Apple’s energizer bunny, Samsung’s routine share, and Google’s FAB-ulous Chrome plans

andreasc
-
0
Apple’s energizer bunny, Samsung’s routine share, and Google’s FAB-ulous Chrome plans
[ad_1]

In the fast-paced world of tech, it’s easy to miss out on some of the juiciest stories and the most groundbreaking announcements. Fear not, for we’ve got you covered! From the latest in smartphone innovations and AI advancements to the hottest news in the social media realm, we’ve sifted through the noise to bring you the highlights of the week. So sit back, relax, and catch up on everything you might have missed in our latest episode of “News You Probably Missed and Shouldn’t Have!”

The iPhone 16 Pro Max features a bigger battery

The iPhone 16 Pro Max could be the energizer bunny of phones, lasting you like a whole day of Netflix episodes on a single charge (don’t try that). All thanks to a fancy new stainless steel battery case that’s practically bursting with juice (but hopefully not literally). Imagine never having to fight your friend for that last charger port at the coffee shop again. This phone will basically have its own built-in solar panel. Apple’s solving iPhone battery woes like a pro.

You can now share your Samsung SmartThings routines

Imagine your friend struggling to remember their morning routine: fumbling for the coffee pot, tripping over the cat, and blasting heavy metal instead of morning news. Samsung SmartThings to the rescue! Now you can share your perfectly-tuned routine like a digital handshake. No more burnt toast symphonies, just smooth jazz and a perfectly brewed cup for your sleep-deprived friend. Sharing is caring, and with Samsung, sharing is automated bliss.

Opera GX gets new AI features to power up gamers

Opera’s gaming-oriented GX web browser just got a power-up with more AI features. It is now your personal gaming co-pilot, helping you out with all sorts of cool stuff. We’re talking next-level image generation, where you can describe what you want and the AI whips it up in a flash. Need a fire-breathing cat riding a rocket for your new Twitch stream? No problem! The AI can now understand images too, figuring out what’s going on in any picture you throw at it. More time for epic wins and less time for browsing black holes!

Opera GX AI update

Galaxy S25 leaks begin with battery certification

It looks like Samsung’s internal sieve struck again, this time leaking info on the Galaxy S25’s battery. No word on how long they’ll last, but hey, we’re just getting started. The never-ending flow of Samsung leaks has picked up another stream and will continue to flow. So, stay tuned folks, because the only shocking thing we know for sure is that these phones will need to be plugged in eventually, no matter how big their batteries are.

The Apple Watch Series 10’s rumored radical redesign was probably a hoax

The Apple Watch Series 10 is looking like that friend who promised a whole new look for a night out but just shows up with a slightly bigger shirt. Maybe new bands? The latest rumor is that the upcoming watches won’t get a radical redesign. So much for rumors about a fresh new look! It appears Apple gave up on the redesign midway after seeing people troll Samsung’s Watch Ultra. Hey Apple, people get used to a new design quickly. The trolls only last so long.

Google Chrome might be joining the FAB party

Google Chrome might be following the FAB trend! The company is considering adding a Floating Action Button (FAB) to its popular browser app. The new button will help you start a new tab in a flash from the tab overview menu. Currently, the “New tab” button sits at the top, so the change makes it more accessible and visible. Many Google apps already boast FABs. This may be a move to keep things streamlined so users don’t get confused.

Google Chrome New Tab FAB

YouTube lets you remove your AI copy you never approved

YouTube is getting hip to the whole “AI-fake-me-out” game. It is letting users fight fire with fire–you can now flag videos that use fancy AI to make you say or do things you never did! So, if you see yourself giving a speech about the virtues of polka-dotted socks, but you secretly despise them, you can get that video outta there. Just remember, with great flagging power comes great responsibility! Don’t go overboard and report videos that are clearly satire or just mean-spirited fun.

Google breaks Nest Wifi Pro with an update

Oh dear, looks like Google’s Nest Wifi Pro update went about as smoothly as a greased pig wrestling competition. Users are reporting all sorts of woes since the update, from slower speeds than a sloth on vacation to spotty connections that make online gaming about as fun as watching paint dry. Some folks are also having trouble with their fancy smart home gadgets, like printers that suddenly decided they only speak gibberish. So, if you’ve got a Nest Wifi Pro and things seem wonky, you’re not alone. Let’s hope Google won’t behave like a plumber on a coffee break and patch things quickly.

Samsung’s Galaxy AI will translate your WhatsApp calls

Imagine you’re chatting with your friend abroad using walkie-talkies, but instead of sounding like gibberish, it magically translates to your language. That’s basically what Samsung’s Galaxy AI is trying to do for WhatsApp calls! Get ready for future arguments where you cannot blame language barriers for forgetting your anniversary…or maybe finally understand what your in-laws are gossiping about. Galaxy AI will also translate your calls on Google Meet, WeChat,…you name it.

