For the second time in as many weeks, developers of the popular LastPass password manager are working to patch a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.
Like the LastPass flaws patched last week, the new issue was discovered and reported to LastPass by Tavis Ormandy, a researcher with Google’s Project Zero team. The researcher revealed the vulnerability’s existence in a message on Twitter, but didn’t publish any technical details about it that could allow attackers to exploit it.
According to Ormandy, the flaw affects the latest version of the LastPass browser extension for all major browsers. He claims to have tested the exploit successfully on Windows and Linux, but believes that it likely works on Mac as well.
If the extension’s binary component is also installed, the vulnerability allows attackers to execute malicious code on users’ computers when they visit a rogue website. If the component is not present, the flaw can still be used to extract passwords from users’ secure password vaults.
To make things worse, it seems the extension’s presence in the browser is enough for the flaw to be exploitable. Ormandy said on Twitter that the attack still works even if the user is logged out.
This is supposedly true only for the remote code execution attack, because without a logged-in session the password vault would remain encrypted and not accessible to a website.
“We are now actively addressing the vulnerability,” the LastPass developers said Monday in a blog post. “This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties.”
LastPass recommends that users launch websites for which they have stored passwords directly from inside their password vaults by using the “launch” feature. The company also advises users to turn on two-factor authentication for any online services that offer this option and to beware of phishing attacks and potentially malicious links.
Samsung’s Note 7s were permanently scrapped in October following a global recall, roughly two months from the launch of the near-$900 devices, after some phones self-combusted. A subsequent probe found manufacturing problems in batteries supplied by two different companies – Samsung SDI Co Ltd and Amperex Technology Ltd.
Analysis from Samsung and independent researchers found no other problems in the Note 7 devices except the batteries, raising speculation that Samsung will recoup some of its losses by selling refurbished Note 7s.
A person familiar with the matter told Reuters in January that it was considering the possibility of selling refurbished versions of the device or reusing some parts.
Samsung’s announcement that revamped Note 7s will go back on sale, however, surprised some with the timing – just days before it launches its new S8 smartphone on Wednesday in the United States, its first new premium phone since the debacle last year.
Samsung, under huge pressure to turn its image around after the burning battery scandal, had previously not commented on its plans for recovered phones.
“Regarding the Galaxy Note 7 devices as refurbished phones or rental phones, applicability is dependent upon consultations with regulatory authorities and carriers as well as due consideration of local demand,” Samsung said in a statement.
South Korea’s Electronic Times newspaper, citing unnamed sources, said on Tuesday Samsung will start selling refurbished Note 7s in its home country in July or August and will aim to sell between 400,000 and 500,000 of the Note 7s using safe batteries.
Samsung said in a statement to Reuters the company has not set specifics on refurbished Note 7 sales plans, including what markets and when they would go on sale, though noting the phones will not be sold in India as some media reported earlier this year.
The firm said refurbished Note 7s will be equipped with new batteries that have gone through Samsung’s new battery safety measures.
“The objective of introducing refurbished devices is solely to reduce and minimize any environmental impact,” it said.
Facebook Inc is giving the camera the spotlight on its smartphone app for the first time, urging users to take more pictures and edit them with digital stickers that show the influence of camera-friendly rival Snapchat.
With an update scheduled to take effect today, Facebook will allow users to get to the app’s camera with one swipe of their finger and then add visual details like a rainbow or a beard of glitter.
Users will be able to share a picture privately with a friend, rather than to the user’s entire list of friends, and add a picture to a gallery known as a “story,” similar to a feature on the Snapchat app.
Snapchat, owned by Snap Inc, popularized the sharing of digitally decorated photographs on social media, especially among teenagers, and exposed a weakness of Facebook as the companies battle for eyeballs and leisure time.
Snap, which went public this month, has recently emphasized its ambitions to build gadgets and has called itself a camera company rather than a social media firm.
Facebook, the world’s largest social network with some 1.86 billion users, denies it took its camera ideas from Snapchat and says it got them from Facebook users.
