Subscribe to:

Subscribe to :: TheGuruReview.net ::

Scammers Trick iPhone Users Into Paying To Fix Non-existent Problem

March 30, 2017 by  
Filed under Mobile

Apple has fixed a bug in the iOS version of Safari that had been used by criminals to trick phone owners into paying $125 or more because they assumed the browser was broken.

The flaw, fixed in Monday’s iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.

“One of our users alerted us to this campaign, and said he had lost control of Safari on his iPhone,” Andrew Blaich, a Lookout security researcher, said in a Tuesday interview. “He said, ‘I can’t use my browser anymore.'”

The criminal campaign, Blaich and two colleagues reported in a Monday post to Lookout’s blog, exploited a bug in how Safari displayed JavaScript pop-ups. When the browser reached a malicious site implanted with the attack code, the browser went into an endless loop of dialogs that refused to close no matter who many times “OK” was tapped. The result: Safari was unusable.

At the same time, the attack showed a message, purportedly from a law enforcement agency, demanding payment to unlock the browser for, in one instance at least, simply steering to a URL that suggested the site’s content was pornographic. Payment was to be made by texting a £100 ($125) iTunes gift card code to a designated number.

Blaich stressed that the attack was as much scam as scare: To regain control of Safari, all one had to do was head to Settings, tap Safari, then Clear History and Website Data.

“This was a scareware attack, where [the attackers] were trying to get people to not think and just pay,” said Blaich.

Scareware is a label applied to phony security software that claims a computer is heavily infected with malware. Such software nags users with pervasive pop-ups and fake alerts until they fork over the “registration” fee, sometimes in the hundreds of dollars.

In iOS 10.3, Apple re-engineered Safari so that it handles JavaScript pop-ups on a per-tab basis. iOS 10.3 also patched 84 security vulnerabilities.

“[The hackers] hoped you would just react, want to cover it up, then pay and move on,” Blaich said.

Another Major Vulnerability in LastPass Uncovered

March 30, 2017 by  
Filed under Around The Net

For the second time in as many weeks, developers of the popular LastPass password manager are working to patch a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.

Like the LastPass flaws patched last week, the new issue was discovered and reported to LastPass by Tavis Ormandy, a researcher with Google’s Project Zero team. The researcher revealed the vulnerability’s existence in a message on Twitter, but didn’t publish any technical details about it that could allow attackers to exploit it.

According to Ormandy, the flaw affects the latest version of the LastPass browser extension for all major browsers. He claims to have tested the exploit successfully on Windows and Linux, but believes that it likely works on Mac as well.

If the extension’s binary component is also installed, the vulnerability allows attackers to execute malicious code on users’ computers when they visit a rogue website. If the component is not present, the flaw can still be used to extract passwords from users’ secure password vaults.

To make things worse, it seems the extension’s presence in the browser is enough for the flaw to be exploitable. Ormandy said on Twitter that the attack still works even if the user is logged out.

This is supposedly true only for the remote code execution attack, because without a logged-in session the password vault would remain encrypted and not accessible to a website.

“We are now actively addressing the vulnerability,” the LastPass developers said Monday in a blog post. “This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties.”

LastPass recommends that users launch websites for which they have stored passwords directly from inside their password vaults by using the “launch” feature. The company also advises users to turn on two-factor authentication for any online services that offer this option and to beware of phishing attacks and potentially malicious links.

U.S. Commerce Department Removes ZTE From Trade Blacklist

March 30, 2017 by  
Filed under Around The Net

The U.S. Department of Commerce has agreed to remove Chinese telecommunications equipment maker ZTE Corp  from a trade blacklist after the company pleaded guilty to violating sanctions on Iran and agreed to pay nearly $900 million, the agency said in a notice.

Removal from the list marks the end of a tense period for ZTE, which faced trade restrictions that could have severed its ties to critical U.S. suppliers.

