Wednesday, October 5, 2016

Facebook Messenger Chats Now Offer End-to-End Encryption


Facebook is finally capitalizing on the promise it first made back in July, of making conversations on Messenger completely encrypted. The platform isn’t the first to offer such a feature but is definitely among the most used ones, even if it doesn’t offer it in full glory.



The feature, dubbed Secret Conversations, is now available to the billion or so active users of Messenger, as confirmed by Wired. It is turned off by default so it requires turning on manually. It also doesn’t make every conversation that has occurred in the past encrypted.

How to Activate:

In the latest version of Messenger, you’ll see a new secret icon in the top right corner of the app. Tap that and you can start an encrypted chat. Existing conversations can also be converted to secret ones, by tapping their name at the top, and toggling the Secret Conversations option.

Encryption Tech:

Messenger uses the renowned Signal encryption system, developed by the nonprofit Open Whisper Systems, which has already been implemented in the privacy-centered Signal Private Messenger. That app has the blessings of none other than Edward Snowden.
Of course, both the users need to update to the latest version of Messenger to use the updated security feature so first make sure that is done. The conversations can only be carried out on a single device at a time.

Room For Improvement:

The functionality of these conversations is a bit more limited in comparison to normal ones, with GIFs and videos not supported, yet.
The feature was first tested in beta in public back in July and only now is it arriving to the all users.
Messenger isn’t the first platform to offer such privacy, as Signal, Telegram and Whatsapp among others have had it for long. Though, it is certainly among the most used messaging apps. That will happen of course if you trust Facebook with your privacy in the first place.

Tuesday, October 4, 2016

WhatsApp Adds Snapchat-Like Doodling in New Update


A feature that has been in Google Allo and Snapchat from the start is now making its way to WhatsApp. You can now doodle on images or add stickers and emojis on them.


New Features in the Update

Aside from doodling and adding emojis on images, the update brings front facing flash support (screen flash) for selfies and video zooming options in the app’s camera.
The update was available in WhatsApp beta and is now available for the general public. Only Android users can avail this update for now. iOS users will have to wait.

According to the WhatsApp blog:
"When you capture a new photo or video or share one that’s already on your phone, you’ll automatically see the new editing tools. The WhatsApp camera feature now supports the front-facing flash so you can take the perfect selfie."
"In low light and at night, this will brighten up your screen and improve the quality of your photo. We’ve also added a convenient zooming feature for recording videos – just slide your finger up and down to zoom in and out. And to quickly switch between front and rear facing cameras, double tap on the screen."


Adapting to the Competition

This isn’t the first time Facebook has copied Snapchat’s features. They copied Snapchat stories and introduced it in Instagram, renaming it to Instagram stories.
It should be mentioned that Facebook CEO Mark Zuckerberg once offered to buy Snapchat from its CEO Evan Spiegel a few years ago.
Even though both Facebook Messenger and WhatsApp boast around a billion users each, Snapchat still poses a major threat because of its immense popularity among teens and the younger demographics. Facebook seems to be adapting and introducing new features in anticipation of the fact that Snapchat will become a major competitor to its messaging platforms soon.
The update is not yet available at the Google Playstore but is expected to be available today

Beware ! to open JPEG 2000 Images


Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems.



Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/CVE-2016-8332, could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution.

OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF.


Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email.


The hacker could even upload the malicious JPEG2000 image file to a file hosting service, like Dropbox or Google Drive, and then send that link to the victim.


Once downloaded to the system, it would create a way for hackers to remotely execute malicious code on the affected system.


The flaw was caused "due to an error while parsing mcc records in the jpeg2000 file,...resulting in an erroneous read and write of adjacent heap area memory," Cisco explained in its advisory.

"Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control."


The researchers successfully tested the JPEG 2000 image exploit on the OpenJPEG openjp2 version 2.1.1. The flaw was discovered by Aleksandar Nikolic from the Cisco Talos Security team.


The team reported the zero-day flaw to OpenJPEG developers in late July, and the company patched the flaw last week with the release of version 2.1.2.


The vulnerability has been assigned a CVSS score of 7.5, categorizing it as a high-severity bug.

Thursday, September 29, 2016

BlackBerry will no longer make SmartPhones


BlackBerry thought that adopting Android would give it a slight chance to return to profitability. As it turned out, it took its last breath today.


BlackBerry, formerly world’s largest smartphone company, is putting a stop to its in-house production and designing of smartphones. It will instead outsource both and license its name to companies in markets overseas, including Indonesia and China where the company is still big.
As it currently stands, it looks like the end-of-the-line for another of industry’s former stalwarts, as it is not quite known when phones under such agreements will arrive.
The focus has shifted from hardware to software, which is expecting a growth of 30-percent despite an overall loss of $372 million.
“Our new Mobility Solutions strategy is showing signs of momentum,” said John S. Chen, BlackBerry CEO, “including our first major device software licensing agreement with a telecom joint venture in Indonesia. Under this strategy, we are focusing on software development, including security and applications.”
“The company plans to end all internal hardware development and will outsource that function to partners. This allows us to reduce capital requirements and enhance return on invested capital.”
When such licensed phones arrive, it won’t be a surprise as BlackBerry’s latest phone, the DTEK50, does the same. With BlackBerry’s name slapped on an Alcatel Idol 4’s body, it is likely a trail-blazer.
We can’t say the signs weren’t there. BlackBerry’s share took a dive since the iPhone released, mainly due to the company’s inability to keep up with the touchscreen trend for years.
The executives gave a target of 3 million phones in sales for the company to stay in the market. With a share of 0.1-percent despite the ever-present loyalists, BlackBerry barely sold 400,000 units, which proved the last nail in the coffin.

Google Translate now interprets Chinese-to-English with near human-level accuracy


The very software that thrice defeated world grandmaster Lee Sedol for the ancient game of Go is now beginning to power Google Translate. Google will now begin to translate Chinese to English using a system called Google Neural Machine Translation.

Google Translate had been using the phrase-based production system to translate Chinese to English, among other language pairs, but with little success. That was particularly so because Mandarin Chinese is notably hard to convert to English due in part to the different meanings a word could take when paired with certain characters. But that was mainly because of the differences between the Chinese and English cultures, which affect language.
The rollout of Google’s neural machine translation system in both the web and mobile versions of Google Translate could significantly change that. Native Mandarin Chinese speakers may no longer cringe at Google Translate results as the AI-based tool will now look at the whole sentence structure before decoding it.
Previously, Google Translate used to parse sentences into their component words as it interpreted them, resulting in sometimes nonsense translations.
Based on Google’s tests, the Google Neural Machine Translation system reduces translation errors by between 55 percent and 85 percent. Quoc V. Le and Mike Schuster, research scientists for Google Brain Team, lauded the GNMT approach as more advantageous than Phrase-Based translation systems.
"There is still a lot of work we can do to serve our users better. However, GNMT represents a significant milestone."
However, the researchers acknowledge that machine translation isn’t solved just yet. In a blog post, the researchers wrote:
"GNMT can still make significant errors that a human translator would never make, like dropping words and mistranslating proper names or rare terms, and translating sentences in isolation rather than considering the context of the paragraph or page. There is still a lot of work we can do to serve our users better. However, GNMT represents a significant milestone."
On top of the Chinese-to-English language pair, Google also plans to implement GNMT in 10,000 other language pairs supported by Google Translate. You might want to check out the updated version of the app now and tell us how well it works.