Microsoft brings ads to its weather app

Microsoft’s love affair with ads has hit a new low: the weather app! Users are experiencing more frustration than sunshine thanks to a recent update. Imagine checking your phone for rain showers and instead getting bombarded with promotions for, well, who knows what. It’s like Microsoft is saying, “Hey, you want to know if it’ll rain? Great! But first, a word from our sponsors” This whole situation is about as welcome as a pop-up ad during a thunderstorm.

Microsoft Windows 11 weather app ads

LG buys smart home platform Homey to compete against Samsung’s SmartThings

LG just stole a page from its compatriot Samsung’s book, buying into the smart home platform Homey—it acquired an 80% stake in Homey’s parent company Athom and plans to acquire the remaining 20% in three years. The firm is hoping to turn your home into an LG-powered wonderland, with Homey users potentially controlling their fancy LG gadgets soon. Homey promises to stay independent, but this could be the start of a new smart home empire…or a confusing mess.

Google Message prepares for iPhone RCS support in group chats

Looks like Google Messages is throwing a party for iPhones joining the RCS group chat club! This means better photo sharing, read receipts, and all that good stuff for mixed-OS chat groups. There’s no official date yet, but RCS on iPhones is still a few months away, so Google has time. Google Messages might welcome the iPhones with a notification. Hopefully, this is the end of the green bubble blues!

Samsung receives an industry-first display certification from Pantone

Samsung Display just won the gold medal in color accuracy! Its fancy new monitor and laptop screens are like super-powered chameleons, blending colors so perfectly that it got a special handshake from Pantone, the color experts. It’s a first-of-its-kind Pantone certification in the display industry. Get ready for more realistic colors and graphics on your new Samsung gadgets. Creators are gonna love this, and so are consumers.

Netflix is phasing out its cheapest ad-free plan

Netflix is ditching its cheapest ad-free plan, saying “adios” to those sweet, sweet budget-friendly streams. Subscribers need to upgrade to a pricier plan or pick up an ad-supported plan, which is like having a movie interrupted by a surprise game show host selling dish soap. Canada and the UK are the first guinea pigs, forced to choose between ads, a pricier ad-free plan, or giving Netflix the boot. The rest of the world can probably expect the same treatment soon, so get ready for some internal debates about whether you really need to see that commercial for wrinkle cream.

Netflix Basic ad free plan discontinue

New Apple iPads are on the way, of course

Surprise, surprise! New iPads might be on the horizon. Website detectives spotted hints of four new iPads in code. This suggests an 11th-gen iPad with Apple’s A16 chip, a 7th-gen iPad mini with the A17, and possibly two new Pro models with the next-gen flagship M5 chip. The fresh discovery also lifts the lid on some models Apple scrapped mid-way through development or planning, including an A14 model and two M3 iPad Pros.

Russian hackers tried snooping on US government agencies via Microsoft

Uh oh! Looks like Russia pulled a fast one on Microsoft and some US agencies. Hackers from Russia infiltrated Microsoft’s system and used that access to snoop around emails in some US government agencies. Bummer! The good news? It seems they weren’t looking for super sensitive stuff like social security numbers, or maybe couldn’t find any. This is still a black eye for Microsoft though, and a reminder to be extra cautious online.

YouTube’s ‘Erase Song’ removes copyrighted music, doesn’t affect other audio

YouTubers rejoice! Struggling to remove that pesky copyrighted song from your video without killing the whole soundtrack? YouTube’s got your back with its upgraded “Erase Song” tool. It’s like magic, it silences the unwanted music while keeping your hilarious commentary or fire soundtrack intact. No more awkward silence or scrambling to replace the audio. Now you can focus on creating awesome videos, copyright woes are gone! Maybe not entirely, but certainly up to an extent.

Google Messages improves photo captions in chats

Google Messages is giving a makeover to how photos with captions appear in RCS chats! Imagine this: you send a pic of your adorable cat with a hilarious caption, and now the photo and caption cuddle up together on the screen, looking all cute and organized. This tweak makes captions look like captions rather than separate messages. It’s a small change, but it adds a touch of polish to your conversations.

Qualcomm has yet to finalize the Snapdragon 8 Gen 4’s price

Qualcomm’s hot new Snapdragon 8 Gen 4 chip is like that super fancy restaurant everyone’s talking about, but no one’s making reservations yet. No phone maker is nearing mass production of the next-gen Snapdragon, so no orders. This mystery is making the price anyone’s guess—super expensive or a waiting game for a bargain? Guess we’ll have to wait to see if this chip lives up to the hype! It’s a waiting game for the smartphone superstar of the future.

Samsung flags off the July update train

Looks like Samsung’s forgotten the Galaxy S24 Ultra and foldables! The Galaxy A55, the often-ignored middle child, is surprisingly the first Samsung phone to get the July 2024 security update. Is this the update A55 users have been waiting for? Not really, it’s just the security patch and nothing more. But hey, at least it’s something, right? Maybe Samsung is making amends for all those times it delayed the phone’s updates. In the meantime, S24 Ultra and Galaxy foldable users can console themselves with some new Paris 2024 Olympic accessories…

The HMD View is an upcoming budget phone from the Nokia maker

HMD, the Nokia maker, is preparing a new budget phone under the HMD brand. A new leak gives an early view (pun intended) into the HMD View. It’s got a decent camera that won’t make your cat look like a blurry mess, a good screen that properly shows the cat photo you captured, and a battery that won’t die halfway through your cat video binge-watching session. No official word yet, but this could be a good option for those who want a phone that won’t break the bank. Here’s what it looks like.