“By acknowledging the mistakes we made, taking responsibility for them … we are committed to a ZTE that is fully compliant, healthy and trustworthy,” said ZTE Chief Executive Zhao Xianming said in an emailed statement.

Last year, the U.S. Commerce Department placed export restrictions on ZTE as punishment for violating U.S. sanctions against Iran. The restrictions would have prevented restricted suppliers from providing ZTE any U.S.-made equipment, potentially freezing the Chinese handset maker’s supply chain.

Over the past 12 months, as ZTE cooperated with U.S. authorities, the U.S. Commerce Department temporarily suspended the trade restrictions with a series of three-month reprieves, allowing the company to maintain ties to U.S. suppliers.

Earlier this month, ZTE agreed to pay a total of $892.4 million and pleaded guilty to violating U.S. sanctions by sending American-made technology to Iran and lying to investigators.

The Commerce Department said on Tuesday it would impose severe restrictions on former ZTE CEO Shi Lirong, whom the agency accused of approving efforts to skirt sanctions and ship equipment to Iran.

The Commerce Department said Shi approved a systematic, written business plan to use shell companies to secretly export U.S. technology to Iran. Reuters could not immediately reach Shi for comment.

The U.S. investigation followed reports by Reuters in 2012 that ZTE had signed contracts with Iran to ship millions of dollars’ worth of hardware and software from some of America’s best-known technology companies.

U.S. authorities have said the size of the financial penalty against ZTE also reflects the fact that the company lied to investigators when executives were approached about the allegations.

As part of the deal, ZTE will be under probation for three years and agreed to cooperate in the continuing investigation.

Can Violence In A Game Promote Safety?

March 30, 2017 by  
Filed under Gaming

When the original Doom was released in 1993, its unprecedentedly realistic graphic violence fueled a moral panic among parents and educators. Over time, the game’s sprite-based gore has lost a bit of its impact, and that previous sentence likely sounds absurd.

Given what games have depicted in the nearly quarter century since Doom, that level of violence no longer shocking so much as it is quaint, perhaps even endearing. So when it came time for id Software to reboot the series with last year’s critically acclaimed remake of Doom, one of the things the studio had to consider was exactly how violent it should be, and to what end.

Speaking with GamesIndustry.biz at the Game Developers Conference last month, the Doom reboot’s executive producer and game director Marty Stratton and creative director Hugo Martin acknowledged that the context of the first Doom’s violence had changed greatly over the years. And while the original’s violence may have been seen as horrific and shocking, they wanted the reboot to skew closer to cartoonishly entertaining or, as they put it, less Saw and more Evil Dead 2.

“We were going for smiles, not shrieks,” Martin said, adding, “What we found with violence is that more actually makes it safer, I guess, or just more acceptable. It pushes it more into the fun zone. Because if it’s a slow trickle of blood out of a slit wrist, that’s Saw. That’s a little bit unsettling, and sort of a different type of horror. If it’s a comical fountain of Hawaiian Punch-looking blood out of someone’s head that you just shot off, that’s comic book. That’s cartoonish, and that’s what we wanted.”

“They’re demons,” Stratton said. “We don’t kill a single human in all of Doom. No cursing, no nudity. No killing of humans. We’re actually a pretty tame game when you think about it. I’ve played a lot of games where you just slaughter massive amounts of human beings. I think if we had to make some of the decisions we make about violence and the animations we do and if we were doing them to humans, we would have completely different attitudes when we go into those discussions. It’s fun to sit down in a meeting and think about all the ways it would be cool to rip apart a pinky demon or an imp. But if we had the same discussions about, ‘How am I going to rip this person in half?’ or rip his arm off and beat him over the head with it, it takes on a different connotation that I don’t know would be as fun.”

