Slashdot Mirror
Domain: betanews.com
Stories and comments across the archive that link to betanews.com.
Stories · 644
-
Windows 10 Now a 'Recommended Update' For Windows 7 and 8.1 Users (betanews.com)
Mark Wilson writes: Microsoft has been accused of pushing Windows 10 rather aggressively, and the company's latest move is going to do nothing to silence these accusations. For Windows 7 and Windows 8.1 users, Windows 10 just became a 'recommended update' in Windows Update.
This is a change from the previous categorization of the upgrade as an 'optional update' and it means that there is renewed potential for unwanted installations. After the launch of Windows 10, there were numerous reports of not only the automatic download of OS installation files, but also unrequested upgrades. The changed status of the update means that, on some machines, the installation of Windows 10 could start automatically. -
Microsoft Edge's Private Browsing Mode Isn't Actually Private (betanews.com)
JustAnotherOldGuy writes: The forensic examination of most web browsers has proven that they don't have a provision for storing the details of privately browsed web sessions. However, in the case of Microsoft Edge, the private browsing isn't as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser's WebCache file. The Container_n table stores web history, and a field named 'Flag' with a value of '8' shows that website was visited in private mode. An investigator can easily spot the difference and use this evidence against a person. The not-so-private browsing featured by Edge makes its very purpose seem to fail, and you can't help but ask how such a fundamental aspect of private browsing could be so fantastically borked. It beggars belief. -
LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)
Mark Wilson writes: Security researchers have discovered a vulnerability in LG G3 smartphones which could be exploited to run arbitrary JavaScript to steal data. The issue has been named Snap, and was discovered by Israeli security firms BugSec and Cynet. What is particularly concerning about Snap is that it affects the Smart Notice which is installed on all LG G3s by default. By embedding malicious script in a contact, it is possible to use WebView to run server side code via JavaScript. If exploited, the vulnerability could be used to gather information from SD cards, steal data from the likes of WhatsApp, and steal private photos. -
The Clock Is Ticking For the US To Relinquish Control of ICANN (betanews.com)
Mark Wilson writes: The U.S. is not afraid to throw its weight around; it likes not only to be involved in things, but to be in control. For decades, ICANN (Internet Corporation for Assigned Names and Numbers) — the non-profit organization that manages IP addresses and domain names — has been overseen by the U.S. Department of Commerce, much to the chagrin of people around the world. Most upset are those who point to the independent nature of the internet, and the need for any body with global power to be similarly indpendent. Later this year ICANN is set — at long last — to completely separate from the U.S. government.
While this does hinge on U.S. government approval, by the end of September, ICANN could instead be in the hands of businesses, individuals, and multiple global governments. While the changing of hands should not alter the way ICANN operates, it is hoped that it will go some way to restoring faith that may have been lost after revelations about online surveillance by the NSA and other U.S. government agencies. -
Privacy Ombudsman Could Handle EU Complaints About US Surveillance (betanews.com)
Mark Wilson writes with this story from Beta News: One of the greatest problems facing anyone trying to tackle the problem of privacy on the web is dealing with the ideologies of different countries, and how this affects data sharing. A level of surveillance that is deemed acceptable in the US, for instance, may be considered completely objectionable in another. The latest suggestion to help overcome this seemingly insurmountable problem is to set up a privacy ombudsman that would be able to handle European complaints and queries about US surveillance. -
Facebook's Android App Gains Privacy-Enhancing Tor Support (facebook.com)
Mark Wilson writes: Back towards the end of 2014, Facebook unveiled a new .onion address that allowed Tor users to visit the social network securely. Following on from this, the company is now giving Android users the ability to browse the site using Tor and the Facebook app. Security, privacy and anonymity may be words readily associated with Tor, but few people would use them in the same sentence as Facebook. The social network says that there is increased demand for secure connections to Facebook from Tor-enabled browsers, hence spreading to the largest mobile platform. The news will make some mobile users happy, but there are currently no plans to migrate the feature from Android to iOS. -
