Friday, July 15, 2016

5 Reasons I’m Excited By Nokia’s Upcoming Android Phones


Nokia's Return To The Mobile Space With Android WILL Be IMMENSE. God! I've Missed Nokia So Much...

Nokia used to be the world’s biggest phone maker. When you thought of mobile phones you thought of Nokia. The brand was synonymous with mobile technology, just as Apple iand Samsung are right now.

But things went sour quickly for Nokia after the arrival of Apple and Android. Like BlackBerry, Nokia moved too slowly and failed to spot the threat to its control of the mobile market and, between the years of 2007 to 2012, the Nokia brand effectively died.
Then came Windows Phone and, well, we all know how that played out…
But Nokia will return in 2016 and this time it will be using Google’s Android platform, apparently. As a long standing fan of Nokia, its approach to design and its thirst for innovation, I am really rather excited about this. And below are six points on why you should be too!

The Nokia Brand Is Still Strong

Check around online. Read comments on articles about Nokia’s return. Hell, you can even read old Lumia reviews. Do this and you will see a trend — Nokia’s brand appeal, despite a good few years in exile, is still very strong inside the hearts and minds of A LOT of consumers.
Unlike BlackBerry, Nokia has always been a consumer-facing brand. A lot of its phones are classics. Take the 3310, for instance. Most people, at some point in their life, have owned a Nokia phone. People trust Nokia. People remember Nokia. And I think a strong return in 2016 with Android, as well as some core USPs, will jog people’s memory about Nokia and see people out in droves to check out their new hardware.
I know — this sounds like wishful thinking. But I have faith that Nokia can design its way into contention on the already packed Android space. It has great people and a better understanding than most about what makes a great phone. Throw in all the benefits you get with Android Nougat and, well, a flagship Nokia phone in 2016 starts to sound very compelling.

Nokia Knows How To Design The Hell Out of Things

Nokia has produced hundreds of phones over the years, phones of all shapes and sizes. Nokia knows how to design handsets that stand out from the crowd. Even the phones during its Lumia campaign were notable for their robust, unique styling; things only came apart on the software front, and that was all Microsoft's doing. The Lumia 1520 and Lumia 1020 immediately spring to mind; these handsets still look cool today, despite their age. Nokia's also one of only a small group of manufacturers who know how to build in plastic and still make a phone feel like a quality, £400+ price tag worthy product.
I cannot wait to see what Nokia’s designers come to the fray with in 2016. I hope it is something original; there is a lot of room for some innovation with design in the Android space. Most phones look and feel the same these days — rectangular, slim slabs — so it’d be nice to see Nokia inject some je ne sais quoi into things in this regard.

Android Solves All Previous Issues

Windows Phone as an ecosystem couldn’t keep up with Android and iOS. It lacked applications, content and services. This is one of the many reasons why Microsoft scrapped it. The platform itself was plenty powerful and well optimised, but when most people — like 90% — are used to Apple’s App Store and Google Play, an understocked Windows Store simply don’t cut the mustard.
With Android Nougat at the core of its phones, Nokia simply doesn’t need to worry about software. It can focus on what it does best — hardware.

Price — Nokia Will Go For Competitive Angle

Word on the street suggests Nokia will release a range of phones which will include a flagship device and a couple of more affordable units. What I hope doesn’t happen is that Nokia just goes after the budget space — this would suck. If Nokia is returning to the phone space it needs to do so with a BANG.
Also, things have changed quite a bit since it departed from the phone market. OnePlus has shown you can run a viable business with network support and lower cost hardware. Wouldn’t it be nice if Nokia’s return took a few plays from OnePlus’  handbook and championed cutting edge hardware at uber-competitive prices?

Nokia Loves To Innovate

Whether you’re talking about camera technology or the overall physical design of a phone, Nokia has excellent pedigree in both. It was the first to really popularise the camera phone format and then it debuted its PureView camera technology at MWC 2012. In between this Nokia consistently pushed the boundaries with the design, build materials and integral nature of its phones.
I miss Nokia’s balls-out approach to things. I’d also love to see its PureView technology re-jigged for 2016/17. Beyond this Nokia is well placed to do some innovating in a space where most simply attempt to keep up with Apple and Samsung. LG and HTC have done a lot in 2016 to add in value to their releases, but I believe Nokia’s approach to things and its talented team will go one better and give us something to really look forward to.
I know this is a rather gushing post on Nokia. But I do believe the mobile space is a duller place without the firm. I always remember getting excited by the arrival of a new Nokia phone back in the day, whether the N8 or N900, it didn’t matter, as I always knew it’d be something different. 
I just hope Nokia hasn’t lost the magic it once had! 

Thursday, July 14, 2016

THE DIZZYING VIEW INSIDE NASA'S VEHICLE ASSEMBLY BUILDING

A unique view of the Vehicle Assembly Building (VAB) at NASA’s Kennedy Space Center.
You're looking up through the birthplace of the only spacecraft that have landed human feet on another world.

NASA published this photo of the interior of the Vehicle Assembly Building at Kennedy Space Center in Florida, showing off four new work platforms recently installed on the north and south sides of High Bay 3. The platforms will provide access to the Space Launch System rocket and Orion spacecraft for Exploration Mission 1. NASA's in the process of sprucing up the VAB in preparation for Mars missions.
VAB

Built in 1966, the VAB is the tallest single-story building in the world. It sprawls over eight acres of land, and stands 525 feet tall.


