Microsoft AI researchers accidentally exposed terabytes of sensitive data

0
[ad_1]

Microsoft AI researchers posted a long-living, overly permissive, SAS token on GitHub, exposing 38 TB of data.

Warnings about including credentials, keys, and tokens when sharing code on publicly accessible repositories shouldn’t be necessary. It should speak for itself that you don’t just hand over the keys to your data. But what if a misconfiguration ends in a supposed internal storage account becoming suddenly accessible to everyone?

That’s how Microsoft managed to leak access to 38 terabytes of data.

Wiz Research found that Microsoft’s AI research team, while publishing a bucket of open-source training data on GitHub, accidentally exposed 38 terabytes of additional private data — including a disk backup of two employees’ workstations. The backups contained sensitive data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees.

An Azure feature called Shared Access Signature (SAS) tokens, which allows users to share data from Azure Storage accounts, was the source of the problem.

SAS token can be used to restrict:

  • What resources a client can access
  • What operations a client can perform (read, write, list, delete)
  • What network a client can access from (HTTPS, IP address)
  • How long a client has access (start time, end time)

Blob storage is a type of cloud storage for unstructured data. A “blob,” which is short for Binary Large Object, is a mass of data in binary form. Azure Storage SAS tokens are essentially strings that allow access to Azure Storage services in a secure manner. They are a type of URI (Uniform Resource Identifier) that offer specific access rights to specified Azure Storage resources, like a blob, or a whole range of blobs.

A Microsoft employee shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive SAS token for an internal storage account.

The URL allowed access to more than just the open-source models. It was configured to grant permissions on the entire storage account, thus exposing the additional sensitive data by mistake.

But exposing sensitive data is not even the worst that could have happened, Wiz explains.

“An attacker could have injected malicious code into all the AI models in this storage account, and every user who trusts Microsoft’s GitHub repository would’ve been infected by it.”

After Wiz shared its findings with Microsoft on June 22, 2023 Microsoft revoked the SAS token two days later.

Microsoft stated that:

“The information that was exposed consisted of information unique to two former Microsoft employees and these former employees’ workstations. No customer data was exposed, and no other Microsoft services were put at risk because of this issue. Customers do not need to take any additional action to remain secure.”

Microsoft also said that as a result of Wiz’s research, it has expanded GitHub’s secret spanning service, which monitors all public open source code changes for plaintext exposure of credentials and other secrets to include any SAS token that may have overly permissive expirations or privileges.

Best practices for SAS tokens

Allowing others to learn from their mistakes, Microsoft shared some tips on working with SAS URLs.

  • Apply the principle of least privilege: Scope SAS URLs to the smallest set of resources required by clients (e.g. a single blob), and limit permissions to only those needed by the application (e.g. read-only, write-only).
  • Use short-lived SAS: Always use a near-term expiration time when creating a SAS, and have clients request new SAS URLs when needed. Azure Storage recommends one hour or less for all SAS URLs.
  • Handle SAS tokens carefully: SAS URLs grant access to your data and should be treated as an application secret. Only expose SAS URLs to clients who need access to a storage account.
  • Have a revocation plan: Associate SAS tokens with a stored access policy for fine-grained revocation of a SAS within a container. Be ready to remove the stored access policy or rotate storage account keys if a SAS or shared key is leaked.
  • Monitor and audit your application: Track how requests to your storage account are authorized by enabling Azure Monitor and Azure Storage Logs. Use a SAS Expiration Policy to detect clients using long-lived SAS URLs.

Wiz advises against the external usage of SAS tokens.

“{SAS] tokens are very hard to track, as Microsoft does not provide a centralized way to manage them within the Azure portal. In addition, these tokens can be configured to last effectively forever, with no upper limit on their expiry time. Therefore, using Account SAS tokens for external sharing is unsafe and should be avoided.”

We don’t just report on cloud security.

Cybersecurity risks should never spread beyond a headline. Detect sophisticated threats across Box and other vendors’ cloud repositories by using Malwarebytes Cloud Storage Scanning.