“Our goal here is to give people more to do on Facebook and that’s really been the main inspiration,” Connor Hayes, a Facebook product manager, said in a briefing with reporters.
In a glimpse of how the features could tie in with other businesses, one of the first camera effects will be the ability to morph someone in a photograph into a yellow, cartoon “Minion.” The latest Minion movie, “Despicable Me 3,” is due out in a few months from Comcast Corp’s NBC Universal.
Facebook has deals to license content from six film studios, as well as from two artists, said Kristen Spilman, design director at Facebook.
Another visual effect that can be added to pictures allows someone in a picture to “become a laser cat with super powers,” Spilman said.
The effects will vary by location. Spilman said that when Facebook tested the ability to add the phrase “LOL” – the acronym for “laugh out loud” – to a picture, users in Ireland were confused by what it meant.
Ride-hailing group Uber Technologies will discontinue offering services in Denmark next month due to a taxi law that puts into effect new requirements for drivers such as mandatory fare meters, the company said on Tuesday.
Uber has faced headwinds since its app went online in Denmark in 2014 as local taxi driver unions, companies and politicians complained that Uber posed unfair competition by not meeting legal standards required for established taxi firms.
Uber, which says about 2,000 Danish drivers and 300,000 riders use its app, said in a statement that it would shut down its services in Denmark on April 18 due to the new law.
Despite the minority liberal government’s ambitions to deregulate the taxi business and accommodate new operations like Uber, the taxi law presented in February introduced measures such as mandatory fare meters and seat sensors.
“For us to operate in Denmark again the proposed regulations need to change. We will continue to work with the government in the hope that they will update their proposed regulations and enable Danes to enjoy the benefits of modern technologies like Uber,” Uber said.
Two Danish Uber driver were fined in November for violating taxi laws and in December Uber’s European division was indicted by Danish public prosecutors on charges of assisting those drivers in violating taxi laws.
Uber said it would allocate resources to help Danish Uber drivers through the shutdown process.
The list is based on data from both GitHub and Stack Overflow and the Red Monks have chanted a top 10 list for 2017.
5: (tie) C# and C++
6: (tie) Ruby and CSS
While there was little change in the top ten, there were a few stat changes in the also rans. This was mostly because GitHub data now counts the number of pull requests rather than the number of repositories.
As a result, Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16.
For those who came in late, Swift was supposed to be the Great White Hope and which gave way to scepticism. The language appears to be entering something of a trough of disillusionment, but the Red Monks seem to think that Swift has reached a Top 15 ranking faster than any other language it has tracked since it has been doing the rankings.
TypeScript also did well, moving up 17 points and PowerShell moved from 36 to 19.
One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on the board to 26 one spot behind Visual Basic.
A Chinese court has ruled in favor of Apple in design patent lawsuit between the Cupertino, California company and a domestic phone-maker, overturning a ban on selling iPhone 6 and iPhone 6 Plus phones in China, Xinhua news agency reported.
Last May, a Beijing patent regulator ordered Apple’s Chinese subsidiary and a local retailer Zoomflight to stop selling the iPhones after Shenzhen Baili Marketing Services lodged a complaint, claiming that the patent for the design of its mobile phone 100c was being infringed by the iPhone sales.
Apple and Zoomflight took the Beijing Intellectual Property Office’s ban to court.
The Beijing Intellectual Property Court has revoked the ban, saying Apple and Zoomflight did not violate Shenzhen Baili’s design patent for 100c phones.
The court ruled that the regulator did not follow due procedures in ordering the ban while there was no sufficient proof to claim the designs constituted a violation of intellectual property rights.
Representatives of Beijing Intellectual Property Office and Shenzhen Baili said they would take time to decide whether to appeal the ruling, according to Xinhua.
In a related ruling, the same court denied a request by Apple to demand stripping Shenzhen Baili of its design patent for 100c phones.