HMD View leak


[ad_2]
Source link

Patent application shows cool new Google Maps feature for groups traveling to same destination

andreasc
-
0
Patent application shows cool new Google Maps feature for groups traveling to same destination
[ad_1]
Google has filed a patent application for a new Google Maps feature that will help a group of people driving to the same location receive navigation and turn-by-turn directions to this one destination. With the unwieldy title of “providing navigation instructions to one device in view of another device,” the innovation here delivers “group navigation” to Google Maps users. The group navigation is designed for multiple people heading to the same location but leaving from different places.
Here’s how this might work. The first driver punches in the destination and invites the other drivers to join the group. All members of the group must be Google members according to the patent application. The bottom line is that everyone in the group will see personalized directions to the same location. Estimated Time of Arrival (ETA) will also be available for all members of the group so if you’re the first to arrive at the destination, you’ll be able to see when the rest of the party is expected to arrive.

Even better, Google Maps will be able to use traffic conditions obtained from the lead vehicle to alert the others about traffic jams, accidents, and when an alternative route is necessary to avoid a huge delay. The lead vehicle can also give the others information on where to park which will allow the other members of the group to know in advance of their arrival where they should park their cars.

Google considers a feature for Google Maps aimed at groups driving to the same destinations|Image credit-Ililta.EU - Patent application shows cool new Google Maps feature for groups traveling to same destination

Google considers a feature for Google Maps aimed at groups driving to the same destinations|Image credit-Ililta.EU

Eventually, Google Maps could recommend speed adjustments so that all members of a group will arrive at the destination at the same time. The patent application also suggests Google Maps could add a voice chat application which would allow the members of a group to communicate with each other during the journey. Considering that there are already ways that members of such a group can stay in constant touch while traveling to the same destination, it is possible that Google won’t see this as something urgent that needs to be developed.

While there is no guarantee that Google will add this feature to Google Maps, it would be a great addition to the app especially for families who meet up every year at a location for a driving vacation. Google, like many other tech companies, applies for a large number of patents each year while only a small percentage of them ever become real innovations.


[ad_2]
Source link

Apple executives give details about the changes coming to the Photos app in iOS 18

andreasc
-
0
Apple executives give details about the changes coming to the Photos app in iOS 18
[ad_1]
One app getting a new look in iOS 18 is the Photos app. Three Apple executives sat down to discuss the redesigned app with The National. The trio consisted of Jon McCormack, vice president for camera and photos at Apple’s software engineering team, Della Huff, manager of camera and photos at Apple’s product marketing team, and Billy Sorrentino, senior director at Apple’s human interface design unit.

The redesigned Photos app will be found on iOS 18, iPadOS 18 and MacOS Sequoia and will be powered by Apple Intelligence. The latter is what the company is calling its first dive into the world of Artificial Intelligence (AI). Sorrentino, talking about the AI-based Photos app, said, “As our features, users, and libraries have grown, so has the density of the [Photos] app. So rather than hunt and peck throughout, we’ve created a simple streamlined single view photos experience based on deep intelligence.” Everything that Apple is doing to the Photos app is being done with one goal in mind and Sorrentino says, “Ultimately, we wanted to remove friction.”

A new security-based feature for the Photos app was discussed by McCormack who said, “We make it very clear that when an application goes and uses an API [application programming interface] for the first time, we’ll inform the user exactly what that app is asking for.” If an app requests full access to your library of photos, you’ll be able to “create a special little sub-catalogue” for that app. Developers will also be able to use a “whole robust set” of APIs that will help them improve their apps.

The Photos app in iOS 17.5.1|Image credit-PhoneArena - Apple executives give details about the changes coming to the Photos app in iOS 18

The Photos app in iOS 17.5.1|Image credit-PhoneArena

Apple has previously said that the Photos app will undergo its “biggest-ever redesign” with the iOS 18 update. The app, along with Safari and Mail, is one of the most-used apps on iOS. Features coming to the app include a new single-grid UI with the month and year listed underneath to make it easier to find a photo or video taken on a specific date. A new Collections feature will organize photos and videos by topic or theme. Consider it to be the upgraded version of the current Memories feature that stores images and videos by event, people, or theme.

Discussing the customizations, Apple’s Huff says, “Lots of deep intelligence combined with customization means that Photos can be more personal. Everyone has a different workflow and so automatic customization is really key here.” While this wasn’t mentioned by any of the three Apple executives, an AI feature for the Photos app called “Clean Up” is expected to allow iPhone users to circle unwanted distractions from an image and the distraction will disappear. It is similar to the Magic Eraser feature that Google originally brought to Pixel handsets. Google has since made it available on a limited basis to other Android handsets and iOS through the Google Photos app.

