WikiLeaks: CIA Hacks Smartphones To Work Around Encrypted Communications

WikiLeaks published documents purporting to show the CIA’s hacking abilities. In with claims that the intelligence agency compromised smart TVs to spy on their owners, among other things, the documents explained how the agency targets smartphones to evade the protections of end-to-end encrypted (E2EE) messaging services like Signal and WhatsApp. But don’t panic–the CIA hasn’t directly undermined the security measures used by those tools.

E2EE secures information by encrypting it before it ever leaves the device. This protects the messages from man-in-the-middle attacks that intercept communications between a device and an app’s servers while also preventing companies from reading the information themselves. It’s kind of like speaking into a tin can that’s connected to another can by a string; messages are only received by their intended recipients. Nobody else gets anything.

This setup rose to prominence after Edward Snowden revealed National Security Agency (NSA) surveillance programs in 2013. Since then, companies like Facebook, Google, and others have rushed to secure their communications tools. (Even if Google did turn over an E2EE project for Gmail to the public.) Many of these apps use the Signal protocol–which is also used by a service of the same name–to protect their users’ messages from prying eyes.

Now the new WikiLeaks documents show that the CIA targets individual smartphones to bypass these protections. To continue the metaphor above, this is like putting a microphone in one of the tin cans so you can hear everything someone says. The string still does its job by making sure communications aren’t overheard by anyone else, but because the can has been compromised, the system doesn’t offer the same level of security that it did before.

Open Whisper Systems, the nonprofit behind the Signal protocol and service, said in a series of tweets that this could actually be a good sign:

The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption. […] The story isn’t about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what we’re doing is working. […] Ubiquitous e2e encryption is pushing intelligence agencies from undetectable mass surveillance to expensive, high-risk, targeted attacks.

In a sense, the CIA hacking phones to work around E2EE is kind of like someone picking up the device to read all the messages stored on it. (Or, to continue that metaphor from earlier, holding one of the cans to their ear.) It’s not up to groups like Open Whisper Systems to prevent that eavesdropping–people have to be careful about how they use their devices, and manufacturers have to make those devices as hard to hack as possible.

It’s better to use encrypted messaging services and force intelligence agencies to use targeted surveillance techniques than to be caught in the dragnet surveillance that Snowden revealed four years ago.

Go to Source

Be Quiet (Un)Dresses Pure Base 600 With New Tempered Glass Window

Midway through January, be quiet! announced its Pure Base 600 chassis, which comes with some very low-key styling standard out of the box. If you liked what you saw but wanted something just a little spicier, or have pride in the internals you’re building into it, you may be interested in the windowed variant that’s now available.

The Pure Base 600 is a standard ATX chassis that comes with room for three dual-slot graphics cards, three 3.5” drives, two 2.5” SSDs, and two optical drive bays. It comes with a 140mm fan for intake and a 120mm unit as exhaust, and has an adjustable vent at the top that you can open fully, partially, or close depending on your needs.

The windowed side panel is built with a 4mm-thick sheet of tinted and tempered glass, which should accentuate the standard black- or black and orange-accented cases nicely.

Be Quiet!’s Pure Base 600 Window is available immediately at an MSRP of $100 – just $10 more than the non-windowed version. If you’re upset because you own the standard case and now want the window, worry not: a separate panel with the piece of tempered glass is also available for $30.

Model: be quiet! Pure Base 600 Window
Motherboard Type Up to ATX
Expansion Slots 7
Dimensions 492mm x 220mm x 470mm
Net Weight 7.44kg
Drive Bays 2x 5.25”, 3x 3.5”, 2x 2.5″
PSU Standard PS2 PSU
Front I/O USB 3.0 x 2, HD Audio x 1
Radiator Support 1x 360mm or 280mm, 1x 280mm
CPU Cooler Max Height 165mm
VGA Card Max Length 280mm With HDD Rack, 425mm Without
PSU Length Limit 210mm

Go to Source

Most Major Antivirus Programs Bypassed By The CIA, Shows WikiLeaks Document

WikiLeaks recently published thousands of documents that the organization said belongs to the CIA. Among them, there was a document that showed a list of antivirus and other security products that have been exploited and bypassed by the CIA.