AT&T Chooses Ubuntu Linux Instead of Microsoft Windows (betanews.com)
An anonymous reader writes: one of the largest cellular providers is the venerable AT&T. While it sells many Linux-powered Android devices, it is now embracing the open source kernel in a new way. You see, the company has partnered with Canonical to utilize Ubuntu for cloud, network, and enterprise applications. That's right, AT&T did not choose Microsoft's Windows when exploring options. Canonical will provide continued engineering support too. -
Why Sharing Ransomware Code For Educational Purposes Is Asking For Trouble (betanews.com)
Mark Wilson writes: Trend Micro may still be smarting from the revelation that there was a serious vulnerability in its Password Manager tool, but today the security company warns of the dangers of sharing ransomware source code. The company says that those who discover vulnerabilities need to think carefully about sharing details of their findings with the wider public as there is great potential for this information to be misused, even if it is released for educational purposes. It says that 'even with the best intentions, improper disclosure of sensitive information can lead to complicated, and sometimes even troublesome scenarios'. The warning may seem like an exercise in stating the bleeding obvious, but it does serve as an important reminder of how the vulnerability disclosure process should work. -
Facebook, Google, Microsoft, Twitter and Yahoo Balk At UK's Investigatory Powers (betanews.com)
Mark Wilson writes: The Investigatory Powers Bill may only be in draft form at the moment, but the UK government has already received criticism for its plans. Today, scores of pieces of written evidence, both for and against the proposals, have been published, including input from the Reform Government Surveillance (RGS) coalition. Five key members of the coalition are Facebook, Google, Microsoft, Twitter and Yahoo. In their written evidence, the quintet of tech companies express their concerns about the draft bill, seek clarification from the UK government, and issue warnings about the implications of such a bill. The evidence (document IPB0116) says that any surveillance undertaken by the government need to be 'targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent'. The coalition notes that many other countries are watching to see what the UK does. -
Microsoft Monitoring How Long You Use Windows 10 (betanews.com)
Mark Wilson writes: The various privacy concerns surrounding Windows 10 have received a lot of coverage in the media, but it seems that there are ever more secrets coming to light. The Threshold 2 Update did nothing to curtail privacy invasion, and the latest Windows 10 installation figures show that Microsoft is also monitoring how long people are using the operating system. This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals' usage times. Intrigued, we contacted Microsoft to find out what on earth is going on. -
When Hacking Vigilantism Infringes On Free Speech (betanews.com)
An anonymous reader writes: I'm inclined to agree with the suggestion people make that the web is like the Wild West, but that's not to say we have reached the same conclusion for the same reasons. For me, the web — like the Wild West — is not a world filled with danger, but one occupied by vigilantes. As a proponent of free speech, I find this concerning. One of the most highly-lauded of vigilantes is the disparate group marching under the ragged banner of Anonymous.
One of its taglines is 'We Are Anonymous', a phrase that can be uttered by anyone, as there is no membership process — if you say you are part of Anonymous, you are part of Anonymous. The group is not, for the most part, organized. Individuals and factions can fight for or against whatever cause they want, just like real-world vigilante groups. But Anonymous is not alone. There are hacking collectives and other online crusaders who see fit to take the law into their own hands. This is might sound wonderful, but it's not necessarily a good thing. As New World Hackers demonstrate, attacks can target the wrong people and restrict free speech. -
China Passes Law Requiring Tech Firms To Hand Over Encryption Keys (betanews.com)
Mark Wilson writes: Apple may have said that it opposes the idea of weakening encryption and providing governments with backdoors into products, but things are rather different in China. The Chinese parliament has just passed a law that requires technology companies to comply with government requests for information, including handing over encryption keys.
Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists. China already faces criticism from around the world not only for the infamous Great Firewall of China, but also the blatant online surveillance and censorship that takes place. This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so. -
Twitter Says It's Beating the Trolls (betanews.com)
Mark Wilson writes: After making it easier to report abusive tweets and increasing the size of its anti-troll team, Twitter believes it is getting 'bad behavior' under control. As well as bullying of acquaintances and work colleagues, Twitter has also been used to attack celebrities, the gay community, religious groups, and more, with many people feeling driven from the site. It seems that the decision to take a very hands-on approach to troll tackling is starting to pay off. The head of Twitter in Europe, Bruce Daisley, says that the tools that have been introduced have had a real impact on trolling. He goes further, saying that there is a direct correlation between the release of new safety tools and reporting mechanisms, and the drop in unacceptable behavior. -
ASUS To Include AdBlock Plus On All Phones and Tablets In 2016 (betanews.com)
JoeyRox writes: Starting in 2016 Asus will ship all phones and tablets with AdBlock Plus integrated into their mobile browser. The ad-blocking software will not only be pre-installed but enabled by default as well. The move to include ad-blocking software on mobile devices is significant because unlike desktop users the percentage of mobile users presently employing ad-blocking software is very low at approximately 2%. -
Critical Zen Cart Vulnerability Could Spell Black Friday Disaster For Shoppers (htbridge.com)
Mark Wilson writes: It's around this time of year, with Black Friday looming and Christmas just around the corner, that online sales boom. Today security firm High-Tech Bridge has issued a warning to retailers and shoppers about a critical vulnerability in the popular Zen Cart shopping management system. High-Tech Bridge has provided Zen Cart with full details of the security flaw which could allow remote attackers to infiltrate web servers and gain access to customer data. Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger. Technical details of the vulnerability are not yet being made public, but having notified Zen Cart of the issue High-Tech Bridge says the date of full public disclosure is 16 December. -
EFF launches Site To Track Censored Content On Social Media (eff.org)
Mark Wilson writes: There are many problems with the censoring of online content, not least that it can limit free speech. But there is also the question of transparency. By the very nature of censorship, unless you have been kept in the loop you would simply not know that anything had been censored. This is something the Electronic Frontier Foundation wants to change, and today the digital rights organization launches Onlinecensorship.org to blow the lid off online censorship. The site, run by EFF and Visualizing Impact, aims to reveal the content that is censored on Facebook, Google+, Twitter, Instagram, Flickr, and YouTube — not just the 'what' but the 'why'. If you find yourself the subject of censorship, the site also explains how to lodge an appeal. -
Snowden Says It's Your Duty To Use an Ad Blocker (for Security)
AmiMoJo writes: In a long interview about reclaiming your privacy online, ex-NSA whistleblower Edward Snowden states that it's not just a good idea to use ad blocking software, it's your duty: "Everybody should be running adblock software, if only from a safety perspective. We've seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of JavaScript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser — you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response." Other recommendations include encrypting your hard drive and using Tor to keep your internet use private. -
FCC Clarifies: It's Legal To Hack Your Router (betanews.com)
Mark Wilson writes with an update to an earlier report that the wording of new FCC regulations could mean that it would be illegal to modfiy the software running on wireless routers by installing alternative firmwares. Instead, The commission has now acknowledged that there was more than a little confusion from people who believed that manufacturers would be encouraged to prevent router modifications. The FCC wants to make it clear that most router hacking is fine and will remain fine. With a few exceptions, that is. In a blog post entitled Clearing the Air on Wi-Fi Software Updates, Julius Knapp from the FCC tries to clear up any misunderstandings that may exist. -
Fast Broadband To Be Classed a Fundamental Right in the UK (bbc.com)
Mark Wilson writes: Every home and business in the UK will have access to "fast broadband" by 2020. This is the latest pledge from Prime Minister David Cameron, who said access to the internet "should be a right." At the moment, 83% of homes and businesses in Britain have access to broadband connections 24Mbps and faster. By 2017, this is expected to rise to 95%. The latest plan is directed at the "last 5 percent" — such as people in remote areas — and will oblige broadband providers to supply at least 10Mbps broadband to anyone who demands it. -
