Total Pageviews

Monday, 30 September 2019

VHA and TPG close by stating ACCC needs a 'forensic Tardis' to oppose merger

Justice Middleton opened the final days of the case between the ACCC and VHA/TPG over the proposed merger by saying he was hoping for a judgement prior to end of 2019 but it's more likely that a decision will come in February 2020.

from Latest news https://ift.tt/2mYAZL9
via IFTTT

Stratasys leverages high performance partners to expand 3D printing innovation

High performance environments give Stratasys a lot of lessons learned for manufacturing parts and tools on the fly.

from Latest news https://ift.tt/2mco1ZQ
via IFTTT

Deck the trees with smart Christmas lights and get festive with it!

Christmas is just around the corner, and many of you are in the process of getting the Christmas tree up, or maybe it's already been done! But what about the Christmas lights? There are some cool lights out there that you can control with your smartphone through an app, and they definitely add a touch of pizazz to your Christmas traditions.

Highly customizable

Twinkly LED String Lights

Staff favorite

Twinkly LED lights can be wrapped around your tree and display custom designs. There are preloaded shapes, or you can make your own custom design with the app.

$133 at Amazon

Play with the lights

Lumenplay Starter Set

Lumenplay comes with 24 starter bulbs that you can use indoors or outdoors. The app lets you change the color of the lights or use a color theme, put on mini light shows, and can remotely turn the lights on and off.

$17 at Amazon

Smart but affordable

Brizled Bluetooth LED Christmas Lights

You get 200 mini lights on a 65-foot string, which should be plenty to wrap around your tree or even outdoor furnishings. They connect to your phone via Bluetooth and the companion app, and you can adjust the speed of the lights, pulsing and disco effects, and more. Up to five sets can work together.

$33 at Amazon

For the Philips Hue fan

Philips Hue LightStrips Plus

Smart lights everywhere

If you're already a Philips Hue user with the Hue Bridge, the LightStrip Plus can be attached under bars, bed frames, cabinets, or wherever else you want them. The Philips Hue app lets you change the color from over 16 million colors, or you can create custom light scenes. Everything can be remotely turned on or off, and it works with other Philips Hue lights.

$60 at Amazon

Smart outdoor lights

Philips Hue White & Color Ambiance Outdoor LightStrip

$90 at Amazon

The Outdoor version of the LightStrip is completely weatherproof, so it can withstand even the wettest environments. And you can have them set to either white or color through the Philips Hue app, so the possibilities outside are infinite.

Turn dumb lights into smart ones

Wemo Mini Smart Plug

The Wemo Smart Plug turns any old Christmas lights (or other electronics that plug in) into smart ones. This smart plug connects to Wi-Fi, allowing you to control your Christmas lights or other appliances through your phone with Google Assistant, Siri, or Amazon Alexa. You can even set schedules to turn them on or randomize the lights.

$25 at Amazon

Illuminate the house with Christmas cheer

Philips Christmas LED Illuminate Starter Kit

If you want Philips Christmas lights but don't want to go all-in with Hue, the Illuminate Christmas LED lights are a good choice. The starter kit comes with 25 bulbs and a control box that lets you connect your phone to the lights with the Illuminate app. From there, you can choose the colors that are displayed, pick out effects, adjust the speed, and even play music and have the lights dance along to the tune. You can have up to 12 sets of Illuminate lights hooked up together.

$100 at Target

Affordable color

Elfeland Color Changing Rope Lights

$39 at Amazon

This affordable option on Amazon gives you 300 LED lights strung out over 32-feet. They're multicolored and dimmable, and everything can be controlled directly through the free companion app, including music effects.

Fast and simple

Star Shower Tree Dazzler

Instant setup

$33 at Amazon

Tree Dazzler goes on top of your tree, and the light strings come down naturally, so you need to space them out. The remote control lets you instantly put on a twinkling light show in seconds. The lights are bright and colorful.

Deck the halls with boughs of holly

The holidays are upon us, and it's time to get festive with these smart Christmas lights. One of our favorites is the Twinkly LED String Lights because you can truly get creative with this one. And if creativity isn't your strong suit, then use one of the preloaded designs from the app and get in the spirit!

