What’s in Samsung’s Galaxy S8 and S8+ smartphones?

Samsung’s new Galaxy S8 and S8+ smartphones look beautiful, and are loaded with new features that could make an upgrade worthwhile.

The handsets are superfast and 4K capable, and also herald the arrival of new technologies like Bluetooth 5 and LTE gigabit modems.

We take a look inside the handsets and see how they have improved from the Samsung Galaxy S7.

 [ Further reading: The best Android phones for every budget. ]

Screen size is bigger

The Galaxy S8 has a 5.8-inch screen, while the S8+ has a 6.2-inch screen, which are larger than the 5.5-inch S7 and the 5.7-inch Note 7. The screen resolution is 2960 x 1440 pixels, a slight uptick from S7’s 2560 x 1440-pixel screen. Samsung was able to increase the S8 screen size by cutting the home button, and also adding to the height. The screen area now constitutes 83 percent of the S8 front surfaces.

Thinner

At 155 grams, the S8 is two grams lighter than the S7. The S8 is 8 millimeters thick, while the S7 is 7.9 millimeters thick. The S8+ is 8.1 millimeters thick.

Beefier processors

In the U.S., the Galaxy S8 and S8+ will have the eight-core Qualcomm Snapdragon 835, while in other regions the phones will have Samsung’s homegrown eight-core Exynos 8895. On paper, the chips are competitive and you should notice little difference in performance. The chips are made on the latest 10-nanometer process, and on average about 20 percent faster performance and 40 percent more power efficient than chips in the Galaxy S7.

Better VR and gaming

The smartphones will be great to use with the Gear VR headset. The Galaxy S8 and S8+ will be capable of shooting and playing 4K video at 120 frames per second via an external monitor. Qualcomm has said its Adreno 540 GPU in the S8 is about 25 percent faster than the Adreno 530 in the Galaxy S7. The Mali G71 GPU in Galaxy S8 is about 20 than its predecessor in the S7. The chips have custom features to speed up multimedia playback and VR, but the Adreno 540 holds an advantage over the Mali GPU.

LTE faster than your wired Internet

The S8 and S8+ have LTE modems than can achieve download speeds of up to 1Gbps, which is faster than most home wired Internet connections. However, cellular networks offer much lower download speeds and are not ready for those blazing modems yet. The S7 had an LTE modem will download speeds of up to 600Mbps and upload speeds of up to 150Mbps.

Hopefully safer batteries

Samsung executives stressed they had learned lessons from the fiasco in which Note 7 batteries exploded, and had implemented rigorous battery-testing processes. Only time will tell if the changes have worked. The S8 has a 3,000 mAh battery, which is similar to the S7. Being a larger phone, the S8+ has a 3,500 mAh battery.

Hello, Bluetooth 5

The S8 smartphones will be among the first handsets with Bluetooth 5. The new wireless protocol will allow S8 smartphones to communicate with devices like wireless speakers at longer distances and faster speeds. With a range of well over 100 meters, Bluetooth 5 has four times the range of Bluetooth 4.2. In theory, devices with Bluetooth 5 can transfer data at 2Mbps, twice that of Bluetooth 4.2, but chipset makers like Nordic Semiconductor recently said they aren’t yet hitting full speeds.

Camera and other features

The S8 smartphones have 12-megapixel rear cameras, similar to the S7, and 8-megapixel front cameras, an upgrade from the 5-megapixel equivalent in the S7. The S8 handsets have 4GB of memory, 64GB of storage, 802.11ac Wi-Fi and GPS, similar to the S7.

Trojan source code leak poised to spur new online banking attacks

The source code for a new Trojan program that targets banking services has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users.

Nuclear Bot will serve as a framework for other malware.

The Trojan is called Nuclear Bot and first appeared for sale on underground cybercrime forums in early December for $2,500. It can steal and inject information from and into websites opened in Mozilla Firefox, Internet Explorer and Google Chrome and can also open a local proxy or hidden remote desktop service.

These are all features commonly seen in banking Trojans, as they’re used by attackers to bypass the security checks of online bank websites to perform fraud. For example, the proxy and remote desktop functionality allows hackers to initiate rogue transactions through the victims’ browsers after they have been tricked into providing the second authentication factor.

What’s interesting about Nuclear Bot is the failure of its author to market it properly to other cybercriminals. According to researchers from IBM, who have closely monitored the Trojan’s history, over the course of several months the Nuclear Bot creator broke many of the unwritten rules of the cybercriminal community, which resulted in his losing all credibility and being flagged a scammer. For example, the program’s author did not not provide test versions of the software to forum admins or potential buyers and used different names when advertising the malware  on different forums.

Even though it did not attract any buyers, the Trojan did turn out to be real and quite potent. And in order to prove his legitimacy as a malware coder, it appears that the Nuclear Bot author took the unusual step of releasing the Trojan’s source code himself.

