Hackers Exploited 27 Zero-Days at Pwn2Own Vancouver

andreasc
-
0
Hackers Exploited 27 Zero-Days at Pwn2Own Vancouver
[ad_1]
Pwn2Own Vancouver

After the finale of Pwn2Own Vancouver 2023, the Masters of Pwn, Synacktiv (@Synacktiv), received $1,035,000 (plus a car) for their amazing achievements and hard work! They received a Tesla Model 3 and 53 points, along with $530,000.

Winners of Pwn2Own Vancouver 2023

The annual computer hacking competition benefits the cybersecurity sector in a number of ways. Over 19 entries participated in this year’s Pwn2Own 2023, hosted in Vancouver between March 22 and 24, 2023, and targeted nine platforms, including Tesla cars.

During the hacking competition, security researchers targeted devices in the enterprise applications and communications, local escalation of privilege (EoP), virtualization, servers, and automotive categories, all updated and in their default configuration.

This time, for every successful exploit, participants received the full prize (more than $1,000,000).

EHA

AbdulAziz Hariri of Haboob SA, who completed his attack against Adobe Reader utilizing a 6-bug logic chain leveraging many failed fixes that escaped the sandbox and overcame a banned API list, gave the first demonstration of the day. 5 Master of Pwn points and $50,000 are awarded to him.

Microsoft SharePoint was the target of a 2-bug chain that STAR Labs was able to run. They receive 10 Master of Pwn points and $100,000. Team STAR Labs also successfully carried out an attack against Ubuntu Desktop. They received $15,000 and 1.5 points for this, but it was a well-known exploit.

Oracle VirtualBox was exploited by Bien Pham (@bienpnn) of Qrious Security (@qriousec) via an OOB Read and a stacked-based buffer overflow. 4 Master of Pwn points and $40,000 are awarded to him.

Tesla – Gateway was the target of a TOCTOU attack by Synacktiv (@Synacktiv). They receive a Tesla Model 3 and $100,000, and 10 Master of Pwn points. Also, they made $40,000 by escalating their privileges on Apple macOS using a TOCTOU zero-day issue.

Marcin Wizowski used an improper input validation bug to elevate privileges on Windows 11. He receives $30,000 and 3 Master of Pwn points.

Thomas Imbert (@masthoon) and Thomas Bouzerar (@MajorTomSec) of Synacktiv (@Synacktiv) showed a three-bug chain against Oracle VirtualBox with a host EoP. There was already one bug in existence. In addition, they receive 8 Master of Pwn points and $80,000.

Also, Tesla – Infotainment Unconfined Root was exploited by David Berard (@ p0ly_) and Vincent Dehors (@vdehors) of Synacktiv (@Synacktiv) via a heap overflow and an OOB write. After collecting $250,000 and 25 Master of Pwn points, they are eligible for a Tier 2 reward.

In the Ubuntu Desktop, Tanguy Dubroca (@SidewayRE) of Synacktiv (@Synacktiv) employed an incorrect pointer scaling, leading to privilege escalation. $30k and 3 Master of Pwn points are theirs to keep.

Microsoft Teams was also hacked by Team Viettel (@vcslab) using a 2-bug chain, earning them $75,000 and 8 Master of Pwn points. Again, Oracle VirtualBox was exploited by dungdm (@ piers2) of Team Viettel (@vcslab) using an uninitialized variable and a UAF flaw. They get $40,000 and 4 Master of Pwn points.

Highlights from Day 3:

Kyle Zeng of ASU SEFCOM used a double-free flaw to exploit Ubuntu Desktop, earning $30,000 and three Master of Pwn points.

Thomas Imbert of Synacktiv used a UAF against Windows 11. Three Master of Pwn points and $30,000 were awarded to Imbert. Mingi Cho from Theori also utilized a UAF to attack Ubuntu Desktop. Three Master of Pwn points and a $30,000 bounty were awarded to Chio.

To attack VMware Workstation, STAR Labs (@starlabs sg) exploited an uninitialized variable and UAF. They receive $80,000 in addition to 8 Master of Pwn points.

Bien Pham (@bienpnn) of Qrious Security successfully targeted Ubuntu Desktop. However, the exploit was previously known. Still, they receive $15,000 and 1.5 Master of Pwn points.

Following successful hacks of Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and, of course, the Tesla Model 3, the hackers were able to escalate their privileges and obtain code execution on systems with all necessary patches.