While the iOS 18 developer beta is currently available, the public beta should launch sometime this month. The stable, final version of iOS 18 is expected to be released in September.


[ad_2]
Source link

Researchers Track Identities and Locations of CSAM Users via Malware Logs

andreasc
-
0
Researchers Track Identities and Locations of CSAM Users via Malware Logs
[ad_1]

Alarming new research exposes thousands of CSAM (child sexual abuse material) consumers through infostealer malware logs. Recorded Future identifies dark web users with credentials for CSAM.

A new study by Recorded Future’s Insikt Group has identified thousands of individuals who have accessed child sexual abuse material (CSAM) on the dark web, tracked down by analyzing logs from infostealers, a type of malware that steals user information from infected devices. 

Infostealer steals sensitive data like login credentials, OS details, autofill data, screenshots, credit card numbers, cryptocurrency wallets, and browsing history through phishing, spam campaigns, fake update websites, SEO poisoning, and malvertising. It creates an infostealer log to store this data and transmits it back to the threat actor’s servers.

The research involved creating a list of high-fidelity CSAM domains, queuing Recorded Future Identity Intelligence proprietary data to identify users with login credentials, and grouping them based on each source.

Collaboration with non-profit organizations like the World Childhood Foundation and Anti-Human Trafficking Intelligence Initiative (ATII) helped determine popular sources where CSAM is hosted and consumed.

Insikt Group analysts used infostealer logs from February 2021 to February 2024 to identify CSAM consumers by cross-referencing stolen credentials with known domains. They identified 3,324 unique credentials used to access known CSAM websites, providing valuable data for law enforcement, including usernames, IP addresses, and system information 

Using open-source intelligence (OSINT) and digital artefacts, including cryptocurrency wallet addresses, transaction histories, non-CSAM web accounts, physical addresses, phone numbers, email addresses from browser autofill data, and associations with online services like social media and job application portals they gathered more information about these users. 

This is similar to a development by Microsoft. In January 2020, the technology giant announced Project Artemis, aimed at detecting CSAM consumers through online chat using a new tool.

However, in September 2020, a server belonging to the Microsoft Bing search engine exposed a treasure trove of data online, which contained user search queries and location data, including those searching for CSAM and murder. Despite having location data of users involved in criminal searches, the company did not report it to the relevant authorities.

As for Insikt Group, the researchers specifically studied three users from “141 repeat offenders identified over 362 log references,” including a Cleveland, Ohio resident, d****, convicted of child exploitation and accounts on 4 CSAM sites, an Illinois children’s hospital volunteer, docto, with a history of retail theft and accounts on 9 CSAM sites, and a Venezuelan student Bertty, maintaining accounts on 5 CSAM sites and likely involved in the purchase and distribution of CSAM content.

“We were able to rank CSAM hosting websites by the number of compromised credentials in the last three years. The top ten sources1 identified below were kidfl*4m, alice*4, gk*fgh, 243*n, c*ub, *ian, my*eens, 3d*oys, *yboys, and boyvi*,” Recorded Future’s report (PDF) read.

According to researchers, the following three countries had the highest counts of users with credentials to known CSAM communities:

  • India
  • Brazil
  • United States
Researchers Track Identities and Locations of CSAM Users via Malware Logs
Data extracted from infostealer logs by researchers reveals the location details of CSAM sources and users. (Screenshot credit: Recorded Future Identity Intelligence)

Recorded Future’s study shows infostealer logs’ potential in identifying CSAM consumers and new trends. Law enforcement agencies can use this information to track down and prosecute those who are involved in the production and distribution of CSAM.

  1. Hackread.com has redacted the top 10 CSAM forums to prevent users from searching for or visiting them. ↩︎
  1. INTERPOL Busts Decade-Old Child Abuse Network
  2. Facebook Helped FBI Capture a Notorious Child Abuser
  3. Authorities seize world’s biggest dark web child abuse site
  4. Op protected childhood: 113 online child predators arrested
  5. Europol Busts Major Online CSAM Racket in Western Balkans
  6. Utilizing Programmatic Advertising to Locate Abducted Children

[ad_2]
Source link

Changing its mind, Apple approves the Epic Game Store for the EU

andreasc
-
0
Changing its mind, Apple approves the Epic Game Store for the EU
[ad_1]
There is no denying that Epic Games has been trying to get Apple to approve an Epic Games Store for the iPhone dating back to the 2021 Epic via Apple court battle. That legal battle took place after Apple kicked Epic and its popular Fortnite game out of the App Store for trying to get around Apple’s in-app processing platform that took a commission every time an in-app purchase was rung up.

Thanks to the EC’s Digital Markets Act (DMA), Apple must allow third-party app storefronts to find a home inside iOS in the EU. As recently as yesterday, Epic complained that Apple had twice rejected its submission to add the Epic Games Store to the iPhone in the 27 EU member countries. Epic stated that Apple’s decision was “arbitrary, obstructive, and in violation” of the DMA. However, Apple has pulled a 180-degree reversal and has reportedly approved the addition of the Epic Game Store to iOS.