That balancing act between horror and comedy paid off for the reboot, but it was by no means the only line last year’s Doom had to straddle. There was also the question of what a modern Doom game would look like. The first two Doom games were fast-paced shooters, while the third was a much slower horror-tinged game where players had to choose between holding a gun or a flashlight at the ready. Neither really fit into the recent mold of AAA shooters, and the developers knew different people would have very different expectations for a Doom game in 2016.

As Stratton explained, “At that point, we went to, ‘What do we want? What do we think a Doom game should be moving forward?’As much as we always consider how the audience is going to react to the game–what they’re thinking, and what we think they want–back in the very beginning, it was, ‘What do we think Doom should be, and what elements of the game do we want to build the future of Doom on?’ And that’s really where we came back to Doom 1, Doom II, the action, the tone, the attitude, the personality, the character, the irreverence of it… those were all key words that we threw up on the board in those early days. And then mechanically, it was about the speed. It was about unbelievable guns, crazy demons, really being very honest about the fact that it was Doom. It was unapologetic early on, and we built from there.”

It helped that they had a recent example of how not to bring Doom into the current generation. Prior to the Doom reboot, id Software had been working on Doom 4, which Stratton said was a good game, but just didn’t feel like Doom. For one, it cast players as a member of a resistance army rather than a one-marine wrecking crew. It was also slower from a gameplay perspective, utilizing a cover-based system shared by numerous modern shooters designed to make the player feel vulnerable.

“None of us thought that the word ‘vulnerable’ belonged in a proper Doom game,” Martin said. “You should be the scariest thing in the level.”

Doom 4 wasn’t a complete write-off, however. The reboot’s glory kill system of over-the-top executions actually grew out of a Doom 4 feature, although Stratton said they made it “faster and snappier.”

Of course, not everything worked as well. At one point the team tried giving players a voice in their ears to help guide them through the game, a pretty standard first-person shooter device along the lines of Halo’s Cortana. Stratton said while the device works well for other franchises, it just didn’t feel right for Doom, so it was quickly scrapped.

“We didn’t force anything,” Stratton said. “If something didn’t feel like Doom, we got rid of it and tried something that would feel like Doom.”

That approach paid off well for the game’s single-player mode, but Stratton and Martin suggested they weren’t quite as thrilled with multiplayer. Both are proud of the multiplayer (which continues to be worked on) and confident they delivered a high quality experience with it, but they each had their misgivings about it. Stratton said if he could change one thing, it would have been to re-do the multiplayer progression system and give more enticing or better placed “hooks” to keep players coming back for game after game. Martin wished the team had messaged what the multiplayer would be a little more clearly, saying too many expected a pure arena shooter along the lines of Quake 3 Arena, when that was never the development team’s intent.

Those issues aside, it’s clear the pair feel the new wrinkles and changes they made to the classic Doom formula paid off more often than not.

“Lots worked,” Stratton said. “That’s probably the biggest point of pride for us. The game really connected with people. We always said we wanted to make something that was familiar to long-time fans, felt like Doom from a gameplay perspective and from a style and tone and attitude perspective. And I think we really accomplished that at a high level. And I think we made some new fans, which is always what you’re trying to do when you have a game that’s only had a few releases over the course of 25 years… You’re looking to bring new people into the genre, or into the brand, and I think we did that.”

Courtesy-GI.biz

Facebook Focuses On Camera Shots With Latest Smartphone App Update

March 29, 2017 by  
Filed under Mobile

Facebook Inc is giving the camera the spotlight on its smartphone app for the first time, urging users to take more pictures and edit them with digital stickers that show the influence of camera-friendly rival Snapchat.

With an update scheduled to take effect today, Facebook will allow users to get to the app’s camera with one swipe of their finger and then add visual details like a rainbow or a beard of glitter.

Users will be able to share a picture privately with a friend, rather than to the user’s entire list of friends, and add a picture to a gallery known as a “story,” similar to a feature on the Snapchat app.

Snapchat, owned by Snap Inc, popularized the sharing of digitally decorated photographs on social media, especially among teenagers, and exposed a weakness of Facebook as the companies battle for eyeballs and leisure time.