Notably, vendors have 90 days to deliver security updates after Pwn2Own, when zero-day vulnerabilities are exploited and disclosed before TrendMicro’s Zero Day Initiative makes them public.

Searching to secure your APIs? – Try Free API Penetration Testing

Related Coverage:


[ad_2]
Source link

Bogus Chat GPT extension takes over Facebook accounts

andreasc
-
0
Bogus Chat GPT extension takes over Facebook accounts
[ad_1]

We look at a bogus Chat GPT Chrome extension which was after Facebook cookies.

If you’re particularly intrigued by the current wave of interest in AI, take care. There’s some bad things lurking in search engine results waiting to compromise your Facebook account.

A rogue Chrome extension deployed in a campaign targeting Facebook users is “hitting thousands a day” according to researchers who made this discovery. The scam is based around Chat GPT-4. This is the latest iteration of what is essentially a supposedly very smart AI chatbot. As per the link, in addition to holding conversations with a user, it can also in theory “create” forms of content like works of fiction.

Whether we’re talking AI generating works of visual art, music, or even just fielding customer support questions, it’s increasingly becoming a topic you can’t avoid. Scammers are more than well positioned to take advantage of this trend, and this is a very strong hook given how many people want to see what all of the fuss is about.

The flow of attack from initial search to infection and compromise is as follows:

  • You search for Chat GPT-4 in Google, and the search returns a sponsored ad result.
  • The destination site claims to offer a form of Chat GPT inside of your search results.
  • This site eventually directs you to a Chrome extension download from the official extension store.

At this point, you may expect some malicious behaviour to happen while the actual extension itself is nothing like what it claims to be. After all, most scams offer up fake games, software, apps, and these programs typically do nothing because they’re an empty shell. In this case, the tool actually does integrate Chat GPT into search results. This is because the people behind it made use of a legitimate open-source product and created their own version of it instead.

If that was all the extension did, that would likely be the end of it.

However, the real aim of the game here is to compromise Facebook accounts. When the extension fires up, it tries to engage in a spot of cookie theft. If a malware author is able to steal your authentication cookie from your browser during a session, they can try and log in to the website they stole the cookie for.

Here, the extension filters for Facebook cookies specifically before sending the stolen cookie(s) on to the extension author’s server. Before sending the stolen cookies, they are encrypted as a way to try and discreetly get them off the target system. The act of encryption tries to ensure certain types of security tools fail to notice that something is amiss.

Once the extension authors have control of the Facebook account, they change the login details, profile image and name before posting whatever they need to in order to make their campaign a success. Examples given by the researchers include ISIS propaganda photographs and more generic allusions to spam and bogus services.

At time of writing, both the adverts and the extension itself have been taken down by Google, although that’s not to stop the people behind the campaign from simply trying again down the line.

Tips for avoiding rogue extensions

  • Download extensions from  the official store. Yes, this one was found on the official store. On the other hand, if you’re downloading anyway you may as well stick to genuine sources given they come with additional information you can use to make an informed decision.
  • Read the reviews. People tend to find out pretty quickly if something is amiss.
  • Check developer authenticity. Some developers have a tick next to their name, along with a userbase tally and mention of their “good record” for uploading non-malicious content.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

release date, specs, price & more

andreasc
-
0
release date, specs, price & more
[ad_1]

The Nothing Phone (2) is coming this year, as the company’s second smartphone. The Nothing Phone (1) has proven to be quite a success for Nothing, thanks to all the hype, eye-catching design, and a solid job Nothing did with the software. It turned out to be quite an interesting product in the end. Well, the Nothing Phone (2) is coming. It is expected to bring a number of improvements, which we’ll try to predict in this preview. You’ll see a mix of rumors, leaks, and educated guesses down below.

Nothing will likely want to keep the momentum going with its unique design. So you can still expect all the major design features to be included in the Nothing Phone (2). It will be interesting to see how will it differentiate. It will also be more powerful than its predecessor, by the way.

This article will be regularly updated with new information on the Nothing Phone (2) (this is a preview article) — both official teasers and credible leaks, rumors, and insider claims — as it becomes available in the run-up to the release of the upcoming Android smartphone. The last update was made on March 27 (initial publishing date).

When will the Nothing Phone (2) be released?

