TECH-NEWS

4 hours ago

Kapothi

The death of Adobe's Flash has been a long one. At one time, the product was seemingly ubiquitous on the web, but as Steve Jobs noted in 2010, it has one of the worst security records of its time. In fact, Apple was among the first to lead the charge on killing off Flash, starting with its refusal to support Adobe's multimedia product on the iPhone.

Fast-foward to today, when Apple's latest Safari Technical Preview for macOS removes Flash support completely. Indeed, that means that when the next version of Safari ships, there won't be anymore Flash.

Adobe originally promised to phase out support for the product by the end of 2020, and browser-makers followed suit. In fact, in browsers like Microsoft Edge and Google Chrome, it's been disabled by default for some time. Both companies, however, are making a similar promise to eliminate the product completely by the end of the year.

It's unclear when the next version of Safari will ship. Perhaps Apple might wait for the next version of macOS, which will be out this fall. Obviously, the Cupertino firm will still ship the browser to older versions of the OS though, even if it lines up the release with an OS release.
... See MoreSee Less

View on Facebook

4 hours ago

Kapothi

Google has just revealed that its next I/O developer conference will take place from May 12th to May 14th. The company revealed the date after users participated in its annual I/O teaser, which this year was a collaborative online game to restore a fictional satellite network.

When the game was completed, the constellation of satellites spelled out the date.

In a tweet, Google CEO Sundar Pichai said I/O 2020 will be at the Shoreline Amphitheatre, which is in Mountain View near Google’s HQ and is where Google has hosted the event for the past few years.

Arguably the biggest news of I/O 2019 was the announcement of the budget-friendly Pixel 3A and 3A XL, which my colleague Dieter Bohn found to be a decent phone with a great camera. There are already rumors swirling about a potential Pixel 4A, including that it may have a hole-punch display, a 3.5mm headphone jack, and a square camera bump. 9to5Google reported that it may arrive at around the same time as the Pixel 3A did last year, so the 4A seems like a possible candidate for an I/O reveal.

Last year, we also saw the reveal of the Nest Hub Max, so perhaps Google will announce more Nest hardware at I/O 2020 as well. At I/O, Google also typically shows off upcoming updates to Android as well as other updates to its software and services.
... See MoreSee Less

View on Facebook

1 day ago

Kapothi

While most people were out celebrating the start of a new year, Microsoft's security teams were working overtime to close a potentially enormous security loophole. On Thursday, the company disclosed a database error that temporarily left approximately 250 million customer service and support records accessible to anyone with a web browser.

Security researcher Bob Diachenko and Comparitech discovered the vulnerability on December 29th. Microsoft quickly fixed the issue two days later. It says the exposure was caused by a "misconfiguration" of one of its internal customer support databases. The company claims it found no evidence of "malicious use."

The server included conversation logs dating as far back as 2005 between Microsoft support personnel and customers from across the world. According to Comparitech, the database wasn't password-protected.

Microsoft says the "vast majority" of personal data that was exposed was redacted. However, Comparitech notes some information, such as email and IP addresses, was stored in plain text. Had someone been able to access the logs, they could have used them to more easily impersonate the company's support staff in a phishing scheme.

"We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence," Microsoft said. The company has started notifying people whose data was stored on the database.

In the wake of this latest exposure, Microsoft says it plans to audit its internal security rules, as well as implement additional tools to redact sensitive user information automatically. It will also put in place new and expanded alerts to notify its service teams when it detects a security misconfiguration.

For Microsoft, this is its second major data security incident tied to its customer support system in a single year. In April 2019, the company disclosed that hackers had used a customer support representative's credentials to breach the email accounts of some of its users. Ultimately, the issue in both cases is that internal support systems have almost unprecedented levels of access to user information, making them enticing targets to hackers. Dave Aitel, the chief security technology officer at Cyxtera, told Wired at the time of the Microsoft email breach, "support is a big security hole waiting to happen."

Source | Engadget
... See MoreSee Less

View on Facebook

1 day ago

Kapothi

Microsoft is starting to share more details on exactly how it imagines apps will run on dual-screen devices like the Surface Duo and Surface Neo. The software giant unveiled both devices back in October, with the smaller Surface Duo running Android and the larger Surface Neo powered by Windows 10X. Now, Microsoft is getting developers ready to test their apps to see how both devices will span them across both displays.

By default, an app will occupy a single screen according to Microsoft. Surface Duo or Surface Neo users can then span the app across both displays when they’re in double-portrait or double-landscape layout. Microsoft envisions that app developers will experiment with different ways to utilize both screens. Some of these include simply using both screens as an extended canvas, having two pages of a document shown at once, using the second display as a companion or dual view of something, or having a master part of the app on one display and details on the second.