Earlier reports noted that Apple believed that Epic was for the most part compliant with the EU guidelines except for the placement of certain buttons that could be confusing to consumers. Developers are prohibited from adding buttons to apps that could lead users to believe that certain elements in the app were made by Apple. Epic said that it has used the same button layout in other platforms and followed “standard conventions” for iOS buttons.

Apple kicked Fortnite and Epic out of iOS for trying to bypass Apple's in-app payment platform - Changing its mind, Apple approves the Epic Game Store for the EU

Apple kicked Fortnite and Epic out of iOS for trying to bypass Apple’s in-app payment platform

  
Apple told AppleInsider on Friday that it has approved Epic’s application for its Marketplace app in the EU and merely requested that Epic fix the button in the next submission it makes for the app. Apple isn’t known for giving in when facing a situation like this but it needs to be very careful here because the EC has already reached a preliminary view that as far as Apple is concerned, its App Store rules violate the Digital Markets Act (DMA). As a result, Apple could be fined up to $38 billion or 10% of its fiscal 2023 global revenue.

Epic still needs to finish work on the back end of its app although previously it did say that it was only a couple of months away from having its app added to iOS. Apple’s about-face should only make things easier for Epic to reach its goal.


[ad_2]
Source link

New Snailload Attack Demonstrates Exposed User Activities

andreasc
-
0
New Snailload Attack Demonstrates Exposed User Activities
[ad_1]

Researchers shared insights about a new attack strategy that exposes users’ activities to snoopers. Identified as a “Snailload attack,” the technique works by exploiting the network latency following a bottleneck on internet connections.

Snailload Attack Exploits Network Latency

A team of researchers from the Graz University of Technology has devised a new side-channel attack that exposes users’ online activities. Naming it the Snailload attack, the researchers demonstrated how an adversary could exploit network latency to spy on users.

Interfering internet connections usually require the attacker to launch MiTM attacks or sniff WiFi packets by physically being present within the network’s proximity. However, while serving the same purpose, Snailload is different in that it neither requires code execution nor physical access to the target network.

As explained, a bottleneck in internet connections exists, particularly between the users’ devices and the ISPs, which affects network latency. (The subsequent connection from the ISP to the corresponding server, e.g., a website, is usually faster.) The Snailload side-channel attack exploits this bottleneck, allowing the attacker to access data packets from the bottleneck without malware execution of WiFi sniffing.

In this attack, the victim unknowingly downloads a file (an image, a video, etc.) from the attacker’s server, as the attack masks the file or video download. As the attacker sends the respective file gradually, it allows an attacker to exploit the bottleneck and measure the network latency to know the video being watched. Since the file is sent to the victim at a very slow speed (snail’s pace), and it leaves traces, the researchers have named it the “Snailload”.

The researchers have shared the technical details about the entire attack strategy in their research paper. They have also shared a demo on a dedicated website alongside releasing the example server on GitHub.

Limitations And Countermeasures

As demonstrated, Snailload is a precise remote side-channel attack which doesn’t require the attacker to rely on the victim machine’s hardware or execute codes. Its passive traffic analysis style makes Snailload applicable against every network-connected machine.

However, the attack has some limitations despite all its effectiveness for packet tracing. The most notable limitation is that it typically works on TCP connections where measuring network latency becomes feasible.

As for countermeasures, Snailload is affected by noise, which can server as a mitigation. But adding noise may also be inconvenient for the user. Besides, Snailload requires the target network to have a high bandwidth at the backbone infrastructure than the user’s connection to effectively create the bottleneck.

Let us know your thoughts in the comments.


[ad_2]
Source link

The Problem With Bug Bounties

andreasc
-
0
The Problem With Bug Bounties
[ad_1]
Problem With Bug Bounties

A Technically Skilled individual who finds a bug faces an ethical decision: report the bug or profit from it.

This is nowhere more relevant than in crypto.

In this article, with the help of Ilan Abitbol from Resonance Security, I look at the recent debacle between Kraken and CertiK and use it to discuss some of the problems concerning bug bounties that have arisen over time in the computer industry in general and in the cryptocurrency industry in particular.

The bug

Back on 9 June 2024, a CertiK security researcher reported to the crypto-exchange Kraken that they had found a bug. A significant bug — the equivalent of a re-entrancy exploit in a smart contract, but in the exchange’s web interface instead.

Re-entrancy bugs are exploits where you can withdraw cash or crypto, and then interrupt the system before the value of the withdrawal is subtracted from your balance. Or the reverse — start a deposit, wait for your balance to be increased in the system, and terminate the deposit before it completes.

You can think of it like getting $400 out of an ATM and then turning it off before it reports back to the head office that that amount should reduce your account balance.

Turn the ATM back on, and you can repeat the process until all the cash is drained from the ATM without your account balance decreasing.