Snap, which went public this month, has recently emphasized its ambitions to build gadgets and has called itself a camera company rather than a social media firm.

Facebook, the world’s largest social network with some 1.86 billion users, denies it took its camera ideas from Snapchat and says it got them from Facebook users.

“Our goal here is to give people more to do on Facebook and that’s really been the main inspiration,” Connor Hayes, a Facebook product manager, said in a briefing with reporters.

In a glimpse of how the features could tie in with other businesses, one of the first camera effects will be the ability to morph someone in a photograph into a yellow, cartoon “Minion.” The latest Minion movie, “Despicable Me 3,” is due out in a few months from Comcast Corp’s NBC Universal.

Facebook has deals to license content from six film studios, as well as from two artists, said Kristen Spilman, design director at Facebook.

Another visual effect that can be added to pictures allows someone in a picture to “become a laser cat with super powers,” Spilman said.

The effects will vary by location. Spilman said that when Facebook tested the ability to add the phrase “LOL” – the acronym for “laugh out loud” – to a picture, users in Ireland were confused by what it meant.

Uber Calls It Quit In Another Market

March 29, 2017 by  
Filed under Around The Net

Ride-hailing group Uber Technologies will discontinue offering services in Denmark next month due to a taxi law that puts into effect new requirements for drivers such as mandatory fare meters, the company said on Tuesday.

Uber has faced headwinds since its app went online in Denmark in 2014 as local taxi driver unions, companies and politicians complained that Uber posed unfair competition by not meeting legal standards required for established taxi firms.

Uber, which says about 2,000 Danish drivers and 300,000 riders use its app, said in a statement that it would shut down its services in Denmark on April 18 due to the new law.

Despite the minority liberal government’s ambitions to deregulate the taxi business and accommodate new operations like Uber, the taxi law presented in February introduced measures such as mandatory fare meters and seat sensors.

“For us to operate in Denmark again the proposed regulations need to change. We will continue to work with the government in the hope that they will update their proposed regulations and enable Danes to enjoy the benefits of modern technologies like Uber,” Uber said.

Two Danish Uber driver were fined in November for violating taxi laws and in December Uber’s European division was indicted by Danish public prosecutors on charges of assisting those drivers in violating taxi laws.

Uber said it would allocate resources to help Danish Uber drivers through the shutdown process.

Is Java Script The Most Popular Language?

March 29, 2017 by  
Filed under Computing

Beancounters at RedMonk have taken time out from their busy prayer wheels to create a list of the world’s most popular programming languages.

The list is based on data from both GitHub and Stack Overflow and the Red Monks have chanted a top 10 list for 2017.

1: JavaScript
2: Java
3: Python
4: PHP
5: (tie) C# and C++
6: (tie) Ruby and CSS
7: C
8: Objective-C

While there was little change in the top ten, there were a few stat changes in the also rans. This was mostly because GitHub data now counts the number of pull requests rather than the number of repositories.

As a result, Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16.

For those who came in late, Swift was supposed to be the Great White Hope and which gave way to scepticism. The language appears to be entering something of a trough of disillusionment, but the Red Monks seem to think that Swift has reached a Top 15 ranking faster than any other language it has tracked since it has been doing the rankings.

TypeScript also did well, moving up 17 points and PowerShell moved from 36 to 19.

One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on the board to 26 one spot behind Visual Basic.

Courtesy-Fud

Apple Wins Patent Dispute In China

March 28, 2017 by  
Filed under Mobile

A Chinese court has ruled in favor of Apple in design patent lawsuit between the Cupertino, California company and a domestic phone-maker, overturning a ban on selling iPhone 6 and iPhone 6 Plus phones in China, Xinhua news agency reported.