These are “initial app pattern ideas,” according to Microsoft, and the company could well extend them based on developer feedback in the coming months. Microsoft is also releasing an Android emulator for the Surface Duo today to allow devs to test mobile apps. A Windows 10X emulator for the Surface Neo will arrive next month at around the same time that Microsoft plans to detail more of its dual-screen plans during a developer webcast.

Microsoft’s Android emulator will naturally support Android apps, and the Windows 10X version will include support for native Windows APIs to let developers detect hinge positions and optimize their win32 or Universal Windows Platform (UWP) apps for these new devices. Microsoft is also proposing new web standards for dual-screen layouts, and is “actively incubating new capabilities that enable web content to provide a great experience on dual-screen devices.”

Other OEMs like Dell, HP, Lenovo, and Asus are also working on Windows 10X dual-screen and foldable devices. We’ve already seen one from Lenovo in the form of the ThinkPad X1 Fold, but we’re hoping to see more in the coming months. Microsoft is also planning to reveal more details about its dual-screen plans at the company’s Build developer conference in May.

blogs.windows.com/windowsdeveloper/2020/01/22/announcing-dual-screen-preview-sdks-and-microsoft-3...

Source | TheVerge
Images | Microsoft
... See MoreSee Less

View on Facebook

2 days ago

Kapothi

A 2018 spyware attack on Jeff Bezos’ phone escalated into an international scandal on Wednesday, as United Nations human rights experts issued a stern statement criticizing the government of Saudi Arabia for allegedly conducting the hack.

“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia,” the statement reads. “The alleged hacking of Mr. Bezos’s phone, and those of others, demands immediate investigation by US and other relevant authorities.” The Saudi government has denied any role in the hack.

"“A concrete example of the harms ... of spyware”"

“This reported surveillance of Mr. Bezos, allegedly through software developed and marketed by a private company,” the statement continues, “is, if true, a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware.”

The report also mentions two former Twitter employees who were charged with spying on behalf of the Saudi government, which investigators take as evidence of a broader campaign by the country.

According to the report, the hack was part of a broader campaign to blackmail Bezos into softening The Washington Post’s coverage of Saudi Arabia in the months leading up to the killing of Saudi journalist Jamal Khashoggi. Private messages and photos from Bezos were later leaked to the National Enquirer, something Bezos described in a public Medium post as part of an attempted blackmail scheme.

The technical evidence for Saudi Arabian involvement comes from a report by Bezos’ personal security consultants, which was reported on further by The New York Times and Financial Times.

www.nytimes.com/2020/01/21/technology/bezos-phone-hacking.html

According to the report, Bezos met Saudi Crown Prince Mohammed bin Salman in Los Angeles in April 2018 and exchanged phone numbers. About a month later, he received an unexpected video from Salman, which the report alleges was infected with targeted spyware.

Immediately after viewing the video, large amounts of data began to export from Bezos’ phone, an activity that could not be explained by cloud backups or other normal activity.

The following November, just over a month after Khashoggi’s killing, Salman sent Bezos another strange WhatsApp message. It was a single picture of Lauren Sánchez, Bezos’ mistress and the subject of the subsequent National Enquirer piece, bearing a cryptic caption: “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.”

A separate message sent in February after Bezos’ Medium post seems to seek to deescalate the situation. “It’s not true,” Salman wrote, “there is nothing against you or Amazon from me or Saudi Arabia.”

Bezos’ phone appears to have been hacked using Pegasus spyware, a powerful private malware offered without judicial oversight by the Israeli firm NSO Group. NSO is one of the most notorious current vendors of spyware for hire, and it has been the subject of widespread criticism for its role in undermining cybersecurity on behalf of oppressive regimes.

In October, WhatsApp brought a lawsuit against NSO for allegedly hacking users through unreported vulnerabilities. “WhatsApp will continue to do everything we can within our code, and within the courts of law, to help protect the privacy and security of our users everywhere,” WhatsApp chief Will Cathcart said at the time.

Source | TheVerge
... See MoreSee Less

View on Facebook

2 days ago

Kapothi

Amazon CEO Jeff Bezos was targeted and successfully hacked through WhatsApp from Saudi Arabia Crown Prince Mohammed bin Salman, according to a new report from The Guardian. Citing the results of a digital forensic analysis, The Guardian says the hack, which took place in May 2018, targeted unknown contents on Bezos’ personal cellphone.

According to the report, Bezos and the Saudi prince were having a friendly exchange over WhatsApp when the crown prince’s account sent a mysterious video file, after which Bezos’ device was compromised and large amounts of data were transferred off the phone, The Guardian reports. Heir apparent to the Saudi throne, Prince Mohammed was embroiled last year in the controversy over the murder of Saudi journalist Jamal Khashoggi, and has faced growing outcry over his country’s civil rights record.
"Bezos investigated potential security breaches after reports of his extramarital affair"

The incident is particularly notable because of a subsequent breach of Bezos’ personal data less than a year later. In February 2019, Bezos publicly accused the National Enquirer in a bombshell Medium post of trying to blackmail him with text messages and nude photos exposing details of his high-profile extramarital affair.

