LightBlog

mercredi 8 janvier 2020

Google’s Project Zero security team will now wait 90 days to disclose any vulnerabilities they find

Project Zero is a security division employed by Google, which was founded in 2014. The team’s primary mission is to discover zero-day vulnerabilities – that is, vulnerabilities that are unknown (or unaddressed by) the party which should be interested in its mitigation. “Heartbleed” is one such zero-day exploit, which was privately reported by two separate security teams to OpenSSL. One of these security teams operated under Google and eventually led to the creation of Project Zero. The bug was discovered in April of 2014, a build of OpenSSL with the bug fixed was released a few days later along with full disclosure of the bug. This full disclosure meant that systems not updated immediately were at risk, though that generally serves as a motivation for developer teams to update their software.

Since then, Google’s Project Zero has worked in a similar manner. When a zero-day bug is discovered, the team privately reports it to whichever company owns the software. From the date of disclosure, the company has 90 days to fix the bug. If they fix it before the 90-day window is complete, Google will release details of the vulnerability. If the 90 days pass without it being fixed, the team will release the vulnerability anyway, which is intended to make users aware of the problems the software they are using may have, while also potentially motivating the company to work faster. There is one flaw that vendors perceive with this system, and just like with Heartbleed, it’s that users (or developers) may not be able to upgrade their systems fast enough before becoming a victim of exploitation. For this reason, the Project Zero team has announced that for the year, they are trialing waiting out the 90-days no matter how fast (or slow) the vulnerability is fixed.

Google’s policy of disclosing bugs in 7 days if they find evidence the bug is being exploited in the wild is unaffected. In the same blog post, the Project Zero team has also announced a number of other small changes. Google is also proud to announce that 97.7% of all issues that they discover are fixed within the 90-day window. You can read the full blog post below.

Source: Google Project Zero

The post Google’s Project Zero security team will now wait 90 days to disclose any vulnerabilities they find appeared first on xda-developers.



from xda-developers https://ift.tt/2R1XjhS
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,

[Update 2: 400-500k] Samsung says it has sold 1 million Galaxy Fold devices

Update 2 (1/8/20 @ 11:35 AM ET): DJ Koh says Samsung has sold between 400,000 and 500,000 Galaxy Fold devices.

Update 1 (12/13/19 @ 9:30 AM ET): A Samsung spokesperson says the Galaxy Fold has yet to pass 1 million sales.

The Samsung Galaxy Fold is undoubtedly one of the most interesting phones of 2019. There is no arguing it is a breathtaking phone that truly represents what the future will hold. That bleeding-edge tech comes at a price, though, retailing at $1,980 in the US, it’s one of the most expensive phones on the market. However, this didn’t stop customers from buying it. Today at TechCrunch Disrupt in Berlin, Samsung Electronic’s President Young Sohn announced that they have sold 1,000,000 units of the Galaxy Fold.

This is an insane amount of sales for a device that had a well-documented rocky start. It was announced at Samsung Unpacked 2019 in San Francisco and between the announcement and launch, there were a lot of questions about the durability of the phone. Once it got into the hands of reviewers, those concerns were justified. After about 2 days, they started to break. This wasn’t a good sign for the future of foldables. After these issues, Samsung made the right decision and indefinitely delayed the Galaxy Fold. After 6 months of re-engineering the device, they finally released it in its current form, the fixed Galaxy Fold.

 

After all the issues and bad press, it’s crazy to think Samsung has sold 1,000,000 Galaxy Fold units. This might not seem like a lot compared to the total Samsung sells per quarter, but the difference is in the tech and price. In Q1 of 2019, Samsung reportedly sold about 78 million phones.  From March 2019 to May 2019, Samsung sold 16 million Galaxy S10s. In comparison, it seems like a very small number of Folds being sold.

Well, when you think about the launch problems, launch regions, price, and availability, it just becomes more impressive. The Galaxy Fold has been launching in different regions slowly over the past 4 months. The price is also insanely high. It cost $1,980 for the LTE Galaxy Fold in the US. In other regions, the price goes up even more because of 5G or VAT. As for availability, it has been sold out in almost every store since it launched. It sold out in the US within a matter of minutes, and it’s still sold out in most places. Out of all of this, Samsung has managed to sell 1,000,000 units.

Galaxy Fold XDA Forums

With all the problems and naysayers, this is a pretty impressive launch for the Galaxy Fold. We know Samsung is moving full-speed ahead on new foldable phones and the market is likely to follow them. Are you excited about this form factor?