UK Government Says App Developers Won't Be Forced To Implement Backdoors (betanews.com)
Mark Wilson writes: The UK government is sending mixed messages about how it views privacy and security. Fears have been mounting since Prime Minister David Cameron wondered aloud 'in our country, do we want to allow a means of communication between people which we cannot read?' — his view obviously being that, no, we don't want to allow such a thing. Following the revelations about the spying activities of the NSA and GCHQ, public attention has been focused more than ever on privacy and encryption, Cameron having also suggested a desire to ban encryption. Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it. -
Amazon Lawsuit Aims To Kill Fake Reviews (theguardian.com)
Mark Wilson writes with a story at Beta News (relying on this report at The Guardian) that Amazon is suing more than 1,000 fake reviewers for their misleading, paid-for reviews: The ability to read reviews of products before making a purchase is one of the great advantages of online shopping. But how do you know that what you're reading is a genuine review and not just glowing praise planted by the seller or manufacturer? Fake reviews are a serious problem, and Amazon is trying to do something about it. The retail giant has filed a lawsuit against 1,114 individuals for writing 'false, misleading, and inauthentic' reviews. Amazon says that the fakers are tarnishing its reputation, and the attempt to clean up the site is something that will be welcomed by consumers. From the Guardian's version of the story: Amazon said there had been misleading five-star reviews and comments about products, such as: “This has lit up my life” about a USB cable. A bogus comment said “definitely buying more I was impressed with how bright the lights on the cable are”, while another reviewer gave a product top marks and added the comment “cool charger”. Amazon is not suing Fiverr, a startup that raised $30m from investors last year, as the company says in its terms and conditions that advertising for services such as writing bogus reviews is banned. -
Microsoft Now Uses Windows 10's Start Menu To Display Ads (betanews.com)
Mark Wilson writes: We've all become used to the idea of ads online — it's something that has become part and parcel of using the internet — but in Windows? If you've updated to build 10565 of Windows 10, you're in for something of a surprise: the Start menu is now being used to display ads. We're not talking about ads for Viagra, porn, or anything like that, but ads for apps. Of course, Microsoft is not describing them as ads; 'Suggested apps' has a much more approachable and fluffy feel to it. Maybe. This is a 'feature' that's currently only being shown to Windows Insiders, but it could spread to everyone else. Will it be well-received? -
US Government Will Not Force Companies To Decode Encrypted Data... For Now (washingtonpost.com)
Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate. The EFF has also compiled a report showing where the major tech companies stand on encryption. -
Mozilla Sets Out Its Proposed Principles For Content Blocking (mozilla.org)
Mark Wilson writes: With Apple embracing ad blocking and the likes of AdBlock Plus proving more popular than ever, content blocking is making the headlines at the moment. There are many sides to the debate about blocking ads — revenue for sites, privacy concerns for visitors, speeding up page loads times (Google even allows for the display of ads with its AMP Project), and so on — but there are no signs that it is going to go away. Getting in on the action, Mozilla has set out what it believes are some reasonable principles for content blocking that will benefit everyone involved. Three cornerstones have been devised with a view to ensuring that content providers and content consumers get a fair deal, and you can help to shape how they develop. -
EFF Joins Nameless Coalition and Demands Facebook Kills Its Real Names Policy
Mark Wilson writes: Facebook has seen heavy criticism for its real names (or 'authentic identities' as they are known to the social network) policy. Over the last year, all manner of rights groups and advocates have tried to convince Facebook to allow users to drop their real name in favor of a pseudonym if they want. Now the Electronic Frontier Foundation is part of the 74-member strong Nameless Coalition and has written to Facebook demanding a rethink on the ground of safety, privacy, and equality. This is far from being the first time Facebook has been called on to allow the use of 'fake names', and the latest letter is signed by LGBT groups, freedom advocates, privacy supporters, and feminist organizations. -
Amazon To Cease Sale of Apple TV and Chromecast