[ad_2]
Source link

Amazon hardware staff aren’t excited about future devices

0
[ad_1]

Amazon hardware staff are reportedly not excited about the slate of upcoming devices, with admissions of low morale due to a “weak pipeline” of products. Amazon’s hardware division, called Lab126, is the division at Amazon who designs and creates everything from its popular Fire Tablets and Fire TVs to the Echo smart speaker powered by Alexa.

Not all of Amazon’s hardware releases have been success stories. The Fire phone was by all accounts a commercial failure for the company. Many of its products however have been extremely popular and continue to drive business to Amazon in one way or another. But a new report from Reuters suggests that future devices may not gain the same level of popularity. Stating that they fear these devices won’t be a hit with consumers.

Reuters says it interviewed more than 15 employees (both former and current) about Amazon’s future hardware products. And the general consensus doesn’t seem great. The common theme appears to be lack of excitement because there’s nothing “groundbreaking” on the way. Many of the upcoming devices are geared towards customers using Alexa. Some employees described upcoming devices as a “hodgepodge” of products.

Amazon hardware staff morale is also low due to layoffs

Layoffs are another big reason that morale is reportedly low with those left within the division. Amazon over the past year has laid off scores of employees. In July it reportedly shut down the division responsible for the Halo tracker, laying off all employees and stopping support for the device on July 31.

In November of 2022 it laid off staff from both the Alexa and Luna divisions. And more recently it was revealed that Amazon hardware chief Dave Limp will be stepping down, who will be replaced with Panos Panay who previously led Windows and Surface for Microsoft.

New Amazon devices include a home projector

There’s not a lot of information about these devices, but according to the report there are a few different products that were confirmed to be on the way. This includes a home projector device that can “turn any surface into a screen.”

Another device was described as a digital measuring device. As well as a carbon monoxide detector and a home energy consumption monitor. Amazon is also said to have been working a device to test for viruses. All of these are reportedly powered by Alexa.

Amazon will be holding a hardware event on September 20 at 8am PST. Although it’s unclear if any of these devices will make an appearance.


[ad_2]
Source link

iPhone 15 Pro said to have a significantly faster 5G modem

0
[ad_1]

As The Verge (via 9to5Mac) reported, the 5G modem placed at the heart of the iPhone 15 Pro offers up to 24% faster download speed. The data is obtained by SpeedSmart.

Following the Apple iPhone 15 series launch, many users criticized Apple for its minor changes to the latest generation smartphones. The most notable difference in the iPhone 15 series is a USB-C port that replaced the Lightning. While devices look easy on the eye, you must look under the hood to see the actual improvements.

The Apple iPhone 15 Pro uses a Snapdragon X70 5G modem

One of the most significant improvements to the iPhone 15 Pro is the 5G modem. As per estimations, this modem can offer up to 24% faster download speed. The 5G modem in the iPhone 15 is powered by Qualcomm’s Snapdragon X70 modem, which is designed to deliver lightning-fast download and upload speeds.

SpeedSmart data shows the average download speed of iPhone 15 Pro on Verizon’s network is 243.06Mbps. The number downgrades to 195.83Mbps on the iPhone 14 Pro. For the T-Mobile network, average 5G download speeds sit at 300.92Mbps, which is the highest among peers. At AT&T, iPhone 15 Pro can reach an average download speed of 204.34Mbps.

In addition to faster download speeds, the iPhone 15’s 5G modem has the ability to maintain signal at long distances. Additionally, the X70 modem chip is designed to consume less power than previous modem chips, which means that the iPhone 15’s battery life is not significantly impacted by 5G connectivity. This is good news for users concerned about battery life, as 5G connectivity can be a battery drainer.

Qualcomm claims its new modem can offer “unmatched data speeds, coverage, and latency.” An integrated AI processor accompanies the Snapdragon X70 modem for a better connectivity experience. You can also find the X70 modem in Samsung’s Galaxy S23 lineup.