Source: TechCrunch

Update 1: Nope

According to a report from Yonhap News, a Samsung spokesperson has said the company has not sold 1 million Galaxy Fold units. Sohn may have been confused the number with Samsung’s goal to sell 1 million units by the end of the year. We don’t know exactly how many devices have been sold, but some analysts have put the number around 400,000-500,000. Certainly less impressive than 1 million, but still decent for such a niche device.

Via: SamMobile

Update 2: 400-500k

Last month, there was a bit of a snafu when Samsung Electronic’s President Young Sohn mistakenly said the company had sold 1 million Galaxy Fold units. Analysts put the number at around 400,000 to 500,000, and now CEO DJ Koh has confirmed that estimate. Speaking to reporters at CES, Koh said: “I think we’ve sold 400,000 to 500,000 Galaxy Fold smartphones.” While not nearly as impressive as 1 million, that’s still a respectable number for a very expensive bleeding edge product.

Source: Yonhap News

The post [Update 2: 400-500k] Samsung says it has sold 1 million Galaxy Fold devices appeared first on xda-developers.



from xda-developers https://ift.tt/2E8TwJE
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,

[Update 2: 400-500k] Samsung says it has sold 1 million Galaxy Fold devices

Update 2 (1/8/20 @ 11:35 AM ET): DJ Koh says Samsung has sold between 400,000 and 500,000 Galaxy Fold devices.

Update 1 (12/13/19 @ 9:30 AM ET): A Samsung spokesperson says the Galaxy Fold has yet to pass 1 million sales.

The Samsung Galaxy Fold is undoubtedly one of the most interesting phones of 2019. There is no arguing it is a breathtaking phone that truly represents what the future will hold. That bleeding-edge tech comes at a price, though, retailing at $1,980 in the US, it’s one of the most expensive phones on the market. However, this didn’t stop customers from buying it. Today at TechCrunch Disrupt in Berlin, Samsung Electronic’s President Young Sohn announced that they have sold 1,000,000 units of the Galaxy Fold.

This is an insane amount of sales for a device that had a well-documented rocky start. It was announced at Samsung Unpacked 2019 in San Francisco and between the announcement and launch, there were a lot of questions about the durability of the phone. Once it got into the hands of reviewers, those concerns were justified. After about 2 days, they started to break. This wasn’t a good sign for the future of foldables. After these issues, Samsung made the right decision and indefinitely delayed the Galaxy Fold. After 6 months of re-engineering the device, they finally released it in its current form, the fixed Galaxy Fold.

 

After all the issues and bad press, it’s crazy to think Samsung has sold 1,000,000 Galaxy Fold units. This might not seem like a lot compared to the total Samsung sells per quarter, but the difference is in the tech and price. In Q1 of 2019, Samsung reportedly sold about 78 million phones.  From March 2019 to May 2019, Samsung sold 16 million Galaxy S10s. In comparison, it seems like a very small number of Folds being sold.

Well, when you think about the launch problems, launch regions, price, and availability, it just becomes more impressive. The Galaxy Fold has been launching in different regions slowly over the past 4 months. The price is also insanely high. It cost $1,980 for the LTE Galaxy Fold in the US. In other regions, the price goes up even more because of 5G or VAT. As for availability, it has been sold out in almost every store since it launched. It sold out in the US within a matter of minutes, and it’s still sold out in most places. Out of all of this, Samsung has managed to sell 1,000,000 units.

Galaxy Fold XDA Forums

With all the problems and naysayers, this is a pretty impressive launch for the Galaxy Fold. We know Samsung is moving full-speed ahead on new foldable phones and the market is likely to follow them. Are you excited about this form factor?

Source: TechCrunch

Update 1: Nope

According to a report from Yonhap News, a Samsung spokesperson has said the company has not sold 1 million Galaxy Fold units. Sohn may have been confused the number with Samsung’s goal to sell 1 million units by the end of the year. We don’t know exactly how many devices have been sold, but some analysts have put the number around 400,000-500,000. Certainly less impressive than 1 million, but still decent for such a niche device.

Via: SamMobile

Update 2: 400-500k

Last month, there was a bit of a snafu when Samsung Electronic’s President Young Sohn mistakenly said the company had sold 1 million Galaxy Fold units. Analysts put the number at around 400,000 to 500,000, and now CEO DJ Koh has confirmed that estimate. Speaking to reporters at CES, Koh said: “I think we’ve sold 400,000 to 500,000 Galaxy Fold smartphones.” While not nearly as impressive as 1 million, that’s still a respectable number for a very expensive bleeding edge product.