It’s why competent smart contract programmers use a “checks-effect-interactions” pattern in their code:

  • check the client has a sufficiently high balance to cover the withdrawal amount (the check),
  • reduce the balance by the withdrawal amount (the effect),
  • then, and only then, send the client the withdrawal amount (the interaction).

Or for the ATM — don’t pay out the cash until you’ve received confirmation from head office that the balance has been reduced.

From what I can tell from the tweets and articles concerning the recent CertiK/Kraken situation, a security researcher found a way to start the deposit of funds into Kraken, withdraw the funds from their account, and then cancel the deposit before it completed — very much like the ATM example I’ve given.

The law

If you are hired under contract as part of a “Red Team” testing exercise, which is where security experts try to hack into a corporate system with the blessing of company management, then the legal situation you are in is clear.

You can’t be prosecuted under the various laws against computer misuse that every jurisdiction has passed, because access has been explicitly granted. You are authorized to do what you are doing.

If, on the other hand, you are an unknown person hacking into someone else’s computer and causing damage, deleting data, or extracting data and digital assets, then you are clearly in the wrong. What you are doing is criminal, and if you get caught the penalties can be severe. In some cases, we’re talking about years or decades of jail time.

“Being a white hat hacker is more of a mindset than a status.

A problem arises in the gray areas, as there is no formal definition of what constitutes being a “white hat” hacker. What if, in the process of legitimately using a public interface to a computer system, you find a bug that allows you to access more than you are supposed to? Under standard prevention of computer misuse legislation even “poking” at the bug means you are breaking the law.

For example, in April 2024, a group of four University of Malta students found a security flaw in an application for students called FreeHour that allowed them to access student records as though they were system admins.

They reported the bug (a configuration problem in the underlying database), followed the usual white hat hacker rule of providing a three-month deadline to FreeHour for fixing the bug before disclosing it to the public, and asked if they could have a bug bounty for their discovery.

FreeHour claims they reported this to the authorities just to comply with GDPR legislation.

The police responded by arresting the students, strip-searching them at the station, and confiscating their computer equipment under Maltese law, which makes it illegal to access a computer application without proper authorization.

The students have stated they were acting in good faith, and I think they probably were. After all, they didn’t make any demands, or try to hold FreeHour to ransom.

The company says they were following regulatory requirements. I couldn’t find a response from the Maltese police, but if pressed I’m sure they would claim they were merely upholding the law.

The upshot is that those four students will probably never report a bug to a company or government again.

Back to CertiK and Kraken — the auditing company certainly was not given permission by the cryptoexchange to withdraw nearly 3 million dollars in cryptocurrency as part of a “white hat” hacking exercise.

While we were working on this article that’s why Ilan said to me: “Being a white hat hacker is more of a mindset than a status.”

Bug bounties

Clearly, network computers are going to have vulnerabilities. From a utilitarian perspective, what we want to do is incentivize people to act as responsible citizens and report these vulnerabilities, rather than ignore them or worse, criminally exploit them.

The industry solution is the bug bounty: a legitimate way for independent computer experts to profit from their discoveries.

Companies provide a list of requirements and rules for white hat hackers, and if you follow those to the letter, then the company says it won’t prosecute you and may even give you a cash reward for your effort, on some scale proportional to the risk you have uncovered.

There are several problems with bug bounties:

  1. What if you accidentally break one of the (usually many) rules set out for the bounty program?
  2. Is the reward you get really going to be commensurate with the damage you have saved the company by reporting it? Will you even get one?
  3. As no explicit contract exists between the white hat hacker and the company, what about the fact that the authorities can still decide to prosecute and jail you, even though you did abide by all the bug bounty rules?

Kraken has a bug bounty policy. One of the things that policy says is that to be considered a white hat hacker your bug bounty submission “can never contain threats or any attempts at extortion”. By holding the funds they extracted hostage, it can be argued that CertiK engaged in precisely that.

The rewards

In the cryptocurrency space, there are some extra problems. Holding a company to ransom by encrypting their data, or selling an exfiltrated database on the black market involves a lot of effort and risk. You need to find a buyer, and as your buyer is a criminal, you could end up not getting paid or even blackmailed into performing more hacking with no payment.

If you find a flaw in a smart contract or an exchange website, on the other hand, you can cash in without having to connect to the Russian mafia on LinkedIn. There are token mixers, and there are exchanges that are lax on their know-your-customer protocols, and so with a bit of research you can cash out anonymously.

If you find a way to drain an entire cryptocurrency exchange of its digital assets, that may be very tempting to some people. Especially since, for example, the Kraken bug bounty has a maximum payout of 1.5 million dollars, and the most ever actually paid appears to be 60 thousand dollars[5].

The ad-hoc ten percent bounty

A disturbing development has been the emergence of ransom-based bug bounties. The hacker steals a large sum, and then negotiates to return a significant portion of it (typically 90%) in return for the promise of no further repercussions.