While prior reports stated that Apple wants to use in-house 5G modems in its iPhones, the tech giant has recently reached an agreement with Qualcomm to supply its chips until 2026.


[ad_2]
Source link

New WhatsApp beta on TestFlight includes WhatsApp Beta for iPad

0
[ad_1]

Popular messaging app WhatsApp has never offered an app for the iPad. instead, iPad users who want to use the platform are forced to use the web version of WhatsApp using a mobile browser. That’s because in the beginning there wasn’t a separate iPadOS operating system for the tablets and WhatsApp didn’t work with the iPad. 

Per WABetaInfo (via 9to5Mac), the latest version of the WhatsApp Beta (version 23.19.1.71), available only from Apple’s TestFlight, is compatible with the iPad. You will have to be a member of the WhatsApp for iOS official beta program on TestFlight to install WhatsApp on your iPad. Once you install it, you will need to scan a QR code using your iPhone. The app will then download all of your conversations and you’ll be able to send and receive messages on your iPhone, iPad, and Mac.

Once the app is installed on the iPad, users will be able to use WhatsApp on their Apple tablets regardless of whether their iPhone is nearby or not, and even if the devices aren’t sharing the same Wi-Fi signal. The WhatsApp app for iPad is limited in that you cannot open a new WhatsApp account from it, similar to the version of WhatsApp made for the desktop. What it does offer is more content on the screen thanks to the larger displays.

It isn’t known when the public will get access to this app and as we said, the Beta is available only from Apple’s TestFlight which means that there is limited availability. But that will change as soon as WhatsApp for iPad becomes available in the App Store.
We should point out that WhatsApp’s sibling, Instagram, also does not offer an app for iPad. Both WhatsApp and Instagram were purchased by what was then known as Facebook in February 2014, and April 2012 respectively.

[ad_2]
Source link

The mystery of the CVEs that are not vulnerabilities

0
[ad_1]

Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities.

A researcher specializing in Software Supply Chain security named Dan Lorenc recently raised an interesting topic on LinkedIn138 new vulnerabilities in open-source projects were all entered the same day to the CVE database.

To understand what the problem is there are a few things you’ll need to know.

  • CVSS – The Common Vulnerability Scoring System (CVSS) is a system widely used in vulnerability management programs. CVSS indicates the severity of an information security vulnerability, and is an integral component of many vulnerability scanning tools.
  • CVE – Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed vulnerabilities and exposures that is maintained by MITRE.
  • NVD – The National Vulnerability Database (NVD) is a database, maintained by the National Institute of Standards and Technology (NIST), that is fully synchronized with the MITRE CVE list.

The Common Vulnerabilities and Exposures (CVE) database is used to list publicly disclosed computer security flaws. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

The NVD provides enhanced information above and beyond what’s in the CVE list, including patch availability and severity scores. NVD also provides an easier mechanism to search on a wide range of variables.

The way it should work is that vulnerabilities are first discovered, then reported to the CVE Program. The reporter requests a CVE ID, which is then reserved for the reported vulnerability. Once the reported vulnerability is confirmed by the identification of the minimum required data elements for a CVE record, the record is published to the CVE List.

Details include but are not limited to affected product(s); affected or fixed product versions; vulnerability type, root cause, or impact; and at least one public reference.

When you register a CVE you typically get it with the year you request it and so new CVE IDs would start with CVE-2023. However, Lorenc says that an unknown party has submitted a bunch of CVEs which are backdated and have a high CVSS score.

For example, CVE-2020-19909 was listed as an integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay.

listing of a disputed CVE

listing of one of the disputed CVEs

In the screenshot you can see that the entry is “DISPUTED”

In his blog Daniel Haxx, a Swedish open source developer and curl maintainer, explains that this is not a security vulnerability. It was, in fact, a bug reported and fixed in 2019. Haxx criticizes the NVD for not trying very hard to actually understand or figure out the problem they grade.

As Lorenc pointed out, it looks as if a bot or AI has been scraping old issues and commits and filing them in an automated fashion, without ever getting maintainers involved.

