Tech
Former IDF intelligence personnel likely tied to UAE spy app


|
Former Israeli military intelligence personnel are likely tied to an Emirati messaging app that was secretly spying on its users in a mass surveillance campaign, according to a Sunday report.
The United Arab Emirates government uses the ToTok service to monitor users’ location, conversations, relationships and other information, the New York Times reported, citing its own investigation into the app and American officials with knowledge of a classified US intelligence report.
ToTok has been downloaded by millions of users through the Apple and Google app stores since it debuted several months ago. Most users are in the UAE, but it has been downloaded by people worldwide, and this month was one of the top social apps in the US, according to the App Annie research firm.
The app, which is separate from, but apparently named after the popular Chinese TikTok app, also ranked highly in Saudi Arabia, the UK, India and Sweden.
State-backed publications started advertising ToTok in the UAE in recent months as a “free, fast and secure” messaging tool, in a country where many messaging apps are restricted by the government.
Both Google and Apple have removed the app from their stores, but users who have downloaded it already are still able to use it.
It is the latest in a string of digital weapons that wealthy governments have developed to spy on their adversaries and citizens.
Saudi Arabia, the UAE and Qatar have in the past used private firms staffed by Israelis and Americans for such operations.
The company operating ToTok, called Breej Holding, was probably tied to the Abu Dhabi cyberintelligence company DarkMatter.
In October, Hebrew media reported that DarkMatter was actively recruiting graduates of Unit 8200, the elite Israel Defense Forces intelligence unit.
According to a Yedioth Ahronoth report, graduates of the vaunted intelligence unit are regularly offered $100,000-plus a month salaries, signing bonuses and luxury homes in Cyprus.
Yedioth said several firms were recruiting the Israelis, but only named DarkMatter. Israel and the UAE do not have formal diplomatic ties, but are said to have close security cooperation largely focused on Iran, their common foe.
A second report published in TheMarker business daily said that DarkMatter maintains an office in Cyprus that employs Israeli software developers.
One defense official identified as ‘Y’ warned the TheMarker about the “de facto smuggling of Israeli intellectual property without any supervision of the Defense Ministry.”
“They’re taking these young people to Cyprus, buying them off with huge salaries,” he said, adding that he knows of researchers who were offered positions at DarkMatter with salaries of close to $1 million a year.
It wasn’t clear if the IDF veterans obtained permission to work on foreign intelligence projects from the Defense Ministry, which declined to comment on both TheMarker and Yedioth reports.
The vaunted 8200 unit — roughly equivalent to the National Security Agency in the US — is highly regarded for its computer prowess and seen as a major incubator of Israel’s high-tech startup culture.
DarkMatter, which bills itself as a private intelligence firm, is being investigated by the FBI for suspected cybercrimes.
The UAE is an ally to the US, with both seeing Iran as a threat, but has in the past stifled dissent with cutting edge technology, targeting journalists, critics and rights activists.
It has handicapped other popular social apps, including WhatsApp and Skype, which bolstered ToTok’s popularity.
It’s unclear whether US intelligence has confronted the UAE about the app, or when it became aware of its use as a spy tool, the New York Times report said.
ToTok is likely based on a Chinese app called YeeCall and operates like other smartphone apps that have access to users’ location, contacts, microphones, cameras and calendars.
While advanced phone hacking tools cost some $2.5 million, the app gives the UAE a way to essentially hack users’ phones for free, with users willingly signing up to divulge their own information.
It was unclear whether the UAE is able to record video or audio from the phones.
Tech
Apple MacBook Pro M2 SSD performance falls short of its M1 predecessor – XDA Developers


Apple’s recently announced MacBook Pro 13 (2022) hit retail shelves this past week, which means it not only got into the hands of eager customers but also got into the hands of more reviewers. This latter part is important because apparently, testing of the base model has revealed what could be a major drawback for some.
YouTube creators Max Tech and Created Tech ran tests on the latest Apple MacBook Pro 13 and found that the storage speeds of the new base M2 model were slower when compared to the older M1 MacBook Pro 13. Now, this wouldn’t be a huge deal if it was a small difference, but according to Max Tech, the difference is pretty major. Running the test numerous times using Blackmagic’s Disk Speed Test app, he was able to find that the write speed of the M1 MacBook Pro was 2,215, while the M2 MacBook Pro scored 1,463. On read speed, the former scored 2,900, while the latter scored 1,446.
Apple’s latest isn’t its greatest when SSDs are involved.
Max Tech took things a step further by opening up both laptops and checking the physical differences in hardware. They spotted an immediate difference with regards to the SSD count. In the older M1 MacBook Pro 13, there are two soldered SSDs, while the newer M2 MacBook Pro 13 has just one SSD. Max Tech explains that having two chips working in tandem is much more efficient than having just one SSD chip shouldering the load. This is probably not what many would expect, but it is something to consider when purchasing the newer model.
