They’re not quite the super-helpful, ultra-intelligent phones that Google wants them to be, but the latest Pixel devices are more competitive than ever
The Pixel 7 and 7 Pro feel like fully realized, more refined versions of the phones Google launched last year. The Pixel 6 and 6 Pro marked a new chapter for Google’s mobile devices, with a bold new design and a brand new processor. They were ambitious, often great devices with a few rough edges. Google hasn’t completely smoothed them over in this iteration, but it has created a pair of phones that feel like worthy competitors to the iPhones and Samsung Galaxies of the world. They’re what the Pixel 6 and 6 Pro should have been: a year late, but better late than never.
At the top of the Pixel 7 and 7 Pro’s spec sheet is Tensor G2, the second version of the chipset Google introduced last year, and it powers several of the devices’ refinements. There are some updated speech recognition and calling features, but Tensor G2’s most impactful contributions to the Pixel experience are in the camera app. There are some other hardware-related improvements, too, like the long-overdue addition of face unlock. It’s nothing groundbreaking, but it’s a worthwhile quality-of-life enhancement compared to the sluggish in-screen fingerprint reader on the Pixel 6.
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.
The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations.
"The vulnerability is due to the method (cpio) in which Zimbra's antivirus engine (Amavis) scans inbound emails," cybersecurity firm Rapid7 said in an analysis published this week.
You can use a secure key for SSH, instead of a password.
The Secure Shell Protocol (SSH) is perhaps the most well-known means to make a secure connection between a client machine (your laptop, phone or desktop) and a remote server in an office, data center or in your home network. You’ll likely use SSH if you want to get to the command line on your web hosting service or a headless Raspberry Pi. SSH is available in some form for nearly every operating system, and often it is integrated into the OS.
Most servers give you a choice of connecting to SSH via a password or via SSH keys, which are more secure. The SSH key method uses cryptographically-generated public and private keys to create an encrypted connection between devices.
Our public key is stored on the remote machine and a private key is stored on our machine. The two SSH keys are required to make a secure connection. Keys can also be used with passphrases to add another level of security, but they can also be used without, for example in automated processes.
Preparing the Remote Server for SSH Keys
Our remote machine can be in a data center run by a web hosting service, our office or home. Typically Linux servers such as VPS and cloud hosting will have SSH running by default, using passwords for secure logins. If this is not the case, you will need to enable SSH via the control panel for your VPS / cloud service. If you are using a home server, then it is possible that it may not be installed. If that is the case, follow these steps before moving onwards.
1. Open a terminal and check for a running SSH service on the machine. If the SSH service is running it will return Active: active (running).
sudo service ssh status
2. On the physical server, open a terminal and install OpenSSH Server. You will need to be sat in front of the machine to issue these commands.
sudo apt update
sudo apt install openssh-server
3. Start the SSH service.
sudo service ssh start
4. In your home directory create a hidden directory called .ssh.
mkdir .ssh
5. Close the connection by pressing CTRL+D or typing exit and pressing Enter.
Copying the Public Key to the Remote Server
The public key is stored on our remote server, and it interacts with the private key on our trusted machine to form a secure connection. In order to get the public key to our server we need to securely copy (scp) the file across.
1. In a Command Prompt use the scp command to securely copy the id_rsa.pub to your home directory on the remote server. You will need to know the IP address or hostname of the remote computer. In our example we copied the file to [email protected]:/home/testuser/
3. Verify that the id_rsa.pub file is present in your home directory.
ls *.pub
4. Copy the contents of the file into a new file in the .ssh directory. Using the cat command we send the contents to the file, authorized_keys using a pipe that appends the data to the file (>>).
cat id_rsa.pub >> .ssh/authorized_keys
5. Close the SSH connection by pressing CTRL + D or by typing exit.
6. Reconnect via SSH to the remote computer. If you created a passphrase for your SSH key, you will be prompted for it.
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information.
The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen.
"An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," LastPass CEO Karim Toubba said.
SpaceX and T-Mobile will host a joint event on Thursday at 8PM ET announcing plans to “increase connectivity.” SpaceX “chief engineer” Elon Musk and T-Mobile’s CEO and president Mike Sievert will be presenting at the event, which will happen at SpaceX’s Starbase launch site in South Texas, where a Starship prototype was recently loaded onto the launchpad.
The two companies haven’t revealed much more beyond that, though Musk is already teasing that the event will be “something special.” The livestream link is already live.
With how little has been revealed, it’s hard to know what exactly the two companies are planning on discussing. Perhaps it’s a spectrum announcement of some kind? A partnership to strengthen both Starlink’s sometimes-overloaded satellite internet connections in rural areas and T-Mobile’s home internet product that doesn’t have quite enough coverage? A SpaceX deal for T-Mobile subscribers? We’ll have to tune into the show to see.
Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings.
The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018.
Application security firm Checkmarx explained it identified a cross-site scripting (XSS) flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app.