The problem is that many have automated scanning for vulnerabilities or are using specialized vulnerability triage or management platforms. When no maintainers are involved or even notified about these non-issues, they may live on. Many of these scanners will not see or disregard the “DISPUTED” status and will end up wasting a lot of precious time that could have been spent on actual vulnerabilities.

The question that remains: Is there a fundamental problem with the CVE reporting process which allows for the automated submission of bogus vulnerabilities?

Let’s say that the experts agree that any form of automated filing of CVEs without any previous contact with the developers/maintainers of the list completely misses the whole point of getting vulnerabilities fixed before they are made public. And filing vulnerabilities that are in fact bugs that were resolved long ago is a weird form of fear mongering.

Knowing this can happen, by accident or on purpose, warrants a more robust checking than looking for the minimum required data elements for a CVE record.


We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

The Sonos patent battle against Google has gone in Sonos’ favor

0
[ad_1]

Another copyright battle between Sonos and Google over an audio patent is now over. Over the years, this case has been a back-and-forth of various court case fillings between the two parties. One of the cases between Sonos and Google has been decided in favor of Sonos, while the rest are still pending.

The investigations on the first patent infringement filing came to an end in 2022, and it found Google guilty as charged. Following the conclusion of the investigation by the ITC, Google had to make some software changes to their products. This was to enable the tech giant to ship its speakers and audio devices internationally without any restrictions.

However, since the ITC investigations on some issues became available to the court, the hearing of the case resumed. The court found Google guilty of infringement on one of Sonos’ audio patents. This led to the court giving Google a fine of $32.5 million in royalty payments to Sonos, but this is just the beginning.

Sonos first victory in their patent battle against Google is just the start of a chain of legal reactions

Sonos’ victory is just one of many other patent violation cases that the court has to look into. Over the past few years, the two parties in this case have filed patent infringement cases against themselves. All these cases are currently under investigation, with the verdict on one coming in favor of Sonos.

While Sonos celebrates this victory, Google is going back to the draft board to come up with new plans. Regardless, this is just one victory amid lots of cases that both parties have tabled before the court. Most of these cases seem to be on hold, awaiting conclusive investigations by the ITC on the nature of the cases.

This delay might last for a while, hence lingering the case in court and giving both parties time to prepare. Reports have it that Google on their part have some solid grounds for their patent cases against Sonos. The latter on their part are also putting up a good fight in court to prove their innocence regarding infringing Google’s patents.

Google still needs to find solid evidence if they are to prove that Sonos infringed on their patents. If the tech giant can prove Sonos is guilty, then the latter will not be smiling for so long. This case is a rather bulky one, with each party pointing fingers at the other whilst laying allegations of patent infringement.

The court will need to investigate each case thoroughly after proper investigations. By doing this, the court will be able to make sound rulings for or against either party. In the coming weeks, more details on the outcome of the other cases will become available.


[ad_2]
Source link

APT36 hacking group uses fake YouTube apps to spread malware

0
[ad_1]

Threat actors are always looking out for new ways to dupe unsuspecting users and gain unauthorized access to their devices. Now, according to a new report from SentinelLabs, the Pakistani hacking group APT36 has turned to fake YouTube apps loaded with a remote access trojan (RAT) known as ‘CapraRAT,’ which harvests data, records audio, and captures sensitive information.

As per the report, the attackers are orchestrating attacks on the Indian defense and government entities. As well as individuals involved in the Kashmir region, and even human rights activists in Pakistan. However, what sets this campaign apart is the fact that, instead of using traditional channels of spreading malware, such as the Play Store, hackers are spreading such apps through third-party app stores. This suggests that they are most likely enticing users through clever social engineering techniques.

Moreover, one is named after a fictional character named Piya Sharma. Which suggests that the threat actors are actively employing romance-based tactics.

How does the YouTube malware work?

During the installation process, these malicious apps request a range of permissions, seemingly justified for a YouTube app. However, underneath all this, the app deploys the CapraRAT malware and initiates various invasive procedures.

