Latest Tech News

The developers of two open source code libraries for Secure Shell, which is the protocol used by millions of computers to create encrypted connections, have decided to no longer support the Secure Hash Algorithm 1 (SHA-1) due to growing security concerns.

As reported by Ars Technica, developers using the OpenSSH and Libssh libraries will no longer be able to use SHA-1 to digitally sign encryption keys going forward. In its release notes, OpenSSH explained why it will no longer support SHA-1, saying:

“It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm by default in a near-future release. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.”

• Open source code flaws may lead to a new Heartbleed
• Millions of websites put at risk after encryption fault
• CIA used encryption company as front to spy on foreign powers

SHA-1 is a cryptographic hash function that was first developed in 1995. It is used for producing hash “digests” which are each 40 hexadecimal characters long and these digests are meant to be distinct for every message, file and function that uses them.

Hash collisions

A collision is a cryptographic term used to describe when two or more inputs generate the same outputted digest and researchers began warning that SHA-1 was becoming increasingly vulnerable to collisions almost a decade ago. 

In 2017, SHA-1 fell victim to a collision attack that cost $110,000 to produce which lead to a number of browsers, browser-trusted certificate authorities and software update systems to abandon the algorithm though some services and software continued using it despite the risk.

However, in January of this year, researchers showed that an even more powerful collision attack could be launched for just $45,000. This chosen-prefix attack showed that it is possible to modify an existing input and still end up with the same SHA-1 hash and an attacker could use this method to alter documents or software to bypass SHA-1-based integrity checks.

While OpenSSH and Libssh will no longer support SHA-1, the encryption algorithm is still supported in recent versions of OpenSSL.

• We've also highlighted the best VPN services

Via Ars Technica

from TechRadar - All the latest technology news https://ift.tt/3deB6Y0

The best prepared meal delivery services to use for 2020: Home Chef, Daily Harvest, Veestro, Gobble and more - CNET

No-fuss, oven-ready meal kits.

from CNET https://ift.tt/3cgKk4L

Facebook's Zuckerberg defends decision to leave up 'inflamatory' Trump posts about Minnesota protests - CNET

President Trump's posts, which included a seeming threat of National Guard shooting citizens caught looting, were censored by Twitter. But not by Facebook.

from CNET https://ift.tt/3dbP0dj

The best meat delivery services in 2020: Omaha Steaks, Thrive Market, Crowd Cow and more - CNET

Explore your options for high-quality beef, pork, chicken and seafood all delivered to your door.

from CNET https://ift.tt/2XOJrLA

Latest Tech News

The Vivo X50 series has been gaining a lot of attention off late. The new device may represent an even more important event for Vivo as a brand in India as it may be just the right one to mark its return to the high-end smartphone space in the country.

Sources aware of the developments have confirmed to us that the upcoming Vivo X50 will indeed be making its way to India, soon after the Chinese launch, which is scheduled for June 1. It’s unclear which variant will be coming, but the teaser did suggest that it will be the Vivo X50 Pro.

This will mark the return of Vivo’s X series to India after over two years, with the last one being the Vivo X21 in 2018. Even more recently, it has primarily focussed on the budget and mid-range segments, but a proper flagship has always eluded India. 

The Vivo X50 Pro is a camera-centric premium mid-ranger which will be powered by the Snapdragon 765G with at least 8GB of RAM and 128GB of storage. If the same specifications make it to India, it will be one of the first phones in the country to sport this chipset. Besides, it will also be 5G-capable. Most of its specs have already been leaked from a recent product briefing in its home country. Other key details include a 4,315mAh battery and support for 33W fast charging.

It will also bring a new premium design with a curved, 6.56-inch high refresh rate display along with a tiny 32MP punch-hole selfie camera on the front, and a frosted glass back. A sizeable camera island will also adorn the back, with four shooters lined up. The primary camera  will be a 48MP Sony IMX598 image sensor, followed by an 8MP ultra-wide shooter, a 12MP short telephoto lens and an 8MP periscopic long telephoto lens.  

Vivo claims that the primary camera will have industry-leading image stabilisation with a new “micro-cloud” system with up to 3-degrees of compensation on either of the axes. This complicated mechanism is also the reason why the camera bump is so significant. 

There is no word on the exact availability, but considering that Vivo is in advanced stages of planning the device’s launch in India, we expect it arrive on Indian shores soon enough.  And, Vivo’s first pair of TWS earphones may also tag along.