The Nothing Phone (2) is expected to arrive in Q3 2023. The first smartphone the company ever launched, the Nothing Phone (1), arrived in mid-July 2022. So, it makes sense to launch its successor around the same time. The rumors have been pointing in the same direction, by the way. So, unless Nothing shares some other info, you can expect the phone to drop in Q3 this year, most likely in July.

What models are coming?

Nothing is expected to announce a single Nothing Phone (2) model. Well, unless you count different RAM + storage, variants, of course. The point is, we won’t see any ‘Pro’ or ‘Ultra’ models, at least they’re not expected. Nothing is expected to stick to a single model with its second smartphone as well. This was not specifically mentioned. Nothing did, however refer to its launch as the Nothing Phone (2) launch. There was no mention of the Nothing Phone (2) ‘series’ or anything of the sort.

How much will the Nothing Phone (2) cost?

The Nothing Phone (1) launched at €490/£399 last year. Nothing probably won’t be able to keep the same price tag for its second-gen product, though. No specific information surfaced thus far, but the company will move to a Snapdragon 8 series processor this time around (the first-gen model includes the Snapdragon 778G SoC). It would be great to see the same price tag, but we’ll more likely see an increase of €50- €100. That’s just a guess at this point, though. The phone will be coming to the US this time around. The Nothing Phone (1) did not launch in the US at all. Nothing is planning to change that this time around.

What will the Nothing Phone (2) look like?

At the time of writing this article, the Nothing Phone (2) design didn’t leak just yet. We’ve seen quite a few concept images of the phone, and the same goes for videos, but none of those were actual leaks. It’s safe to say that the device will retain a similar design language to the first-gen model. Nothing is sticking with that see-through design, and the ‘Glyph’ lights will also be a part of the package. The Nothing Ear (2) earphones did launch recently, and they’re sticking with the same design as the first-gen model, though they are smaller.

The Nothing Phone (2) will likely retain a similar size to its predecessor, though we’ll likely see some differences on the back. Nothing will likely change some things around to make this phone differ from the first-gen model. We may, however, see the same layout for its LED lights on the back. The phone is also expected to retain a flat display on the front, with a display camera hole. The camera hole sits in the top-left corner on the first-gen Nothing Phone, though that may change with the second-gen model. It will either be placed in the top-left corner, or centered at the top. It will be there, though.

What will be interesting to see is whether Nothing will opt to keep the flat sides on the Nothing Phone (2). That is one of the defining features of the first-gen model, its aluminum frame that keeps things flat all around. We would guess that Nothing will retain that design, with slight changes, possibly, but it remains to be seen.

What specs will the Nothing Phone (2) have?

The Nothing Phone (1) was a mid-range phone, based on its specs. Well, its successor is looking to turn up the heat, but it still won’t be bleeding edge in terms of its internals. Nothing has to think of the price tag. The company already confirmed that the phone will be fueled by the Snapdragon 8 series SoC. That leaves us with two options, the Snapdragon 8+ Gen 1 or Snapdragon 8 Gen 2. Well, thanks to a slip from a Qualcomm exec, it seems like Nothing will use the Snapdragon 8+ Gen 1. That’s a good thing, as it will allow the company to keep the price tag down, and the Snapdragon 8+ Gen 1 is an excellent SoC.

What about the rest of its specs? Well, based on some rumors, the phone will feature a 5,000mAh battery, and supports fast charging. Its predecessor offered 33W charging, though the Nothing Phone (1) may push that to 67W, we’ll see. Wireless charging will be supported too, though it will likely stay at 15W. You’ll also get reverse wireless charging, the ability to change your truly wireless earbuds, or something of the sort.

We do know that Nothing will utilize an AMOLED display with a 120Hz refresh rate, but we don’t have the specifics yet. It will probably be a 6.67-inch fullHD+ display, though, and it will be flat. The phone is tipped to offer up to 12GB of RAM and up to 256GB of internal storage. The cameras are still a mystery at this point, but the company is expected to make changes compared to the first-gen model. It remains to be seen if Nothing will stick with two cameras, or move to a triple camera setup on the back. Android 13 will come pre-installed, with Nothing’s UI, while we’ll also get some type of water resistance.

Should you wait to buy the Nothing Phone (2)?