This includes recording audio and video through the device’s microphone and cameras. In addition to gathering SMS and multimedia message contents, call logs, sending SMS messages, blocking incoming SMS, initiating phone calls, capturing screenshots, altering system settings like GPS and network configurations, and modifying files within the phone’s filesystem. Once collected, the app then transmits the data to the group’s command and control server.

However, it is important to note that while the group’s tactics may be recognizable, their continuous creation of new apps gives them an advantage. As a result, it’s even more important to remain vigilant and adopt robust security practices. These practices involve abstaining from installing apps from sources outside the Play Store, exercising caution with social media apps, and thoroughly evaluating the permissions requested by any app.


[ad_2]
Source link

The privacy perils of the Metaverse

0
[ad_1]

We take a look at the privacy implications of the Metaverse.

A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. The user isn’t always aware of the collection, or how it could be used in ways they don’t expect.

It’s worth asking at this point: what is the Metaverse?

Most folks would think of Mark Zuckerberg and Meta, with a virtual reality headset thrown in for good measure. Others may associate it with “game hub” style online places to meet others taking place on their computer screens only. For some, mobile devices making use of augmented or mixed reality will be their first association.

The truth is that “Metaverse” can incorporate any or all of these different aspects. While some people hope for a world of entirely connected systems, the reality is that this is not going to happen for a very long time and may not happen at all. In fact, the Metaverse overall is not in the most robust of health, with proclamations of its demise across the web.

While it continues to struggle on, it’s still worth considering some of the potential privacy pitfalls waiting for any curious users. A good chunk of these come from the gaming space, and in particular advergaming (the art of displaying targeted adverts inside of virtual realms).

When playing a virtual reality game, the headset is an important part of gameplay. It typically contains several cameras (pointing both in and out), along with various sensors and microphones. These tools all help to track eye movements, interact with the digitally realised space around the user, and assist the game to keep track of what the player is doing.

While this is generally fine for an offline game with no data being sent elsewhere, once additional first or third-party systems are introduced this can become a risk. Is an ad network layered across the game? How does the network serve targeted ads? What is it tracking? Is player data sent to the advertisers, or does the game provider start building up a profile for non-gaming purposes? Is any of this disclosed?

This is just one basic example. Now consider that all of those eye movements, those motions, those biometrics are also up for grabs in terms of being able to build up pictures of users.

The research notes that Meta’s approach is more about harvesting user data (via profiles) for targeted ads. Apple, meanwhile, shifts its cost toward expensive high-end devices instead of purely advertising. Additionally, Apple does not collect eye-movement data whereas Meta “disclaims responsibility for the data practices of third-party developers with whom the company shares user data”.

Even so, Apple has not yet revealed what it intends to do with face-tracking and body-motion data. The researchers note that the specifics for the company’s upcoming Vision Pro device does not yet have a detailed privacy policy.

This is just one small consideration of the upcoming data collection landscape where Metaverse is concerned. However, with the downsizing in expectation for these virtual worlds as a whole, these issues may not be as far reaching as they potentially could have been.

The report comes with numerous recommendations for safety features and privacy functionality, some of which have existed in video game/VR circles for some time now, though not always with success.

For example, Meta ran into several problems with regard to sexual harassment in virtual spaces. One of many issues was that a “bubble” around users in VR realms can prevent others from harassing or getting too close. Bafflingly, this wasn’t enabled in Meta as a default setting until the damage was already done.

Child safety is also another concern, given that headset use isolates the user and makes it harder for parents to see at a glance what their child may be doing.

Gaming platforms and consoles often come with a wide range of granular privacy and security controls. In VR, these controls aren’t always obvious and users may not know how to reach them. For example, hiding names, blurring faces, preventing the sending of data to unwanted third-parties and so on. These options should always be clear and evident to whoever happens to be using the device.