Apple first filed the request to the Patent Reexamination Board of State Intellectual Property Office. The board rejected the request, but Apple lodged a lawsuit against the rejection.
The Beijing Intellectual Property Court on Friday ruled to maintain the board’s decision. It is unclear if Apple will appeal.
Britain’s BT has been fined a record 42 million pounds ($53 million) by the regulator for failing to install high-speed lines for business customersfast enough, in an error that is likely to cost the company around 300 million pounds in compensation.
BT, which runs Britain’s major telecoms network, misused the terms of its contracts to reduce compensation payments to other providers for failing to deliver Ethernet services on time between January 2013 and December 2014, regulator Ofcom said on Monday.
Ofcom’s Investigations Director Gaucho Rasmussen said dedicated high-speed lines, which are used by large businesses to transmit data, were a vital part of Britain’s digital backbone.
“We found BT broke our rules by failing to pay other telecoms companies proper compensation when these services were not provided on time,” he said.
“Our message is clear – we will not tolerate this sort of behavior.”
BT is obliged to provide access to its Openreach network to rivals such as TalkTalk and Vodafone, but they have long complained about the service they receive from the former monopoly.
Ofcom was considering making BT spin off Openreach in order to remove any possible incentive for the unit to favor BT over other providers.
It stopped short of forcing a full split, however, last month when it agreed that a legal separation was sufficient.
Analysts at Bernstein said on Monday that the resolution of Openreach’s structural future felt like ancient history.
“We expect investors to react with disbelief and dismay at this arguably avoidable controversy at BT,” they said.
“The fall out is staggering. By its own admission, BT is expected to compensate its competitors to the tune of 300 million pounds, although this is a preliminary figure.”
BT’s Chief Executive Gavin Patterson, who recently vowed to improve the service BT delivered to customers, said Openreach had fallen well short of the standard it had set itself.
“We take this issue very seriously and we have put in place measures, controls and people to prevent it happening again,” he said.
Emaar Malls’ bid has so far not been accepted by Souq.com shareholders, the Dubai-listed firm said in a stock exchange announcement on Monday.
Reuters reported last week that Amazon had agreed in principle to buy Souq.com, which was founded 12 years ago by Syrian-born entrepreneur Ronaldo Mouchawar.
Amazon declined to comment, and Souq.com did not respond to an emailed request for further comment.
However, Emaar Malls’ offer is higher than Amazon’s $580 million bid, a source familiar with the matter said. The Financial Times reported Amazon would pay between $650 and $750 million, quoting two sources familiar with the matter.
However, Souq.com will have to break an exclusivity agreement with Amazon if it is to accept the Emaar Malls offer at this stage, the source said.
The Emaar Malls bid includes a $500 million up-front payment and a guaranteed 15 per cent internal rate of return for Souq.com shareholders, the source said.
A successful bid would give Emaar “a firmer footing in retail and consumer behavior,” said Sanyalaksna Manibhandu, head of research at NBAD Securities.
The offer is not the first move online to be made by Dubai billionaire Mohamed Alabbar, who made his name as chairman of Emaar Properties, the Dubai-government linked-developer of the world’s tallest building. Emaar Malls is the retail unit of Emaar Properties.
Last year Alabbar raised $1 billion from regional investors including Saudi Arabia’s Public Investment Fund to set up his own Middle East e-commerce firm Noon.
Days before announcing Noon, Alabbar and Amazon founder Jeff Bezos met in Dubai, leading to speculation that they would forge some sort of partnership in the region.
Originally set to open for business with 20 million products, Noon quietly missed its January launch date. The company has yet to comment on the delay.
Emaar Malls bid is independent of Noon, the source said, aimed at complementing the retail unit’s brick-and-mortar sales by introducing services such as “click and collect”. Shoppers in the Arab world prefer to make purchases in-store despite a young and tech-savvy population.
Emaar Malls is the operator of the Dubai Mall, which accounts for around 50 percent of the emirate’s luxury goods spending and is one of the Middle East’s largest shopping centers.
