Monthly Archives: July 2015

OnePlus 2 gets portrayed in live images hours ahead of unveiling

Posted on by

This evening (or tomorrow morning, depending on where you live), the OnePlus 2 will finally be fully revealed by the Chinese startup that created it. The event starts at 7 PM PT, but it looks like someone just couldn't wait any longer – and decided to give us some hands-on shots of the device.

These are clearly the real deal, since the handset in them looks just like the one that passed through TENAA recently. As you can see the OnePlus 2's fingerprint sensor will be underneath the screen, though it's still unclear if that's going to act as a Home button as well or not.

Moving on, we see a metal frame, a couple of speakers on the bottom side flanking the USB Type-C port, and the signature Sandstone Black finish on the back cover. This debuted with the OnePlus One last year, and it's got a texture not quite matched by any other smartphone. Like with its predecessor, this phone's back will be removable, though it remains to be seen how easy that operation will be.

The much-rumored dual-SIM support for the OnePlus 2 is confirmed through these images too. The camera has a dual-LED flash and a laser autofocus sensor. It's hard to estimate screen size from the pictures, but up until now we've only heard one thing about that – it will be the same 5.5" as in the OnePlus One.

The OnePlus 2 will be powered by Qualcomm's Snapdragon 810 chipset, aided by 4GB of RAM. On top of Android Lollipop, it will run the company's own Oxygen OS, which will apparently come with certain features of Android M already. To watch its official announcement, you'll need a special app OnePlus released for Android over the weekend.

Source |…

from GSMArena.com – Latest articles http://ift.tt/1D6msy6
via IFTTT

Una vulnerabilidad en QEMU expone al equipo anfitrión a través de la unidad de CD-ROM

Posted on by

qemu

QEMU es un proyecto que goza de un gran prestigio obtenido a través de los años gracias a sus buenas prestaciones, y de hecho ha sido de los primeros proyectos de virtualización que aparecieron, con el adicional de haberse mantenido siempre en el open source. Sin embargo en los últimos tiempos han aparecido algunos problemas de seguridad, que si bien no mancillan para nada su reputación deben ser tenidos en cuenta para analizar lo sucedido e intentar evitar que se repita.

Es que si en Mayo se conoció la vulnerabilidad VENOM, en Junio sucedió lo propio con el controlador PCNET, y para empeorar un poco las cosas hace pocas horas se descubrió una nueva vulnerabilidad de seguridad en QEMU, en este caso una que puede llegar a exponer a un sistema anfitrión a través de la emulación de lectora de CD-ROM, permitiendo escalar privilegios para ejecutar código malicioso.

La vulnerabilidad ha sido bautizada como CVE-2015-5154 y básicamente podemos describirla como un overflow de fila durante el procesamiento de determinados comandos ATAPI en el subsistema IDE de QEMU, lo cual permitiría a un potencial atacante tomar el control de un equipo anfitrión al poder escalar privilegios y trabajar cómodamente en el mismo. Son vulnerables las versiones x86 y x64 todos los equipos que utilizan el emulador de CD-ROM de esta herramienta de virtualización, tanto en su versión tradicional (qemu-xen-traditional) como upstream (qemu-xen), pero no lo son quienes utilizan modelos de dispositivos qemu-dm ni aquellos que utilizan sistemas de paravirtualización en modo anfitrión, como así tampoco lo son las versiones ARM de QEMU.

Para estar seguros sería conveniente evitar el uso de dispositivos de CD-ROM en entornos emulados, quitándolos o desactivándolos en las opciones de configuración, y es de esperar que en unas pocas horas haya un parche de seguridad para corregir esta vulnerabilidad (de hecho ya lo hay, pero debe ser aplicado en forma manual en lugar de poder actualizar los paquetes binarios de QEMU para las respectivas distros).

El artículo Una vulnerabilidad en QEMU expone al equipo anfitrión a través de la unidad de CD-ROM ha sido originalmente publicado en Linux Adictos.

from Linux Adictos http://ift.tt/1JLsX6v
via IFTTT

Google is slowly but surely doing away with Google+

Posted on by

So long, Google+. It was nice knowing you. Since its inception, Google has had a rough time fitting Google+ into your daily web-surfing routine. It was supposed to be the hub for all of your Google activities, from YouTube to photo storage, all while functioning as a Facebook and Twitter replacement. But after years of seeing Google+ fail to catch on, it would appear Google is finally giving up.

Google Photos, the company’s incredible useful photo storage solution, has taken on a life of its own outside of Google+, where any trace of the social network has been stripped away. Next up on the chopping block is YouTube. Requiring and linking together YouTube and Google+ accounts was one of the most controversial moves Google has made in social to date, with the general attitude towards it being overwhelmingly negative. From YouTube today:

In the coming weeks, YouTube will no longer require a Google+ profile when you want to upload, comment, or create a channel. If you’re happy with everything as it is now, then just keep on keepin’ on. If you want to remove your Google+ profile, you’ll be able to do this in the coming months, but do not do it now or you’ll delete your YouTube channel (no bueno).YouTubeThe official YouTube Blog

Google has released its own blog post today on the Google Blog hailing Google+ as a hotbed for sharing similar interests and social interaction, but follows that up by saying it doesn’t make sense for your Google+ profile to stand as your single identity in Google-land. While this won’t change the need for a master Google services account, it does mean that if you don’t want to use Google+, Google won’t make you. It’s hard not to read that as the beginning of the end.

from Android and Me http://ift.tt/1MSeNDT
via IFTTT

Samsung’s New Gaming Monitor Has A Cool Feature For Your Phone

Posted on by

Cords, wires, and cables are well-established enemies of all that is clean and technological and convenient. To have an excess of cords is to be living in some kind of mid-century nightmare, tangled in a nest of electric snakes and forever forgetting which one goes with which thing. To that end, Samsung is incorporating a wireless charging station into its new SE370 gaming monitor, letting you slap your phone down and keep it charged while you play League of Legends. The monitor will support both PC and Mac.

from Forbes – Tech http://ift.tt/1h08fJo
via IFTTT

Five Lessons On The ‘Security Of Things’ From The Jeep Cherokee Hack

Posted on by

Last week, Wired published an account describing how two security researchers, Charlie Miller and Chris Valasek, were able to wirelessly hack into a Jeep Cherokee, first taking control of the entertainment system and windshield wipers, and then disabling the accelerator. Andy Greenberg, the Wired writer who was at the wheel as the self-described “digital crash test dummy” explained what happened next:

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

Miller and Valasek also wirelessly disabled the Jeep Cherokee’s brakes, leaving Greenberg “frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.” In response, on July 24 Fiat Chrysler Automobiles announced a recall impacting about 1.4 million vehicles, stating, somewhat incongruously, that “no defect has been found.”

from Forbes – Tech http://ift.tt/1HVqV5N
via IFTTT