Another great one that I use personally is the Tree Dazzler. While this one doesn't connect to your phone or anything like that, it's super easy to set up, and the different effects that you can use are sure to cheer you up and get you in a festive spirit instantly. It's hypnotic and soothing, and the lights are very bright. And if you are already invested in the Philips Hue ecosystem, you can't go wrong with adding some LightStrips to the mix.



from iMore - The #1 iPhone, iPad, and iPod touch blog https://ift.tt/2E5MabN
via IFTTT

All I want to do is chill and play 'Flight Simulator'


via Engadget RSS Feed https://ift.tt/2nLJA41

Japanese telco KDDI goes with Nokia and Ericsson for 5G

Its first set of commercial 5G services are expected to go live in March 2020.

from Latest news https://ift.tt/2mbJxxQ
via IFTTT

Over 850,000 diagnostic reports uploaded to My Health Record each week

Australian Digital Health Agency says nearly all public providers of pathology and diagnostic imaging use the electronic health record.

from Latest news https://ift.tt/2me7dSn
via IFTTT

Singapore defence ministry runs second HackerOne bug bounty programme

Dangling bounties ranging from $150 to $10,000, Singapore's Ministry of Defence hopes to uncover vulnerabilities in 11 internet-facing systems and websites with the help of 400 white-hat hackers from the HackerOne global community.

from Latest news https://ift.tt/2on0dDd
via IFTTT

Have Indian IT companies been gouging H-1B workers with low wages?

While data from various sources may offer diverging views on what H-1Bs have been paid, the sorry fact is that the floor for H-1Bs hasn't changed in 25 years.

from Latest news https://ift.tt/2nKXByL
via IFTTT

Huawei opens flagship store in Shenzhen

In the works since 2017, the Chinese smartphone maker's three-storey flagship store spans 1,300 square meters and is manned by 120 consultants who hail from various fields including hotel, art, and aviation.

from Latest news https://ift.tt/2nNVVEU
via IFTTT

DFAT seeks to upgrade its digital asset management system with SaaS

New system be used to create, share, and access existing and future digital assets such as images, videos, audios, multimedia items, and documents.

from Latest news https://ift.tt/2mWuAA8
via IFTTT

Fallout 76 public test server to arrive in 2020, over a year after game’s launch

Bethesda is looking to roll out a public test server for Fallout 76 next year, which would be a welcome addition to the online RPG due to its history of bugs and glitches.

from Digital Trends https://ift.tt/2m95oWE
via IFTTT

Studio head says PlayStation 5 will let developers focus on making games fun

Chameleon Games studio head Omar Sawi expressed his enthusiasm over the PlayStation 5's move from HDD to SSD in an interview with Gaming Bolt.

from Digital Trends https://ift.tt/2mafN4q
via IFTTT

YouTube Music to be preinstalled on Android 10 devices

It is another step towards making the YouTube Music app become Google's main music player.

from Latest news https://ift.tt/2nOzxed
via IFTTT

Venezuela reportedly wants its central bank to hold bitcoin


via Engadget RSS Feed https://ift.tt/2nK9kh1

YouTube is 'really happy' with viewership for its live MLB games


via Engadget RSS Feed https://ift.tt/2okRG3F

Australian government stumps up AU$182m for help with its Entrepreneurs' Programme

The Department of Industry, Innovation, and Science is after approximately 10 delivery partners that can provide expert advice to help participating businesses grow, innovate, and commercialise.

from Latest news https://ift.tt/2nM6g3Q
via IFTTT

What is semantic rendering, and how it improves your iPhone 11’s camera

Ultra-wide lenses are great, but the real camera improvements in the new iPhones are thanks to artificial intelligence that can enhance human subjects separately from the rest of an image.

from Digital Trends https://ift.tt/2m9Ek9T
via IFTTT

Best laptop deals 2019: Windows and Chromebooks for under $500 - CNET

Budget-friendly portables for home, school or office.

from CNET https://ift.tt/2nLYbwo
via IFTTT

Best MacBook Pro alternatives for 2019 - CNET

Think different about your laptop options.

from CNET https://ift.tt/2nNfk8A
via IFTTT

State Department revives investigation of Clinton's private emails


via Engadget RSS Feed https://ift.tt/2nLAWCi

Huawei and Airtel use 1Gbps microwave MIMO backhaul for 5G

Adding carrier aggregation will see links hit 2Gbps across two lots of 28MHz spectrum.

from Latest news https://ift.tt/2mKrWO1
via IFTTT

Checkm8, the iPhone 4s to iPhone X bootrom exploit, explained

Checkm8 is a bootrom-level security exploit that can be used against every iPhone from the 4S to the X. It was announced late last week by axi0mX — axi0mX… axi0m10… dammit, Apple! — and ever since we've seen everything from fear, uncertainty, and doubt, to supremely good reporting on what it is, what it isn't, and most importantly, what it means for all of us.

So, let's try to sort it all out.

