Toolbar removable by deleting in the browser extension menu
Oracle's Java Update 8 Update 40 for OS X has an unexpected surprise for installers. The update instructions note that the company has "partnered with companies that offer various products" and will install the borderline-malware Ask.com toolbar into unsuspecting OS X users' systems.
Some claim that installation was without user permission
BitTorrent client µtorrent is plaguing its users by installing a virtual currency miner alongside its latest revision. While the company denies tricking users into installation, the torrent client does come bundled with "Epic Scale," a Windows application that is used to mine Litecoin. Some users claim to have discovered it only after noticing significant processor load following installation of the client.
Chrome, Firefox for OS X safe; no ETA on Android, Windows patches
In an advisory published on Thursday, Microsoft has admitted that all versions of its OS and browser are susceptible to the FREAK bug. Additionally, all BlackBerry devices are also vulnerable. The flaw allowing the attack exists in approximately 36 percent of websites that use HTTPS, and miscreants are able to intercept and modify data passing between a vulnerable browser and a susceptible site. Neither BlackBarry devices nor Windows devices were intially pegged as susceptible due to a flaw in the coding of the test site.
Institutions having to redouble efforts to guard against traditional fraud, identity theft
The security built into Apple Pay is so resistant to tampering, reports the UK newpaper The Guardian, that criminals are focusing more than ever on traditional bank weaknesses surrounding common fraud and identity theft techniques, exploiting the lax identity requirements some banks employ for users who are adding credit cards to Passbook, which stores the data so that Apple Pay can later utilize it. So far, the fraud has racked up millions of dollars from stolen credit cards added to Apple Pay.
FREAK attack forces low-complexity '90s era encryption mandated by US
Researchers have discovered a critical flaw in the backbone of HTTPS-protected traffic, and it is an exploit that has potentially existed for decades. The flaw exists in approximately 36 percent of websites that use HTTPS, and miscreants are able to intercept and modify data passing between a vulnerable browser and a susceptible site. At the moment, OS X and iOS Safari and Chrome are vulnerable to the attack, as are virtually all Android devices ever produced, plus all browsers on Linux.
Austin-based music fest app will rely on 1,000 iBeacons to offer location-based info
The official SXSW music fest app for iOS and Android, SXSW Go, will tie into a network of 1,000 iBeacons placed around the festival's various venues to help users connect to friends, ensure they are at the right location, and let them know what events are scheduled at the venue they are in now, among other helpful information. Non-attendees can also use the app to view video feeds from various events.
Standalone monitoring camera does not require Wi-Fi
Panasonic has introduced the Nubo, a new surveillance camera that is claimed to be the first with built-in 4G connectivity. Buyers can already choose from a wide range of cameras connected via Wi-Fi or Ethernet, however the Nubo taps into an unaddressed niche market for monitoring in places where a Wi-Fi connection is not available.
Chinese-produced Grand S3 checks users vein pattern in eyes before unlocking
ZTE's latest flagship launching outside of China uses the owner's eyes to unlock the device, rather than codes or fingerprints. The latest in the Grand range, the ZTE Grand S3 uses EyeVerify's Eyeprint ID system to scan the eyes as a biometric authentication, instead of a fingerprint-based system used by some flagship devices, with Eyeprint ID keeping track of unique vein patterns on the eye itself.
Second-gen phone improves enterprise integration
Privacy company Silent Circle has revealed the second-generation Blackphone and announced plans for a security-focused Blackphone+ tablet. The Blackphone 2 features a range of hardware upgrades, but many business buyers will also welcome expanded support for enterprise mobile-device management systems such as Citrix.
Secure messaging, document editing, collaboration tools coming to nearly all
BlackBerry today unveiled a package of software and services to bring the platform's security features to smartphone and tablets running iOS, Android, and Windows operating systems. Coming to all platforms are the BlackBerry Productivity Suite, BlackBerry Communication and Collaboration Suite, and the BlackBerry Security Suite. The Productivity Suite allows users to manage work and personal messages, and edit documents across all devices. Additionally, all personal and work messages can be monitored one place, including email, text messages, and social networking accounts.
Visa, Mastercard allegedly pressured by Senator Leahy to cut off Mega
File storage locker Mega has experienced a major setback. Effective immediately, and at the alleged exhortation of the US government, Paypal has ceased processing payments for the service, despite PayPal's reported confirmation that Mega is a legitimate business. PayPal has since said that the company's "unique encryption model" securing its files presents an insurmountable difficulty to confirm legal compliance.
Apple adds gas station location info, school data to Maps app
Apple has added GreatSchools and GasBuddy to its list of sources for data in its Maps program. The latter company is said to be supplying Apple with gas station locations, exact business names and what major gasoline producer they are affiliated with, rather than the gas pricing spot-check that the company is known for. GreatSchools is likewise likely to be providing school locations information rather than specific school information.
Pebble releases preview of SDK 3.0 with color screen support
Pebble has released a new version of its smartwatch SDK, in preview. Version 3.0 is built with the Pebble Time in mind, including support for 64 colors in apps, a new animation framework, PNG and Animated PNG support, and automatic detection of which platforms the developer wants to build for when compiling. According to the company, developers looking to make apps for the new SDK will need to make relatively few changes to the application to get it to work.
Comments come in as expected, with threats of lawsuit and more work needed
As expected, the Federal Communication Commission's votes today have not gone unnoticed by the telecommunications and Internet industry. There are no surprises in the commentary generated by the vote, with posturing and veiled threats being delivered by those impacted negatively by the vote.