These tests were performed on the base model, and reports have shown that higher models have better and faster SSD scores. What will be interesting is to see how well the upcoming MacBook Air 13 (2022) will perform when it is released. Be sure to check out our full review of the MacBook Pro 13 (2022).
Source: Max Tech and Created Tech (YouTube)
Via: MacRumors
Tech
OnePlus 10RT camera specs leaked: New value flagship from OnePlus? – Android Authority


Dhruv Bhutani / Android Authority
TL;DR
- A reliable tipster has outed the camera specs of the OnePlus 10RT.
- The phone may feature an identical setup as the OnePlus 10R.
- This is the fourth rumored OnePlus 10 series phone.
The OnePlus 9RT launched last year as a value flagship and upgrade to the OnePlus 9R. Now, it looks like the OnePlus 10R will be followed by the OnePlus 10RT.
Leaker Yogesh Brar has outed the alleged camera specs of the OnePlus 10RT. While we haven’t heard any other leaks and rumors about the phone, this latest tip suggests that the device could launch in the next few months.
Nevertheless, the camera setup on the so-called OnePlus 10RT is expected to feature a primary 50MP IMX 766 sensor with Optical Image Stabilization (OIS). This is the same camera sensor used on the OnePlus 10R and OnePlus 9RT. It also served as the ultrawide sensor on the OnePlus 9.
The other two rear camera sensors on the phone are also expected to be the same as those found on the OnePlus 10R. This means you may get an 8MP ultrawide sensor and a 2MP macro shooter.
The selfie snapper is tipped to be a 16MP sensor, albeit from Samsung, not Sony, as is the case on the 10R.
OnePlus 10RT (CPH2413) Camera Specs
✓Rear
– 50MP (Sony IMX766), OIS, (f/1.88) (84.4°)
– 8MP Ultra-wide (ƒ/2.25) (119.7°)
– 2MP Macro (f/2.4) (88.8°)✓Front
16MP (Samsung S5K3P9) (f/2.45) (82.3°), EIS
There’s no word on when OnePlus would launch the 10RT. If the company sticks to its previous timeline, we may see the device in October. The device could also be available in select markets, just like its predecessor and the OnePlus 10R. That means it might not launch in the US.
For now, OnePlus’s next big launch is shaping up to be the OnePlus 10T. Although, the device might end up being called the OnePlus 10. There’s also talk of a OnePlus 10 Ultra on the horizon. Of course, we don’t have confirmation about any of this since all the information about the possible OnePlus 10 series variants is based on leaks.
Tech
Java News Roundup: Classfile API Draft, Spring Boot, GlassFish, Project Reactor, Micronaut – InfoQ.com


This week’s Java roundup for June 20th, 2022 features news from OpenJDK, JDK 19, JDK 20, Spring point releases, GlassFish 7.0.0-M6, GraalVM Native Build Tools 0.9.12, Micronaut 3.5.2, Quarkus 2.10.0, Project Reactor 2022.0.0-M3, Apache Camel Quarkus 2.10.0, and Apache Tika versions 2.4.1 and 1.28.4.
OpenJDK
Brian Goetz, Java language architect at Oracle, recently updated JEP Draft 828039, Classfile API, to provide background information on how this draft will evolve and ultimately replace the Java bytecode manipulation and analysis framework, ASM, that Goetz characterizes as “an old codebase with plenty of legacy baggage.” This JEP proposes to provide an API for parsing, generating, and transforming Java class files. This JEP will initially serve as an internal replacement for ASM in the JDK with plans to have it opened as a public API.
JDK 19
Build 28 of the JDK 19 early-access builds was made available this past week, featuring updates from Build 27 that include fixes to various issues. More details may be found in the release notes.
JDK 20
Build 3 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 2 that includes fixes to various issues. Release notes are not yet available.
For JDK 19 and JDK 20, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
Spring Boot 2.7.1 has been released featuring 66 bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.21, Spring Data 2021.2.1, Spring Security 5.7.2, Reactive Streams 1.0.4, Groovy 3.0.11, Hazelcast 5.1.2 and Kotlin Coroutines 1.6.3. More details on this release may be found in the release notes.
Spring Boot 2.6.9 has been released featuring 44 bug fixes, improvements in documentation and dependency upgrades similar to Spring Boot 2.7.1. Further details on this release may be found in the release notes.
VMware has published CVE-2022-22980, Spring Data MongoDB SpEL Expression Injection Vulnerability, a vulnerability in which a “Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query
or @Aggregation
-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.” Spring Data MongoDB versions 3.4.1 and 3.3.5 have resolved this vulnerability.