Source: Yonhap News

The post [Update 2: 400-500k] Samsung says it has sold 1 million Galaxy Fold devices appeared first on xda-developers.



from xda-developers https://ift.tt/2E8TwJE
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,

Google Autofill tests biometric authentication for passwords and payments

With Android 8.0 Oreo, Google finally added highly requested Autofill API, allowing third-party password managers to easily and securely fill in passwords and payment info in apps without relying on the old accessibility workaround. In case you would rather not use the third-party solution to store your credentials, Google also has its own autofill service which is available on any device running Android 8.0 and later with Google Play Services installed.

You can access it by going to Settings > System > Languages & input > Autofill service. It syncs with your Google account and lets you add Personal Information, Addresses, Payment Methods, and Passwords that can be automatically filled in on third-party apps or in Google Chrome.

Just like with LastPass, Dashlane, or other autofill services, with Google Autofill, you’ll see a floating autofill box above any supported input fields. Tapping the box will fill in your data. Currently, there’s no user authentication involved when inputting this data and this, in turn, could allow an attacker to log into your apps and access your sensitive data if they manage to break into your device. For reference, most third-party password managers offer biometric authentication as an additional security layer when auto-filling apps and websites.

Google is aware of this security concern and is currently testing the ability to lock auto-fills behind biometric authentication. This process will be handled by BiometricPrompt API, meaning that you’ll be able to use your fingerprint, iris scanner, or face unlock hardware to authenticate autofill requests.

Our Editor-in-chief, Mishaal Rahman, was able to test this functionality on his Pixel 4 and have the Face Unlock authenticate the autofill in the official Reddit app. The screenshots of the authentication window couldn’t be captured as the Autofill Framework doesn’t allow taking screenshots. However, you can see the new security option within the Google Autofill settings in the screenshot below. Tapping on the option gives you toggles for turning on biometric authentication for payment info and login credentials.

The feature is still under testing and we don’t know when Google plans to release it to the users at large. It may be added in a future update of Google Play Services or it could even be rolled out as a server-side switch — we don’t know for sure yet. We’ll be sure, however, to let you know if we hear anything from Google or find any evidence of a wider rollout.

The post Google Autofill tests biometric authentication for passwords and payments appeared first on xda-developers.



from xda-developers https://ift.tt/37NhsPz
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,

Google Autofill tests biometric authentication for passwords and payments

With Android 8.0 Oreo, Google finally added highly requested Autofill API, allowing third-party password managers to easily and securely fill in passwords and payment info in apps without relying on the old accessibility workaround. In case you would rather not use the third-party solution to store your credentials, Google also has its own autofill service which is available on any device running Android 8.0 and later with Google Play Services installed.

You can access it by going to Settings > System > Languages & input > Autofill service. It syncs with your Google account and lets you add Personal Information, Addresses, Payment Methods, and Passwords that can be automatically filled in on third-party apps or in Google Chrome.

Just like with LastPass, Dashlane, or other autofill services, with Google Autofill, you’ll see a floating autofill box above any supported input fields. Tapping the box will fill in your data. Currently, there’s no user authentication involved when inputting this data and this, in turn, could allow an attacker to log into your apps and access your sensitive data if they manage to break into your device. For reference, most third-party password managers offer biometric authentication as an additional security layer when auto-filling apps and websites.

Google is aware of this security concern and is currently testing the ability to lock auto-fills behind biometric authentication. This process will be handled by BiometricPrompt API, meaning that you’ll be able to use your fingerprint, iris scanner, or face unlock hardware to authenticate autofill requests.

Our Editor-in-chief, Mishaal Rahman, was able to test this functionality on his Pixel 4 and have the Face Unlock authenticate the autofill in the official Reddit app. The screenshots of the authentication window couldn’t be captured as the Autofill Framework doesn’t allow taking screenshots. However, you can see the new security option within the Google Autofill settings in the screenshot below. Tapping on the option gives you toggles for turning on biometric authentication for payment info and login credentials.

The feature is still under testing and we don’t know when Google plans to release it to the users at large. It may be added in a future update of Google Play Services or it could even be rolled out as a server-side switch — we don’t know for sure yet. We’ll be sure, however, to let you know if we hear anything from Google or find any evidence of a wider rollout.