“Emaar’s retail division will strengthen the case for online retail for traditional brick and mortar retailers, by providing an avenue of online retail,” Euromonitor research analyst Rabia Yasmeen said in an email.
It has been quite some time since Qualcomm announced Snapdragon X16, the world’s first Gigabit LTE modem. The same GigabitLTE Snapdragon X16 modem is now part of the Snapdragon 835 – a 10nm SoC that is about to debut in a dozen high end phones.
Many people who are not close to the matter are having a hard time to understand why it’s important to get faster modems in an everyday device. Many moan that the speeds they are getting from their carriers are not even touching the Cat 4 maximum speed of 150 Mbps on a download but they are forgetting that these are the best case scenario speeds for Cat 4. What happens is that the average speed increases with new technology as most carriers are now using the Cat 6 300 Mbps maximum speed network.
Today, Telstra in Australia, Sprint in the USA, EE in the UK and a few others have announced or have already deployed their versions of the Cat 16 category GigabitLTE capable of sub 1 Gbps speeds.
It’s a typical technology cat and mouse game. We need faster phones to get the faster internet from carriers. What many people need to understand is that they won’t really get 1 Gbps download speeds as this is a maximum, but the average speed might increase for many.
If you are getting – let’s say – 30 to 60 Mbps today with Cat 6, a Gigabit LTE could increase your speeds to 60 Mbps to 120 Mbps. In our case, in Vienna Austria, we see around 80 Mbps to 100 Mbps, and GigabitLTE could double the speed to 160 Mbps to 200 Mbps. You would need a GigabitLTE phone as well as a GigabitLTE capable network to get to the GigabitLTE speeds. There are two options – the Snapdragon 835 powered phone or the Samsung Exynos 8895. They both support GigabitLTE speeds and the launch of GigabitLTE phones will speed up the deployment of this technology worldwide.
Don’t forget that Samsung Galaxy S8 is likely to ship with both Exynos 8895 and Snapdragon 835, both supporting GigabitLTE speeds.
With the mass introduction of the Snapdragon 835 and Exynos 8895 phones starting with the Samsung Galaxy S8, followed by GigabitLTE deployment by the carriers, we expect that the average download and upload speed will increase, enabling the next generation of content and applications. It looks likely that AT&T, T-Mobile and Sprint are already committed to the GigabitLTE, likely coming this year. Worldwide, there are 15 companies who plan to launch GigabitLTE this year.
If you are one of the skeptical ones that say we don’t need faster internet on the phone, I can remember one very rich man that goes by the name of Bill Gates who wasn’t convinced in the success of the internet. That definitely doesn’t mean that he was right about it, as now even Gates and the rest of the world have the capability of 100s of Mbps speeds on a smartphone device, something that didn’t really exist just a decade ago.
The same performance delta can be associated with internet speed as 3G stopped at 3.6 Mbps / 7.2Mbps. Speed eventually got to 21.6 Mbps with HSPA+. That was some ten years ago and today it is normal to have a Cat 6 LTE 4K network capable of 300 Mbps and, in some cases, advanced carriers get to 600 Mbps, and in the case of Telstra, it even gets to 1Gbps speeds. Qualcomm is planning to ship Snapdragon X20 with 1.2 Gbps maximum speeds in early 2018 and it is already sampling a modem that exceeds GigabitLTE’x magical number.
GigabitLTE with 1Gbps speed is just an introduction to 5G speeds, and it can be viewed as a gateway to 5G. 5G is a new communication technology that will enable a huge technology leap. One of the things that may become a reality is 4K or even 4K 360 video as the default. This will push the need for more and higher resolution VR capable Head Mounted Devices (HMD) and enable new games and applications that we cannot even imagine today.
Think about Facebook live with 360 VR capabilities? We don’t think that this is far off.
The untimely end of the consumer version of Google Glass in 2015 may have had some grieving the early death of augmented reality. But the technology is being resurrected by companies on the manufacturing floor.