The list included the following software products:

  • Comodo
  • Avast
  • F-Secure
  • Zemana Antilogger
  • Zone Alarm
  • Trend Micro
  • Symantec
  • Rising
  • Panda Security
  • Norton
  • Malwarebytes Anti-Malware
  • EMET (Enhanced Mitigation Experience Toolkit)
  • Microsoft Security Essentials
  • McAfee
  • Kaspersky
  • GDATA
  • ESET
  • ClamAV
  • Bitdefender
  • Avira
  • AVG

You probably recognize most, if not all, of the products on that list. The list includes Microsoft’s “Security Essentials” antivirus program, which was later converted into the built-in “Windows Defender” program in Windows 8 and later, as well as EMET, Microsoft’s anti-exploit security tool (mainly for enterprise users).

EMET was recently deprecated by Microsoft, because the company said that many of EMET’s anti-exploit features such as DEP, ASLR, Control Flow Guard (CFG), as well as other mitigations to bypass the User Account Control (UAC), were already built into Windows 10.


Microsoft said that because the security features are built-in, they should offer better security than the ad-hoc security that EMET tried to provide. The CIA documents released by WikiLeaks date from 2014, before Windows 10 came out. Therefore, we don’t know what new capabilities the CIA may have obtained since then, and whether or not the new Windows 10 security features were also bypassed.

Bypassing Antivirus Programs

The leaked documents pertaining to the list of antivirus programs that have been exploited by the CIA seem to have been redacted, likely by WikiLeaks. The organization said that it made over 70,000 redactions in total, mainly to remove harmful code (WikiLeaks has been accused in the past of “hosting malware” because the emails it released contained malware targeted at the recipients of the leaked emails), as well as personal details and IP addresses. However, it’s not clear why the organization removed the technical information about how most of the antivirus programs in the list were exploited.

Only partial information was left about CIA’s exploit capabilities against three antivirus programs: F-Secure, Avira, and AVG.

On F-Secure

In OSB’s experience, F-Secure has generally been a lower tier product that causes us minimal difficulty.  The only annoyance we have observed is that F-Secure has an apparent entropy-based heuristic that flags Trojaned applications or other binaries containing encrypted/compressed payloads.  Two defeats are known to exist:  On involves using RAR file string tables in the resource section, the other involves cloning a RAR file manifest file – the manifest technique also works against Avira’s entropy-based heuristics.

On Avira

Avira has historically been a popular product among CT targets, but is typically easy to evade.  Similar to F-Secure, Avira has an apparent entropy-based heuristic that flags binaries containing encrypted/compressed payloads, but there are two known defeats.

On AVG

AVG Catches a Payload Dropped to Disk and Launched via Link File Well After Execution (Process Hollowing)

Perhaps the fact that the CIA can bypass most antivirus products should not be that surprising. After all, any sophisticated attacker who wants to develop new malware would also try to find ways to bypass the popular antivirus products. Otherwise, the malware wouldn’t be very effective, and it would be caught too early.

Google’s Project Zero security research team has also shown that antivirus programs can sometimes be some of the most vulnerable programs you may be running on your system. That’s not just because some of the antivirus companies are careless with the code they write, but mainly because the same techniques they use to “make users safer” are what create the vulnerabilities in users’ systems in the first place.

For instance, some of them do man-in-the-middle attacks against users’ browsers in order to analyze the encrypted pages that the users are visiting. However, an attacker could exploit this by taking over the capability and then using it against the users. Therefore, in this case, the antivirus created a vulnerability that perhaps wouldn’t have existed otherwise.

Staying Safe Online

The most common sense ways to stay safe are still to be careful about what you install on your system, use accounts with limited rights by default, and update your operating system and applications on time. This should save you from the vast majority of attacks and malware.

If you want to go the extra mile, you could also browse the web in a Linux virtual machine, or even use a more compartmentalized operating system such as Qubes OS, but these tools may not be for everyone.

Go to Source

PS4 System Update 4.5 Drops March 8 With New Features For PSVR, PS4 Pro

In early February, Sony released details about the upcoming PlayStation 4 system software update, code-named Sasuke, and proceeded to roll it out to beta testers. Tomorrow, the wait for the PS4’s new features ends as Sony shifts System Update 4.5 from beta to full release.