Spring Data versions 2021.2.1 and 2021.1.5 have been released featuring upgrades to all of the Spring Data sub projects such as: Spring Data MongoDB, Spring Data Cassandra, Spring Data JDBC and Spring Data Commons. These releases will also be consumed by Spring Boot 2.7.1 and 2.6.9, respectively, and address the aforementioned CVE-2022-22980.
Spring Authorization Server 0.3.1 has been released featuring some enhancements and bug fixes. However, the team decided to downgrade from JDK 11 to JDK 8 to maintain compatibility and consistency with Spring Framework, Spring Security 5.x and Spring Boot 2.x. As a result, the HyperSQL (HSQLDB) dependency was also downgraded to version 2.5.2 because HSQLDB 2.6.0 and above require JDK 11. More details on this release may be found in the release notes.
Spring Security versions 5.7.2 and 5.6.6 have been released featuring bug fixes and dependency upgrades. Both versions share a new feature in which testing examples have been updated to use JUnit Jupiter, an integral part of JUnit 5. Further details on these releases may be found in the release notes for version 5.7.2 and version 5.6.6.
Eclipse GlassFish
On the road to GlassFish 7.0.0, the sixth milestone release was made available by the Eclipse Foundation that delivers a number of changes related to passing the Technology Compatibility Kit (TCK) for the Jakarta Contexts and Dependency Injection 4.0 and Jakarta Concurrency 3.0 specifications. However, this milestone release has not yet passed the full Jakarta EE 10 TCK. GlassFish 7.0.0-M6, considered a beta release, compiles and runs on JDK 11 through JDK 18. More details on this release may be found in the release notes.
GraalVM Native Build Tools
On the road to version 1.0, Oracle Labs has released version 0.9.12 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides: support documentation for Mockito and Byte Buddy; prevent builds from failing if no test list has been provided; support different agent modes in the native-image
Gradle plugin, a breaking change; and support for JVM Reachability Metadata in Maven. Further details on this release may be found in the release notes.
Micronaut
The Micronaut Foundation has released Micronaut 3.5.2 featuring bug fixes and point releases of the Micronaut Oracle Cloud 2.1.4, Micronaut Email 1.2.3, and Micronaut Spring 4.1.1 projects. Documentation for the ApplicationContextConfigurer
interface was also updated to include a recommendation on how to define a default Micronaut environment. More details on this release may be found in the release notes.
Quarkus
Red Hat has released Quarkus 2.10.0.Final featuring: preliminary work on virtual threads (JEP 425) from Project Loom; support non-blocking workloads in GraphQL extensions; a dependency upgrade to SmallRye Reactive Messaging 3.16.0; support for Kubernetes service binding for Reactive SQL Clients extensions; and a new contract CacheKeyGenerator
to allow for customizing generated cache keys from method parameters.
Project Reactor
On the road to Project Reactor 2022.0.0, the third milestone release was made available featuring dependency upgrades to reactor-core 3.5.0-M3
, reactor-pool 1.0.0-M3
, reactor-netty 1.1.0-M3
, reactor-addons 3.5.0-M3
and reactor-kotlin-extensions 1.2.0-M3
.
Apache Camel Quarkus
Maintaining alignment with Quarkus, The Apache Software Foundation has released Camel Quarkus 2.10.0 containing Camel 3.17.0 and Quarkus 2.10.0.Final. New features include: new extensions, Azure Key Vault and DataSonnet; and removal of deprecated extensions in Camel 3.17.0. Further details on this release may be found in the list of issues.
Apache Tika
The Apache Tika team has released version 2.4.1 of their metadata extraction toolkit. Formerly a subproject of Apache Lucene, this latest version ships with improved customization and configuration such as: add a stop()
method to the TikaServerCli
class so that it can be executed with Apache Commons Daemon; allow pass-through of Content-Length
header to metadata in the TikaResource
class; and support for users to expand system properties from the forking process into forked tika-server
processes.
Apache Tika 1.28.4 was also released featuring security fixes and dependency upgrades. More details in this release may be found in the changelog. The 1.x release train will reach end-of-life on September 30, 2022.
-
News16 hours ago
Mamadou Konaté, still facing deportation
-
News18 hours ago
Living with Albinism in Africa
-
Science17 hours ago
A Mystery Rocket Left A Crater On The Moon – Forbes
-
Tech13 hours ago
YouTuber tries to upgrade his old M1 MacBook Pro 13 to the brand-new Apple M2 processor – Notebookcheck.net
-
Art22 hours ago
Welcome to Drag: The performance art celebrating gender fluidity – Queen's Journal
-
Tech12 hours ago
iQOO will debut the Dimensity 9000 Plus processor in the upcoming 10-series flagship smartphones – Notebookcheck.net
-
Investment18 hours ago
What is Causing Bitcoin’s Price to Plunge?
-
Economy23 hours ago
Key Indicator Shows China’s Economy Set For Further Slump – Forbes