December 2019 - Page 2 of 12 - Latest Tech News Blog

December 28, 2019

Maze ransomware was behind Pensacola “cyber event,” Florida officials say

Enlarge / Pensacola was hit by Maze ransomware, which has apparently stolen data before encrypting it in other cases.

Paul Harris / Getty Images

An email sent by the Florida Department of Law Enforcement to all Florida county commissioners indicated that the ransomware that struck the city of Pensacola on December 7 was the same malware used in an attack against the private security firm Allied Universal, according to a report by the Pensacola News Journal. That malware has been identified elsewhere as Maze, a form of ransomware that has also been distributed via spam email campaigns in Italy.

Bleeping Computer’s Lawrence Abrams reported in November that the Maze operators had contacted him after the Allied Universal attack, claiming to have stolen files from the company before encrypting them on the victims’ computers. After Allied apparently missed the deadline for payment of the ransom on the files, the ransomware operators published 700 megabytes of files from Allied and demanded 300 Bitcoins (approximately $2.3 million) to decrypt the network. The Maze operators told Abrams that they always steal victims’ files to use as further leverage to get them to pay:

It is just a logic. If we disclose it who will believe us? It is not in our interest, it will be silly to disclose as we gain nothing from it. We also delete data because it is not really interesting. We are neither espionage group nor any other type of APT, the data is not interesting for us.

Stealing data as proof of compromise—and to therefore encourage payment by ransomware victims—is rare but not new. The RobbinHood ransomware operator that attacked Baltimore City in May also stole files as part of the attack and posted screenshots of some files—faxed documents sent to Baltimore City Hall’s fax server—on a Twitter account to encourage city officials to pay. Baltimore did not pay the ransom.

Theft of data opens up another problem for targets of ransomware who in the past would pay quietly to decrypt their data, as it introduces the possibility that they will have to report the breach to customers and government regulators. So in some cases, it may ironically remove some of the motivation for victims to pay, since their data may be sold off by the attackers whether they pay or not.

The use of the data to blackmail the victim, and in Allied’s case, the threat to use Allied’s certificates and domain name to spam customers with additional ransomware attacks, is something new.”This is fhe first time this has ever happened, as far as we know,” said Brett Callow, a spokesperson for the antivirus software vendor Emisoft.” Ransomware groups usually encrypt, not steal. We expect data exfiltration to become more and more commonplace. Whether Pensacola’s data was exfiltrated, I obviously can’t say.”

“Broad targeted” attacks

Maze, Ryuk, and other ransomware attacks against government agencies and companies have moved increasingly toward what Raytheon Cyber Services Senior Manager Dylan Owen referred to as a “broad targeted” attack—while they rely on spam for the initial breach, the attackers “are poking around figuring out who they breached” before they launch the attack.

“They don’t necessarily target a specific agency,” Owen told Ars. “The attackers have often either gotten a list of emails from another source, or they “have programs that randomly try emails, or combinations of username, first name/last name, middle initial, all different kinds of combinations,” he explained. “They might do a little bit of research if they were going for a particular type of organization, but usually they’re very broad-based… then once they get a beacon back saying, ‘Hey, somebody clicked on my link’, they go and figure out who it was.” And if the click came from a larger organization rich in targets, Owen said, they go forward.

State and local agencies have been particularly vulnerable to these sorts of attacks because of the economics of their IT operations. “They’re dependent on the funding through taxes or whatever, and that money can only go so far,” Owen noted. “They also have a preponderance of older IT systems because of the lack of funding over the years. So it’s something that’s built upon itself. A lot of them also have proprietary software, so it’s not commercial, off the shelf—they hired somebody to create some special code, and that code may not run on newer operating systems. So now they have older operating systems that are harder to patch.”

On top of that, many state and local agencies haven’t done the work of segregating those vulnerable systems and putting additional defenses around them to reduce the risk posed by legacy systems, Owen explained. But he said that’s starting to change. “I know with Louisiana particularly, the governor had said that cyber security is going to be a really big focus for 2020,” he said. “They put a lot of money in it in 2019.” And while Louisiana had to take the drastic step of cutting off many services during the recent Ryuk attack, it was effective in stopping the spread of the attack.