When Sony announced the beta test for PS4 System Update 4.5, the company gave us a few tidbits about the forthcoming changes, such as announcing that PSVR owners would be able to watch 3D Blu-ray movies with their headsets and that the console would finally have the ability to access external hard drives. But the company shied away from revealing the full details of the upcoming console update.  

In addition to the 3D Blu-ray and external storage support, PS4 System Update 4.5 includes visual improvements for PSVR’s social screen and cinematic mode. Currently, when you turn on your PSVR HMD, the image quality on your TV or monitor used for the social screen diminishes. After the update drops tomorrow, the resolution of the image on your TV shouldn’t change when you enter VR mode. Sony also improved the image quality in Cinematic mode by increasing the refresh rate from 90Hz to 120Hz when the screen size is set to “small” or “medium.”

Sony’s PS4platform includes a feature called Remote Play, which allows you to access and control your console remotely from a PC or Mac. Remote Play allows you to play PS4 games from your PC, but voice communication wasn’t possible. System Update 4.5 adds microphone support to Remote Play and a button to toggle it on and off.

Speaking of communication: Sony’s PlayStation platform includes a selection of “off-console apps” that allow you to access your account from other devices. With System Update 4.5, Sony added a smartphone-shaped icon to the dashboard so you can tell whether your friends are online through an app or if they are logged into their console.

Sony also made some changes to its mobile apps. The PS Messages app gets “quick replies” to simplify communication. If you get an invitation to a party, you can send a quick reply saying “I’ll join later,” or “Sorry, I can’t join.” And Sony added a PSN service status indicator to the Communities app.

Boost Mode is the final piece of the PlayStation 4 System Update 4.5 release, but we already knew that thanks to a leaked screenshot. Boost Mode is an exclusive feature for PS4 Pro owners, which tries to get the most out of the PS4 Pro’s powerful GPU.

Boost Mode allows games that aren’t optimized for the PS4 Pro’s advanced hardware to leverage the GPU and CPU to increase frame rates and lower load times. Sony said that boost mode “can provide a noticeable frame rate boost” in games that feature variable frame rates, and stability for games that operate at fixed frame rates. Boost Mode doesn’t work with all titles, but it has benefits for some games. For that reason, Sony lets you toggle Boost Mode at will.

Sony didn’t say at what time it will launch System Update 4.5, but you should expect to see it land March 9.

Go to Source

1-2-Switch review

Looking at coverage of the Nintendo Switch launch, it’d be easy to think that The Legend of Zelda: Breath of the Wild was the only game out for the new console. While the rest of the launch lineup is a bit slight, there is one other big release: Nintendo’s own mini-game collection 1-2-Switch.

Read next: Nintendo Switch review

Echoing the likes of Wii Sports and Nintendo Land before it, 1-2-Switch is a collection of games designed to show off the unique capabilities of the Switch and its Joy-Con controllers – though unlike those games, it doesn’t come bundled in with the device itself. So is this the Switch at its best, or a muddled mess? Find out in our 1-2-Switch review.

How much does 1-2-Switch cost?

As mentioned above, 1-2-Switch doesn’t come included with the Switch console, though we wouldn’t be surprised to see Nintendo release a bundled edition some time in the future.

Fortunately, it isn’t a full-price game, and runs slightly cheaper than big titles like The Legend of Zelda. At launch, the best price we’ve found in the UK is £34 from Amazon, while Game and Zavvi are selling it for the RRP of £39.99.

US players can pick 1-2-Switch up for $49.99 from Amazon or GameStop.

Also see: Best games deals

Oh, and don’t worry, while 1-2-Switch is multiplayer, it’s designed to work using only the two Joy-Con controllers bundled with the console, so there’s no need to pick up any extra controllers or accessories to get the most out of the game.

1-2-Switch review

So, what do you get for your money? 1-2-Switch is a mini-game collection with a fairly unique gimmick: almost every game is designed to be played while looking each other in the eye, rather than looking at the TV screen. Players then rely on audio and rumble feedback from the Joy-Con controllers, rather than visual cues from the TV.