• Everything we know about the Vivo X50 series
• Vivo Nex 3 review
• Vivo's true wireless earbuds pop up on e-store

from TechRadar - All the latest technology news https://ift.tt/2BaAwfv

And We Go Green is the documentary Formula E deserves - Roadshow

The Fisher Stevens-directed doc gives us a look behind the race to the 2017/2018 Formula E championship.

from CNET https://ift.tt/2ZPaxVj

Everything we know about Samsung Money video - CNET

Samsung is launching a new debit card and cash management account later this summer in the US. Here's what we know so far about Samsung Money by SoFi and how it will work with Samsung Pay.

from CNET https://ift.tt/36KzwKI

Facebook employees reportedly criticize stance on not fact-checking Trump's posts - CNET

It follows the president signing an executive order after Twitter labeled and hid tweets it deemed as potentially misleading and glorifying violence.

from CNET https://ift.tt/3gxdMXo

Is there a rent freeze in June? Can landlords evict tenants? Late fees, laws and what to do - CNET

Learn about your current rights and find resources for financial relief if you're concerned about being able to pay your rent this month or in the future.

from CNET https://ift.tt/3eyn0B2

Latest Tech News

The US National Security Agency (NSA) has issued a cybersecurity advisory warning that the Russian military hacking group responsible for interfering in the 2016 presidential election has been exploiting a critical vulnerability in Exim since last August or earlier.

For those unfamiliar with Exim, the software is a mail transfer agent (MTA) that runs in the background of email servers. The software is currently the most popular MTA and a big reason for this is due to the fact that it is bundled with many popular Linux distros including Debian and Red Hat.

The timing of the NSA's advisory is a bit strange though as the critical vulnerability in Exim was identified 11 months ago and a patch has already been released to fix the issue. 

• World's biggest email server hit with security flaw
• Hackers turn supercomputers into cryptocurrency mining rigs
• Also check out our roundup of the best email service providers

According to the president of Rendition Infosec and former US government hacker, Jake Williams who spoke with the Associated Press, Exim is so widely used that some companies and government agencies that run the software may have not yet patched the vulnerability. He believes that the NSA may have issued its new advisory to bring attention to the Russian military group known as Sandworm which has exploited the critical vulnerability in Exim in its attacks.

Sandworm

In its advisory, the NSA provided further details on the vulnerability in Exim that Sandworm is actively exploiting, saying:

“The vulnerability being exploited, CVE-2019-10149, allows a remote attacker to execute commands and code of their choosing. The Russian actors, part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attacker’s dream access – as long as that network is using an unpatched version of Exim MTA.”

While the NSA did not reveal who the Russian military hackers have targeted, in recent months senior US intelligence officials have warned that Kremlin agents are currently engaged in activities online that could threaten the integrity of the country's 2020 presidential election.

Organizations and government agencies that use Exim should apply this patch immediately if they have not already done so to avoid falling victim to any potential attacks.

• Keep your devices protected with the best antivirus software

Via MSN

from TechRadar - All the latest technology news https://ift.tt/36KFbjX

Your coronavirus stimulus check: Qualifications, payment status, taxes, prepaid card - CNET

We can help you find out if the IRS has scheduled your payment, how the money may arrive and how much of the $1,200 stimulus check money you'll receive.

from CNET https://ift.tt/36FGoci

This is the cycling gear that will get you back in the saddle - CNET

Since the pandemic torpedoed my usual exercise routine, biking has kept me sane. Here are some of my favorite accessories and services.

from CNET https://ift.tt/3dblDIc

10 reasons why your stimulus check hasn't arrived: Dead ends, form issues, delays - CNET

Are you eligible for a stimulus payment but you're still waiting on the check from the IRS? Here are some possible reasons why it hasn't shown up.

from CNET https://ift.tt/3cdMOk0

How to track your IRS stimulus check with the Get My Payment app now - CNET

If you're still waiting for your stimulus money, here's how to use the IRS tracking app to check your schedule status.

from CNET https://ift.tt/3c7I9QM

The best meal kit delivery services of 2020: Blue Apron, Green Chef, EveryPlate, Gobble and more - CNET

These convenient meal kit services deliver weekly menus and preportioned ingredients to enthusiastic but time-poor home cooks. And with shelter-in-place lockdowns, they're more useful than ever.

from CNET https://ift.tt/2ZKzvoQ