the world with more than 36,000 employees. In fiscal 2016, the enterprise generated sales of around €12.7 billion and an operating profit (adjusted EBITDA) of about €2.165 billion.

LRAD® Corporation Acquires Location-Based Mass Messaging Solutions Provider, Genasys Holding S.L.

SAN DIEGO, CA – January 19, 2018 – LRAD Corporation (NASDAQ: LRAD), the world’s leading provider of acoustic hailing devices (“AHDs”) and advanced mass notification systems, today announced the acquisition of Genasys Holding S.L. (“Genasys”), a leading software provider of advanced location-based mass messaging solutions for emergency warning systems and workforce management.

Genasys, headquartered in Madrid, Spain, has an experienced group of developers with over 200 man years of software development and a strong, international technical sales, service, and support team. Genasys currently has two main product offerings: news – a reliable solution for sending SMS-based warnings of public safety hazards to affected populations with industry-leading speed; and, haz – a low cost, easy-to-use solution for remotely monitoring employees, planning tasks, and managing workplace incidents.

“The acquisition of Genasys enables LRAD to significantly enhance its advanced mass notification capabilities and pursue broader geolocation based mass messaging projects and services,” stated Richard S. Danforth, Chief Executive Officer of LRAD Corporation. “Many of the mass notification opportunities we target, including universities, cities, and countries, require an integrated location-based mass messaging service. With this acquisition, LRAD expects to generate revenue on initial installations and recurring revenue from long-term support contracts for updating and maintaining the messaging service over the life of the installations.”

“I am eager to leverage LRAD’s worldwide sales channels to seek accelerated growth of the Genasys mass notification software solutions,” remarked Pablo Colom, Genasys’ Chief Executive Officer. “Genasys has a solid track record of location-based mass messaging integrations and deployments, which include solutions for small workgroups to fully integrated country-wide systems. The synergies of Genasys’ push notification products and LRAD’s award-winning mass notification systems will provide state-of-the-art solutions to communicate potentially lifesaving information to those affected by severe weather, man-made and natural disasters and other emergencies.”

Revenues for Genasys in calendar 2017 (unaudited) were €1.9 million. Total consideration for the acquisition is €3.1 million, which includes a €1.9 million purchase price and the assumption of €1.2 million of debt.

Management will host a conference call to discuss the Genasys acquisition on Monday, January 22, 2018, at 12:00 pm U.S. EST. To access the conference call, dial toll-free 888.567.1602 from the U.S., or international at +1.404.267.0373. A webcast will also be available at the following link: https://www.webcaster4.com/Webcast/Page/1375/24207. A replay of the call will be available approximately four hours after the call concludes, and remain available for 90 days at the aforementioned webcast link. Questions to management may be submitted before or during the call by emailing them to [email protected].

About LRAD Corporation

Using advanced technology and superior voice intelligibility, LRAD Corporation’s proprietary Long Range Acoustic Devices® and revolutionary ONE VOICE® mass notification systems are designed to enable users to safely hail and warn, inform and direct, prevent misunderstandings, determine intent, establish large safety zones, and resolve uncertain situations. LRAD systems are in service in more than 70 countries around the world in diverse applications including mass notification and public address, fixed and mobile defense deployments, homeland, border, critical infrastructure, maritime, oil & gas, and port security, public safety, law enforcement and emergency responder communications, asset protection, and wildlife control and preservation. For more information, please visit www.LRAD.com.

About Genasys Holding S.L.
Genasys Holding S.L. is backed by Adara Ventures and Caixa Capital Risc, and is a leading software provider of advanced location-based mass messaging solutions for Emergency Warning Systems and Workforce Management. For more information, please visit www.LRAD.com/genasys.