The full report is available to read here. Metaverse may not be the hot property it once was, but it’s still worth learning about the possible dangers and privacy risks inherent in the headset.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max

0
[ad_1]

Apple announced its new smartphones recently. The iPhone 15 series arrived, and at the time of writing this article, the devices are on pre-order, and even some reviews are out. Now, we will compare the most powerful new to the best Samsung has to offer, but keep in mind this comes rather early into iPhone 15 Pro Max usage. In this article, we’ll compare the Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max.

These two devices are the best the two companies have to offer, that’s for sure. They’re both flagship-grade devices, and some of the most popular handsets out there. We’ll first list out their specifications, and will then compare them across a number of categories. Those categories include design, display, performance, and more.

Specs

Samsung Galaxy S23 Ultra vs iPhone 15 Pro Max, respectively

Screen size:
6.8-inch Dynamic AMOLED 2X display (curved, 120Hz, HDR10+, 1,750 nits)
6.7-inch Super Retina XDR display with ProMotion (flat, 120Hz, HDR10, 2,000 nits)
Display resolution:
3088 x 1440
2796 x 1290
SoC:
Qualcomm Snapdragon 8 Gen 2
Apple A17 Pro
RAM:
8GB/12GB (LPDDR5X)
8GB
Storage:
256GB/512GB/1TB (UFS 4.0)
256GB/512GB/1TB (NVMe)
Rear cameras:
200MP (f/1.7, multi-directional PDAF, OIS), 12MP (ultrawide, f/2.2 aperture, 120-degree FoV), 10MP (telephoto, 70mm, f/2.4 aperture, 3x optical zoom), 10MP (periscope, 230mm, 10x optical zoom)
48MP (f/1.78 aperture, second-gen sensor-shift OIS), 12MP (ultrawide, f/2.2 aperture, 120-degree FoV, macro photography), 12MP (telephoto, f/2.8 aperture, 5x optical zoom)
Front cameras:
12MP (f/2.2 aperture)
12MP (f/1.9 aperture) + TrueDepth
Battery:
5,000mAh
4,422mAh
Charging:
45W wired, 15W wireless, 4.5W reverse wireless (charger not included)
20W wired, 15W wireless, reverse wired charging (charger not included)
Dimensions (unfolded):
163.4 x 78.1 x 8.9mm
159.9 x 76.7 x 8.25mm
Weight:
234 grams
221 grams
Connectivity:
5G, LTE, NFC, Wi-Fi, USB Type-C, Bluetooth 5.3
Security:
In-display fingerprint scanner (ultrasonic)
Advanced facial scanning
OS:
Android 13 with One UI
iOS 17
Price:
$1,199
$1,199
Buy:
Samsung
Apple

Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max: Design

Frames on both devices are made out of metal, but not the same metal. The Galaxy S23 Ultra utilizes aluminum for its frame, while the iPhone 15 Pro Max opted for titanium. The two phones also look considerably different, actually. The Galaxy S23 Ultra has flat tip and bottom sides, while its left and right sides are curved. The iPhone 15 Pro Max has curved sides all around, with chamfered edges. Its front and back sides are completely flat, unlike what the Galaxy S23 Ultra has to offer.

The Galaxy S23 Ultra’s display is slightly curved, while the bezels are thin, and a display camera hole is centered up top. The iPhone 15 Pro Max has a flat display, with thin, uniform bezels, and a pill-shaped cutout at the top. Their camera sections on the back also look considerably different. Apple’s device has a camera island back there, while each of the Galaxy S23 Ultra’s cameras sticks out of the backplate on its own.

Samsung’s flagship comes with a stylus, which is tucked away in the bottom-right corner. Not even their buttons are on the same side. All of Samsung’s are on the right, while only the power/lock button is on the iPhone 15 Pro Max. On the opposite side, you’ll notice the volume up and down buttons, and also the Action Button. Both devices do have a Type-C port, as Apple finally made the switch.

The Galaxy S23 Ultra is a bit taller, a bit wider, and a bit thicker too. On top of that, it’s also a bit heavier at 234 grams, compared to 221 grams. It does have a 0.1-inch larger display, though, so that is to be expected. Both smartphones offer IP68 certification for water and dust resistance.

Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max: Display

The Galaxy S23 Ultra features a 6.8-inch QHD+ (3088 x 1440) Dynamic AMOLED 2X display. That display is curved, and it has a 120Hz refresh rate. HDR10+ content is supported, and the display goes up to 1,750 nits of brightness at its peak. The display aspect ratio is 19.3:9, and the panel is protected by the Gorilla Glass Victus 2.

Samsung Galaxy S23 Ultra Review AM AH 20

The iPhone 15 Pro Max, on the flip side, has a 6.7-inch 2796 x 1290 LTPO Super Retina XDR OLED display. That display is flat, and has a 120Hz refresh rate. Dolby Vision is supported here, as is HDR10 content. This panel goes up to 2,000 nits of brightness at its peak, and has a 19.5:9 aspect ratio. The Ceramic Shield glass protects this panel.

Are the displays any good, though? Well, yes, they are excellent actually. They’re not only immensely bright, but also have excellent viewing angles, and vivid colors. The blacks are also deep, and the touch response is good too. The iPhone 15 Pro Max’s display gets a bit brighter, technically, but not by much. Both are very bright, which is great to see. You can’t go wrong here, basically.

Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max: Performance

The Galaxy S23 Ultra is fueled by the Snapdragon 8 Gen 2, Qualcomm’s most powerful SoC at the moment. That is a 4nm processor. The phone also includes up to 12GB of LPDDR5X RAM, and UFS 4.0 flash storage. The iPhone 15 Pro Max comes with the Apple A17 Pro SoC, a 3nm chip. It is also equipped with 8GB of RAM, and NVMe storage.

Both of these phones are immensely powerful, to say the least. The Apple A17 Bionic inside the iPhone 15 Pro Max is technically more capable gaming-wise. It’s also more powerful based on benchmarks, and the Snapdragon 8 Gen 3 will essentially be a more direct competitor to it. Still, these are some of the most powerful mobile chips on the market at the moment, and they’re both great.

The Apple A17 Pro is a best of a processor, it’ll be a force to be reckoned with. It can run some console-level games, actually, which is truly impressive, and it even supports ray tracing. Regardless of what you’re doing on your Galaxy S23 Ultra, the phone can handle it, and the same will be the case with the iPhone 15 Pro Max. That includes the most demanding games you’ll find in their respective app stores.

Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max: Battery

There is a 5,000mAh battery inside the Galaxy S23 Ultra. The iPhone 15 Pro Max, on the flip side, includes a 4,422mAh unit. Apple’s iPhones usually need less battery juice for the same level of performance, though that gap has been narrowing. The Galaxy S23 Ultra offers extraordinary battery life, so it will be interesting to see how will the iPhone 15 Pro Max compete, as we don’t have conclusive battery info yet. The iPhone 14 Pro Max doesn’t even come close to what the Galaxy S23 Ultra offers.

Getting over the 8-hour screen-on time mark on the Galaxy S23 Ultra is not a problem at all. In fact, we were able to go above and beyond that on a single charge. We’re a bit skeptical about what the iPhone 15 Pro Max will offer in that regard, but thus far, we know that the phone offers better battery life than its predecessor, noticeably. The iPhone 13 Pro Max offered outstanding battery life, but the same cannot be said for the iPhone 14 Pro Max, so… we’ll see.

When it comes to charging, the Galaxy S23 Ultra supports 45W wired, 15W wireless, and 4.5W reverse wireless charging. The iPhone 14 Pro Max supports 20W wired, 15W wireless, and even reverse wired charging. Qi2 will be supported once everything gets certified. The Galaxy S23 Ultra does charge up faster, while neither phone ships with a charger in the box.

Samsung Galaxy S23 Ultra vs Apple iPhone 15 Pro Max: Cameras

You will find four cameras on the back of the Galaxy S23 Ultra, and three on the back of Apple’s flagship. A 200-megapixel main camera is backed by a 12-megapixel ultrawide unit (120-degree FoV) on the Galaxy S23 Ultra. A 10-megapixel telephoto camera (70mm, 3x optical zoom) is also included, as is a 10-megapixel periscope telephoto camera (230mm, 10x optical zoom).