December 28, 2019

Apple to donate to Australian bush fire relief efforts

By AppleInsider Staff
Friday, December 27, 2019, 04:29 pm PT (07:29 pm ET)

Apple will donate funds to ongoing relief efforts in Australia, where a dangerous combination of record temperatures, high winds and drought over the past two months set the stage for dozens of devastating bush fires.

Source: AP via NPR

Apple CEO Tim Cook in a tweet on Thursday extended sympathy to Australians impacted by the more than 100 fires that pock mark the landscape in New South Wales, Queensland and South Australia.

“Our hearts are with those impacted by the Australian bushfires and with the courageous volunteer force fighting the unprecedented blazes across the country—please stay safe,” Cook said in a tweet. “Apple will be donating to support relief efforts.”

Cook did not specify how Apple will contribute, though the company has in the past donated funds to local non-profits and emergency service organizations during similar situations.

Australian firefighting agencies are currently battling a series of blazes across multiple states, a collective conflagration thought to be among the worst on record. The fires, sparked by extreme seasonal weather conditions, have destroyed towns, millions of acres of land and claimed the lives of at least nine people.

Australia’s bush fires are taking a toll on local fauna, with recent reports estimating the decimation of some 30% of NSW’s koala population.

The country declared a national emergency last week. Federal and state firefighters from the U.S. were sent to Australia to assist in quelling the wild fires this week.

Apple commonly responds to catastrophes and natural disasters with financial aid. In 2018 the company provided $1 million contributions for victims of the Kerala floods in India, relief efforts following the Sulawesi earthquake and tsunami in Indonesia, and Red Cross activity after the California wild fires and Hurricane Florence. Apple last donated to an emergency relief effort during this year’s bout of California wild fires in October.

December 28, 2019

Hot Startups 2020: This app detects tuberculosis by listening to the sound of your cough

Indians have a tendency of overlooking health symptoms unless it becomes “serious”, which is ironic, since the country is also home to numerous life-threatening diseases such as tuberculosis (TB). According to WHO’s Global Tuberculosis Report 2019, India has the highest number of patients suffering from tuberculosis in the world. Around 26.9 lakh people fell ill with the contagious disease in 2018 in India. The worse thing about TB is that it can happen anywhere to anyone, most likely to be in adults.

One of the reasons why TB is so prevalent in India is due to late diagnosis. This was something Rahul Pathri, a biotechnology specialist, also recognised. As somebody who had a personal experience with TB, Pathri had always worked on developing affordable and accessible healthcare solutions. An app to diagnose tuberculosis non-invasively was one such solution.

In 2016, the IIM Calcutta alumni had teamed up with some like-minded people- Balakrishna Bagadi, Arpita Singh and Vaishnavi Reddy and formed Docturnal, a healthtech firm dedicated to developing solutions to detect lung-based diseases. It has built a screening mobile app- TimBre which diagnoses TB in a patient by recording the sound of his or her cough.

“It uses artificial intelligence and machine learning to make the cough interpretation. It is easy, non-invasive, affordable and an easily accessible procedure for TB diagnosis,” Rahul told ET.com.

Smart, non-invasive diagnosis

Existing screening methods for TB are long and can be cumbersome, sometimes taking two days for diagnosis. According to Preeti Kumar, Vice President, Public Health Support System, at the Public Health Foundation of India, usually when a patient shows four symptoms of TB, he is recommended to take a sputum test for sputum microscopy, which involves patients taking a deep breath and cough hard to spit out some sputum- a thick mucus, sometimes also called phlegm.

“The sputum is then taken to a microscopic lab to test whether it contains the TB bacteria or not,” she said, adding that in this test, several factors are taken into account such as ensuring that the cough is of sufficient quantity and tested early so that the sputum doesn’t dry out.

Other limitations in the test include difficulty in collection of sample if the patient doesn’t have a productive cough and the inability of an elderly person or children in providing sputum.

