Author: CAT

In addition to price and battery, the Oukitel BT20’s data accuracy matches my go-to Pixel Watch 2. The downside? Just look at it.

Upgrade to Windows 11 Pro to get advanced security features and better performance at a major discount.

Say “Hey, Google, play the news” and your Android device will do just that. Don’t like what you’re hearing? It’s easy to select your preferred news sources.

Amazon’s Valentine’s Day Sale is not just for lovers. Treat yourself and snag savings on several coveted tech (and even flagship Amazon) products.

Akai just officially announced the MPC Key 37, a standalone workstation and groovebox. This is the latest standalone MPC device, following last year’s larger Key 61. The Key 37 has everything you need to make a beat or song from scratch without having to use an actual computer and DAW, with some limitations. 

There are 37 full-size keys, complete with aftertouch. There aren’t that many standalone devices out there with a full keybed, so this should excite musicians who lack experience with Akai-style pads. This device does have 16 velocity-sensitive pads for laying down drum parts and triggering samples, so it’s a “best of both worlds” type situation.

The Key 37 ships with 32GB of on-board storage, though 10GB is used up by the OS and included sound packs. Thankfully, there’s a slot for an SD card to expand the storage — these standalone devices fill up fast.

You get the same color 7-inch multi-touch display and four assignable Q-Link knobs as the company’s Key 61 workstation. This is great for making system adjustments and for controlling effects plugins and the like. As a matter of fact, the entire layout recalls the Key 61, though this new release is slightly less powerful.

Akai

The Key 37 features 2GB of RAM, compared to 4GB with the Key 61. This is going to hamper the number of tracks that will play simultaneously without any hiccups. It also lacks the two microphone inputs and associated preamps. There are, however, stereo 1/4-inch inputs and outputs, USB Midi, 5-pin MIDI In/MIDI Out, 4 TRS CV/Gate output jacks and a USB host port. This keyboard also boasts Bluetooth and WiFi connectivity for wireless streaming with platforms like Ableton Link.

Beyond the iconic 16 pad layout, the highlight of any MPC machine is the software. To that end, the Key 37 ships with Akai’s MPC2 desktop software and its standalone suite. You get eight instrument plugins out of the box and a voucher for a premium plug from the company’s ever-growing collection. You even get that cool stem separation software, though it’s not available on the Key 37 yet.

Akai’s latest and greatest may not be as full-featured as 2022’s Key 61, but it’s around half the price. The Key 37 costs $900 and is available to order right now via parent company inMusic and authorized retailers.

This article originally appeared on Engadget at https://www.engadget.com/akai-adds-a-37-key-standalone-workstation-to-its-mpc-lineup-191246047.html?src=rss

Hackers use ransomware to go after every industry, charging as much money as they can to return access to a victim’s files. It’s a lucrative business to be in. In the first six months of 2023, ransomware gangs bilked $449 million from their targets, even though most governments advise against paying ransoms. Increasingly, security professionals are coming together with law enforcement to provide free decryption tools — freeing locked files and eliminating the temptation for victims to pony up.

There are a couple main ways that ransomware decryptors go about coming up with tools: reverse engineering for mistakes, working with law enforcement and gathering publicly available encryption keys. The length of the process varies depending on how complex the code is, but it usually requires information on the encrypted files, unencrypted versions of the files and server information from the hacking group. “Just having the output encrypted file is usually useless. You need the sample itself, the executable file,” said Jakub Kroustek, malware research director at antivirus business Avast. It’s not easy, but does pay dividends to the impacted victims when it works.

First, we have to understand how encryption works. For a very basic example, let’s say a piece of data might have started as a cognizable sentence, but appears like “J qsfgfs dbut up epht” once it’s been encrypted. If we know that one of the unencrypted words in “J qsfgfs dbut up epht” is supposed to be “cats,” we can start to determine what pattern was applied to the original text to get the encrypted result. In this case, it’s just the standard English alphabet with each letter moved forward one place: A becomes B, B becomes C, and “I prefer cats to dogs” becomes the string of nonsense above. It’s much more complex for the sorts of encryption used by ransomware gangs, but the principle remains the same. The pattern of encryption is also known as the ‘key’, and by deducing the key, researchers can create a tool that can decrypt the files.