This has become a very tempting response to make from the perspective of DeFi protocol companies. If all your liquidity is missing, it’s game over. If most of it is returned, it is almost business as usual. A one year or two year loss of profits is better than having to close up shop.

Unfortunately, this sets a terrible precedent. If a company or protocol has a maximum bounty of 1.5 million dollars, and stealing 150 million dollars and returning 90% results in a bounty ten times higher than the supposed top reward, this is going to push a significant number of white-hat hackers into that gray area.

Conclusions

Ironically, bug bounties and the cryptocurrency space have managed to somehow evolve a situation where the risks of following the bug bounty system are higher and the rewards gained are lower than turning to the dark side.

I would argue that companies should:

  1. set up a well-drafted and generous bug bounty scheme, and
  2. stick to it rigidly.

In practice, I don’t think think this will happen.

But one thing is for sure — bug bounties are in need of a serious rethink in this crypto-age we find ourselves.


[ad_2]
Source link

Score Pokemon Go freebies and discounts by redeeming Google Play Points you’ve earned

andreasc
-
0
Score Pokemon Go freebies and discounts by redeeming Google Play Points you’ve earned
[ad_1]

Android users can earn Google Play Points by purchasing paid apps, movies, books, or in-app items, and by trying featured free games and apps. Back in May, Google announced that it would be offering new perks and rewards for those trading in their Play Points. This includes exclusive early access to new games, and VIP experiences “at the hottest events in gaming and entertainment.”

Starting today, Google has teamed up with Niantic and 100 Thieves to give Play Points members at home or in New York City the chance to score exclusive perks and rewards for Pokemon Go. These rewards kicked off on Friday as Pokemon Go Fest started throughout New York City. From now until the end of Pokémon GO Fest 2024: Global on July 14, you can:
  • Redeem your points for exclusive Partner Research: Use your points for exclusive Partner Research that includes an encounter with the Fire Child Pokémon, Charcadet, and the chance to earn XP, Stardust, and an Incubator. Available for members in the United States, United Kingdom, Germany, Japan, Brazil and South Korea.
  • Watch 100 Thieves livestreams: Tune in as Valkyrae, Fuslie, and more take viewers through Pokémon GO Fest 2024: New York City. Diamond, Platinum, and Gold members: Be on the lookout for surprise merch drops during the streams.
  • Redeem your points for Pokémon GO Fest Merchandise: Use your points for hats, tote bags and pins from the official Pokémon GO Fest collection, while supplies last.
  • Claim a points boost: From July 5-7, claim a points boost to get 5X points on anything you buy in Pokémon GO.
To redeem your points for Partner Research or Pokémon GO Fest merchandise and claim your points booster, visit the Use tab and Earn tab of Play Points home. If you have a ticket to Pokemon Go Fest in New York City, visit the Google Play Space on Randall’s Island to collect a reward. If you’re a Gold+ member, you get a Wildcard which Google calls your “VIP  pass to exclusive merchandise from the Pokémon x 100 Thieves collection, meet-and-greets with 100 Thieves Creators, and more.”
Save $5 on tickets for Pokemon Go Fest|Image credit-Google - Score Pokemon Go freebies and discounts by redeeming Google Play Points you've earned

Save $5 on tickets for Pokemon Go Fest|Image credit-Google

Gold+ members in New York City can go to Chelsea to visit the Google Store on Saturday (July 6th) and Sunday (July 7th) from 11 am-2 pm both days to grab apparel from the Pokémon x 100 Thieves collection. Make sure to get there early because it is first come, first served while supplies last. Speaking of Pokemon Go Fest, you can save $5 and pay just $9.99 for tickets. Redeem the discount using Play Pass. Each ticket includes access to two different events: the Park Experience in Randall’s Island Park and the City Experience taking place across all five boroughs.


[ad_2]
Source link

Cambridge pushes audio forward with the Melomania P100

andreasc
-
0
Cambridge pushes audio forward with the Melomania P100
[ad_1]

Cambridge is one of the top companies on the audio scene, but it primarily focuses on larger devices. However, the British brand has recently made its foray into wearable audio devices. Cambridge just launched the Melomania P100, the company’s first-ever over-the-ear headphones.

We recently reviewed the incredible Cambridge Melomania M100. This is a pair of TWS earbuds that cost only $219. These are truly audiophile-grade earbuds that have an amazing sound. There’s so much to love about these earbuds, so feel free to check out our Melomania M100 review. These might be your next favorite earbuds.

Cambridge unveils the new Melomania P100

It’s always interesting when a company takes its first steps into a new form factor. We always look forward to what it plans to bring to the market. There’s a lot of competition in the headphone market with companies like Sony and Apple leading the pack. So, Cambridge has a lot on its plate.

The newly announced Melomania P100 come with a set of high-quality 40mm drivers to deliver the sound. The company says that these are premium three-layer composite drivers with a set of neodymium magnets.

These headphones also come with Class AB amplification, so you know that you’ll have a punchy and powerful sound. This is the same kind of amplification used with the company’s CX Series hi-fi amplifiers.