In case the patient shows the symptoms, private doctors often recommend X-ray of chest for diagnosis, which is not the recommended strategy, she said.

TimBre was precisely conceived to surpass these complexities. It requires a medical practitioner or a healthcare worker to record the cough of a patient using a microphone array and along with some clinical data like demographic details, pre-existing health conditions, sleep and cough patterns, among others. Thereafter, using machine learning, the recording is processed in real-time to predict whether it is TB positive or not.

Docturnal’s team had trained its machine learning algorithm by feeding it the data of nearly 7000 infected coughs to make the interpretation.

“When we cross validated our solution with existing solutions, we found an accuracy of 85%,” Pathri claimed. Once the patient is detected TB positive, he/she will be referred to medical experts, partner physicians and diagnostic centres.

“TimBre’s applications is not only limited for TB screening, but can classify the cough into other ailments as well, such as bronchitis, pneumothorax, smoker’s cough, etc. The algorithm contains an entire spectrum of lung-based diseases,” he said.

Speaking on the similar lines, Kumar said, “TimBre is a non-invasive point of care tool, on the other hand, is a portable and simple screening app. It is a disruptive innovation and its simplicity in design using inexpensive apparatus such as a hand-held microphone, allows it to be rapidly deployed in the community and in the households. Further, the results are almost instantly available. Another advantage is that if any person is found positive on screening, the other members of the household can also be screened simultaneously.”

A poor man’s disease

While the medtech startup seems to have a massive potential to disrupt the healthcare sector, Pathri says there is a lot of socio-economic issues related to the contagious disease, which posed as a challenge towards their initiative.

“TB is a poor man’s disease. And, our app, it’s not like a clothing line or an app that checks your blood pressure or glucose. So the range of business possibility is not as much. For a solution like ours that is for a disease like TB, it’s a challenge to get to that level in the commercial sector,” the entrepreneur said.

He added until this year when Prime Minister Narendra Modi announced that he wanted to eradicate tuberculosis in India by 2025, nobody was interested in their initiative. “We were just very fortunate to be at the right place at the right time,” he quipped.

On the other hand, Pathri says he still finds the existing methods of TB diagnosis a competition since people have been relying on them for years.

Further, his team has found that there is a lot of stigma attached to TB as people were not willing to come forward to talk about it initially. Interestingly, the firm witnessed an enthusiastic response from people since their method of screening was unique, intriguing and patient-friendly.

“When you go with a microphone for something like a disease screening, it naturally builds a curiosity. Everybody wanted to see what was happening with the microphone, and that’s why they came forward. Secondly, it was a non invasive procedure, therefore, it made them feel safer. Now, we are taking personal information- demographic and clinical variables, which is one of the reasons why our results are so good,” co-founder Singh added.

Promising future

Talking about the medtech firm’s progress over the years, Pathri said, “From being an entity that was struggling to get acceptance in the startup and business ecosystem to being an entity recognized by every medical fraternity as the choice for active case finding for TB, Docturnal is today generating revenue. It’s been a long journey and an interesting one.”

Till date, the initially bootstrapped firm has raised a sum of $250,000 from IIT-H, AIRmaker, BIRAC, Axilor, and Mumbai Angels, and has been incubated by T-Hub and supported by RNTCP (Revised National Tuberculosis Control Program) State of Telangana. It estimates revenue to be in the range of Rs 45 lakh by FY 19-20 end.

TimBre is in currently deployed as a pilot project in a few chest hospitals in Hyderabad. Docturnal’s clinical trials are going on at Narayan Hrudayala in Bangalore.

The firm is now working on prognosis for TB and has a ready solution to detect Chronic Obstructive Pulmonary Disease (COPD). “In the coming years, we intend to have solutions for asthma and Interstitial Lung Disease (ILD). And, also expand from India to other countries, which need quicker diagnosis of lung-based diseases,” Pathri said.

December 27, 2019

£950 saving on Sony A7 mirrorless camera this Boxing Day

Every year Boxing Day delivers some great deals if you’re looking to grab a new camera at a bargain price. That is the very same for 2019, with Sony’s original A7 full-frame mirrorless camera available for a bargain £599.