Last May, a Beijing patent regulator ordered Apple’s Chinese subsidiary and a local retailer Zoomflight to stop selling the iPhones after Shenzhen Baili Marketing Services lodged a complaint, claiming that the patent for the design of its mobile phone 100c was being infringed by the iPhone sales.

Apple and Zoomflight took the Beijing Intellectual Property Office’s ban to court.

The Beijing Intellectual Property Court has revoked the ban, saying Apple and Zoomflight did not violate Shenzhen Baili’s design patent for 100c phones.

The court ruled that the regulator did not follow due procedures in ordering the ban while there was no sufficient proof to claim the designs constituted a violation of intellectual property rights.

Representatives of Beijing Intellectual Property Office and Shenzhen Baili said they would take time to decide whether to appeal the ruling, according to Xinhua.

In a related ruling, the same court denied a request by Apple to demand stripping Shenzhen Baili of its design patent for 100c phones.

Apple first filed the request to the Patent Reexamination Board of State Intellectual Property Office. The board rejected the request, but Apple lodged a lawsuit against the rejection.

The Beijing Intellectual Property Court on Friday ruled to maintain the board’s decision. It is unclear if Apple will appeal.

British Telecom Fined $53M For Not Installing Business Internet Fast Enough

March 28, 2017 by  
Filed under Around The Net

Britain’s BT has been fined a record 42 million pounds ($53 million) by the regulator for failing to install high-speed lines for business customersfast enough, in an error that is likely to cost the company around 300 million pounds in compensation.

BT, which runs Britain’s major telecoms network, misused the terms of its contracts to reduce compensation payments to other providers for failing to deliver Ethernet services on time between January 2013 and December 2014, regulator Ofcom said on Monday.

Ofcom’s Investigations Director Gaucho Rasmussen said dedicated high-speed lines, which are used by large businesses to transmit data, were a vital part of Britain’s digital backbone.

“We found BT broke our rules by failing to pay other telecoms companies proper compensation when these services were not provided on time,” he said.

“Our message is clear – we will not tolerate this sort of behavior.”

BT is obliged to provide access to its Openreach network to rivals such as TalkTalk and Vodafone, but they have long complained about the service they receive from the former monopoly.

Ofcom was considering making BT spin off Openreach in order to remove any possible incentive for the unit to favor BT over other providers.

It stopped short of forcing a full split, however, last month when it agreed that a legal separation was sufficient.

Analysts at Bernstein said on Monday that the resolution of Openreach’s structural future felt like ancient history.

“We expect investors to react with disbelief and dismay at this arguably avoidable controversy at BT,” they said.

“The fall out is staggering. By its own admission, BT is expected to compensate its competitors to the tune of 300 million pounds, although this is a preliminary figure.”

BT’s Chief Executive Gavin Patterson, who recently vowed to improve the service BT delivered to customers, said Openreach had fallen well short of the standard it had set itself.

“We take this issue very seriously and we have put in place measures, controls and people to prevent it happening again,” he said.

Will Gigabit LTE Smartphones Take Off This Year?

March 28, 2017 by  
Filed under Mobile

It has been quite some time since Qualcomm announced Snapdragon X16, the world’s first Gigabit LTE modem. The same GigabitLTE Snapdragon X16 modem is now part of the Snapdragon 835 – a 10nm SoC that is about to debut in a dozen high end phones.

Many people who are not close to the matter are having a hard time to understand why it’s important to get faster modems in an everyday device. Many moan that the speeds they are getting from their carriers are not even touching the Cat 4 maximum speed of 150 Mbps on a download but they are forgetting that these are the best case scenario speeds for Cat 4. What happens is that the average speed increases with new technology as most carriers are now using the Cat 6 300 Mbps maximum speed network.

Today, Telstra in Australia, Sprint in the USA, EE in the UK and a few others have announced or have already deployed their versions of the Cat 16 category GigabitLTE capable of sub 1 Gbps speeds.