The source code for other banking Trojans, including Zeus, Gozi and Carberp, has been released in the past, but usually as a result of unintentional leaks. Regardless of the reason, whenever something like this happens, it’s never good news for the rest of the internet.

“Publicly available source code makes for more malware,” the IBM researchers said in a blog post. “This is often incorporated into existing projects. X-Force researchers noted that NukeBot is likely to see the same process take place in the wild, especially since its code is not copied from other leaked malware, per the developer’s claims.”

At the very least, source code availability puts new malware into the hands of cybercriminals who don’t have the resources to build something themselves or to buy a ready-made solution from someone else.

Newegg has dropped the price of a G.Skill 32GB RAM kit to $174

RAM is priced at a premium these days and may not get any better for a few months yet. So when a RAM deal shows up, it’s best to jump on it if the modules suit your setup. Right now, folks waiting to snag a good chunk of DDR4 RAM are in luck: Newegg is selling four G.Skill Ripjaws V Series 8GB 288-pin DDR4/3000 RAM modules for $174.

gskillram 2

The RAM comes in red only, and for those into overclocking, this 1.35V kit supports Intel’s XMP 2.0.

The G.Skill RAM modules are designed with the Intel Z170 “Skylake” chipset in mind, but it’s DDR4, so it should work just fine with the newer Z270 chipset for Kaby Lake. It may also work with Ryzen, but you’ll have to dig deeper to double check, as RAM support is a little chaotic with AMD’s new chips right now.

 RAM prices for PCs are high thanks to the focus on producing RAM for mobile, as well as servers, with desktops being last on the priority list. That state of affairs isn’t expected to get better until later in 2017.

Newegg’s sale ends on Friday.

gskill ripjaws ddr4 3000

Microsoft’s Surface Book and Surface Studio will ship in more markets

Microsoft has been cautious about making its Surface product line available worldwide. It tests devices in specific markets, sees how they do, and if the response is good, ships them to those areas.

surface studio 2 edited

The company appears to have have received a strong response, in particular, to its Surface Studio, Surface Book devices and Surface Dial, which will soon be available in many Asian and European countries.

The expanded availability of these devices was announced on the same day Microsoft said it would release Windows 10 Creators Update on April 11.

The Surface Book with Performance Base, one of the devices that will be more broadly available, is a high-performance laptop that can also be a tablet. The screen pops out from the keyboard base to be a tablet. In a review, PC World concluded the device was powerful and easy to use, but had some design issues and was heavy.

The device — priced starting at $1,499 in the U.S. — will begin shipping to new markets on April 20 and users will be able to order it through Microsoft’s website. The Surface Book with Performance Base will be available in Austria, China, Denmark, Finland, France, Germany, Hong Kong, Japan, the Netherlands, Norway, Sweden, Switzerland and the U.K., according to a Microsoft blog post. Pricing information wasn’t immediately available.

The Surface Studio, meanwhile, is an all-in-one desktop designed for artists. The device has a 28-inch touchscreen that can be angled to be more like an artists’ canvas, and a powerful GPU to handle heavy-duty graphics. The battery-powered Surface Dial is an controller that can be placed on the screen to make it easier to create artwork, much like how a stylus can be used to take notes on tablets. The Studio and Dial will ship on April 20 in Australia, Canada and New Zealand. Pricing wasn’t immediately available.

Google Calendar finally comes to the iPad

Google’s Calendar app is making a long-awaited move to a new device: Apple’s iPad. You read that right: Until Wednesday, the tech titan hadn’t optimized its marquee calendar application to run on Apple’s tablets.

gsuite calendar ipad

The app provides users with a view of the calendars that they have and that are shared with them through Google’s service. In addition, they get a handful of features Apple’s native calendar app doesn’t have, like the ability to more easily find time and space for a meeting with other people inside their organizations.

Making iPad users wait for a native Calendar app is hardly a surprise coming from Google, considering that it’s the company behind Android, and frequently ships new features first to apps for devices running its mobile operating system.

That’s not to say Google Calendar was completely unavailable for iPad users for the past several years. The iPhone app for Calendar could run on Apple’s tablets, but it wasn’t optimized for use on those devices.

The move is a part of Google’s continuing push to make its G Suite productivity services useful to as broad a set of people as possible. Google is working aggressively to get customers to switch to its productivity suite from their current systems, which in many cases, revolve around Microsoft Office. Microsoft offers its own calendar app for the iPad in the form of Outlook for iOS, which has supported Apple’s tablet since its launch in 2015.

Google has more iOS-specific features planned, including a Today widget that will let users see their upcoming events in an iPad’s Notification Center, according to a blog post by Calendar product manager Sharon Stovezky.