That might sound like a pretty penny, but it’s £950 off the original price.

The first full-frame mirrorless camera from Sony is a few years older these days, but it’s a bargain way into the world of full-frame quality.

The A7 set a new benchmark for mirrorless cameras when it burst onto the scene in 2013. Despite being six years old, it’s still a fantastic camera if you’re seeking a portable interchangeable lens camera with a massive sensor.

The camera comes as a kit, too, so there’s a 28-70mm lens included in the box. And Sony makes some other superb lenses for the E-mount fitting that this camera uses, as does Zeiss. So if you’re looking to expand in the future there’s some excellent glass to be had.

This deal is likely to only be available for the two days, so don’t delay if you want to save yourself some cash on this great camera.

• See more Boxing Day sales deals here

December 27, 2019

Controversial sale of .org domain manager faces review at ICANN

ICANN is reviewing the pending sale of the .org domain manager from a nonprofit to a private equity firm and says it could try to block the transfer.

The .org domain is managed by the Public Internet Registry (PIR), which is a subsidiary of the Internet Society, a nonprofit. The Internet Society is trying to sell PIR to private equity firm Ethos Capital.

ICANN (Internet Corporation for Assigned Names and Numbers) said last week that it sent requests for information to PIR in order to determine whether the transfer should be allowed. “ICANN will thoroughly evaluate the responses, and then ICANN has 30 additional days to provide or withhold its consent to the request,” the organization said.

ICANN, which is also a nonprofit, previously told the Financial Times that it “does not have authority over the proposed acquisition,” making it seem like the sale was practically a done deal. But even that earlier statement gave ICANN some wiggle room. ICANN “said its job was simply to ‘assure the continued operation of the .org domain’—implying that it could only stop the sale if the stability and security of the domain-name infrastructure were at risk,” the Financial Times wrote on November 28.

In its newer statement last week, ICANN noted that the .org registry agreement between PIR and ICANN requires PIR to “obtain ICANN’s prior approval before any transaction that would result in a change of control of the registry operator.”

ICANN can raise “reasonable” objection

The registry agreement lets ICANN request transaction details “including information about the party acquiring control, its ultimate parent entity, and whether they meet the ICANN-adopted registry operator criteria (as well as financial resources, and operational and technical capabilities),” ICANN noted. ICANN’s 30-day review period begins after PIR provides those details.

Per the registry agreement, ICANN said it will apply “a standard of reasonableness” when determining whether to allow the change in control over the .org domain. As Domain Name Wire noted in a news story, whether ICANN can block the transfer using that standard “might ultimately have to be determined by the courts.”

The agreement between PIR and ICANN designates PIR as the registry operator for the .org top-level domain. It says that “neither party may assign any of its rights and obligations under this Agreement without the prior written approval of the other party, which approval will not be unreasonably withheld.”

Concern about price hikes, transparency

The pending sale comes a few months after ICANN approved a contract change that eliminates price caps on .org domain names. The sale has raised concerns that Ethos Capital could impose large price hikes.

ICANN says it wants to make the transaction-review process more transparent. But ICANN apparently needs PIR’s permission to publish the request for information and PIR’s responses, and so far PIR has refused a request to make documents public. In last week’s letter to PIR and the Internet Society, ICANN General Counsel and Secretary John Jeffrey urged PIR to make the information public:

As you are well aware, transparency is a cornerstone of ICANN and how ICANN acts to protect the public interest while performing its role. In light of the level of interest in the recently announced acquisition of PIR, both within the ICANN community and more generally, we continue to believe that it is critical that your Request, and the questions and answers in follow up to the Request, and any other related materials, be made public.

While PIR has previously declined our request to publish the Request, we urge you to reconsider. We also think there would be great value for us to publish the questions that you are asked and your answers to those questions. We will of course provide you with the opportunity to redact portions of the documents that you believe contain personally identifiable information before posting and renew that offer here.