This all depends on what you’re looking for, of course. If you’re thinking of getting the first-gen model, as you really want it for its unique looks or some other reason, then yes, waiting would probably be the best option. Why? Well, because the Nothing Phone (2) launch is not that far away at this point, presuming that it will arrive in early Q3. The Nothing Phone (2) will pack in a considerably more powerful processor, and hopefully various other improvements that will make all the waiting worth it. If the company manages to keep the price in check, well, then it’s a no-brainer. There are a lot of other phones available in the market at this price tag, and considering how affordable both the Pixel 6a and Pixel 7 have been lately, thanks to discounts, that’s always an option. Those are just some examples, as there are various options at this price tag, though they vary depending on where you live, of course.


[ad_2]
Source link

Elon Musk shocks everyone with major ‘For You’ Twitter change

andreasc
-
0
Elon Musk shocks everyone with major ‘For You’ Twitter change
[ad_1]

Elon Musk has dropped some major news, announcing a major ‘For You’ Twitter feed change. This change will take place on April 15, and is one of the major changes we’ve ever seen on the platform.

Elon Musk shocks Twitter by announcing only verified accounts will be visible in ‘For You’ recommendations

So, what’s going on? Well, Elon Musk announced that only verified accounts will be eligible to be in ‘For You’ recommendations. In other words, you’ll have to buy a Twitter Blue subscription in order for others to see you in their ‘For You’ feed.

As if that’s not enough, he also announced that voting in polls will require verification too. Elon Musk did offer an explanation for this change. He said that this is “the only realistic way to address advanced AI bot swarms taking over. It is otherwise a hopeless losing battle”.

Now, whether you believe that to be true/main reason or not, is another discussion altogether. Twitter does have a bot problem, but this move does seem to be quite drastic. Needless to say, Elon Musk’s tweet managed to get a lot of traction, and a lot of comments too. Many people pointed out how drastic this move is.

You’ll have to pay at least $8 per month in order to be visible in the ‘For You’ tab

Many people had rather negative reactions to this, which is understandable. In order to appear in the ‘For You’ tab, you’ll need to pay $8 per month (more if you subscribe via an iPhone), which is the cost of the Twitter Blue subscription.

Many people prefer to use the ‘For You’ tab, for discovery purposes. That’s also the default view for Twitter, though you can easily switch to a chronological view, and stick to the people you follow, of course.

As a reminder, Elon Musk has been in charge of Twitter since October 2022. He has made a ton of changes in the meantime, and also fired quite a few employees at the same time. It remains to be seen if this change will stick, as the community pushback is quite considerable.


[ad_2]
Source link

WhatsApp may get updated to support in-app voice chat

andreasc
-
0
WhatsApp may get updated to support in-app voice chat
[ad_1]
Ah, WhatsApp! A staple of modern communication and an app that everyone — business or person — can take advantage of. The Meta-owned company has been on an intense update roll in the past months, but it seems like there is no end goal here.

With WhatsApp, it appears as if the aim itself is to offer continuous improvement of the service itself. And no wonder! It’s not like competitors don’t exist and each has their own fans that may have joined for specific needs. So what can one do in that sort of situation?

Why, copy a page of their book, of course! Voice chat is not a new concept at all, but is one that has grown ever popular thanks to services like Discord. As such, it only makes sense for a similar feature to become implemented in WhatsApp too.

Truth be told, this is not set in stone. The entire story stems from a discovery, made by WABetaInfo, whose team has yet again decompiled the latest WhatsApp beta version in search of hidden features. And in the code for the app, traces and UI elements hinting at a voice chat feature have been uncovered.

So how is this different from regular calls or voice messages? Well, voice chat basically allows you to drop in and out of a conversation through the tap of a button — in WhatsApp’s case, in the shape of a waveform and located on the top right. So basically, it’s like a group call, but without having to actually call or have the other party pick up. You just dive in to talk with anyone already on the voice chat and in some cases, the text-chat remains active too. Pretty neat, right?

Presumably, once you’ve joined a group chat, others will get a notification that someone has gone “live”, so that they can follow suit and join the conversation. Otherwise you may end up hanging around all on your lonesome for a while.

From the shared screenshots, we can see that the UI up top extends quite a bit while the voice chat is active, so the WhatsApp devs may intend for something to go up there. A live transcription or a simple waveform maybe?

It looks like the feature is still under development though, so we don’t have any concrete confirmation about when it may see roll out. If you are eager to be among the first users to try it out, you should consider joining the beta group, as it’s highly likely that those users will get to experience new features ahead of release.