The post Google Autofill tests biometric authentication for passwords and payments appeared first on xda-developers.



from xda-developers https://ift.tt/37NhsPz
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,

Intel expands its Project Athena program to include high-end Chromebooks

About five years, if you were in the market to buy a sleek new laptop, there’s a good chance a salesperson tried to lure you into buying an ultrabook. While the term “Ultrabook” has been thrown around loosely over the last few years in reference to thin, light, and powerful laptops, it was actually coined by Intel to spur laptops sales. Last year at CES, Intel announced the successor to the Ultrabook cadre with an objective to make laptops sleeker and even more mobile and this was called “Project Athena.” At CES 2020, Intel expanded the program to include two recently announced Chromebooks – ASUS Chromebook Flip C436 and Samsung Galaxy Chromebook – to the clique.

At Computex 2019, Intel announced the key specs and “experience targets” that OEMs should aim for in order to be badged under the Project Athena. So far, it has recognized 25 laptops and expects to add twice as much this year. Some of the features that Intel looks for this categorization include:

  • (unquestionably) thin-and-light or 2-in-1 laptops with quick wake features,
  • at least 10th Gen Intel Core i5, 8GB RAM, 256GB NVMe SSD or Intel Optane H10 memory,
  • fast charging over USB-C and low-power components
  • Wi-Fi 6 and optional LTE/5G connectivity

The ASUS Chromebook Flip C436 and the Samsung Galaxy Chromebook, which were announced earlier this week, are packed with specifications that meet these requirements. Besides a light and flexible design, the ASUS Chromebook features 10th Gen Intel CPU which can be maxed to Core i7, has a USB 3.1 Type-C port apart from a regular Type-A port. The Chromebook also supports Wi-Fi 6 but lack support for a cellular network.

The Samsung Chromebook is more premium and features a 4K AMOLED display with thin bezels and a built-in S-Pen. It weighs just about a kilogram and is less than a centimeter thick. Performance-wise, the Samsung Chromebook gets Ice Lake Intel CPUs, up to 16GB of RAM, and 1TB of SSD storage. The premium Chromebook comes at a premium $1,000 price tag but it should definitely be a good companion for your premium Samsung Galaxy smartphone.

Source: Intel

The post Intel expands its Project Athena program to include high-end Chromebooks appeared first on xda-developers.



from xda-developers https://ift.tt/2N7OySf
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,

Intel expands its Project Athena program to include high-end Chromebooks

About five years, if you were in the market to buy a sleek new laptop, there’s a good chance a salesperson tried to lure you into buying an ultrabook. While the term “Ultrabook” has been thrown around loosely over the last few years in reference to thin, light, and powerful laptops, it was actually coined by Intel to spur laptops sales. Last year at CES, Intel announced the successor to the Ultrabook cadre with an objective to make laptops sleeker and even more mobile and this was called “Project Athena.” At CES 2020, Intel expanded the program to include two recently announced Chromebooks – ASUS Chromebook Flip C436 and Samsung Galaxy Chromebook – to the clique.

At Computex 2019, Intel announced the key specs and “experience targets” that OEMs should aim for in order to be badged under the Project Athena. So far, it has recognized 25 laptops and expects to add twice as much this year. Some of the features that Intel looks for this categorization include:

  • (unquestionably) thin-and-light or 2-in-1 laptops with quick wake features,
  • at least 10th Gen Intel Core i5, 8GB RAM, 256GB NVMe SSD or Intel Optane H10 memory,
  • fast charging over USB-C and low-power components
  • Wi-Fi 6 and optional LTE/5G connectivity

The ASUS Chromebook Flip C436 and the Samsung Galaxy Chromebook, which were announced earlier this week, are packed with specifications that meet these requirements. Besides a light and flexible design, the ASUS Chromebook features 10th Gen Intel CPU which can be maxed to Core i7, has a USB 3.1 Type-C port apart from a regular Type-A port. The Chromebook also supports Wi-Fi 6 but lack support for a cellular network.

The Samsung Chromebook is more premium and features a 4K AMOLED display with thin bezels and a built-in S-Pen. It weighs just about a kilogram and is less than a centimeter thick. Performance-wise, the Samsung Chromebook gets Ice Lake Intel CPUs, up to 16GB of RAM, and 1TB of SSD storage. The premium Chromebook comes at a premium $1,000 price tag but it should definitely be a good companion for your premium Samsung Galaxy smartphone.

Source: Intel

The post Intel expands its Project Athena program to include high-end Chromebooks appeared first on xda-developers.



from xda-developers https://ift.tt/2N7OySf
via IFTTT
Publié par à Aucun commentaire:
Libellés : ,
Inscription à : Articles (Atom)