Mark Wilson writes: As of 29 October, shoppers will no longer be able to buy Apple TV or Chromecast devices from Amazon. Citing compatibility issues with Prime Video, Amazon emailed marketplace sellers to inform them it is not accepting new listings for the two media devices, and any existing listings will be removed at the end of October. The move indicates not only the importance Amazon places on its streaming Prime Video service, but also that it views Apple and Google as serious rivals. The two companies have yet to respond to the news, but it is unlikely to be well-received. -
AdBlock Plus To Introduce Independent Board To Oversee Acceptable Ads Program
Mark Wilson writes: Ad blocking has been in the news quite a lot recently, not least because of iOS 9's new support for advertising avoidance. Perhaps the most famous tool in the arena is Adblock Plus. It's something that many people have become reliant on for cleaning up their online experience but Eyeo — the company behind AdBlock Plus — has been keen to encourage people to permit the display of some advertising through its Acceptable Ads program. That companies can pay to bypass Adblock Plus is nothing new, although Adblock Plus insists that most ads that are deemed 'acceptable' are added for free. Today Eyeo announces that it is going to hand over control of the Acceptable Ads program to a completely independent board. -
Apple Admits iCloud Problem Has Killed iOS 9 'App Slicing'
Mark Wilson writes: One of the key features of iOS 9 — and one of the reasons 16GB iPhones were not killed — is app slicing. This innocuous-sounding feature reduces the amount of space apps take up on iPhones and iPads... or at least it does when it is working. At the moment Apple has a problem with iCloud which is preventing app slicing from working correctly. The feature works by only downloading the components of an app that are needed to perform specific tasks on a particular device, but at the moment regular, universal apps are delivered by default. -
Google Launches Brotli, a New Open Source Compression Algorithm For the Web
Mark Wilson writes: As websites and online services become ever more demanding, the need for compression increases exponentially. Fans of Silicon Valley will be aware of the Pied Piper compression algorithm, and now Google has a more efficient one of its own. Brotli is open source and is an entirely new data format that offers 20-26 percent greater compression than Zopfli, another compression algorithm from Google. Just like Zopfli, Brotli has been designed with the internet in mind, with the simple aim of making web pages load faster. It is a "lossless compressed data format that compresses data using a combination of the LZ77 algorithm and Huffman coding, with efficiency comparable to the best currently available general-purpose compression methods". Compression is better than LZMA and bzip2, and Google says that Brotli is "roughly as fast" as zlib's Deflate implementation. -
AdBlock Plus Defends Ad Blocking, Applauds Marco Arment
Mark Wilson writes: Ad blockers have been much talked about since Apple opened up support for them in iOS 9. The now infamous Peace shot to the top of the download charts before it was pulled by its creator. Now AdBlock Plus has come out in support of Marco Arment, who developed something of a guilty conscience after his ad blocking creation proved so popular. Ben Williams from AdBlock Plus says "I really applaud this guy," going on to suggest that whitelisting and the Acceptable Ads feature of AdBlock Plus epitomize the "more nuanced, complex approach" Arment called for. The ad blocking software I'd like to see would detect and zap into a heap of ash those unrelated-photo clickbait ads; I'd rather suffer through some honest banner ads anytime. -
Apple's First Android App Makes It Easy To Move To iOS
Mark Wilson writes: Apple has released its first ever Android app. No, there's not an Android version of Safari or anything like that, but a tool designed to simplify the process of switching to iOS. The predictably named Move to iOS will appeal to anyone who was persuaded to switch allegiances by the release of the iPhone 6s and iPhone 6s Plus, or indeed iOS 9. The app can be used to move contacts, messages, photos and more to a new iPhone or iPad, and is compatible with phones and tablets running Android 4.0 and newer. It works slightly differently to what you may have expected. Rather than uploading data to the cloud, it instead creates private Wi-Fi network between an Android and iOS device and securely transfers it. -
How To Find Out If GCHQ and the NSA Spied On You, and How To Complain
Mark Wilson writes: Privacy International has created a platform through which individuals and organizations can file complaints with GCHQ about surveillance of phone calls and internet usage. The charity has long concerned itself with government surveillance, particularly the sharing of data between the NSA and GCHQ. The legality of mass surveillance has been questioned by many, and it has already been determined that human rights organization Amnesty International was illegally spied on. Edward Snowden's NSA revelations have led to a huge increase in awareness of privacy issues, and now Privacy International is making it easier to find out if you were spied on, and to lodge an official complaint. -