[ad_2]
Source link

Ransomware gunning for transport sector’s OT systems next

andreasc
-
0
Ransomware gunning for transport sector’s OT systems next
[ad_1]

ENISA released a report tackling the threat landscape of the transportation industry. And it has foreseen the targeting of OT systems in the future.

ENISA (the European Union Agency for Cybersecurity) has reason to believe that ransomware gangs will begin targeting transportation operational technology (OT) systems in the foreseeable future. This finding is further explored in the agency’s 50-page report entitled ENISA Threat Landscape: Transport Sector.

The transportation sector, which comprises the aviation, maritime, railway, and road industries, is a subgroup under the industrial sector, according to the Global Industry Classification Standard (GICS). It doesn’t only deal with the movement of people but also of products. An OT system ensures transport services are safe, reliable, and available.

An OT system refers to the hardware and software directly involved in detecting, monitoring, and controlling processes and equipment. It interfaces with the physical world and is often part of a nation’s critical infrastructure. Examples are Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS). These systems have been targeted and attacked by the WannaCryStuxnet, and Triton malware, respectively.

ENISA says the three dominant threats to the transportation sector are ransomware (38 percent), data-related threats (30 percent), and malware (17 percent). However, each subgroup has reported experiencing other attack types than ransomware.

The aviation industry, for example, has dealt with more data-related threats than others. Airline customer data and proprietary information of original equipment manufacturers (OEM)—companies that provide parts for another company’s finished product—are the primary targets of attackers in this subgroup.

ENISA notes that most threat actors target IT systems, which can cause operational disruption. However, reports of OT being targeted have been rare. The agency believes this will change soon because of many factors, including ongoing digitization efforts within the industry that increase IT and OT connectivity, the high probability of companies paying ransom demands to avoid critical business and social impacts, and the increasing number of identified vulnerabilities within OT environments.

The report also listed a number of observed cyberattack trends, such as the following, within the transportation industry:

  • Ransomware attacking industries within the transport sector has been on an uptick.
  •  Fifty-four percent of the time, cybercriminals are responsible for attacks against the sector and its subgroups.
  •  Hacktivist and DDoS (distributed denial of service) attacks will likely continue due to geopolitical tensions and ideological motives.
  •  Hacktivists in the EU primarily targeted airports, railways, and transport authorities.
  •  The top motivators for attacking the transport industry are financial gain (38 percent) and operational disruption (20 percent).

From the report:

“The transport sector is considered a lucrative business for cybercriminals, with customer data considered a commodity and with highly valuable proprietary information when transport supply chain is being targeted.” …

“While we have not observed notable attacks on global positioning systems [emphasis theirs], the potential effect of this type of threat to the transport sector remains a concern. Jamming and spoofing of geolocation data could affect their availability and integrity, affecting transport sector operations. This type of attack requires further analysis in the future.”

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Mysterious ‘Open Audio Chat’ option seen in WhatsApp beta

andreasc
-
0
Mysterious ‘Open Audio Chat’ option seen in WhatsApp beta
[ad_1]

WhatsApp is an extremely popular messaging app, and that doesn’t only apply to text-based communication. People use the Meta-owned app for voice communication as well. According to WABInfo (via Android Police), it looks like WhatsApp is working on a new Open Audio Chat feature, and we don’t know what it is.

For starters, you’ll want to take this news with a grain of salt. WABInfo was able to dig into the beta version of the app (version 2.23.7.12) and activate the UI for this mysterious feature. Thus, the company could take the feature away or change it at any time. We’re not sure when/if WhatsApp plans on pushing this feature to the final build of the app.

WhatsApp is working on an Open Audio Chat feature

Right now, we don’t know what this feature could be used for, but the name could give us a hint. First off, in the screenshot below, we see a minor change in the UI. Typically, at the top of the group chat UI, you’ll see a phone icon next to the camera icon. This would start a group audio call. However, with the new UI, the phone icon was changed to a waveform icon.

Also, when you tap on that option, instead of jumping right to the call, you’ll see a dropdown menu with the Group call option and a new button. It says Open audio chat. At this point, we don’t know what this could be, but there’s speculation that it could allow anyone to join the conversation whether they’re in the group or not.

If this is the case, then it could resemble something like what we see with Twitter Space and Clubhouse. Maybe the people who are in the group could be the hosts of the conversation, and visitors could just listen. We wouldn’t be surprised if the company did something like this.