It’s a typical technology cat and mouse game. We need faster phones to get the faster internet from carriers. What many people need to understand is that they won’t really get 1 Gbps download speeds as this is a maximum, but the average speed might increase for many.

If you are getting – let’s say – 30 to 60 Mbps today with Cat 6, a Gigabit LTE could increase your speeds to 60 Mbps to 120 Mbps. In our case, in Vienna Austria, we see around 80 Mbps to 100 Mbps, and GigabitLTE could double the speed to 160 Mbps to 200 Mbps. You would need a GigabitLTE phone as well as a GigabitLTE capable network to get to the GigabitLTE speeds. There are two options – the Snapdragon 835 powered phone or the Samsung Exynos 8895. They both support GigabitLTE speeds and the launch of GigabitLTE phones will speed up the deployment of this technology worldwide.

Don’t forget that Samsung Galaxy S8 is likely to ship with both Exynos 8895 and Snapdragon 835, both supporting GigabitLTE speeds.

With the mass introduction of the Snapdragon 835 and Exynos 8895 phones starting with the Samsung Galaxy S8, followed by GigabitLTE deployment by the carriers, we expect that the average download and upload speed will increase, enabling the next generation of content and applications. It looks likely that AT&T, T-Mobile and Sprint are already committed to the GigabitLTE, likely coming this year. Worldwide, there are 15 companies who plan to launch GigabitLTE this year.

If you are one of the skeptical ones that say we don’t need faster internet on the phone, I can remember one very rich man that goes by the name of Bill Gates who wasn’t convinced in the success of the internet. That definitely doesn’t mean that he was right about it, as now even Gates and the rest of the world have the capability of 100s of Mbps speeds on a smartphone device, something that didn’t really exist just a decade ago.

The same performance delta can be associated with internet speed as 3G stopped at 3.6 Mbps / 7.2Mbps. Speed eventually got to 21.6 Mbps with HSPA+. That was some ten years ago and today it is normal to have a Cat 6 LTE 4K network capable of 300 Mbps and, in some cases, advanced carriers get to 600 Mbps, and in the case of Telstra, it even gets to 1Gbps speeds. Qualcomm is planning to ship Snapdragon X20 with 1.2 Gbps maximum speeds in early 2018 and it is already sampling a modem that exceeds GigabitLTE’x magical number.

GigabitLTE with 1Gbps speed is just an introduction to 5G speeds, and it can be viewed as a gateway to 5G. 5G is a new communication technology that will enable a huge technology leap. One of the things that may become a reality is 4K or even 4K 360 video as the default. This will push the need for more and higher resolution VR capable Head Mounted Devices (HMD) and enable new games and applications that we cannot even imagine today.

Think about Facebook live with 360 VR capabilities? We don’t think that this is far off.

Courtesy-Fud

Twitter Mulls Subscription Based Model

March 27, 2017 by  
Filed under Around The Net

Twitter Inc is weighing whether to build a premium version of its popular Tweetdeck interface aimed at professionals, the company has announced, raising the possibility that it could charge subscription fees for some users for the first time.

Like most other social media companies, Twitter since its founding 11 years ago has focused on building a huge user base for a free service supported by advertising. Last month it reported it had 319 million users worldwide.

But unlike the much-larger Facebook Inc, Twitter has failed to attract enough in advertising revenue to turn a profit even as its popularity with U.S. President Donald Trump and other celebrities makes the network a constant center of attention.

Subscription fees could come from a version of Tweetdeck, an existing interface that helps users navigate Twitter.

Twitter is conducting a survey “to assess the interest in a new, more enhanced version of Tweetdeck,” spokeswoman Brielle Villablanca has said in a statement.

She went on: “We regularly conduct user research to gather feedback about people’s Twitter experience and to better inform our product investment decisions, and we’re exploring several ways to make Tweetdeck even more valuable for professionals.”

There was no indication that Twitter was considering charging fees from all its users.