Some forms of encryption, like the Advanced Encryption Standard of 128, 192 or 256 bit keys, are virtually unbreakable. At its most advanced level, bits of unencrypted “plaintext” data, divided into chunks called “blocks,” are put through 14 rounds of transformation, and then output in their encrypted — or “ciphertext” — form. “We don’t have the quantum computing technology yet that can break encryption technology,” said Jon Clay, vice president of threat intelligence at security software company Trend Micro. But luckily for victims, hackers don’t always use strong methods like AES to encrypt files.

While some cryptographic schemes are virtually uncrackable it’s a difficult science to perfect, and inexperienced hackers will likely make mistakes. If the hackers don’t apply a standard scheme, like AES, and instead opt to build their own, the researchers can then dig around for errors. Why would they do this? Mostly ego. “They want to do something themselves because they like it or they think it’s better for speed purposes,” Jornt van der Wiel, a cybersecurity researcher at Kaspersky, said.

For example, here’s how Kaspersky decrypted the Yanluowang ransomware strain. It was a targeted strain aimed at specific companies, with an unknown list of victims. Yanluowang used the Sosemanuk stream cipher to encrypt data: a free-for-use process that encrypts the plaintext file one digit at a time. Then, it encrypted the key using an RSA algorithm, another type of encryption standard. But there was a flaw in the pattern. The researchers were able to compare the plaintext to the encrypted version, as explained above, and reverse engineer a decryption tool now made available for free. In fact, there are tons that have already been cracked by the No More Ransom project.

Ransomware decryptors will use their knowledge of software engineering and cryptography to get the ransomware key and, from there, create a decryption tool, according to Kroustek. More advanced cryptographic processes may require either brute forcing, or making educated guesses based on the information available. Sometimes hackers use a pseudo-random number generator to create the key. A true RNG will be random, duh, but that means it won’t be easily predicted. A pseudo-RNG, as explained by van der Wiel, may rely on an existing pattern in order to appear random when it’s actually not — the pattern might be based on the time it was created, for example. If researchers know a portion of that, they can try different time values until they deduce the key.

But getting that key often relies on working with law enforcement to get more information about how the hacking groups work. If researchers are able to get the hacker’s IP address, they can request the local police to seize servers and get a memory dump of their contents. Or, if hackers have used a proxy server to obscure their location, police might use traffic analyzers like NetFlow to determine where the traffic goes and get the information from there, according to van der Wiel. The Budapest Convention on Cybercrime makes this possible across international borders because it lets police request an image of a server in another country urgently while they wait for the official request to go through.

The server provides information on the hacker’s activities, like who they might be targeting or their process for extorting a ransom. This can tell ransomware decryptors the process the hackers went through in order to encrypt the data, details about the encryption key or access to files that can help them reverse engineer the process. The researchers comb through the server logs for details in the same way you may help your friend dig up details on their Tinder date to make sure they’re legit, looking for clues or details about malicious patterns that can help suss out true intentions. Researchers may, for example, discover part of the plaintext file to compare to the encrypted file to begin the process of reverse engineering the key, or maybe they’ll find parts of the pseudo-RNG that can begin to explain the encryption pattern.

Working with law enforcement helped Cisco Talos create a decryption tool for the Babuk Tortilla ransomware. This version of ransomware targeted healthcare, manufacturing and national infrastructure, encrypting victims’ devices and deleting valuable backups. Avast had already created a generic Babuk decryptor, but the Tortilla strain proved difficult to crack. The Dutch Police and Cisco Talos worked together to apprehend the person behind the strain, and gained access to the Tortilla decryptor in the process.

But often the easiest way to come up with these decryption tools stems from the ransomware gangs themselves. Maybe they’re retiring, or just feeling generous, but attackers will sometimes publicly release their encryption key. Security experts can then use the key to make a decryption tool and release that for victims to use going forward.