Forward Looking Statements

Except for historical information contained herein, the matters discussed are forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934. You should not place undue reliance on these statements. We base these statements on particular assumptions that we have made in light of our industry experience, the stage of product and market development as well as our perception of historical trends, current market conditions, current economic data, expected future developments and other factors that we believe are appropriate under the circumstances. These statements involve risks and uncertainties that could cause actual results to differ materially from those suggested in the forward-looking statements. These risks and uncertainties include those associated with the integration of Genasys into the Company’s business, that the anticipated benefits and synergies of the transaction may not materialize as expected, that customer demand for the integrated product offerings may not meet expectations, and other risks and uncertainties identified and discussed in our filings with the Securities and Exchange Commission. These forward-looking statements are based on information and management’s expectations as of the date hereof. Future results may differ materially from our current expectations. For more information regarding other potential risks and uncertainties, see the “Risk Factors” section of the Company’s Form 10-K for the fiscal year ended September 30, 2017. LRAD Corporation disclaims any intent or obligation to update those forward-looking statements, except as otherwise specifically stated.

Company Contact

E. Brian Harvey
Director, Investor Relations and Capital Markets
858.753.8974
[email protected]

Two Top Leaders in Italy and Five Us Residents Indicted for Racketeering, Health Care Fraud and Drug Trafficking Conspiracies to Distribute Opioids Resulting in Deaths Involving “Pill Mills” Operating in Tennessee and Florida

January 19, 2018 - On Jan. 4, a federal grand jury in Knoxville, Tennessee, returned a 14-count superseding indictment unsealed today charging seven individuals for their roles in a Racketeer Influenced and Corrupt Organization (RICO) conspiracy and drug trafficking conspiracy to distribute and dispense oxycodone, oxymorphone and morphine outside the scope of professional practice and not for a legitimate medical purpose and resulting in deaths, maintenance of drug-involved premises, distribution of oxycodone resulting in death, conspiracy to defraud the United States through the solicitation and receipt of illegal healthcare kickbacks and money laundering.

 

Attorney General Jeff Sessions, Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division, U.S. Attorney J. Douglas Overbey of the Eastern District of Tennessee and Special Agent in Charge Renae M. McDermott of the FBI’s Knoxville Division made the announcement.

 

“Throughout this country, and certainly in Tennessee and Florida, the illegal and unconscionable mass-distribution of prescription opioids through the operation of illegal pain clinics has taken a heavy toll on our citizens, families and communities,” said Attorney General Sessions.  “This sort of profiteering effectively trades human lives for financial riches.  The U.S. Department of Justice is determined to stamp out the operation of illegal pain clinics by all legal means, including finding and arresting those responsible wherever they may be in the world.”

 

“The Eastern District of Tennessee has been at the forefront in the battle against illegal pain clinics and mass-prescribing of opioids for years,” said U.S. Attorney Overbey.  “Now, under the leadership of Attorney General Sessions, additional resources have been made available through recent Department of Justice initiatives, including the Opioid Fraud and Abuse Task Force.  This latest indictment is a real and tangible result of all of those combined efforts.  The citizens of East Tennessee can be assured that we are committed to ridding our district of illegal pill mills.”

 

Luca Sartini, 58, of Rome, Italy, and Miami; Luigi Palma aka Jimmy Palma, 51, of Rome, Italy, and Miami; Benjamin Rodriguez, 42, of Delray Beach, Florida; Sylvia Hofstetter, 53, of Knoxville; Courtney Newman, 42, of Knoxville; Cynthia Clemons, 45, of Knoxville; and Holli Womack aka Holli Carmichael, 44, of Knoxville, are charged in a third superseding indictment filed in the Eastern District of Tennessee.

 

On Jan. 19, Sartini and Palma were arrested in the Rome, Italy-area by Italian authorities.  Extradition is being sought by the United States.  Rodriguez is set to self-surrender.  All other defendants were previously charged in prior indictments.  The case has been assigned to Chief U.S. District Court Judge Thomas A. Varlan in Knoxville.

 

According to the indictment, Sartini, Palma, Rodriguez, Hofstetter and a co-conspirator charged in another indictment, from about April 2009 to March 2015, ran the Urgent Care & Surgery Center Enterprise (UCSC), which operated opioid based pain management clinics, “pill mills,” in Florida and Tennessee, where powerful narcotics were prescribed and/or dispensed.  The defendants are alleged to have hired medical providers with DEA registration numbers, which would allow the providers to prescribe controlled substances. The prescriptions were primarily large doses of highly addictive and potentially deadly controlled substances. As alleged in the indictment, individuals seeking prescriptions would often travel long distances purporting to suffer from severe chronic pain.  