Take for example Lockheed Martin. Technicians at the aerospace manufacturer use Microsoft’s Hololens headset to design and examine models of spacecraft such as the Mars lander ahead of it’s 2018 mission.
The technology is also very useful for training and production.
“At Lockheed Martin, we see the HoloLens being a tremendous benefit in terms of 3D, the speed and quality that we can do our work,” says Darin Bolthouse, an engineering manager at Lockheed Martin.
“The ability to pull together all information that the technician has to reference in building a satellite or a space craft and all the other products that we build here, the ability to have all that information available in the HoloLens, and the guided instructions to pull together a product is going to have a tremendous advantage,” he said.
Automakers like Volkswagen and BMW have also experimented with augmented reality. The technology proves useful in leaving workers’ hands free and making communication between teams easier.
The world’s largest aircraft maker, Boeing is also giving augmented reality a shot. The company has used the technology to help technicians navigate the thousands of wires needed to connect a plane’s electrical systems, or “wire harnesses,” as they are called.
The future or augmented reality is looking good. According to an IDC study, the augmented reality market was worth $209 million in 2016 but is expected to grow to $49 billion by 2021.
That finding was made in an analysis published by Skycure, a mobile threat defense vendor.
The report also found that the city of Boston has had the biggest recent increase in smartphone and other wireless device threats — including malicious attacks — among 11 major U.S. cities. Incidents in Boston climbed by 960% in the fourth quarter of 2016. The analysis is based on millions of readings from network sensors that Skycure monitors globally.
Unlike Boston, several cities saw a flattening in the number of network incidents. San Francisco experienced a slight decline in the fourth quarter. Skycure didn’t explain why Boston increased so drastically, but indicated that rates of incidents can vary widely, with some cities increasing while others hit a plateau.
While the company’s analysis pointed especially at Boston and other cities seeing increasing numbers of attacks, mobile threats are generally on the rise. There is plenty of blame to go around, including the length of time it takes wireless carriers to pass along security patches and whether users install patches in a timely manner.
Skycure found that 71% of Android devices are running on security patches that are at least two months old — too old to be considered secure.
Devices with known vulnerabilities that are unpatched are more susceptible to breach, Skycure noted. That’s the same advice that many independent security and mobile practitioners and analysts have offered.
That figure is also in line with a Google security report stating that half of all Android devices had not received a security update in the past year.
Roger Entner, an analyst at Recon Analytics, agreed that smartphone users need to quickly load security patches onto their phones. Many smartphone users have told Computerworld via email that operating system updates, sometimes including security patches, have slowed the performance of their phones and so they are reluctant to allow the updates to load.
Twitter Inc is weighing whether to build a premium version of its popular Tweetdeck interface aimed at professionals, the company has announced, raising the possibility that it could charge subscription fees for some users for the first time.
Like most other social media companies, Twitter since its founding 11 years ago has focused on building a huge user base for a free service supported by advertising. Last month it reported it had 319 million users worldwide.
But unlike the much-larger Facebook Inc, Twitter has failed to attract enough in advertising revenue to turn a profit even as its popularity with U.S. President Donald Trump and other celebrities makes the network a constant center of attention.
Subscription fees could come from a version of Tweetdeck, an existing interface that helps users navigate Twitter.
Twitter is conducting a survey “to assess the interest in a new, more enhanced version of Tweetdeck,” spokeswoman Brielle Villablanca has said in a statement.
She went on: “We regularly conduct user research to gather feedback about people’s Twitter experience and to better inform our product investment decisions, and we’re exploring several ways to make Tweetdeck even more valuable for professionals.”
There was no indication that Twitter was considering charging fees from all its users.
Word of the survey had earlier leaked on Twitter, where a journalist affiliated with the New York Times posted screenshots of what a premium version of Tweetdeck could look like.
That version could include “more powerful tools to help marketers, journalists, professionals, and others in our community find out what is happening in the world quicker,” according to one of the screenshots posted on the account @andrewtavani.