For example, in Sword Fight you face off against one another, swinging the Joy-Con remotes through the air as you act out a fight. Similarly, in Quick Draw you have to look one another in the eye as you wait for the cue to fire your sharpshooters, while in Milk you’ve somehow got to maintain eye contact (and your composure) as you each pretend to milk a virtual cow.

As a hook for a party game, it’s a great idea. Simple games are elevated by the introduction of eye contact, and victory depends as much on playing each other as on playing the game. One of the better games in the collection, Samurai Training, sees one player ready a sword strike that the other has to try and block by raising their Joy-Con. In any other setup, this might just be a test of reaction speeds, but here it’s as much a mental game as anything else, each player trying to read the other’s body language, fake each other out, and generally get inside each other’s heads.

The games are mostly designed to show off the varied tech inside the Joy-Con controllers, some more successfully than others. The unfortunately named Ball Counting is a great demonstration of the new HD Rumble, giving the impression of a handful of ball bearings rattling around the controller, and asking you each to count them. It’s a great illustration of the power of the advanced haptic feedback, and something no other games console can manage right now.

Unfortunately, too many of the games simply rely on the motion controls and gyroscope, and it’s hard not to feel that a good number of them could have been played with the Wii Remote Plus, which isn’t exactly a convincing demonstration of the new hardware. It’s especially frustrating when 1-2-Switch offers inferior versions of Nintendo’s own old games. Baseball was never the highlight of Wii Sports, but in 1-2-Switch it’s a total mess, a lack of helpful audio feedback leaving a confusing scramble of timing that’s fun for neither players nor spectators.

Baseball isn’t the only game that’s confusing, awkward, or plain not fun. We once missed an entire game of Sword Fight because we didn’t realise we were meant to have started fighting yet; while Shaver (in which players mime shaving their faces) left us entirely unsure when we were calibrating the controllers and when we were actually playing. Worst of all is Baby, in which you have to rock the Switch tablet like a crying child, and try and settle it to sleep. It’s about as fun as, well, trying to get a screaming baby to settle, which is to say: not very.

Read next: The Legend of Zelda: Breath of the Wild review

1-2-Switch is at its best when it embraces the real spirit of party games: forcing people to make fools of themselves. There’s Gorilla, in which players have to pound their chests rhythmically to attract a female of the species; or Runway, which challenges players to walk the catwalk (with maximum hip-sway) before striking pose or two at the end.

Best of all are 1-2-Switch’s most innuendo-ridden games. There’s the aforementioned Milk, but also Eating Content, which uses the right Joy-Con’s IR motion camera to detect how quickly the player opens and closes their mouth, with the controller held all too suggestively all the while. Most astonishing of all is Soda, in which players pass one controller around the room, each giving it a vigorous shake, hoping the ‘soda’ will ‘pop’ in another player’s hands. And when it does? A geyser of white fluid erupts on the TV screen for all to see. It’s subtle stuff.

Perhaps the strangest complaint of all is the awkward experience of starting the game. While there are 28 mini-games in total, when you first launch 1-2-Switch it locks you into playing Quick Draw, and nothing else. After a couple of goes it gives you access to eight or so games, and after you’ve played a dozen or so games across all of those, it finally gives you access to the rest, including the more interesting competitive mode that pits two teams against each other across a variety of games.

Gating content behind unlocks is nothing new of course, but what’s odd about 1-2-Switch is that it gives you no cue that there’s more content to unlock, or any indication of how you can do it. You simply have to keep playing, on faith, until it deigns to give you the full experience – which is exactly what you don’t want to have to do for a party game, when you want to get into the fun bit pretty much immediately.

Read next: Best Switch games

Go to Source

Arctic's Freezer 33, 33 Plus, 33 CO All Have Zero-RPM Fan Modes

A few weeks ago Arctic introduced its Freezer i32 Plus CPU cooler, and today the cooling manufacturer is back with three new units: the Freezer 33, Freezer 33 Plus, and Freezer 33 CO. The three coolers all come with the same heatsink assembly, but differ in their fan options – the standard Freezer 33 comes with a single 120mm fan, the Plus variant comes with two, and the CO model packs a different 120mm fan built for continuous operation.