 

The superseding indictment alleges the defendants distributed quantities of oxycodone, oxymorphone and morphine sufficient to generate clinic revenue of at least $21 million.  As per the indictment, the clinics did not accept insurance, received gross fees and ordered unnecessary drug screenings defrauding Medicare.  Shell companies were set up to launder the proceeds.

 

As alleged in the indictment, approximately 700 UCSC enterprise patients are now dead and a significant percentage of those deaths, directly or indirectly, were the result of overdosing on narcotics prescribed by the USSC Enterprise. As alleged in the indictment, the narcotics prescribed by the UCSC enterprise contributed to the deaths of another significant percentage of those patients.

 

The indictment further alleges that many patients arrived in groups, who were sponsored by drug dealers who paid for the pain clinic visits and prescriptions to obtain all or part of the opioids and other narcotics prescribed to the purported pain patients. In return, drug addicted patients would receive a portion of prescribed narcotics for free from the sponsor.

 

To date, as a result of this investigation, approximately 30 narcotics traffickers have been charged and convicted federally, and approximately 80 to 90 smaller narcotic distributers have also been charged and convicted.  Today’s superseding indictment is among 35 related indictments charging approximately 140 individuals, including medical providers who worked at the pill mills, with various crimes.

 

The charges in the indictment are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

 

The superseding indictment is the result of an investigation conducted by the the U.S. Attorney’s Office for the Eastern District of Tennessee, Criminal Division’s Organized Crime and Gang Section, , and the FBI High Intensity Drug Trafficking Area (HIDTA) which is comprised of investigators assigned to the task force by the Loudon County Sheriff’s Office, Knoxville Police Department, Blount County Sheriff’s Office, Roane County Sheriff’s Office, Harriman Police Department and Clinton Police Department.  Other agencies provided invaluable assistance, including the Rome Attaché of the Justice Department’s Office of International Affairs; the FBI’s liaison in Rome; the FBI Miami Health Care Fraud Strike Force; the Hollywood, Florida Police Department; the U.S. Department of Health and Human Services; the Tennessee Department of Health; and the DEA’s Knoxville Diversion Group.  The Department of Justice extends its gratitude to Interpol and the Italian Financial Police (Guardia di Finanza) for their assistance in locating and apprehending the defendants.

 

Assistant U.S. Attorneys Tracy L. Stone and Anne-Marie Svolto of the Eastern District of Tennessee, and Trial Attorney Kelly Pearson of the Criminal Division’s Organized Crime and Gang Section, are prosecuting the case.

 

In light of the nationwide opioid epidemic which led to the declaration of a public health emergency by the Acting Secretary of the Department of Health and Human Services on Oct. 26, 2017, this superseding indictment represents just the latest in a series of federal efforts in the Eastern District of Tennessee meant to combat the scourge of prescription opioids.

DHS Enforcing Critical Identification Requirements to Protect the Homeland

WASHINGTON - Beginning January 22, 2018, the Department of Homeland Security (DHS) will begin enforcing compliance with the Real ID Act to better protect the American people. Fifty-five out of fifty-six states and territories are currently compliant or have received an extension until October 10, 2018. Passengers who have licenses issued by a state or territory that is compliant or has an extension to become compliant with REAL ID requirements may continue to use their licenses as usual.

As of today, American Samoa is the only territory still under review. DHS has worked extensively with every state and territory to provide time, technical assistance, and grants to support compliance with the REAL ID security requirements.

BACKGROUND ON REAL ID

Based on a recommendation of the bipartisan 9/11 Commission, REAL ID is a coordinated effort by the states and the federal government to inhibit terrorists’ ability to evade detection by using fraudulently-obtained driver’s licenses and identification cards. The REAL ID Act was passed by Congress in 2005, and is designed to ensure that people boarding a flight or entering a federal building are who they say they are.

REAL ID established minimum security standards for state-issued driver’s licenses and identification cards. This includes incorporating anti-counterfeiting technology, preventing insider fraud, and using documentary evidence and record checks to ensure a person is who he or she claims to be. It also prohibits federal agencies from accepting non-compliant licenses and identification cards for access to federal facilities, nuclear power plants, and commercial aircraft. The goal of REAL ID is to improve the reliability and accuracy of state-issued driver’s licenses and identification cards used for Federal official purposes.