The experience could be ad-free, the description said.
Other social media firms, such as Microsoft Corp’s LinkedIn unit, already have tiered memberships, with subscription versions that offer greater access and data.
In the fourth quarter of 2016, Twitter posted the slowest revenue growth since it went public four years earlier, and revenue from advertising fell year-over-year. The company also said that advertising revenue growth would continue to lag user growth during 2017.
According to reports, the upcoming AMD Radeon RX 500 series, which should be based on Polaris GPUs, could be slightly delayed, with the new launch date set for April 18th.
While earlier information suggested that the Polaris 10-based Radeon RX 570/580 should be coming on April 4th, with Polaris 11-based RX 550/560 refresh coming a week later, on April 11th, a new report from China site Mydrivers.com, spotted by eTeknix.com, suggests that the launch date has been pushed back to April 18th.
As we’ve written before, the new Radeon RX 500 series will be based on an existing AMD Polaris GPU architecture but should have somewhat higher clocks and improved performance-per-watt while the flagship Vega GPU based Radeon RX Vega, should be coming at a later date, most likely at Computex 2017 show, starting on May 30th.
Unfortunately, the precise details regarding the upcoming Radeon RX 500 series are still unknown but hopefully these performance and clock improvements will allow AMD to compete with Nvidia’s mainstream lineup.
Trello will be linked into the entire Atlassian ecosystem with a series of integrations announced this week. The new “power-ups” for the project management software connect it with BitBucket, Jira, HipChat and Confluence, to help customers get their work done more efficiently.
Using Trello is intended to help users keep their projects organized. The service lets people lay out virtual cards in columns on a workspace known as a board. Doing so can help with things like tracking the status of software bugs or tracking contracts through different stages of completion.
Each of the connections announced Wednesday is supposed to help with the process of using Trello. Confluence users can now tie cards to new pages in Atlassian’s content management system, Jira users can connect issues from the bug tracker with cards and BitBucket users can better organize their code.
The integrations come two months after Atlassian announced that it would be acquiring Trello. They show a glimpse of a future where the project management software is increasingly tied into the other products that Atlassian owns.
Customers were asking for the integrations as soon as Atlassian’s acquisition of Trello was announced, according to Hamid Palo, the director of product and partnerships at Trello. Overall, the goal behind them is to minimize how much users have to switch between different services, in order to save time.
The acquisition and power-ups don’t mean that competing services will be boxed out of connecting with the work tracking software, Palo said.
“We’re going to continue making Trello awesome, we’re going to integrate with all of the tools that people use with Trello, and that is not going to change,” he said.
All of the integrations announced on Wednesday are available immediately, for no extra cost.
A spokesman for Apple confirmed that the company acquired DeskConnect, the developer of the app, and the Workflow app, but did not provide further details.
Workflow, developed for the iPhone, iPad and Apple Watch, allows users to drag and drop combinations of actions to create workflows that interact with the apps and content on the device. It won an Apple design award in 2015 at its annual Worldwide Developers Conference.
Some of the examples of tasks for which Workflow can be used are making animated GIFs, adding a home screen icon to call a loved one and tweeting a song the user has been listening to, according to a description of the app.
Apple is keeping the app alive on its App Store and it has been made free, according to TechCrunch, which first reported the acquisition.
The company, which typically comments on its acquisitions with the standard line that “Apple buys smaller technology companies from time to time, and we generally do not discuss our purpose or plans,” went on to comment about the benefits of the app.
The app was selected for the Apple design award “because of its outstanding use of iOS accessibility features, in particular an outstanding implementation for VoiceOver with clearly labeled items, thoughtful hints, and drag/drop announcements, making the app usable and quickly accessible to those who are blind or low-vision,” Apple told TechCrunch.
It isn’t clear at this point how the app will be integrated with Apple’s offerings. Besides offering a standalone Workflow app, Apple may possibly look at integrating the technology into iOS with Siri being the key interface for many users, particularly for disabled people.