Now, before we dive in, I'm not an infosec expert nor do I play one on the internet. Checkm8 is absolutely serious but very specific and in some ways very limited. It's certainly helpful for jailbreakers and researchers that it exists, probably neutral good for bad actors, and bad for Apple and a black eye for iOS security that'll no doubt drive them even harder to lock things down even better, again.

But, for the average user, the threat level today probably isn't any different than it was a week ago. I'm going to sum up why as best and as accurately as I can, but I'm also going to link up some terrific work by Ars Technica and Malwarebytes in the description. Hit them up for much, much more. Cool? Cool.

So, what's a bootrom exploit?

Bootrom, or secureBoot, is the very first code that runs on an iOS device when it starts up. It lives on a ROM, or read-only memory chip, at the very lowest level of the device, and it typically can't be changed.

A bootrom exploit, then, is an exploit that targets a bug in the Bootrom. That's as opposed to the far, far more common exploits that target bugs at the higher operating system level.

While operating system exploits are far more common, they're also far more easily fixed. Pretty much every time Apple updates iOS, the new version patches security issues with the old version.

Not so with bootrom exploits. Because they're in ROM, they're nigh-impossible to patch. I mean, never say never, but so far, every device with a bootrom that's exploited stays exploited.

And checkmate exploits every device with an A5 to A11 chipset.

Um… which devices are those exactly?

So far, devices affected by checkm8 include:

  • iPhone 4s to iPhone X.
  • iPad 2 to 7.
  • iPad mini 1 to iPad mini 4.
  • iPad Pro 1 and 2.
  • Apple TV 3 to 4K.
  • iPod touch 5 to 7.

Earlier iPhones, iPads, iPods touch, and the like aren't affected.

What about current devices?

The new entry-level 10.2-inch iPad and iPod touch 7 are on A10, so they're the only current devices currently affected.

Checkm8 doesn't work on A12 or A13, so that means the following devices are NOT affected:

  • iPhone XR, XS, 11
  • iPad Air 3
  • iPad mini 5
  • iPad Pro 3 (2019)

As to why, the developer told Arn Technica:

There were changes to make [newer chipsets] not exploitable. All I know is I can't get it to work. For me, it's not something that I can do. What I do involves using multiple bugs. Some that are not serious might be required to access other bugs that are more serious. Because Apple patched some bugs in the newer phones, it can no longer be exploited as far as I know.

Wait, is checkm8 a jailbreak, and attack, something else?

Checkm8 is an exploit, and that's it, at least for now.

It's something that could and probably will turn into a jailbreak sooner rather than later, but also has some very limited, very targeted potential to be turned into an attack as well.

Given what it is and those limits, though, it's probably not something most of us have to worry about.

Why would an attack be limited?

There are a few things that limit Checkm8's potential as an attack.

First, it can't be executed remotely. Someone has to take physical possession of your iPhone, iPad, or other iOS device first, but it in DFU or device firmware update mode, and then plug it into a PC over USB before they can even use the exploit.

Second, Apple has a secure boot chain, so every step is checked by the previous step. And if the signatures aren't verified, the software won't run.

Checkm8 can't rewrite the bootrom, it can only exploit it. Here's what that means, according to what the developer told Ars:

I can't write my code into the read-only memory, so my only option is to write it into RAM or, in this case, SRAM—which is the low-level memory that is used by the bootrom—and then have my injected code live in this small space. But the actual bootrom code itself does not get copied in there. It's only the things that I added to my exploit.

But what that means is, checkm8 isn't persistent. It can be used to run unsigned code on your device, but that code only lasts until the device is rebooted. Then it goes right back to normal, and you'd have to go through the whole exploit process again to run the unsigned code again.

Third, Checkm8 doesn't compromise the Secure Enclave on the A7 or later, which means it can't beat the hardware encryption, get around Touch ID or Passcode — and doesn't work on devices with Face ID — or otherwise give anyone else access to your data or secrets.

To get at those, you would have too leave your device lying around somewhere vulnerable for an extended amount of time, an attacker would have to get ahold of it, run the exploit, get a hold of and load up malware that could try and capture your credentials, put your device back, and then try to capture them.

And, if they're a disgruntled family member with that kind of access to you and your devices, it'd be far easier to just put your finger on the Touch ID sensor or shoulder surf your passcode over time anyway.

For non-family members, again, the creator talking to Ars:

Yes, but [installing a potential back door is] not really a scenario that I would worry much about, because attackers at that level… would be more likely to get you to go to a bad webpage or connect to a bad Wi-Fi hotspot in a remote exploit scenario. Attackers don't like to be close. They want to be in the distance and hidden.