Word of the survey had earlier leaked on Twitter, where a journalist affiliated with the New York Times posted screenshots of what a premium version of Tweetdeck could look like.

That version could include “more powerful tools to help marketers, journalists, professionals, and others in our community find out what is happening in the world quicker,” according to one of the screenshots posted on the account @andrewtavani.

The experience could be ad-free, the description said.

Other social media firms, such as Microsoft Corp’s LinkedIn unit, already have tiered memberships, with subscription versions that offer greater access and data.

In the fourth quarter of 2016, Twitter posted the slowest revenue growth since it went public four years earlier, and revenue from advertising fell year-over-year. The company also said that advertising revenue growth would continue to lag user growth during 2017.

Will AMD’s Polaris Based RX 500 Launch April 18th?

March 27, 2017 by  
Filed under Computing

According to reports, the upcoming AMD Radeon RX 500 series, which should be based on Polaris GPUs, could be slightly delayed, with the new launch date set for April 18th.

While earlier information suggested that the Polaris 10-based Radeon RX 570/580 should be coming on April 4th, with Polaris 11-based RX 550/560 refresh coming a week later, on April 11th, a new report from China site Mydrivers.com, spotted by eTeknix.com, suggests that the launch date has been pushed back to April 18th.

As we’ve written before, the new Radeon RX 500 series will be based on an existing AMD Polaris GPU architecture but should have somewhat higher clocks and improved performance-per-watt while the flagship Vega GPU based Radeon RX Vega, should be coming at a later date, most likely at Computex 2017 show, starting on May 30th.

Unfortunately, the precise details regarding the upcoming Radeon RX 500 series are still unknown but hopefully these performance and clock improvements will allow AMD to compete with Nvidia’s mainstream lineup.

Courtesy-Fud

LastPass Rushes Out Fix To Password Flaw

March 24, 2017 by  
Filed under Around The Net

Developers of the popular LastPass password manager rushed to roll out a patch to fix a serious vulnerability that could have allowed attackers to steal users’ passwords or execute malicious code on their computers.

The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service’s users for Google Chrome, Mozilla Firefox and Microsoft Edge.

According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user’s secure vault.

If the extension’s binary component is installed, the “openattach” command can be used to run arbitrary code on the computer, Ormandy said on the bug tracker.

The LastPass developers deployed a workaround on their server to prevent exploitation and plan to include a full fix in new versions.

On Tuesday Ormandy reported another vulnerability in the Firefox extension that, according to the LastPass developers, was related to the first one. That vulnerability was fixed in a new version of the Firefox extension, 4.1.36a, that was released Wednesday.

“We have no indication that any of the reported vulnerabilities were exploited in the wild, but we’re doing a thorough review at this time to confirm,” the LastPass developers said in a blog post. “No password changes are required of users at this time.”

Are NAND Prices Jumping Due To Supply Issues?

March 24, 2017 by  
Filed under Computing

Client-grade SSDs of mainstream capacities continue to see rising contract prices in the PC-OEM market during this first quarter.

Beancounters at DRAMeXchange have added up some numbers and divided by their shoe size and worked out that average, contract prices of MLC-based client-grade SSDs are projected to go up by 12-16 percent compared with the fourth quarter of last year, while prices of TLC-based products are expected to increase by 10-16 percent sequentially.

Second quarter, end device sales are anticipated to be relatively flat. Furthermore, PC-OEMs are reaching their limits on SSD costs. While the average prices of mainstream client-grade SSDs will keep climbing, the increase in the second quarter will likely be more moderate.

Alan Chen, senior research manager of DRAMeXchange said that the average contract prices of client-grade SSDs in the PC-OEM market are rising this first quarter because not only PC clients are aggressively stocking up their inventories, smartphone clients are also maintaining strong demand for storage components.

“At the same time, the industry-wide transition to 3D-NAND and 2D-NAND TLC production has sharply reduced the supply of Flash memory of the 2D-NAND MLC type. Thus, the price increase of MLC-based SSDs is outpacing that of TLC-based SSDs.”