Snapdragon 821 - Qualcomm Fastest Processor


Not a lot of people who used a Snapdragon 820 phone would’ve thought “hmm, the only thing I need is more power”, yet here we are. The new Snapdragon 821 processor is Qualcomm’s most powerful processor yet.
The 14-nm processor is 10 percent faster than before, thanks to higher clock speeds in its Kryo cores. The two more advanced cores run at 2.4 Ghz rather than 2.15 Ghz, while the two lower-clock ones are said to run at 1.8 Ghz rather than 1.6 Ghz.
The Adreno 530 GPU is retained though it runs at a higher clock too. Apart from that, it borrows several of 820’s features, including the X12 LTE modem, with download speeds of 600 Mbps and 3 times faster LTE uploads with Snapdragon Upload+. It also brings Ultra HD Voice for better call quality.
One of its more important applications will happen in the field of virtual reality, where it could be used in upcoming stand-alone VR headsets, including Google’s Daydream VR. Possible uses also include the upcoming Nexus devices and future Galaxy flagships. Qualcomm expects devices using Snapdragon 821 to hit in the second half of 2016, so you won’t have to wait long anyway.
After the multitude of issues with the launch of the Snapdragon 810, Qualcomm upped its game to produce one of the beefiest and widely used chipsets in the market with the 820. The new 821 will likely follow its footsteps and make its way to flagships, even as the past version remains strong.

Wednesday, July 13, 2016

Warning - Millions of Xiaomi Phones Vulnerable, Remote Hacking



Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets.


The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0.


The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them.


Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack.


"The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user," researchers say.

Researchers say they discovered vulnerable analytics packages in at least four default apps provided by Xiaomi in its MIUI distributions, one of those apps being the default browser app.


The flaw allows an attacker to inject a JSON response to force an update by replacing the link and MD5 hash with a malicious Android application package containing malicious code, which is executed at the system level.



Since there is not any cryptographic verification of the update code, the analytics package (com.xiaomi.analytics) will replace itself with "the attacker-supplied version via Android's DexClassLoader mechanism."


In order words, the analytics package neither uses HTTPS to query an update server for updates, nor it downloads the package over HTTPS, thus allowing attackers to modify the updates.


The custom ROM ships on devices manufactured by developer Xiaomi – World's third largest smartphone maker with over 70 Million devices shipped just last year alone – and is also ported to over 340 different handsets including Nexus, Samsung, and HTC.


Since the company has patched the flaw and released a over-the-air update, users are strongly recommended to update their firmware to version 7.2 as soon as possible in order to ensure they are not vulnerable to this issue that plagues Millions of Xiaomi devices.

Critical - Print Spooler Bug allows hacker to hack any version of Windows



Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software.


The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism.


The "critical" flaw (CVE-2016-3238) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers.


The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights; Microsoft said in MS16-087 bulletin posted Tuesday.


Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users.


Microsoft said the critical flaw could be exploited to allow remote code execution if an attacker can conduct a man-in-the-middle (MiTM) attack on a system or print server or set up a rogue print server on a target network.


The critical flaw was discovered and reported by the researchers at security firm Vectra Networks, who disclosed some details on the vulnerability, but didn't publish their proof-of-concept (POC) code.


You can watch the video that shows the hack in action:



In corporate networks, by default network administrators allow printers to deliver the necessary drivers to workstations or systems connected to the network. These drivers are silently installed without user interaction and run with full privileges under the SYSTEM user.


According to researchers, attackers can replace these drivers on the printer with malicious files that could allow them to execute code of their choice.


More worrisome: If the printer is behind a firewall, attackers can even hack other device or computer on that particular network, and then use it to host their malicious files.



Watering Hole Attacks via Printers


Like servers, multiple computers are also connected to printers in an effort to print documents as well as download drivers. So, this flaw allows a hacker to execute watering hole attacks technically using printers.


Watering hole attacks, or drive-by downloads, are used to target businesses and organizations by infecting them with malware to gain access to the network.

"Rather than infecting users individually, an attacker can effectively turn one printer into a watering hole that will infect every Windows device that touches it," said Vectra chief security officer Gunter Ollmann.
"Anyone connecting to the printer share will download the malicious driver. This moves the attack vector from physical devices to any device on the network capable of hosting a virtual printer image."
This flaw (CVE-2016-3238) is by far the most dangerous vulnerability of the year, which is easy to execute, provides different ways of launch attacks, and affects a huge number of users.


A second related vulnerability, CVE-2016-3239, in MS16-087 bulletin is a privilege escalation flaw that could allow attackers to write to the file system.


A security bulletin for Microsoft Office, MS16-088, includes patches for seven remote code execution (RCE) vulnerabilities, 6 of them are memory corruption flaws, which affects Microsoft Office, SharePoint Server as well as Office Web Apps.


The flaws can be exploited by specially crafted Office files, allowing attackers to run arbitrary code with same privileges as the logged in user.


Bulletin MS16-084 addresses flaws in Internet Explorer and MS16-085 in Microsoft Edge. The IE flaws include RCE, privilege escalation, information disclosure and security bypass bugs.


Edge flaws include a handful of RCE and memory corruption flaws in the Chakra JavaScript engine, as well as an ASLR bypass, information disclosure, browser memory corruption, and spoofing bugs.


Bulletin MS16-086 addresses a vulnerability in the JScript and VBScript engines in Windows, which could allow an attacker to execute remote code execution flaw, affecting VBScript 5.7 and JScript 5.8.


Rest five bulletins rated as important address flaws in Windows Secure Kernel Mode, Windows Kernel-Mode Drivers, the .NET framework, the Windows Kernel, and Secure Boot process.


Users are advised to patch their system and software as soon as possible.