Because of the potential for confusion about the REAL ID enforcement milestones, residents can use the following guidelines to be fully informed and prepared.

  • Be aware of your state’s status. You can check if your state is REAL ID compliant or has an extension at www.dhs.gov/real-id.
  • Read answers to frequently asked questions at www.dhs.gov/real-id-public-faqs.
  • Bring identity documents to the airport that are acceptable for flying domestically. TSA provides a list of acceptable documents at www.tsa.gov/travel/security-screening/identification. If you need to obtain a new form of ID, please allow sufficient processing time before you travel. For example, the current processing times for U.S. passports are 6-8 weeks for routine service and 2-3 weeks for expedited service.

DHS is working closely with all states and territories to implement their REAL ID requirements and stands ready to provide additional assistance as needed. The women and men of DHS will continue to work tirelessly to put protections in place to keep our country and our people safe.

# # #

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

On January 5, 2017, the U.S. Department of Commerce and the U.S. Department of Homeland Security released a draft report to President Trump in response to the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure issued on May 11, 2017.

The report, which was created with broad input from stakeholders and experts, summarizes the opportunities and challenges in reducing the botnet threat, and offers supporting actions to be taken by both the government and private sector in order to reduce the threat of automated cyber-attacks.

Alert (TA18-004A) Meltdown and Spectre Side-Channel Vulnerability Guidance

Systems Affected

CPU hardware implementations

Overview

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown(link is external) and Spectre(link is external)— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware. Meltdown affects desktops, laptops, and cloud computers.  Spectre is a flaw that an attacker can exploit to force a program to reveal its data. The name derives from speculative execution—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones. Many of these security issues are remediated through the Kernel Address Isolation to have Side-channels Efficiently Removed (KAISER) patch described in detail in an academic paper named “KASLR is Dead: Long Live KASLR.” While this paper identifies a fix for Linux operating systems, the exploit concepts in the article can apply to other operating systems.

More details of these attacks are described in detail by

Impact

An attacker can gain access to the system by establishing command and control presence on a machine via malicious Javascript, malvertising, or phishing. Once successful, the attacker’s next attempt will be to escalate privileges to run code on the machine. Running code will allow the attacker to exploit the Meltdown and Spectre vulnerabilities. Sensitive information could be revealed from a computer’s kernel memory, which could contain keystrokes, passwords, encryption keys, and other valuable information.

Solution

NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information. In the case of Spectre, the vulnerability exists in CPU architecture rather than in software, and is not easily patched; however, this vulnerability is more difficult to exploit. 

MICROSOFT

Microsoft has temporarily halted updates for AMD machines. More information can be found here: https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices(link is external)

For machines running Windows Server, a number of registry changes must be completed in addition to installation of the patches.  A list of registry changes can be found here: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution(link is external)

ANTIVIRUS

Microsoft has recommended that third-party antivirus vendors add a change to the registry key of the machine that runs the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft:

  • Windows Update
  • Windows Server Update Services
  • System Center Configuration Manager 

More information can be found here: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software(link is external).

MITIGATION

Mitre has published Common Vulnerability and Exposure (CVE) notes for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).

NCCIC recommends administrators review CISCO TALOS Snort SIDs: 45357 – 45368  and apply the necessary updates. These twelve rules were released as an emergency update on January 4, 2018, to cover the detection of Meltdown and Spectre side-channel vulnerabilities, and relate to CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. These signatures cover the specific proofs of concept and sample code outlined in the Spectre and Meltdown whitepapers. While these signatures have the potential to detect variants, they may not work for all cases.

The table provided below lists available advisories and patches. As patches and firmware updates continue to be released, it is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences. Note:Download any patches or microcode directly from your vendor’s website.

NCCIC recommends using a test environment to verify each patch before implementing.

After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.

Additionally, users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

 

Vulnerability Note VU#584653

__________________________________________

CPU hardware vulnerable to side-channel attacks

__________________________________________

 

 

 

 

Overview

CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.

Description

Note: This Vulnerability Note is the product of ongoing analysis and represents our best knowledge as of the most recent revision. As a result, the content may change as our understanding of the issues develops.