China Oceanwide completes its purchase of IDG

The sale of tech publishing pioneer International Data Group to China Oceanwide Holdings Group and China-based IDG Capital is final.

International conglomerate China Oceanwide Holdings has closed its acquisition of IDG.

The deal for China Oceanwide Holdings Group to acquire a majority stake in International Data Group was first announced in January. Tech analyst firm IDC and venture capital firm IDG Ventures are included in the deal.

China Oceanwide hosted an event in Bejing Wednesday to announce the closing of the deal. The companies did not disclose the terms of the sale.

 China Oceanwide has said it will focus on growth at IDG and IDC.

IDG publishes PCWorld, Computerworld, CIO, CSO Macworld, InfoWorld, CSO, Network World, IDG.tv, and hundreds of other publications worldwide. IDG, which operates in 97 countries, is also the parent company of the IDG News Service.

IDG was founded in 1964 by Patrick McGovern, who died in March 2014. Since then, the company has been run by a board of directors, which has been seeking a buyer for about a year.

China Oceanwide is a privately held international conglomerate founded by Chairman Zhiqiang Lu in 1985. The company operates businesses in the financial services, real estate assets, media, technology, and strategic investment markets, and it has more than 12,000 employees globally.

The company purchased a stake in Lenovo’s parent company, Legend Holdings, in 2009. It has continued to expand globally and in October last year, it agreed to buy U.S.-based insurance firm Genworth Financial for US$2.7 billion in cash.

IDG Capital is an independently operated investment management partnership, with IDG as one of many limited partners. It was formed in 1993 as China’s first technology venture investment firm.

China Oceanwide will be the controlling shareholder of IDG’s operating businesses, including IDC and IDG Communications, while IDG Capital will become the controlling shareholder of the IDG venture business.

IDG will continue to be headquartered in Boston, Massachusetts, and managed by its current team.

Tested: Microsoft Edge is the only browser to run Netflix in 4K

In 2016, Microsoft made headlines by boasting that Microsoft Edge was the only major browser to run Netflix in 1080p. As part of the Windows 10 Creators Update’s blitz of new features, Edge has now made the jump to 4K, and it’s the first major PC browser to do so.

To test the feature, we fired up Netflix within Chrome, Opera, Firefox, and Edge. Edge—as well as the Windows 10 Netflix app that you can download from the Microsoft Store—appears to be the only way to run 4K Netflix content on your PC.

Still, there’s a catch: Besides the fact that you’ll need either an external 4K monitor or native laptop display, your PC or laptop will need to have an Intel Kaby Lake CPU. Fortunately, we have such a laptop: the lovely HP Spectre x360 15, with a Core i7-7500U chip inside and a true 3840×2160 display.

netflix 4k in edge edit Windows 10 Creators Update

IDG / Mark Hachman

Using the diagnostic tools within Netflix, we can see that Edge is streaming in 4K. (Unfortunately, it seems that DRM or other technical limitations block screenshots, so we used a camera instead.) Click the picture to zoom in.

When properly configured, Netflix will fill that display with some truly beautiful pixels. Just make sure you’ve upgraded your Netflix account to a plan capable of 4K, which costs $11.99 per month instead of the usual $8.99/mo.

And if you choose not to run Edge? Well, then it’s back to a lowly 720p experience for you, sorry to say. In our tests, using the hidden menu options within Netflix, I was able to confirm that Chrome, Opera, and Firefox all rendered Netflix, but only at a maximum resolution of 1280×720.

opera in 720p in Netflix

IDG / Mark Hachman

Though Netflix is still feeding the browser 4K levels of throughput, Opera, Chrome, and Firefox are only able to output Netflix at 720p.

 Edge skeptics should note, however, that Microsoft’s browser has continued to improve. I’ve personally gone from being critical of Edge to now seeing it as a competent-to-good browser. (See more about my Edge assessment in our Windows 10 Creators Update review.) Fortunately, you don’t have to do a single thing to get Microsoft Edge—if you own Windows 10, you automatically own the browser.

Why this matters: Microsoft has worked hard to convince users that Edge’s early performance problems were an anomaly. Microsoft Rewards will “pay” you for using Edge, Cortana’s baked right in to the browser, and Edge now supports e-reading EPUB books, too. Providing 4K Netflix support is just the latest way Microsoft hopes to convince you to switch browsers. Sure, Chrome, Firefox, and Opera have their own advantages. But these sorts of “exclusives” probably help Edge’s reputation the most.

Trump extends Obama executive order on cyberattacks

U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.

3234554

Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening informing it of his plans to keep it active.

“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” Trump wrote in the letter. “Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”

The executive order gave the U.S. new powers to retaliate for hacking of critical infrastructure, major denial of service attacks or large scale economic hacking.