The heatsink measures 150mm tall and 123mm wide. Without fans, it is 52mm thick, and each fan adds 25mm to that figure. Heat is drawn from the CPU and pushed to the fin stack with four 6mm thick direct-contact heatpipes. The fin stack consists of 49 0.5mm thick aluminum fins.

To push air through the heatsink Arctic has two fans, but aside from the bearing both offer the same spec sheet. They will spin at speeds between 0-1,350 RPM, producing up to 0.3 Sone, which roughly translates to somewhere between 22-23 dBA (Arctic, if you’re reading this, please supply your noise levels in dBA) whilst drawing 0.2A at 12V. The standard white F12 PWM fan comes with a fluid dynamic bearing with an extra oil reservoir for longer life, whereas the gray fan on the CO version of the cooler has a dual ball dynamic bearing for an even longer lifetime.

Topping the kit off, all versions of the Freezer 33 come with a zero-RPM feature, which stops the fans from spinning when the PWM duty level sits below 40% – a creative way to get a semi-passive CPU cooler, considering that many motherboards won’t allow you to fully switch off the CPU fan, even at lower temperatures.The Freezer 33 coolers come with mounting hardware for all major Intel and AMD sockets, including the new AM4 socket for Ryzen.

Arctic’s Freezer 33 and Freezer 33 Plus will be available any moment now, with the Freezer CO available for pre-order for April. The single-fan Freezer 33 costs $46, whereas the dual-fan model and the CO variant will sell for $50.

Go to Source

The best free Photoshop alternative 2017

Free editors that stand toe-to-toe with Photoshop

There are dozens of free photo editors designed to enhance your pictures with a couple of clicks, but far fewer could be called a genuine alternative to the industry standard editor Adobe Photoshop.

Simple photo-enhancing software has its place, but a genuine Photoshop alternative needs more than just red-eye correction and a handful of retro filters; it has to offer layers and masks, batch-editing, and a wide assortment of automatic and manual editing tools. It also needs plugins to fill any gaps in its feature-set, and enable you to work as efficiently as possible.

Some of Photoshop’s unique features (like asset-linking) mean it will always remain the professional’s tool of choice, but the rest of us have an excellent choice of free alternatives.

Have we missed your favorite Photoshop alternative? Let us know in the comments below.

1. GIMP

GIMP is the best free Photoshop alternative – powerful and almost infinitely expandable

Powerful and adaptable, GIMP is the best free Photoshop alternative. With layers, masks, advanced filters, color adjustment and transformations – all of which are fully customizable – its feature set it unbeatable.

One of GIMP’s best features is its wealth of user-created plugins and scripts – many of which come pre-installed and ready to use. Some of these replicate popular Photoshop tools (such as Liquify), and there’s even a package of animation tools for bringing your photos to live via blending and morphing.

If that all sounds a little intimidating, don’t worry – GIMP’s excellent user manual includes step-by-step tutorials and troubleshooting guides to get you started.

The latest version of GIMP offers a new interface that puts all of its toolboxes, palettes and menus together in one window. This gives it a smart, Photoshop-like appearance, though its extensive patchwork of user-created tools means you’ll have to spend a little time experimenting and perusing the documentation to learn how to get the best results from each one.

Download here: GIMP

2. Photo Pos Pro

Another remarkable free Photoshop alternative. Well designed, with just a few restrictions

If you haven’t heard of Photo Pos Pro, you’re in for a treat. This free Photoshop alternative aims to give the best of both worlds, offering interfaces for both novice and advanced users. The novice option puts one-click filters and automatic adjustments at the fore, while the latter closely resembles Photoshop. Both are well designed, and more intuitive than GIMP’s endless lists and menus.

Photo Pos Pro offers both layers and layer masks, as well as superb clone and healing brushes. All the expected color-refining tools are present and correct. There’s support for batch-editing and scripts to save time on routine tasks, you can import images directly from a scanner or camera.

Photo Pos Pro offers plugins in the form of extra frames and templates, and you can create and save your own filters for future use.

Its main drawback is the limit on the size of saved files (1,024 x 2,014 pixels), but if you like the basic version and want to upgrade, Photo Pos Pro Premium is currently discounted to £17.67 (US$19.90, AU$29.78) – a very reasonable price for a top-rate Photoshop alternative.