So, again, never say never.

At large scale, I'm not sure checkm8 changes the economics of iOS attacks. But, if you're concerned, and still running an A5 or A6 device, which Apple is no longer supporting or updating anyway, then add this to the voluminous list of reasons you should consider upgrading asap.

And, if you think, based on who you are or what you do, that you have a much higher potential threat level, then you've probably already, routinely upgraded to the latest silicon anyway.

But, jailbreak, exciting, right?

Jailbreakers are probably the most excited about Checkm8. Now, nowhere nearly as many people jailbreak as they used to because iOS has continued to add more and more of the functionality that people used to jailbreak for. But, the ones that do, the customizers, the tweakers, the unsigned appers — they're every bit as passionate as ever.

And this is like the second coming of the holy grail for them, basically because it's been so long since they've had a jailbreak built off of a bootrom level exploit.

What makes it so attractive to jailbreakers is that, unlike operating system exploits, which have led to jailbreaks as recently as iOS 12 this year, bootrom exploits don't get blown away the very next time Apple releases a software update.

So, the jailbreakers can relax and enjoy their open systems, and likely with any version of iOS past, present, and future, for as long as they're using one of the affected devices.

With a few caveats.

First, it'll only be those devices, iPhone 4s to iPhone X, primarily, and as time passes those devices will be less and less modern and interesting.

Second, even when the jailbreak comes, it will be a tethered jailbreak. At least for now.

That means, yes, putting the device in DFU or device firmware update mode, connecting the device to a PC with a USB cable, and running the jailbreak every time it reboots.

And that might be just enough of a hassle that it'll relegate long term use to the hardcore rather than just the curious.

And researchers?

Security researchers are likely the group that benefits the most from checkm8, at least in the short term.

Up until a month or so ago, when Apple announced their new bug bounty program and research-fused devices, researchers had to come up with their own exploit chains or get their hands on blackmarket dev-fused devices to even get into iOS and start poke around.

So, having a likely irrevocable bootrom level exploits, even if only for older devices, will make researchers lives just that much easier. Basically, it solidifies the first link in the exploit chain for them, and they can just get on with everything else.

And even before Apple starts shipping those research-fused devices.

What about nation states?

What does this mean for nation states and government agencies, and the companies that supply exploits and devices to them?

Much the same.

Politics bends everything, including the economics of iOS attacks. But, these entities typically have exploits of their own already. At most, checkm8 will supply them with an alternative to what they already have, and one that can't be blown away by an iOS software update in the future. Though, again, only on older devices.

They'll still need their own exploits for more recent devices, and because checkm8 doesn't get around the secure element or passcode or Touch ID, they'd still need their own exploits for the rest of the chain as well.

The developer, speaking with Ars:

I don't think that they can do anything today with Checkm8 that they couldn't do yesterday [without Checkm8]. It's just that yesterday maybe they would do it a slightly different way. I don't think they gain anything from this release.

So, again, if based on your work or just who you are, you think you're potentially at higher risk from Checkm8 specifically, you can protect yourself by making sure you're on an A12 or A13 device.

So, do I need to worry about checkm8?

Checkm8 is an incredible piece of work. You only have to look at how long it's been since the iOS bootrom was last exploited to understand just how much axi0mX has really accomplished.

But, for right now, this is also so very inside baseball, and not something the average fan in the field is even going to see.

So, stay informed, absolutely. Follow those links in the description if you want to learn more about int, please.

But don't lose any sleep over it, or let anyone steal any of your time with attention bait.

One part of an iOS exploit chain has been made stable for a series of older devices.

Apple has to address that, and address how they're handling iOS security in general in an age where so many eyes and minds are on them.

It's already fixed in newer devices, but Apple has to figure out new and better ways to keep it from happening with current and future devices. It's been a decade since it's happened before but the goal should, and I'm kinda guessing is, forever until it happens again.

But that's all on Apple. For us, again again, anyone at all concerned by checkm8, if you haven't already, upgrade to an iPhone XR, XS, or 11, or a current or eventually later-generation iPad Pro.

And then checkm8 will be checked out of luck.



from iMore - The #1 iPhone, iPad, and iPod touch blog https://ift.tt/2mT6V3q
via IFTTT

Best new shows and movies to stream this week: Marianne, Rango, and more

Check out our list of the best new shows and movies to stream right now. On the list this week: French horror series Marianne, oddball animated Western Rango, and more.

from Digital Trends https://ift.tt/2Ch6WVl
via IFTTT