It was expanded in December 2016 to include election-related systems and used to sanction Russian agents and organizations for their alleged role in a series of attacks during the presidential election.

In that action, Obama named the Russian military intelligence agency, the GRU, and the federal security service, the FSU, as responsible for the election-related attacks. It also named three organizations and four Russian individuals for their alleged role.

The extension of the existing executive order is one of the first actions President Trump has taken publicly that addresses cybersecurity. In February, he had been due to sign an executive order that addressed the issue but it was canceled at the last minute.

The order, as it stood to be signed, largely addressed cybersecurity in the federal government by placing responsibility for cyber risk at the head of each department. It also would have asked the Department of Commerce and Department of Defense to work on cyberdefense of critical infrastructure.

But, after meeting with some of his national security staff and representatives from the National Security Agency, the order was never signed. The White House never explained why that didn’t happen.

Before suing Uber, Waymo initiated action against former engineer

Uber is asking a federal court that most of the claims of a lawsuit filed by rival self-driving car developer Waymo should be settled through arbitration, a process that is usually private, and cheaper and faster than a federal lawsuit.

160914 uber selfdriving 2

The ride-hailing company is referring to Waymo’s own arbitration proceedings against a former engineer who later joined Uber as the basis for its argument in favor of arbitration to resolve the dispute.

Waymo filed a suit last month in the U.S. District Court for the Northern District of California, alleging that the former employee Anthony Levandowski stole trade secrets relating to self-driving cars before leaving to start Otto, a self-driving trucking company that was later acquired by Uber. Other former Waymo employees who left for Uber and Otto were also found downloading sensitive files, Waymo alleged.

 “Waymo’s trade secret and unfair competition claims must be referred to arbitration because they arise out of, relate to, and result from Levandowski’s employment,” Uber has submitted in a filing on Wednesday. The employment agreements Waymo signed with Levandowski require arbitration of all disputes “with anyone” that arise out of, relate to, or result from Levandowski’s employment, according to the filing.

Levandowski has been mentioned frequently by name in Waymo’s filings including its amended complaint and his alleged conduct as a Waymo employee is the core for the Alphabet unit’s trade secrets and unfair competition claims, according to the filing.

Waymo does not name Levandowski as a defendant even though it has brought the arbitration claims against him, aiming instead to litigate them in the court, Uber said.

The Alphabet unit has alleged in its complaint that Uber got a head start by pilfering its technology, building its own comparable LiDAR system within nine months. Before he quit, Levandowski led a team of Waymo engineers who developed LiDAR technology for its self-driving car project, according to court documents.

Waymo also alleged in the suit that Uber has infringed two of its patents.

Waymo could not be immediately reached for comment after business hours. The self-driving vehicles unit was set up as separate company from Google under the Alphabet umbrella in December last year.

In October 2016, Waymo filed two arbitration demands against Levandowski, claiming that he took and improperly used Waymo’s confidential information to assist Uber, the ride-hailing company claims in its filing. One of the demands related to the alleged use by Levandowski of confidential employee salary information to make targeted offers to Waymo’s employees, while the second held that Levandowski improperly used Waymo’s confidential information to induce its employees to join a competitor.

Basing its action on the arbitration provisions in Levandowski’s employment agreements, Uber plans to initiate this week arbitration proceedings, seeking a declaratory judgment that Waymo’s claims that Uber misappropriated trade secrets and violated unfair competition law are without merit.

Uber has asked the court to stay Waymo’s trade secret and unfair competition claims if it decides they have to be settled by arbitration, but should let the remaining claims such as the patent infringement charges proceed in the court.

VMware patches critical virtual machine escape flaws

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

VMware

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

Pwn2Own is an annual hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) program that runs during the CanSecWest conference in Vancouver, Canada. Researchers receive cash prizes for demonstrating zero-day — previously unknown — exploits against browsers, operating systems and other popular enterprise software programs.

This year, the contest organizers added prizes for exploits in hypervisors like VMware Workstation and Microsoft Hyper-V and two teams stepped up to the challenge.

The second team, made up of researchers from the Keen Lab and PC Manager divisions of internet services provider Tencent, exploited the two other flaws patched by VMware this week: CVE-2017-4904 and CVE-2017-4905. The latter is a memory information leak vulnerability that is rated only as moderate, but which could help hackers pull off a more serious attack.

Users are advised to update VMware Workstation to version 12.5.5 on all platforms and VMware Fusion to version 8.5.6 on macOS (OS X). Individual patches are also available for ESXi 6.5, 6.0 U3, 6.0 U2, 6.0 U1 and 5.5, where applicable.

Virtual machines are often used to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, malware researchers execute malicious code and visit suspicious URLs inside virtual machines to observe their behavior. Companies also run many applications inside virtual machines to limit the potential impact if they’re compromised.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That’s why VM escape exploits are highly prized among hackers.