Reports of the affair published in the tabloid paper a month earlier revealed why he and his longtime wife MacKenzie Bezos were divorcing, leading Jeff to form an investigative team to discover how he was compromised. Bezos’ security chief, Gavin de Becker, later on suggested the Saudi government played a role in acquiring the information, and de Becker also floated the possibility that the Saudi government was a source for the National Enquirer’s story.

The Washington Post covered the Khashoggi murder extensively and the CIA eventually determined the murder was personally ordered by the crown prince himself, despite the numerous denials and a suspect trial that eventually convicted eight men for the crime. Some experts believe hacking Bezos may have been a way to gain leverage over the chief executive due to the Post’s often critical coverage of the kingdom, which included columns from Khashoggi himself before the journalist’s death.

“He probably believed that if he got something on Bezos, it could shape coverage of Saudi Arabia in The Post,” Andrew Miller, an expert on the Middle East and a former national security advisor in the Obama administration, told The Guardian. “It is clear that the Saudis have no real boundaries or limits in terms of what they are prepared to do in order to protect and advance [Mohammed bin Salman], whether it is going after the head of one of the largest companies in the world or a dissident who is on their own.”

Source | TheVerge
... See MoreSee Less

View on Facebook

3 days ago

Kapothi

Thought you couldn't do without Google Maps? Huawei has found an alternative, or so it seems: the smartphone manufacturer has closed a deal to use digital navigation company TomTom's services in future devices.

As first reported by Reuters, TomTom's software and data will be fitted into Huawei's phones, as a standalone app as well as to power other navigation-based services. The deal is certainly a weight off Huawei's shoulders, which without a global navigation partner, would have had to ship devices with limited map services.

Since last May, Google has suspended Huawei's use of parts of the Android operating system after the US Department of Commerce added the Chinese manufacturer to its "Entity" list. Huawei's recent and future devices are therefore, at least for now, deprived of key apps such as the Play Store, Maps or YouTube.

The Chinese company is now rushing to create its own versions of Google's platforms, by pitching to companies outside of the US. In parallel to announcing a partnership with TomTom last week, Huawei launched a campaign in London to encourage developers to work on apps for Huawei Mobile Services (HMS), with a lucrative £20 million ($26 million) reward for successful creators.

TomTom's technology is already available on Android and iOS as an app dubbed TomTom Go. The company says that its software can process over two million map changes per hour in 164 countries.

The Dutch company's software primarily targets vehicle drivers: only in the past month, TomTom has closed deals to provide services to Subaru, Alfa Romeo and Hitachi. TomTom's maps provide information such as economical route-planning, speed limits, speed camera locations and the likelihood of road blocks – all of which aren't globally available on Google Maps. On the other hand, TomTom Go doesn't show public transport routes, which users of Google Maps can access.

Source | Zdnet
... See MoreSee Less

View on Facebook

4 days ago

Kapothi

Mitsubishi Electric says hackers did not obtain sensitive information about defense contracts.

In a short statement published today on its website, Mitsubishi Electric, one of the world's largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.

Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.

Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].
Hack originated from a Chinese affiliate

According to the reports in local media, the intrusion was detected after Mitsubishi Electric staff found a suspicious file on one of the company's servers.

The intrusion was later tracked to a compromised employee account.

"Unauthorized access began with affiliates in China and spread to bases in Japan," Asahi reported.

The newspaper said hackers escalated their access from this initial entry point to Mitsubishi Electric's internal systems, gaining access to the networks of around 14 company departments, such as sales and the head administrative office.

The two newspapers reported that hackers stole sensitive data from the company's internal network. In particular, Nikkei reported that hackers compromised "tens of PCs and servers in Japan and overseas," from where they stole around 200 MB of files, mostly business documents.

Mitsubishi Electric did not deny that data exfiltration took place, but only denied that the intruders stole data on its business partners and defense contracts.

The company said it's still investigating the incident, but according to open-source reporting, the attackers appeared to have deleted access logs, slowing down investigators.
Major security breach in Japan

In Japan, the incident is being treated with the utmost severity. Mitsubishi Electric is one of Japan's biggest defense and infrastructure contractors, with active projects within the Japanese military, but also telecommunications, railways, and the electrical grid.

Before going public with the news today, Mitsubishi Electric had also notified members of the Japanese government and Ministry of Defense, according to local newspaper Mainichi.

Source | Zdnet
... See MoreSee Less

View on Facebook