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh. The issues are organized into three variants:

  • Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
  • Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
  • Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load, memory access permission check performed after kernel memory read

Spectre

Spectre attacks take advantage of a CPU's branch prediction capabilities. Modern CPUs include a feature called branch prediction, which speculatively executes instructions at a location that the CPU believes it will branch to. Such speculative execution helps to more fully utilize the parts of the CPU, minimizing the time waiting, and therefore improving performance. When a branch is successfully predicted, instructions will retire, which means the outcomes of the instructions such as register and memory writes will be committed. If a branch is mispredicted, the speculatively-executed instructions will be discarded, and the direct side-effects of the instructions are undone. What is not undone are the indirect side-effects, such as CPU cache changes. By measuring latency of memory access operations, the cache can be used to extract values from speculatively-executed instructions.

With Spectre variant 1 (CVE-2017-5753), the instructions after a conditional branch are speculatively executed as the result of a misprediction. With Spectre variant 2 (CVE-2017-5715), the CPU executes instructions at a location determined by a mispredicted branch target.

With both variants of the Spectre attack, the impact is that a process may leak sensitive data to other processes on a system. Spectre may also allow one part of an application to access other parts of the same process memory space that would otherwise not be permitted.

While the Spectre attack itself does not cross a user/kernel memory privilege boundary, depending on the configuration of the target platform, the Spectre attack may indirectly allow a user-space application to access kernel memory. For example, the Project Zero blog post describes a scenario that uses eBPF to exfiltrate kernel memory contents into user-space code. This is made possible because eBPF JIT allows for userspace applications to inject code that is executed in kernel space. While this code is verified by the kernel, eBPF-compliant code will be allowed to execute with kernel permissions. The exploit described by Project Zero leverages eBPF to execute the Spectre attack in kernel space, while exfiltrating the data to user space. It is possible that other technologies that allow in-kernel code execution may also possibly be leveraged to leak kernel memory using Spectre.

Meltdown

Meltdown is related to the Spectre attack in that it also uses a cache side channel to access data that otherwise wouldn't be available. The main difference is that it leverages out-of-order execution capabilities in modern CPUs. Like speculative execution due to branch prediction, as used by Spectre, out-of-order execution on a CPU is a technique for ensuring fullest utilization of the CPU's parts. Although instructions may appear sequentially in the machine language, a CPU that supports out-of-order execution may execute instructions in a non-sequential manner, which can minimize the time that a CPU spends idle.

Meltdown leverages insecure behavior that has been demonstrated in Intel CPUs and may affect CPUs from other vendors. Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution. The Meltdown attack reads a kernel memory value, which raises an exception because code running with user-space privileges are not permitted to directly read kernel memory. However, due to the race condition, out-of-order instructions following the faulting instruction may also execute. Even though instructions appear after the faulting instruction, out-of-order execution allows them to execute, using data retrieved from the instruction that raises the exception. By the time the exception is raised, some number of out-of-order instructions have executed. Although the raised exception causes the CPU to roll back the out-of-order instructions, the cache state is not reverted. This allows data from out-of-order instructions to persist beyond the point when the exception has been raised.

The impact of Meltdown is that a process running in user space is able to view the contents of kernel memory. Meltdown may also allow Spectre-like memory content leaking that does not cross the user/kernel privilege boundary.

The Linux kernel mitigations for Meltdown are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages. Because the Spectre attacks do not cross user/kernel boundaries, the protections introduced with KAISER/KPTI do not add any protection against them.

 

 

Impact

An attacker able to execute code with user privileges can achieve various impacts. The Meltdown attack allows reading of kernel memory from userspace. This can result in privilege escalation, disclosure of sensitive information, or it can weaken kernel-level protections, such as KASLR. The Spectre attack can allow inter-process or intra-process data leaks.

To execute code locally, an attacker would require a valid account or independent compromise of the target. Attacks using JavaScript in web browsers are possible. Multi-user and multi-tenant systems (including virtualized and cloud environments) likely face the greatest risk. Systems used to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk.