Generally, experts can’t share a lot about the process without giving ransomware gangs a leg up. If they divulge common mistakes, hackers can use that to easily improve their next ransomware attempts. If researchers tell us what encrypted files they’re working on now, gangs will know they’re on to them. But the best way to avoid paying is to be proactive. “If you’ve done a good job of backing up your data, you have a much higher opportunity to not have to pay,” said Clay.

This article originally appeared on Engadget at https://www.engadget.com/how-security-experts-unravel-ransomware-184531451.html?src=rss

This may be a good time to buy one of Amazon’s latest tablets as many of them are on sale, with discounts of up to 35 percent. The sale brings the 2023 Fire HD 10 down to $95, which is only $15 more than its record low and 32 percent off the $140 list price. This model comes with 3GB of RAM, 32GB of storage and a speedier processor than the last time around. The 1080p HD screen is touch- and stylus-compatible and there’s a 5 megapixel camera up front and another in back. Note that this model displays ads on the lockscreen. If you’d rather not see those promos, the ad-free version is also on sale and currently $15 more at $110. 

All Fire tablets are budget slates that let you browse the web, watch shows and play casual games; They probably aren’t the best pick if you’re looking for a workhorse productivity tablet, which tend to cost significantly more. You won’t be able to run Apple apps, which seems obvious, but Fire tablets also don’t natively support the Google Play store — even though Fire OS is a fork of Android. Readily available apps come from the Amazon app store, which include most major streamers like Netflix, Max, Peacock, social apps like TikTok and Instagram, and plenty of casual games. If you’re just looking for a way to entertain yourself after a day of being productive, Fire tablets offer one of the few ways to do so for under $100. And like all Amazon devices, Alexa is built in to answer questions and control your smart home lights, cameras and doorbells. 

Elsewhere in the sale, the Fire HD 8 is down to $65, which is 35 percent off and around $10 more than its record low. This is an 8-inch version of Amazon’s tablet, with 2GB of RAM, 32GB of storage and a 1280 x 800 screen at 189 ppi. There’s a 2MP front camera and a claimed battery life of 13 hours. This is also a model with lockscreen promos, the ad-free version is $80. 

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

This article originally appeared on Engadget at https://www.engadget.com/amazon-fire-tablets-are-up-to-35-percent-off-right-now-181542666.html?src=rss

GoPro is going back to desktops with a new editing app for Mac. While the company has long offered GoPro Studio and Player + ReelSteady desktop apps, much of its attention has been on mobile since it bought Replay and Splice in 2016. It rebranded the former to Quik.

The latest desktop program is based on Quik and it ties into the GoPro mobile apps. You’ll be able to start editing in the Quik mobile app and finish up on your Mac — or vice-versa. Features include a beat sync tool that matches your edit to the rhythm of the backing track. There’s an auto-highlight editing function too. Although the Mac editing suite could certainly use more features, GoPro says all the key tools from the Quik mobile app will make their way to desktop by the time a Windows version arrives later this year.

GoPro charges those who don’t use its devices $10 per year to use the Quik mobile app. Subscribers to its other tiers will get access to the desktop app at no extra cost. On that note, the company is rebranding its GoPro Subscription to GoPro Premium. It still costs $50 per year (though newcomers get a 50 percent discount for the first year) and it includes perks such as unlimited cloud backups, livestreaming, discounts on equipment and guaranteed camera replacements.

The company is adding a higher subscription tier as well, GoPro Premium+. It includes all of the perks of Premium, along with HyperSmooth Pro video stabilization and up to 500GB of cloud storage for footage captured with non-GoPro cameras (compared with 25GB for Premium). Premium+ costs $100 per year, and Premium users can upgrade for $50.

Update 2/6 1:07PM ET: Clarifying that GoPro bought Replay and rebranded it as Quik.

This article originally appeared on Engadget at https://www.engadget.com/gopro-rolls-out-a-mac-editing-app-and-a-high-end-premium-subscription-tier-173838600.html?src=rss

Morse Micro tested Wi-Fi HaLow over a real world three kilometer distance.