Download here: Photo Pos Pro

3. Paint.NET

A free Photoshop alternative that’s a little light on features, but easy for newcomers to master

Open source Photoshop alternative Paint.NET started life as a substitute for Microsoft Paint, but over the years it’s grown into a powerful photo editor in its own right.

Like GIMP and Photo Pos Pro, Paint.NET offers an excellent selection of automatic filters, plus manual editing tools for fine adjustments. It also supports layers, though you’ll need to install a plugin for masks. Batch editing is included by default, and its clone stamp makes it easy to erase blemishes and distractions.

Paint.NET isn’t quite as feature-filled as GIMP, but its smaller community of volunteer coders means its interface is more consistent and easier to use overall (though not as slick as Photo Pos Pro). Paint.NET is a particularly good choice for working with multiple photos thanks to quick-access tabs that use thumbnails to represent each open image at a glance.

Paint.NET is also very fast, and runs well even on low-powered PCs. There’s no limit on the size of saved images, but it takes third place due to its smaller range of options and customizable tools.

Download here: Paint.NET

4. Pixlr Editor

A browser-based free Photoshop alternative that’s more robust than many desktop applications

Pixlr is no ordinary free Photoshop alternative – it’s the work of AutoDesk, one of the biggest names in computer-aided design and 3D modelling software, and is as impressive as its pedigree implies. 

There are several versions available, including web, desktop and mobile apps. Here we’re looking at the Pixlr Editor web app, which is the only one to support layers.

Pixlr Editor features a prominent ad on the right-hand side that limits the size of your working space but that’s its main drawback. You get all the expected image-refining tools (including sharpen, unsharp mask, blur, noise, levels and curves to name just a few), as well as artistic filters and automatic optimization options. Nothing is hidden behind a paywall. 

Pixlr Editor also gives you a toolbox very much like GIMP’s, with brushes, fills, selection, healing and clone stamp tools – all customizable via a ribbon above the workspace. There’s support for both layers and masks, and although Pixlr Editor doesn’t offer batch editing, it can cheerfully handle multiple images at once.

Sounds too good to be true? It might soon be. In 2015, Autodesk announced that it was working on an HTML5 version of its lightweight photo editor Pixlr Express, claiming that Flash “deserves everyone’s heartfelt salutation as it sails off into the sunset”. Pixlr Editor is also built in Flash, but no HTML5 replacement has been announced, so we suspect that it might not be long for this world.

For now, though, it’s a truly excellent Photoshop alternative – particularly if you don’t have the time or permission to download a desktop application.

Try it online: Pixlr Editor

5. Adobe Photoshop Express

A trimmed-down app that bundles Photoshop’s best features in a mobile-friendly package

Adobe Photoshop Express is a lightweight version of the industry-standard photo editor available free for your browser, and as a downloadable app for Windows, iOS, and Android.

Photoshop Express is the simplest of the tools here, but Adobe’s expertise in photo editing means it’s far superior to other quick-fix software. It packages Photoshop’s most useful picture-enhancing  sleek, minimalist interface that’s particularly well suited to touchscreens. Sliders enable you to adjust contrast, exposure and white balance of your photo dynamically, and there are automatic options for one-click adjustments. Once you’re satisfied with the results, you can either save the edited photo to your PC or share it via Facebook.

The main appeal of Photoshop Express is its simplicity, but this is also its biggest drawback. There are no layers, plugins, or brush tools, and you can’t crop or resize your pictures.

If you’re looking for a powerful image editor for your smartphone or tablet, Photoshop Fix (for restoring and correcting images) and Photoshop Mix (for combining and blending images) are also well worth investigating. Photoshop Mix even supports layers, and both apps integrate with Adobe’s Creative Cloud software, making it an excellent counterpart to the desktop version of Photoshop, as well as a superb tool in its own right.

Download here: Adobe Photoshop Express

Use Photoshop plugins with GIMP

You don’t need Photoshop to use Photoshop plugins. Thanks to a free extension from Akvis, you can install and run them in our favorite free Photoshop alternative, GIMP. For full details, see our comprehensive guide.

See all the free Photoshop alternatives available to download from TechRadar

Go to Source