Sony Decides Its Waterproof Xperia Phones Are Not Actually Waterproof
Mark Wilson writes: Sony seems determined on confusing its customers by giving very conflicting advice about its Xperia smartphones. If you're familiar with the range, you'll no doubt be aware of the advertising material that appears to show users taking photos in the rain and even (seemingly) underwater at the pool. Take a look at the picture above and you'd probably assume that a) it depicts someone shooting a video or taking a photo in a swimming pool, and b) you can do the same with your phone. But you'd be wrong (at least on b) because Sony has changed its mind about what waterproof means. Or it doesn't know. It really depends on where you look on the Sony website. -
Why Apple's iPhone Upgrade Program Is a Bad Deal For Most
Mark Wilson writes: You may have heard that Apple had a little get together today. There were lots of big launches — the iPhone 6S, the iPhone 6S Plus, and the iPad Pro. Those waiting for an iPhone fix were given quite a lot of get excited about, but like your friendly local drug dealer, Apple has a 'sweetener' to help ensure its customers just keep on coming back for more: the iPhone Upgrade Program which lets you upgrade to a new iPhone every year as long as you keep paying each month. On the face of it, it might seem like a good deal — particularly as the price includes Apple Care — but is that really the case? What Apple's actually doing is feeding the habit of iPhone junkies, keeping their addiction going a little bit longer, and a little bit longer, and a little bit longer. In reality, Apple would like you to perma-rent your iPhone and keep paying through the nose for it. Ideally forever. -
Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time
Mark Wilson writes that Apple has balked at a court order to provide the FBI with the contents of text messages among users of its iMessage service, claiming that the encryption it uses to protect these messages makes handing over the messages themselves impossible. From the article: The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs. Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing — or possibly able — to back down. -
Backdoor Discovered Into Seagate NAS Drives
Mark Wilson writes: If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others. The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014. -
Google Donates €1 Million To Help Refugees In Need
Mark Wilson writes: The on-going refugee crisis in Europe, Africa, and the Middle East has grabbed hearts and headlines around the world. As European governments argue over who should take in the thousands of desperate people, European citizens have criticized the speed and scale of the help offered, whilst simultaneously donating money, food, and equipment to help those in desperate need. Now Google has stepped in, offering €1 million ($1.1 million) to the organizations providing help to refugees. In addition to this, Google.org (the branch of the company 'using innovation to tackle some of the world's biggest challenges') is setting up a page to make it easier for people to make donations, and says that it will match any money donated by Google users. -
"Extremely Critical" OS X Keychain Vulnerability Steals Passwords Via SMS
Mark Wilson writes: Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani — two of the team behind the myki identity management security software — found that a series of terminal commands can be used to extract a range of stored credentials. What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute. Ars reports that this weakness has been exploited for four years. -
A Courtroom Victory For Microsoft In Cellphone-Related Patent Suit
Mark Wilson writes: Microsoft has been cleared of patent infringement by the US International Trade Commission. The case dates back to 2007 when InterDigital Inc claimed Microsoft infringed its patents, and there were calls for a ban on the import of handsets. InterDigital Inc has been battling in court for eight years, initially trying to claim royalties on phones made by Nokia, now transferred to Microsoft. As well as blocking the call for an import ban, the ITC stated that Microsoft did not infringe patents relating to the way mobiles make calls. In short Microsoft is in the clear and InterDigital's rights have not been violated. -
Facebook Is Now Working On Its Own Digital Assistant Called M
Mark Wilson writes: Sounding like a character from a James Bond movie, M is Facebook's personal digital assistant. Ready to compete with the likes of Cortana, M will live inside Facebook Messenger and take artificial intelligence a step further. Rather than just helping you to find information or create calendar entries, M will actually perform tasks on your behalf.