 

 

 

Solution

Apply updates

Operating system, CPU microcode updates, and some application updates mitigate these attacks. Note that in many cases, the software fixes for these vulnerabilities will have a negative affect on system performance. Also note that Microsoft Windows systems will no longer receive security updates via Windows Update if they are not running compliant anti-virus software. As with deploying any software updates, be sure to prioritize and test updates as necessary.

Consider CPU Options

Initial reports from the field indicate that overall system performance is impacted by many of the available patches for these vulnerabilities. Depending on the software workflow and the CPU capabilities present, the performance impact of software mitigations may be non-trivial and therefore may become an ongoing operational concern for some organizations. While we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches. Deployment contexts and performance requirements vary widely, and must be balanced by informed evaluation of the associated security risks. Contact your system vendor to determine if the CPU and operating system combination will experience a performance penalty due to software mitigations for these vulnerabilities.

Elbit Systems Awarded $85 Million Contract to Supply Electronic Warfare Systems to a European Country

HAIFA, Israel, Jan. 18, 2018 -- Elbit Systems Ltd. (NASDAQ: ESLT and TASE: ESLT) ("Elbit Systems" or "the Company") announced today that it was awarded an approximately $85 million contract from a European country to supply a range of advanced ground-based Electronic Warfare (EW) and Signal Intelligence (SIGINT) systems. The contract will be performed over a four-year period.

 

Edgar Maimon, General Manager of Elbit Systems EW and SIGINT - Elisra said: "We are proud of this contract award that attests to the Company's technological and operational advantage and to the maturity of our solutions." Maimon added: "We are encouraged by the growing demand from European customers and believe that our portfolio positions us well to serve their needs."

 

About Elbit Systems
Elbit Systems Ltd. is an international high technology company engaged in a wide range of defense, homeland security and commercial programs throughout the world. The Company, which includes Elbit Systems and its subsidiaries, operates in the areas of aerospace, land and naval systems, command, control, communications, computers, intelligence surveillance and reconnaissance ("C4ISR"), unmanned aircraft systems, advanced electro-optics, electro-optic space systems, EW suites, signal intelligence systems, data links and communications systems, radios and cyber-based systems. The Company also focuses on the upgrading of existing platforms, developing new technologies for defense, homeland security and commercial applications and providing a range of support services, including training and simulation systems.

For additional information, visit: www.elbitsystems.com, follow us on Twitter or visit our official Youtube Channel.

This press release contains forward‑looking statements (within the meaning of Section 27A of the Securities Act of 1933, as amended and Section 21E of the Securities Exchange Act of 1934, as amended) regarding Elbit Systems Ltd. and/or its subsidiaries (collectively the Company), to the extent such statements do not relate to historical or current fact.  Forward-looking statements are based on management's expectations, estimates, projections and assumptions.  Forward‑looking statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, as amended.  These statements are not guarantees of future performance and involve certain risks and uncertainties, which are difficult to predict.  Therefore, actual future results, performance and trends may differ materially from these forward‑looking statements due to a variety of factors, including, without limitation: scope and length of customer contracts; governmental regulations and approvals; changes in governmental budgeting priorities; general market, political and economic conditions in the countries in which the Company operates or sells, including Israel and the United States among others; differences in anticipated and actual program performance, including the ability to perform under long-term fixed-price contracts; and the outcome of legal and/or regulatory proceedings.  The factors listed above are not all-inclusive, and further information is contained in Elbit Systems Ltd.'s latest annual report on Form 20-F, which is on file with the U.S. Securities and Exchange Commission. All forward‑looking statements speak only as of the date of this release. The Company does not undertake to update its forward-looking statements.

Elbit Systems Ltd., its logo, brand, product, service and process names appearing in this Press Release are the trademarks or service marks of Elbit Systems Ltd. or its affiliated companies.  All other brand, product, service and process names appearing are the trademarks of their respective holders.  Reference to or use of a product, service or process other than those of Elbit Systems Ltd. does not imply recommendation, approval, affiliation or sponsorship of that product, service or process by Elbit Systems Ltd. Nothing contained herein shall be construed as conferring by implication, estoppel or otherwise any license or right under any patent, copyright, trademark or other intellectual property right of Elbit Systems Ltd. or any third party, except as expressly granted herein.