As you, [ISOC CEO] Andrew [Sullivan], stated publicly during a webcast meeting in which you participated on 5 December 2019, you are uncomfortable with the lack of transparency. Many of us watching the communications on this transaction are also uncomfortable.

In sum, we again reiterate our belief that it is imperative that you commit to completing this process in an open and transparent manner, starting with publishing the Request and related material, and allowing us to publish our questions to you, and your full responses.

We contacted PIR today and the organization said it isn’t able to comply with the request to make documents public because of confidentiality agreements. PIR told Ars:

PIR is committed to being transparent with ICANN and the Internet community, and PIR is working to answer ICANN’s questions and address why this acquisition will be good for the .org community. But like any company in the middle of an acquisition, and consistent with other changes of control that have been reviewed by ICANN, we are limited in what we can release publicly due to confidential[it]y agreements with other parties and proprietary information involving the transaction.

PIR defends sale

PIR CEO Jon Nevett defended the pending sale in a blog post last week, calling it “the best path for .org’s future.”

“[A] diversified portfolio is much better, and less risky, than relying on one company like Public Interest Registry—in one industry—for nearly all of its funding,” Nevett wrote.

Under the Internet Society’s ownership, PIR has “been in perpetual ‘harvest’ mode, where PIR sends the fruits of our labor to support the amazing work they do,” Nevett continued. “A relationship with Ethos will allow us to invest in .org, enabling us to deliver more to the .org community, and the Internet at-large.”

But critics of the sale want guarantees in writing that the new owner won’t impose big price increases. ICANN’s Noncommercial Stakeholders Group (NCSG) has called on the ICANN board to require public-interest protections in the sale. For example, the NCSG said that before any wholesale price increases, .org domain registrants should be given “six months to renew their domains for periods of up to 20 years at the pre-existing annual rate.”

Ethos Capital should also have to commit to content neutrality with a pledge that it “will not suspend or take away domains based on their publication of political, cultural, social, ethnic, religious, and personal content, even untrue, offensive, indecent, or unethical material, like that protected under the US First Amendment,” the NCSG said.

If Ethos Capital refuses to make those commitments, ICANN should “exercise its right” from the registry agreement to withhold its approval, the NCSG said.

When contacted by Ars, PIR said that its existing agreement with ICANN “requires that PIR provide notification six months in advance of any price increase” and that “PIR under new ownership will honor the terms of that contract.” However, PIR did not commit to accepting the NCSG proposals.

December 27, 2019

Apple’s 2018 MacBook Air is on sale for $739 today only

By Christine McKee
Thursday, December 26, 2019, 10:42 pm PT (01:42 am ET)

Amazon-owned Woot is shaving $460 to $540 off refurbished 2018 13-inch MacBook Airs during its latest flash sale. Prices start at just $739.99 while supplies last.

Flash deals

These 13-inch MacBook Airs at Woot are refurbished by Apple, but do not come with an Apple warranty. Instead, the 2018 models are backed by a 1-year Woot warranty, with all of the systems packaged in a generic white box, allowing for aggressive savings of $460 to $540 off original MSRP. Compared to 2019 models in new condition, Woot’s prices on the refurbished systems are $250 to $340 cheaper.

Amazon Prime members can also get free standard shipping on the notebooks during the flash sale. These deals are scheduled to end at 10 p.m. Pacific on Dec. 27, but supply could run out at any time.

2018 MacBook Air savings

2019 MacBook Air deals (new condition)

Additional Apple deals

AppleInsider and Apple authorized resellers are also running additional exclusive savings on Apple hardware for the holidays that will not only deliver the lowest prices on many of the items, but also throw in bonus discounts on AppleCare, software and more. These offers are as follows:

Interested in additional Apple hardware? See if there is a Mac, iPad or Apple Watch deal that will save you $100s by checking out prices.appleinsider.com.