Lossless audio

These are Bluetooth headphones, which means that you won’t be getting audio quality as good as a pair of wired headphones. This is because the audio codec needs to compress the audio signal to be sent over the limited Bluetooth bandwidth.

However, the Melomania P100 will use Qualcomm’s high-quality aptX Lossless codec. This codec can send a highly detailed audio signal from the device to the headphones. It can send a signal at 16-bit/44.1kHz. This is CD-quality audio, and there’s no lossy compression. This means that those 40mm drivers will be pushing a highly detailed sound into your ears.

Along with that codec, these headphones are also compatible with SBC, AAC, and aptX Adaptive at up to 24-bit/96kHz.

Incredible battery life

With sound so amazing, you’re going to want to listen to these headphones for extended periods of time. As such, you want to make sure that they have great battery life. The Melomania P100 comes with some stellar battery life.

Cambridge states that you can expect up to 60 hours of battery life on a single charge. That’s with the ANC turned on. With it off, you’re looking at up to 100 hours! Obviously, your mileage will vary, and you might not see numbers quite so high in your usage. In any case, you’re still going to have great battery life.

As for charging, you will get a full two hours of listening time on a short five-minute charge. That gets boosted to four hours with ANC turned off. So, you can plug them in while you hop in the shower and have more than a day’s worth of battery life.

Customizable audio

Just like with the M100, the Melomania P100 use the Melomania app. Among other things, this app allows you to customize your audio experience. If you’re a person who likes to tinker with your sound, you can use the included EQ.

This is a 7-band EQ that allows you to adjust the audio with epic precision. Once you’ve adjusted the EQ to your liking, you can save it as an EQ preset. Speaking of presets, there are six other EQ presets that you can choose from right out of the box.

Game mode

Also in the app, there’s a Game Mode. This mode will lower the latency of the audio. Basically, there’s less time between the moment something happens on your screen and the moment you hear it. It’s perfect for when you’re playing games. Cambridge says that this lowers the latency to just 80ms.

Price

You’ll be able to get all of this for a very reasonable price. While most other headphones of this caliber would cost between $300 and $500, you can pick up the Cambridge Melomania P100 for $279 (€279 in Europe. £229 in the UK). You can put in your order at the Official Cambridge website or at Amazon.


[ad_2]
Source link

The ChatGPT macOS app was a privacy nightmare

andreasc
-
0
The ChatGPT macOS app was a privacy nightmare
[ad_1]

Like oil and water, there are things that just don’t mix. AI and privacy are two of them. There are several AI tools and features that just scream privacy nightmare. Well, that was true for a popular application that just hit the market. The ChatGPT macOS app stored conversations in plain text.

If this sounds familiar, Microsoft was just put through the wood chipper over something similar. Its impressive and rather creepy Recall feature was found storing information on users’ computers in an easy-to-read text document. This means that, if someone gains access to that user’s computer, then they could extract that document and basically get a debriefing of EVERYTHING they’ve been doing. Microsoft walked the feature back and has since put it on indefinite hiatus.

The ChatGPT macOS app was storing conversations in plain text

Consumer-facing AI is slowly moving away from data centers and onto devices. You can’t argue with the convenience of having powerful AI on your phone or computer without needing to connect to the internet. This is why there’s been such a big push for on-device AI.

However, the companies pushing these technologies aren’t being upfront and honest about what they have to do to keep the data on-device. Microsoft’s move was reckless, and it seems that OpenAI didn’t learn from its benefactor’s mistake. Pedro José Pereira Vieito made a post on Threads showing the ChatGPT macOS app storing conversations in plain text on the computer.

Pereira designed an app that could access these conversations and surface them. Jay Peters from The Verge was able to demonstrate this and confirm that it’s true. After The Verge contacted OpenAI, the company was able to make some changes and block it.

So, problem solved… right?

Okay, OpenAI fixed the problem and saved the day. Great, but the thing is that the fundamental problem hasn’t been fixed. Both Microsoft and OpenAI have been caught being completely reckless with their users’ data, and we don’t find out about it until 3rd-party entities look into their systems and report them. So, these companies were completely happy with letting these security issues exist on our devices.

All we can say is that we’re lucky that the people finding these vulnerabilities are good samaritans and not hackers. Again, Pereira designed an app that was able to extract that data. What’s stopping someone from developing an app that could extract that data and surreptitiously send it right to them? This sort of thing happens.

The main issue is that major corporations continue to launch products with blatant security issues and don’t act until they are discovered. Aren’t these the companies that brag about top-of-the-line security in keynotes? We trust them implicitly because it’s Microsoft or because it’s Google or because it’s Apple. These are multi-trillion-dollar companies, so they, ostensibly, know a thing or two about keeping our data safe. However, they continue to prove that they don’t.

Average users shouldn’t be finding these security flaws; they shouldn’t be finding logs of conversations stored in plain text. Until major corporations stop being so reckless with our data with these flashy and fancy AI tools, the problem will never truly be fixed.


[ad_2]
Source link
1...565758...1,455Page 57 of 1,455