Lawn Care Services for Easton CT


 

Easton Lawn Care Service

Easton lawn care just got a whole lot easier. If you live in Easton, CT or the surrounding areas, the hassle of keeping your home lawn looking good doesn’t have to be such a pain. Yard maintenance including grub control, shrub care, core aeration and other yard care takes time and patience and often requires quite a bit of knowledge to keep your grass green and your landscape looking its best. It’s not easy knowing when to fertilize, whether you need lime or not, how and when to seed and a host of other things lawns need to be healthy and beautiful.

Thankfully, Red Carpet Landscaping is here to help you create a lush lawn and garden that you can be proud of. We have been serving the Westport area since 2009 with our lawn care services and lawn maintenance, rejuvenating and caring for yards with our extensive home services.

We use only the most effective, safest products and have the most knowledgeable and experienced turf management technicians to make sure every project results in 100% guaranteed satisfaction.

 
 

Experience the Red Carpet Treatment

Sign up for one of our Turf Programs that includes both standard and organic fertilizer and weed programs for a perfect lawn!

Why You Should Hire a Professional Lawn Care Service

Many of us take pride in tackling do-it-yourself home care projects, and lawn and yard care is certainly one of the most popular and one of the toughest to get right. Every lawn is different and understanding what it takes to keep your lawn looking great is no easy task. Fertilizers, lime, seeding, topsoil, climate conditions and an array of other factors all play key roles in creating a healthy, great looking yard. Here are just a few reasons a lawn care service just might be the best option.

  • Time. It takes a lot of time to create and maintain a beautiful lawn, and in today’s busy world, few of us have the time to learn turf management and yard maintenance, much less actually getting out there and getting it done. A professional lawn care service knows how to get the job done quickly, and most importantly, how to get the job done right. Even with a good working knowledge of lawn care and some available time to devote to the project, many homeowners find that even when they carefully follow the right steps, there are often disappointing results. Something as simple as picking the wrong fertilizer or applying the right fertilizer at the wrong time can mean wasted hours with nothing to show for it.
  • While it’s true that hiring any professional home services company will have a certain cost, you may be surprised to learn that lawn care services can be quite affordable when you consider all the options. You already know the time that can be saved by hiring a lawn and turf company and that time can often be converted into dollars. You remember the old saying, time is money? While time can be money, there are other factors that can make the prospect of hiring a lawn care company a good value. Fertilizers, seeds, compost, and all those other elements that go into building a healthy home lawn can be quite expensive. Add in the fact that there are many other factors that determine successful results such as knowing the right nutrients, the Ph levels, and more, and it’s easy to see that there could be a lot of trial and error (and money!) before getting things right. Hiring a pro takes out all that guesswork and potentially unnecessary costs.
  • A beautiful lawn! Even with plenty of time and understanding what your lawn needs (and doesn’t need) to look its best, the chances of getting things just right the first time can be pretty low. That means more time, more money and you still have brown grass and withering shrubs. If you really want that green, healthy lawn that your neighbors will envy, the choice to hire a lawn care service that guarantees results and has the right experience and knowledge makes the option worth careful consideration. If you decide to let the pros take care of your lawn care and lawn maintenance, Red Carpet Turf will be happy to evaluate your home lawn and design a comprehensive plan to revitalize your yard and landscaping. We will test the soil for Ph levels, determine what nutrients your lawn needs to be healthy again, select the very best products for your yard, and whatever else is needed to get the job done to your satisfaction.

Once we get your yard looking great, we offer maintenance programs to keep your lawn and garden healthy and beautiful. You end up with a yard and lawn that you can be proud of year after year, save time for other important things in your life and enjoy your backyard once again…all at a reasonable cost and guaranteed.

 

Our Services

 
Lawn Care services Easton CT

Lawn Care

Our lawn care program features custom blends of phosphate-free fertilizers with slow-release technology to produce a beautiful, lush, green turf.

Learn More!

Tick Control Red Carpet Landscaping

Pest Control

Your lawn serves as a barrier between your home and the wilderness. Ticks and fleas can pose a serious health threat to your family and pets.

Learn More!

lawn core aeration Easton CT

Lawn Aeration

Relive a compacted lawn and overseed to get the best possible lawn.