December 27, 2019

Mobile Application Testing Solution Market Outlook | Development Factors, Latest Opportunities and Forecast 2025

Market Study Report, LLC, provides a research on the ‘ Mobile Application Testing Solution market’ which offers a concise summary pertaining to industry valuation, SWOT Analysis, market size, revenue estimation and geographical outlook of the business vertical. The study descriptively draws out the competitive backdrop of eminent players driving the Mobile Application Testing Solution market, including their product offerings and growth plans.

This research study on the Mobile Application Testing Solution market details an exhaustive evaluation of this business space, along with a concise outline of its various segments. The study provides an insight into the market scenario – it offers a basic overview of the industry with regards to its present stance. Also, the market size, based on revenue and volume, is provided. The report likewise features significant bits of knowledge relating to the provincial ambit of the market as well as the key firms with a definitive status in the Mobile Application Testing Solution market.

Request a sample Report of Mobile Application Testing Solution Market at: https://www.marketstudyreport.com/request-a-sample/2401513?utm_source=technologymagazine.org&utm_medium=SP

Elucidating the main pointers from the Mobile Application Testing Solution market report:

A detailed understanding of the regional terrain of the Mobile Application Testing Solution market:

The study comprehensively epitomizes, the territorial command of this market, while segmenting the same into United States, China, Europe, Japan, Southeast Asia & India.
The research report archives information concerning the industry share held by every region, alongside potential development prospects.
The study foresees the development rate which each province would register over the assessed time.

Unveiling the competitive outlook of the Mobile Application Testing Solution market:

Ask for Discount on Mobile Application Testing Solution Market Report at: https://www.marketstudyreport.com/check-for-discount/2401513?utm_source=technologymagazine.org&utm_medium=SP

Other takeaways from the report that will influence the remuneration scale of the Mobile Application Testing Solution market:

The Mobile Application Testing Solution market study evaluates the product spectrum of this vertical with widely inclusive subtleties. In view of the report, the Mobile Application Testing Solution market, as far as product territory is considered, is segmented into
- Interactive Testing
- Automated Testing
.
Insights about the products with respect to the product type, benefit valuation, and manufacturing development techniques are included inside the report.
The study covers an intricate examination of the market’s application scene that has been broadly divided into
.
Insights about every application’s industry share, product demand, pertaining to every application, and the application development rate during the prospective years, have been incorporated into the Mobile Application Testing Solution market report.
Other key pointers like the raw material processing rate and market concentration rate are delineated in the report.
The report assesses the market’s ongoing value patterns and the development prospects for the business.
A exact synopsis of viewpoints in market positioning, marketing channel development, and marketing approach is talked about in the report.
The study likewise reveals information concerning the makers and merchants, downstream purchasers, and assembling cost structure of the Mobile Application Testing Solution market.

For More Details On this Report: https://www.marketstudyreport.com/reports/global-mobile-application-testing-solution-market-report-history-and-forecast-2014-2025-breakdown-data-by-companies-key-regions-types-and-application

Some of the Major Highlights of TOC covers:

Mobile Application Testing Solution Regional Market Analysis

Mobile Application Testing Solution Production by Regions
Global Mobile Application Testing Solution Production by Regions
Global Mobile Application Testing Solution Revenue by Regions
Mobile Application Testing Solution Consumption by Regions

Mobile Application Testing Solution Segment Market Analysis (by Type)

Global Mobile Application Testing Solution Production by Type
Global Mobile Application Testing Solution Revenue by Type
Mobile Application Testing Solution Price by Type

Mobile Application Testing Solution Segment Market Analysis (by Application)

Global Mobile Application Testing Solution Consumption by Application
Global Mobile Application Testing Solution Consumption Market Share by Application (2014-2019)

Mobile Application Testing Solution Major Manufacturers Analysis

Mobile Application Testing Solution Production Sites and Area Served
Product Introduction, Application and Specification
Mobile Application Testing Solution Production, Revenue, Ex-factory Price and Gross Margin (2014-2019)
Main Business and Markets Served

Related Reports:

1. Global Advanced Persistent Threat Solution Market Report, History and Forecast 2014-2025, Breakdown Data by Companies, Key Regions, Types and Application
This report categorizes the Advanced Persistent Threat Solution market data by manufacturers, region, type and application, also analyzes the market status, market share, growth rate, future trends, market drivers, opportunities and challenges, risks and entry barriers, sales channels, distributors Analysis.
Read More: https://www.marketstudyreport.com/reports/global-advanced-persistent-threat-solution-market-report-history-and-forecast-2014-2025-breakdown-data-by-companies-key-regions-types-and-application

2. Global Power System State Estimator Market Report, History and Forecast 2014-2025, Breakdown Data by Companies, Key Regions, Types and Application
Power System State Estimator Market Report covers the makers’ information, including shipment, value, income, net benefit, talk with record, business appropriation and so forth., this information enables the buyer to think about the contenders better. This report additionally covers every one of the districts and nations of the world, which demonstrates a provincial advancement status, including market size, volume and esteem, and also value information. It additionally covers diverse enterprises customer’s data, which is critical for the producers.
Read More: https://www.marketstudyreport.com/reports/global-power-system-state-estimator-market-report-history-and-forecast-2014-2025-breakdown-data-by-companies-key-regions-types-and-application

Contact Us:
Corporate Sales,
Market Study Report LLC
Phone: 1-302-273-0910
Toll Free: 1-866-764-2150
Email: [email protected]

December 26, 2019

Sony RX100 Mk4 just £499, save £560 today only

Every year Boxing Day delivers some great deals if you’re looking to grab a new snapper at a bargain price. That is the very same for 2019, of course, with Sony’s RX100 Mark 4 camera available for a bargain £439.

That could come across as a lot, but when you realise it’s over £560 off the original price – giving over a 50 per cent discount for today only.

The RX100 Mk4 an older gen model of Sony’s excellent high-end compact camera range. Although it doesn’t offer the super-advanced autofocus system of the Mk5 model, you could buy two of the older model for less money!

The pocketable snapper has a 1-inch sensor size, which is far larger than most compact cameras can offer, resulting in far better quality. Paired with a 24-70mm f/1.8-2.8 lens it’s super fast, too, ensuring top shooting in low-light or bright light.

This deal is likely to only be available for one day, so don’t delay if you want to save yourself some cash on this great camera.

• There’s more Boxing Day sales deals here

December 26, 2019

iPhones and iPads finally get key-based protection against account takeovers

For the past couple of years, iPhone and iPad users have been relegated to second-class citizenship when it comes to a cross-industry protocol that promises to bring effective multi-factor authentication to the masses. While Android, Windows, Mac, and Linux users had an easy way to use the fledgling standard when logging in to Google, GitHub, and dozens of other sites, the process on iPhones and iPads was either painful or non-existent.

Apple’s reticence wasn’t just bad for iPhone and iPad users looking for the most effective way to thwart the growing scourge of account takeovers. The hesitation was bad for everyone else, too. With one of the most important computing platforms giving the cold shoulder to WebAuthn, the fledgling standard had little chance of gaining critical mass.

And that was unfortunate. WebAuthn and its U2F predecessor are arguably the most effective protection against the growing rash of account takeovers. They require a person logging in with a password to also present a pre-enrolled fingerprint, facial scan, or physical security key. The setup makes most existing types of account takeovers impossible, since they typically rely solely on theft of a password.

Developed by the cross-industry FIDO alliance and adopted by the World Wide Web consortium in March, WebAuthn has no shortage of supporters. It has native support in Windows, Android, Chrome, Firefox, Opera, and Brave. Despite the support, WebAuthn has gained little more than niche status to date, in part because of the lack of support from the industry’s most important platform.

Now, the standard finally has the potential to blossom into the ubiquitous technology many have hoped it would become. That’s because of last week’s release of iOS and iPadOS 13.3, which provide native support for the standard for the first time.

More about that later. First, a timeline of WebAuthn and some background.

In the beginning

The handheld security keys at the heart of the U2F standard helped prepare the world for a new, superior form of MFA. When plugged into a USB slot or slid over an NFC reader, the security key transmitted “cryptographic assertions” that were unique to that key. Unlike the one-time passwords used by MFA authenticator apps, the assertions transmitted by these keys couldn’t be copied or phished or replayed.