Once up and running, M will be able to book restaurants for you, purchase shopping, and more. It will also be possible to use the service to ask for advice — such as looking for somewhere to visit nearby, or gift suggestions — and Facebook says the AI behind M is "trained and supervised by people". -
Apple Launches Free iPhone 6 Plus Camera Replacement Program
Mark Wilson writes: Complaints about the camera of the iPhone 6 Plus have been plentiful, and Apple has finally acknowledged that there is a problem. It's not something that affects all iPhone 6 Plus owners, but the company says that phones manufactured between September 2014 and January 2015 could include a failed camera component. Apple has set up a replacement program which enables those with problems with the rear camera to obtain a replacement. Before you get too excited, it is just replacement camera components that are on offer, not replacement iPhones. You'll need to check to see if your phone is eligible at the program website. (Also at TechCrunch.) -
Now Google Must Censor Search Results About "Right To Be Forgotten" Removals
Mark Wilson writes, drolly, that the so-called right to be forgotten "has proved somewhat controversial," and expands on that with a new twist in a post at Beta News: While some see the requirement for Google to remove search results that link to pages that contain information about people that is 'inadequate, irrelevant or no longer relevant' as a win for privacy, other see it as a form of censorship. To fight back, there have been a number of sites that have started to list the stories Google is forced to stop linking to. In the latest twist, Google has now been ordered to remove links to contemporary news reports about the stories that were previously removed from search results. All clear? Thought not... The Information Commissioner's Office has ordered Google to remove from search results links to nine stories about other search result links removed under the Right to Be Forgotten rules. -
Samsung Pay Launches In Korea In August, US In September
Mark Wilson writes: The main thrust of Samsung's Galaxy Unpacked event was to launch the Galaxy Note 5 and Galaxy S6 Edge+, but the company also provided some details about Samsung Pay. With so many similarly-specced smartphones vying for attention, each manufacturer needs to offer something slightly different, and Samsung is hoping that a new digital payment system will prove attractive to people. Going head to head with Android Pay and Apple Pay is Samsung Pay. As well as offering compatibility with the newly announced Galaxy Note 5 and Galaxy S6 Edge+, Samsung's payment system is supported by many of its older handsets. It will launch in its home country of Korea on August 20, and will spread to the US at the end of September. -
Google Is Restructuring Under a New Company Called Alphabet
Mark Wilson writes: Sundar Pichai is the new CEO of Google as the company undergoes a huge restructuring. Co-founders Larry Page and Sergey Brin are moving to a new company called Google Alphabet which will serve as an umbrella company for Google and its various projects. Google itself is being, in Page's words, "slimmed down" and the change is quite an extraordinary one. Page quotes the original founders' letter that was written 11 years go. It states that "Google is not a conventional company", and today's announcement makes that perfectly clear. There's a lot to take in...Google Alphabet is, essentially, the new face of Google. Page chose to make the announcement in a blog post that went live after the stock markets closed. This is more than just a rebranding, it is a complete shakeup, the scale of which is almost unprecedented. -
Windows 10 RSAT, Windows Server 2016 Technical Preview 3 Coming This Month
We've heard a lot lately about the release and reception of Windows 10; however, the Windows family includes more than just the most-seen desktop OS. Mark Wilson writes: Microsoft's Gabe Aul has revealed that the company plans to release a new technical preview of Windows Server 2016 later this month. Responding to questions on Twitter, the company's Corporate Vice President and face of the Windows Insider program also said that Windows 10 RSAT [Remote Server Administration Tools] will be launched in August. Unlike the preview builds of Windows 10, previews of the latest edition of Windows Server have been slower to creep out of Redmond. Sysadmins will be keen to get their hands on the latest builds to see just what direction Microsoft is taking with its server software after the decision to delay the launch. We don't know anything about what the third technical preview of Windows Server 2016 might include, but it is likely to be little more than a collection of bug fixes and tweaks. It's a little late in the game to expect any major changes to be made. -