Several companies jumped on the Clubhouse train when it was the new thing. Facebook, Twitter, Discord, and Amazon are some examples (while Amazon didn’t launch a product yet). Only time will tell if this is what the company is planning on doing.


[ad_2]
Source link

Best Apple iPhone to buy in 2023

andreasc
-
0
Best Apple iPhone to buy in 2023
[ad_1]

Are you in the market for a new phone, and want to get an iPhone? Well the good news is, there’s an iPhone for virtually every budget. And no, we’re not talking about renewed or used models. In fact our list here does not have a single used or renewed model. These are all new.

Today, we’re rounding up the best iPhones you can buy in 2023. This will include the iPhone 14 series, iPhone 13 series and even the iPhone SE. So without further ado, here’s the best iPhones you can buy in 2023.

Best iPhone to buy in 2023

Below, you’ll find links to all of the iPhones that are worth buying in 2023.

Product nameCostWhere to buy
Apple iPhone 14 Pro$999AT&T, T-Mobile, Verizon
Apple iPhone 14 Pro Max$1,099AT&T, T-Mobile, Verizon
Apple iPhone 14$799AT&T, T-Mobile, Verizon
Apple iPhone 13$699AT&T, T-Mobile, Verizon
Apple iPhone SE (3rd Gen)$429AT&T, T-Mobile, Verizon
Apple iPhone 13 mini$599AT&T, T-Mobile, Verizon

Best iPhone

iphone 14 pro deep purple fall22 a

Apple iPhone 14 Pro

The regular iPhone 14 Pro is currently our pick for the best iPhone, because it has all of the “pro” features, without having a huge display and a lot of weight like the Pro Max. Not to mention, it is $100 less than the Pro Max.

With the iPhone 14 Pro you’re getting a 6.1-inch 120Hz display using ProMotion, along with the Dynamic Island. It also has the newest chipset from Apple, the A16 Bionic. That’s paired with 6GB of RAM. That might sound like not a lot of RAM, but remember that iOS is a lot more optimized than Android, since it runs on a handful of phones versus, thousands of phones.

It launched in September 2022, and it’ll likely get updated for at least 5 years or more.

Best big iPhone

iphone 14 pro max silver fall22 a

Apple iPhone 14 Pro Max

Our choice for the best “big” iPhone is likely not a surprise. Though some might think we would go with the Plus over the Pro Max. But the upgrades on the Pro Max are to big to skip out on. The iPhone 14 Pro Max has all of the same features as the iPhone 14 Pro listed above, with the major difference here being that it has a larger 6.7-inch display. And therefore a larger battery.

The biggest reason to get the iPhone 14 Pro Max, or really any Pro Max iPhone is the battery life. I actually used the iPhone 13 Pro Max for a year, and legit I was only charging it every two to three days. And that was with heavy use too. So definitely a good option if you use your phone a lot.

Best iPhone for most people

iphone 14 yellow spring2023

Apple iPhone 14

The iPhone 14 is the best iPhone for most people. It does skip out on some “pro” features like the telephoto camera, as well as the ProMotion display. But keep in mind that this display is still very smooth. It doesn’t have the Dynamic Island either, which take that as you will.

With the iPhone 14, you’re getting a lot of the flagship features, in a $799 price tag. Which is not bad at all. It also comes in a ton of colors, including the new yellow that Apple introduced for the Spring.

Best value iPhone for under $700

apple iphone 13 midnight 09142021

Apple iPhone 13

Most of the time, we would not recommend the previous year’s iPhone right below the current model. But this year, Apple did very little to upgrade the iPhone 13 to the iPhone 14. It even has the same chipset. So for $100 less, you can get basically the same phone, but in some different colors.

If you’re worried about updates, don’t. Apple does really well with updates. In fact, it updated the iPhone 6S and 6S Plus for over 6 years before it finally gave up on it. So you’ll get plenty of updates with this phone.

Best iPhone with Touch ID

apple iphone se midnight 2022

Apple iPhone SE (3rd Gen)

Apple really does offer an iPhone for every budget, including this iPhone SE (3rd Gen). This is the latest iPhone SE from the company, which does include 5G support. So that’s good to see. But because of that, the battery is not so great.

This is basically the iPhone 13, in an older iPhone body, complete with Touch ID. So if you’re not a fan of the Face ID for unlocking your device, you do get the fingerprint sensor back on the iPhone SE. It’s fairly cheap, but starting at 64GB should be a crime in 2023.