U2F-based authentication was also more secure than one-time passwords because, unlike the authenticator apps running on phones, the security keys couldn’t be hacked. It was also more reliable since keys didn’t need to access an Internet connection. A two-year study of more than 50,000 Google employees a few years ago concluded that cryptographically based Security Keys beat out smartphones and most other forms of two-factor verification.

U2F, in turn, gave way to WebAuthn. The new standard still allows cryptographic keys that connect by USB or NFC. It also allows users to provide an additional factor of authentication using fingerprint readers or facial scanners built into smartphones, laptops, and other types of hardware the user already owns.

A plethora of app, OS, and site developers soon built WebAuthn into their authentication flows. The result: even when a password was exposed through user error or a database breach, accounts remained protected unless a hacker with the password passed the very high bar of also obtaining the key, fingerprint, or facial scan.

As Google, Microsoft, key maker Yubico, and other WebAuthn partners threw their support behind the new protocol, Apple remained firmly on the sidelines. The lack of support in macOS wasn’t ideal, but third-party support from the Chrome and Firefox browsers still gave users an easy way to use security keys. Apple’s inaction was much more problematic for iPhone and iPad users. Not only did the company provide no native support for the standard, it was also slow to allow access to near-field communication, a wireless communication channel that makes it easy for security keys to communicate with iPhones.

Poor usability and questionable security

Initially, the only way iPhones and iPads could use WebAuthn was with a Bluetooth-enabled dongle like Google’s Titan security key. It worked—technically—but it came with deal-breaking limitations. For one, it worked solely with Google properties. So much for a ubiquitous standard. Another dealbreaker—for most people, anyway—the installation of a special app and the process of pairing the keys to an iPhone or iPad was cumbersome at best.

Then in May, Google disclosed a vulnerability in the Bluetooth Titan. That vulnerability made it possible for nearby hackers to obtain the authentication signal as it was transmitted to an iPhone or other device. The resulting recall confirmed many security professionals’ belief that Bluetooth lacked the security needed for MFA and other sensitive functions. The difficulty of using Bluetooth-based dongles, combined with the perception that they were less secure, made them a non-starter for most users.

In September, engineers from authentication key-maker Yubikey built a developer kit that added third-party programming interfaces for WebAuthn. The effort was valiant, but it was also kludgey, so much so that the fledgling Brave browser was the only one to make use of it. Even worse, Apple’s steadfast resistance to opening up third-party access to NFC meant that the third-party support was limited to physical security keys that connected through the Lightning port or Bluetooth.

NFC connections and biometrics weren’t available. Worst of all, the support didn’t work with Google, Facebook, Twitter, and most other big sites.

December 26, 2019

Amazon launches year-end sale with deals on AirPods, MacBooks, iMacs, Apple Watch bands

By Christine McKee
Wednesday, December 25, 2019, 10:07 am PT (01:07 pm ET)

With only a week left until the New Year, Amazon is knocking up to $310 off belated gifts and year-end business purchases. Save on Apple AirPods, MacBook Airs, iMacs, Apple Watch bands and more.

Year-end savings

Whether you received a holiday gift card or are still looking for the perfect present for that special someone, Amazon has a variety of deals on Apple products, from AirPods to Apple Watch bands. Shoppers can save up to $310 instantly with many items ready to ship out asap. Here’s a small sampling of the top Apple deals, with many more options available in the AI Apple Price Guide and via Amazon’s dedicated Year-End Deals page.

Apple AirPods savings

Powerbeats deals

Up to $300 off MacBook Airs

Up to $310 off iMacs

Apple Pencil on sale

Apple Pencil: $94.08 ($5 off)
Apple Pencil 2: $114* ($15 off)
*Look for green bonus savings message on product page. May not be available for all accounts. YMMV.

Magic accessories

Apple Watch bands

Additional Apple deals

Interested in additional Apple hardware? See if there is a Mac, iPad or Apple Watch deal that will save you $100s by checking out prices.appleinsider.com.