Samsung Galaxy S23 Ultra Review AM AH 19

The iPhone 15 Pro Max, on the other hand, has a 48-megapixel main camera, a 12-megapixel ultrawide unit (120-degree FoV), and a 12-megapixel telephoto camera (120mm, tetraprism lens, 5x optical zoom). This handset also includes a LiDAR scanner on the back. Now, the Galaxy S23 Ultra does a great job with photos and videos. There are some downsides here, but for the most part, the images do end up looking sharp, detailed, and well-balanced. It does a great job in low light too, and with HDR.

As far as the iPhone 15 Pro Max goes, well, it does a better job than its predecessor. The iPhone 14 Pro Max did a great job, aside from some issues with blowing out the highlights from time to time. HDR has been the weakest point of iPhones for years, as Apple was very careful not to overprocess images, and that’s something you need to do in such conditions The iPhone 15 Pro Max does have a larger sensor, and it does things a bit differently. The improvement with highlights is obvious, though it’s still not excellent. The Galaxy S23 Ultra is still better in that regard. In every other way, however, the iPhone 15 Pro Max does a great job. The phone also allows you to change the focus after you take the image (if you tap beforehand or it detects a person/cat/dog in an image), and also control the background blur (without shooting in Portrait Mode), which is a nice touch. The Galaxy S23 Ultra shots do look more processed in comparison, overall.

Ultrawide cameras on both phones are really good, though they cannot compete with the main ones. Both phones do a good job keeping the color profile between them in check, though the iPhone 15 Pro Max does a better job in that regard. When it comes to zoomed-in shots, the iPhone 15 Pro Max can compete now thanks to its 5x zoom lens, but the Galaxy S23 Ultra still does a better job for the most part, with everything over 3x. The iPhone 15 Pro Max does a better job with video recording, though the light flares are still very much a thing in low light, despite Apple’s new lens coating.

Audio

Both of these phones have a set of stereo speakers, and provide good sound. The Galaxy S23 Ultra offers really good sound output, and based on initial impressions of the iPhone 15 Pro Max, its performance will be similar to the iPhone 14 Pro Max, which is a good thing.

Neither phone has an audio jack, however, so you’ll have to opt for their Type-C ports… if you want to connect your headphones via a wire. If you plan on going wireless, you’ll be glad to know that they both offer Bluetooth 5.3.


[ad_2]
Source link

DOJ forced to remove Google antitrust trial files from website

0
[ad_1]

The DOJ has been ordered to remove files from its website that pertain to its antitrust trial with Google. In a new report from The Verge (via Bloomberg’s Leah Nylen), Nylen says that the Judge Amit Mehta told the Justice Department to remove trial documents from its website. Mehta followed the request by saying he would make a decision about the documents in the morning. Referencing whether or not those documents could be made available for public access again.

Google has been in court with the DOJ for its antitrust trial since last week Tuesday. Leading to revelations that the search company has allegedly trained employees to avoid certain words or phrases that could make them sound like monopolists. Google has also allegedly hid evidence by deleting chat logs according to the DOJ’s Kenneth Dintzer.

Google lawyers informed Judge Mehta that the DOJ was posting the files online

The DOJ removal of the files from its website apparently comes from a conversation involving Google during the antitrust trial. Google lawyers reportedly alerted Judge Mehta that the DOJ was posting these files up on its website.

And the argument seems to be over whether or not the public should have access to these particular files. Judge Mehta isn’t opposed to the files being posted he says. But hasn’t come to a decision on if they should be public. Should the department decide to post future documents, it says it will notify Google ahead of time. In doing so, Google would have an opportunity to voice its opinion on whether the documents should be posted.

And that could help avoid this sort of thing again. Google’s fear is likely that public access of these documents could lead to information being disclosed that isn’t supposed to be. And it obviously doesn’t want such a thing to happen.


[ad_2]
Source link