Best small iPhone

apple iphone 13 mini blue

Apple iPhone 13 Mini

Now if you’re someone that wants a small iPhone, the iPhone 13 Mini is the one for you. This one comes with a 5.4-inch display, which is almost unheard of in 2023. Which is probably why Apple decided not to do another mini iPhone. This is likely the last “Mini” iPhone Apple will ever do, since it sold so poorly.

But in this small iPhone, you do get the Apple A15 Bionic chipset, 4GB of RAM, and up to 512GB of storage. There is also two 12-megapixel sensors here, with a main wide angle and then an ultrawide.


[ad_2]
Source link

GitHub changes its compromised SSH key

andreasc
-
0
GitHub changes its compromised SSH key
[ad_1]

Developer platform GitHub has changed its RSA SSH key after it was accidentally exposed on a public repository.

Late last week, GitHub tweeted that it had replaced its RSA SSH “out of an abundance of caution,” after accidentally exposing the key on a publicly accessible repository. 

Tweet by GitHub about the key replacement

How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to copy the key could impersonate GitHub or eavesdrop on Git operations over SSH.

SSH (Secure Shell) keys are access credentials that are used in the SSH protocol and they are instrumental for the safe use of platforms such as GitHub, which is used for storing, tracking, and collaborating on software projects. The SSH protocol is widely used to login remotely from one system into another, and its strong encryption makes it ideal to carry out tasks such as issuing remote commands and remotely managing network infrastructure and other vital system components.

An RSA key pair includes a private and a public key. The RSA private key is used to generate digital signatures, and the RSA public key is used to verify digital signatures. GitHub.com’s RSA SSH private key was the one that was, briefly, exposed in a public GitHub repository.

What do GitHub users need to do?

If you are using GitHub’s ECDSA or Ed25519 keys, you won’t notice any change and no action is required. If you receive a warning that starts by saying that the remote host identification has changed, you’ll need to remove the old key by running this command:

$ ssh-keygen -R github.com

Then, you can manually add the following line to add the new RSA SSH public key entry to your ~/.ssh/known_hosts file:

github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

Alternatively you can automatically update GitHub.com’s RSA SSH key in your ~/.ssh/known_hosts, by running the following in your terminal:

$ ssh-keygen -R github.com

$ curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts

You can verify that your hosts are connecting via our new RSA SSH key by confirming that you see the following fingerprint:

 SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s

For more information, please visit the official documentation on GitHub’s SSH public key fingerprints, or follow the more elaborate instructions in the article about the update.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Best Google Pixel 7 Pro Deals

andreasc
-
0
Best Google Pixel 7 Pro Deals
[ad_1]

The Google Pixel 7 Pro is finally, available for pre-order. The device goes up for pre-order today and will be in customers hands next week, on October 13. The Pixel 7 Pro is starting at the same price as the Pixel 6 Pro did last year, just $899. That’s still a lot of money, but far cheaper than most other flagships which start at $999. But what if we told you that you could get it for even less? Well you can, and that’s why we have this list of the best Pixel 7 Pro deals.

Google’s Pixel 7 Pro is largely the same as the Pixel 6 Pro. It has the same display, a 6.71-inch QHD+ AMOLED 120Hz display. It does also have the new Tensor Chip inside (this is the second generation one), with 23GB of RAM and 128GB of storage. There is also a 256GB and 512GB model. It’s powered by a pretty large 5003mAh capacity battery inside. So it’s a pretty solid smartphone for just $900. Not to mention the fact that it’s going to get updates quickly, and often from Google.

Best Google Pixel 7 Pro Deals

So, about those deals. Typically, carriers will have the best deals, as they offer trade-in deals for new phones. But if you don’t have or don’t want to trade in your phone, you can also save in other ways, which we’ll outline below. Google hasn’t always been as aggressive as Samsung and Apple with trade-in values. So it still might be cheaper to go ahead and buy the phone and then sell your old one later on.

Below, we’ll list all of the promos that each carrier is offering for the Google Pixel 7 Pro. As well as the retailers like the Google Store, Best Buy and Amazon. So you can take advantage of the deal that works best for you. As the best deal may not be the best for everyone.

So without further ado, here are the best deals for the Google Pixel 7 Pro.


[ad_2]
Source link
1...1,3331,3341,335...1,452Page 1,334 of 1,452