來到年末,Logitech 正於 Amazon 上推出大量電競裝備的特賣,這次再為大家精選了數款較香港本地價格便宜的產品供大家選購,當中最為亮眼的便是三款《英雄聯盟》聯乘產品都正以半價以下發售,即使比起它們原本的款式亦是十分便宜,絕對值得入手。…
The Lastpass hack was worse than the company first reported
After being hacked for the second time in as many years this August, password manager app Lastpass announced on Thursday the most recent intrusion was much more damaging than initially reported with the attackers having made off with users’ password vaults in some cases. That means the thieves have people’s entire collections of encrypted personal data, if not the immediate method to unlock them.
“No customer data was accessed during the August 2022 incident,” LastPass CEO Karim Toubba, explained. However, some of the app’s source code was lifted and then used to spearphish a Lastpass employee into giving up their access credentials, then used those keys to decrypt and copy off, “some storage volumes within the cloud-based storage service.”
Among the encrypted data obtained by the hackers included basic customer account information like company names, billing, email and IP addresses; and telephone numbers, Toubba continued. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.”
Still, you’re going to take the company’s word for it? I’m not. It’ll be a pain but swapping out all of your various existing site passwords for new ones — as well as picking a new master password — might ultimately prove necessary to regain your online security. Or you could just tell Lastpass to go kick rocks and switch over to 1Password or Bitwarden.
Google is making its internal video-blurring privacy tool open source
Google has announced that two of its latest privacy-enhancing technologies (PETs), including one that blurs objects in a video, will be provided to anyone for free via open source. The new tools are part of Google’s Protected Computing initiative designed to transform “how, when and where data is processed to technically ensure its privacy and safety,” the company said.
The first is an internal project called Magritte, now out on Github, which uses machine learning to detect objects and apply a blur as soon as they appear on screen. It can disguise arbitrary objects like license plates, tattoos and more. “This code is especially useful for video journalists who want to provide increased privacy assurances,” Google wrote in the blog. “By using this open-source code, videographers can save time in blurring objects from a video, while knowing that the underlying ML algorithm can perform detection across a video with high-accuracy.”
The other with the unwieldy name “Fully Homomorphic Encryption (FHE) Transpiler, allows developers to perform computations on encrypted data without being able to access personally identifiable information. Google says it can help industries like financial services, healthcare and government, “where a robust security guarantee around the processing of sensitive data is of highest importance.”
Google notes that PETs are starting to enter the mainstream after being mostly an academic exercise. The White House recently touted the technology, saying “it will allow researchers, physicians, and others permitted access to gain insights from sensitive data without ever having access to the data itself.” Google noted that both the US and UK governments are held a contest this year to develop PET solutions around financial crime and public health emergencies.
2022 was a surprisingly great year for monitors
I don’t know if this is a delayed effect of the remote working trend or simply a bunch of technologies all maturing at the same time (or possibly both), but 2022 was an unusually great year for monitors. So before we move onto a new generation of gadge…
The Guardian 疑似遭到駭客勒索攻擊
The Guardian 疑似遭到駭客勒索攻擊,但這一「嚴重的 IT 事件」尚未影響其發文。
Vivo S16 系列回歸自拍加美型路線
Vivo S16 系列回歸自拍加美型路線,「顏如玉」版本能利用光致變色技術顯出淺、深兩種青色。
The Meta Quest 2’s latest update overclocks its GPU to improve performance
The two-year-old Meta Quest 2 is now faster due to a surprise performance boost in the headset’s latest update. Meta boosted the maximum frequency from 490 MHz to 525 MHz, giving all Quest 2 headsets up to 7 percent more performance.
“No integration or coding is needed to start reaping the benefits of this improvement — the dynamic clocking system will automatically increase the frequency as it detects that your app would benefit from it,” Meta wrote. To get the extra speed, all you’ll need to do is either a doff/don (take it off and put it back on) or sleep cycle by clicking the power button twice.
What’s more, if you have dynamic foveation enabled in your app, the GPU will boost from 490 MHz to 525 MHz to maintain higher visual quality rather than increasing foveation (foveation lowers image detail depending on what you’re looking at). The result should be better overall image quality.
Quest 2 owners will benefit from the extra speed with no app changes, but developers could also update apps, using the extra power to boost resolution. In any case, it makes the headset more useful in the final year of its lifespan, with the Quest 3 set to launch next year.
Sony 年終特賣,半價入手 XB910N 無線降噪耳機
Sony 正於 Amazon 上推出年終特賣,這次 WH-XB910N、WH-CH710N 兩款頭戴式耳機,加上 WF-C500 真無線耳機都正以大額折扣發售,當中 WH-XB910N 更首次跨越半價的界線,只需 US$123 即可入手,較本地亦價格便宜許多,是入手的好時機。…
Twitter appears to be blocking Google Voice numbers from SMS authentication
Twitter appears to have cut off Google Voice numbers from two-factor authentication (2FA). Although it’s hardly the first company to block virtual phone numbers from SMS authentication, the change could be connected to CEO Elon Musk’s aggressive moves to snuff out bot accounts from the platform.
The new behavior, reported by 9to5Google, appears to block users from using a Google Voice number to authenticate their accounts. (I tried it today, and it rejected my Google Voice number.) Further, users previously authenticated with Google Voice could find themselves locked out of their accounts. Engadget reached out to Google to confirm, and we’ll update the story if we hear back. Twitter no longer has a PR department.
Since buying Twitter and taking over as CEO (a title he now says he’ll abandon once he finds a successor), Musk has been vocal about vanquishing bots from the platform. Earlier this month, Platformerreported the company blocked traffic from 30 mobile carriers worldwide — including networks in Russia, Indonesia, India and Malaysia. The move cut off access for thousands of accounts, including legitimate ones using those wireless carriers for 2FA. Musk accused the carriers of initiating the bogus texts to inflate what Twitter owed them contractually for SMS.
That report didn’t mention Google Voice, but anyone with a Gmail account can set up a free Google Voice number, making it an easy authentication tool for bots, scammers and spammers. Although it’s tempting to lump this move together with Musk’s seemingly erratic overhauls since taking over, it’s standard practice for apps ranging from financial institutions to dating apps to bar virtual numbers from 2FA.
If you set up your Twitter account with Google Voice authentication, you should be able to change the number without contacting support. You can go to Twitter Settings > Security and Account Access > Security > Two-Factor Authentication to remove that number and add your primary carrier line.
2022 年終回顧:倒數最熱門產品評測前十名
這裡我們整理了這一年間,最受關注的 Engadget 評測前 10 名,大家要不要猜猜看第一名是誰呢?