Zimperium Releases Stagefright Detection Tool and Vulnerability Demo Video
Mark Wilson writes: We've already looked at the Stagefright vulnerability, discovered by Zimperium, and shown what can be done to deal with it. Affecting up to 95 percent of Android devices, the vulnerability has led to Google and Samsung announcing monthly security updates. Now the mobile security company has released additional details about how the exploit works. To help explain the vulnerability, a video has been produced which uses a Stagefright demonstration to illustrate it in action. Zimperium has also released an Android app that checks devices for the vulnerability. -
Privacy Alert: Your Laptop Or Phone Battery Could Track You Online
Mark Wilson writes: Is the battery in your smartphone being used to track your online activities? It might seem unlikely, but it's not quite as farfetched as you might first think. This is not a case of malware or hacking, but a built-in component of the HTML5 specification. Originally designed to help reduce power consumption, the Battery Status API makes it possible for websites and apps to monitor the battery level of laptops, tablets, and phones. A paper published by a team of security researchers suggests that this represents a huge privacy risk. Using little more than the amount of power remaining in your battery, it is possible for people to be identified and tracked online. As reported by The Guardian, a paper entitled The Leaking Battery by Belgian and French privacy and security experts say that the API can be used in device fingerprinting. -
Ask Slashdot: Can You Disable Windows 10's Privacy-Invading Features?
An anonymous reader writes: I really want to upgrade to Windows 10, but have begun seeing stories come out about the new Terms and how they affect your privacy. It looks like the default Windows 10 system puts copies of your data out on the "cloud", gives your passwords out, and targets advertising to you. The main reason I am looking to upgrade is that Bitlocker is not available on Windows 7 Pro, but is on Windows 10 Pro, and Microsoft no longer offers Anytime Upgrades to Windows 7 Ultimate. However, I don't want to give away my privacy for security. The other option is to wait until October to see what the Windows 10 Enterprise version offers, but it may not be available through retail. Are the privacy minded Slashdot readers not going with Windows 10?
For reference, I am referring to these articles. (Not to mention claims that it steals your bandwidth.) Have a question for Slashdot's readers? Take a look at other recent questions first to see if someone else has had a similar question. And if not, ask away! The more details and context you include, the more likely your question will be selected. -
LinkedIn (Temporarily) Backs Down After Uproar At Contact Export Removal
Mark Wilson writes: LinkedIn caused a storm a couple of days ago when it removed the option to instantly download contacts. Many users of the professional social network were more than a little irked to discover that while contact exporting was still available, a wait of up to three days had been put in place. Unsurprisingly, users revolted, having been particularly upset by the fact the change was implemented with no warning or announcement. But the company has managed to turn things around by quickly backtracking on its decision after listening to a stream of complaints on Twitter. -
Windows 10's Automatic Updates For NVidia Drivers Causing Trouble
Mark Wilson writes: One of the features that has been removed from Windows 10 — at least for home users — is the ability to pick and choose when updates are installed. Microsoft has taken Windows Update out of the hands of users so the process is, for the most part, completely automated. In theory, this sounds great — no more worrying about having the latest patches installed, no more concerns that a machine that hasn't been updated will cause problems for others — but an issue with NVidia drivers shows that there is potential for things to go wrong. Irate owners of NVidia graphics cards have taken to support forums to complain that automatically-installed drivers installed have broken their computers.