Sign Up Now!

 

Experience the Red Carpet Treatment.

Sign Up for one of our Standard Weed Control or Organic Fertilizer Turf Programs for a perfect lawn.

 

Let our customers do the talking!

Our goal is to provide the best Mosquito Control in Greenwich Connecticut. We are looking for the WOW factor! Sometimes our sales pitch isn’t quite enough. For that we regularly ask our customers to review the services we are providing them. Below are the most recent reviews we’ve received. Good or bad we are posting them here for you.

Visit our testimonials page!

 
 

Call for a free estimate and if you would also like a free property evaluation we would be happy to send one of our specialists.

New Crystal Group RACE™ accelerates autonomous vehicle development

HIAWATHA, Iowa, Jan. 17, 2018 -- Crystal Group Inc., a leading designer/manufacturer of rugged computer hardware for industry and defense, is introducing the first product in the new Crystal Group RACE™ (Rugged Autonomous Computer Equipment) line, engineered to accelerate autonomous vehicle (AV), automated driving system (ADS), and unmanned (UAV) projects. The Crystal Group RACE0161 high-performance, rugged computer is specifically designed to help engineers shorten development time, bringing autonomous vehicle innovations to market ahead of their competitors. The fast-paced autonomous industry is estimated to be worth trillions of dollars.

Autonomous driving technology is quickly ushering in a new economy predicted to achieve unprecedented growth and reach $7 trillion by 2050, according to a new study by Intel Corporation and Strategy Analytics. Crystal Group and Intel have partnered together to provide autonomous solutions for several leading OEM's to date. The partnership will continue to tap the booming autonomous market with leading edge technology of Crystal Group's new RACE offerings.

Crystal Group's latest autonomous vehicle computer provides the horsepower AV and ADS projects need, combining robust I/O, multiple GPU capacity, dual Intel® Xeon® Scalable Processors, sophisticated thermal management, and other high-quality components stabilized in a rugged, aluminum enclosure measuring just 6.5 x 14.1 x 15.6 inches and weighing 30 to 40 pounds. Processing real-time data of LIDAR, RADAR, image, and sensor fusion, the Crystal Group RACE0161 combines impressive compute power, data-handling capabilities, and storage capacity in a compact, rugged solution capable of withstanding harsh environmental conditions, including potholes, collisions, and extreme temperatures that are likely to cause traditional systems to fail.
"The new RACE0161 and the entire line of Crystal Group RACE™ products ease AV and ADS development and give our customers the advantage of quick time-to-market with a safe, reliable, high quality AV solution," Crystal Group Executive Vice President of engineering, Jim Shaw says. "Our RACE solutions leverage decades of experience engineering rugged, reliable compute solutions for US and international military programs, as well as some of the world's largest car manufacturers," adds Shaw.

Crystal Group RACE systems are built for safety and reliability, tapping 30 years of experience tailoring high-performance, fail-safe rugged hardware for hundreds of military and aerospace missions, as well as challenging industrial, critical infrastructure, and commercial programs, including some of the hottest OEM autonomous vehicles. Crystal Group also offers its award-winning RS363S15F 3U Rugged Server, designed and developed in collaboration with Intel®, for use in autonomous vehicles.

About Crystal Group Inc.
Crystal Group Inc., a technology leader in rugged computer hardware, specializes in the design and manufacture of custom and commercial off-the-shelf (COTS) rugged servers, embedded computing, networking devices, displays, power supplies, and data storage for high reliability in harsh environments. An employee-owned small business founded in 1987, Crystal Group provides the defense, government and industrial markets with in-house customization, engineering, integration, configuration management, product lifecycle planning, warranty, and support services.

Crystal Group products meet or exceed IEEE, IEC, and military standards (MIL-STD-810, 167-1, 461, MIL-S-901); are backed by warranty (5+ year) with in-house support; and are manufactured in the company's Hiawatha, Iowa, USA, facility certified to AS9100C:2009 and ISO 9001:2008 quality management standards.
© 2018 Crystal Group Inc.  All rights reserved. All marks are property of their respective owners. Design and specifications are subject to change.
SOURCE Crystal Group Inc.

Pages

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...