Chen added that SSDs are increasingly preferred by consumers due to having faster read/write speed than HDDs, so PC-OEMs will keep up their SSD purchases despite tight supply for NAND Flash and SSDs. In the global notebook market, the SSD adoption rate is estimated to arrive at 45 percent this year.

Additionally, the growth in the notebook SSD adoption will be higher in the consumer-class notebook segment than the business-class segment. On the other hand, the tight NAND Flash supply and sharp price hikes for SSDs will likely discourage PC.

OEMs from raising storage capacity. Therefore, the storage specifications for mainstream PC-OEM SSDs are expected to remain in the 128GB and 256GB options”.

Shipments of client-grade SSDs will drop by seven to eight percent sequentially in the first quarter.

Courtesy-Fud

Wireless Performance Still Not So Great In Big Cities Of LA, NYC

March 23, 2017 by  
Filed under Mobile

The two biggest cities in the U.S. — New York City and Los Angeles –still fall below many smaller U.S. cities in overall wireless performance, according to millions of field tests performed by RootMetrics in the second half of 2016.

The New York metro area, with 18 million people, ranked just 66th in the latest round of tests of the nation’s largest 125 metro areas. Meanwhile, L.A., with 12.1 million people, ranked 49th. In testing done by RootMetrics in the first half of last year, New York finished 59th, L.A., 99th.

L.A. improved in two of six measurements: call and data performance. New York’s drop was largely driven by a “steep decline” in network speed and data performance, RootMetrics said.

The reasons for New York’s decline — and declines in other cities — depend on multiple factors. “These metro rankings are relative; the most common reason for a ranking drop is not that performance is declining in a particular city, rather than performance is improving faster in other cities,” said Annette Hamilton, director at RootMetrics.

RootMetrics evaluates the nation’s four largest carriers using actual phones the carriers sell in tests conducted outdoors and inside buildings. Sometimes a carrier will temporarily take down service in a cell tower while improvements are made; also, a recent increase in the number of users and the rich video content they download could burden a cell tower’s capacity and affect performance. As some cities improve in overall performance, they can displace other top-ranked cities.

“While mobile performance is generally strong across most areas of the country, our data shows that not all metro areas are created equal when it comes to network performance,” RootMetrics said in a report.

Besides New York, other large metro areas dropped in several categories from the first half of 2016. Boston, the 10th largest in population, fell from 17th to 97th, finishing in the bottom on network reliability and call performance. Miami, fourth in population, dropped from 84th to 89th, due to a decline in network reliability and call performance.

Both Atlanta and Chicago declined from their top five finishes in early 2016. Chicago finished 8th overall in the latest tests, and dropped to 65th in text performance. Atlanta dropped from third to 23rd, with declines in all six categories that RootMetrics measures: overall performance, network reliability, network speed, data performance, call performance and text performance.

Hamilton said while Atlanta placed 23rd, it had a “stellar reputation for speed and data performance” with Verizon showing the fastest median download speed of 37.7Mbps. Further, while Boston came in 97th, three of the four wireless carrier there clocked median download speeds above 20Mbps, which she described as “more than fast enough to easily complete typical mobile tasks.”

In 2017, she added, “We expect to see metro rankings shift again as carriers continue to deploy new capabilities to meet mobile demands.”

Houston, the seventh-largest metro area, improved — moving from 51st to 18th. RootMetrics reported that all four carriers showed “superb” rates of getting connected and staying connected to the network during data reliability testing and saw a big leap in call performance.

The top five metro areas by overall performance were Indianapolis; Richmond, Va. ; Cleveland and Columbus, Ohio; and Minneapolis. The bottom five of the 125 measured were Hudson Valley, N.Y., in 121st place, descending to Springfield, Mass.; Santa Rosa, Calif.; Worcester, Mass.; and Omaha.

Next Page »