Revisions come at Google, advocacy group request for language clarification
On the eve of the net neutrality vote at the US Federal Communications Commission (FCC), chairman Tom Wheeler has reportedly made some changes to the proposal. Reportedly extracted by request of Google and some other public interest groups is a clause that could allow Internet Service Providers (ISPs) to charge websites for delivered content.
Cisco, Citrix also banned; government cites security concerns
A weekend move by China has stricken Apple, Intel, Cisco, Citrix, and McAfee from approved vendors for governmental purchase. Ostentibly to protect national security interests, the move appears to be more about giving state run and other Chinese companies a leg up on procurements in the country, similar to regulations inside the US government that does the same.
How to use the automatic text expansion in OS X and iOS to save typing
It's a funny world where most Mac users have heard of TextExpander by Smile Software, but so many of us don't even know that OS X has much of the same functionality built in for free. Strictly speaking, it is identical: your Mac can let you type a few characters, and it will expand that out into whole sentences, phone numbers you keep repeating, words you always find difficult to spell, and more -- assuming you've done some pre-configuration.
The MacNN Podcast for February 22, 2015
The MacNN Podcast hits its third broadcast and like the previous pair, touches on the hot button issues in the tech world! Join this week's hosts, MacNN Editor Charles Martin, alongside staff writer Michelle Elbert, reviewer William Gallagher, Managing Editor Mike Wuerthele, and contributor Sanjiv Sathiah as they discuss the events that got our attention, needed further discussion, or just plain tickled our fancy.
CTO admits Lenovo at fault for installing adware with security vulnerability
Lenovo has admitted wrongdoing in installing adware on its consumer notebooks, one that poses a security risk to its users. The PC producer's CTO Peter Hortensius has admitted that the company "messed up," with the firm not only providing tools to remove the software, but also actively encouraging customers to do so on their affected systems.
Apple's contract becoming major issue in 2015 LA election cycle
Signaling a complete end to the Los Angeles Unified School District's (LAUSD) plan of a computing device per student which began with a large and poorly-managed iPad program, Superintendent Ramon Cortines has declared that the district no longer has the funding to continue the effort. Confusingly saying that "education shouldn't become the gimmick of the year" when asked about the program, the school leader said that the district would attempt to provide computers when required for instruction and testing.
Ad-injection, monitoring of secure connections discovered in Superfish adware
Lenovo has been shipping PCs from its factory with adware pre-installed, according to reports. Notebooks from the manufacturer have been found to have Superfish software already installed without user intervention nor permission, with the software being used to inject extra advertising into websites, as well as being a potential security risk for end users.
First UK banks to use Touch ID to secure banking apps
Banks in the United Kingdom are starting to use Touch ID in their iOS apps for the first time. The Royal Bank of Scotland (RBS) and NatWest are rolling out Touch ID support to their banking apps starting from tomorrow, allowing bank customers to sign into the app using their fingerprint on iPhones, instead of using the current lengthy passcode system.
Equation Group claimed to have attacked major targets in over 30 countries
A secretive hacking collective that has been active for almost two decades has allegedly been uncovered by Kaspersky Lab. Dubbed the "Equation Group," because of their use of encryption algorithms and obfuscation methods, the hackers are apparently unique in that they created highly-professional tools and used "classic spying techniques" to retrieve data and affect systems used by high-value targets, such as governments, major national organizations, and other political targets.
Mac maker will continue to not share security information with government, however
Apple and Intel are among the US firms that have agreed to sign on to President Obama's new Cybersecurity Framework as a result of a recent summit on the topic held on Friday in Palo Alto, California. The two tech firms are the first in that sector to adopt the measures, which are intended to better coordinate reporting of data and security breaches and the response to them between businesses and the federal government.
Publication of vulnerabilities can take place up to 14 days after 90-day window
Google is making changes to Project Zero, its vulnerability discovery and disclosure scheme intended to promote security improvements in operating systems and other programs, giving companies more leniency in terms of time to develop patches for their software. In a number of cases, vulnerability disclosures will take place later than the fixed 90-day deadline, giving companies up to 14 more days to roll out a fix to their customers.
The MacNN Podcast for February 16, 2015
The MacNN Podcast hits its second episode and engages on a wide variety of topics! Join this week's hosts, MacNN Editor Charles Martin, alongside staff writer Michelle Elbert, reviewer William Gallagher, and news writer Malcolm Owen as they discuss the events that got our attention, needed further discussion, or just plain tickled our fancy.
More than 100 banks reportedly affected by hackers since 2013
Hackers have stolen more than $300 million from financial institutions around the world, according to a report from Kaspersky Lab provided to the New York Times. More than 100 banks in over 30 countries have allegedly been the victims of a malware-based attack, which began in 2013, though it appears the criminals behind it employed more sophisticated techniques than other malware intrusions, such as that of Target.
Specific plans, implementation of order not clear; order taps DHS
Potentially side-stepping some failed legislation, President Obama has announced a new executive order mandating enhanced cyber security for the US. The order, which will be driven by the Department of Homeland Security (DHS), is intended to streamline the process of sharing information about threats between US businesses, law enforcement, and the US government itself.
Extra layer of security should stop hackers, attackers from gaining access
Almost two years after it first added the option of two-factor verification to its iTunes and iCloud accounts, Apple has activated the extra layer of security for its iMessage and FaceTime services, further protecting users from the possibility of attackers gaining access. The extra step, if enabled, requires verification on another device beyond the usual name and password authentication.
Large proportion of dating apps on Google Play contain vulnerabilities
Users of dating services may be leaving themselves and their employers at risk, by using mobile apps, according to research performed by IBM Security. Researchers claim that a high proportion of dating apps on Android are vulnerable to attack, with 26 out of 41 apps analyzed on Google Play having medium or high severity vulnerabilities, opening the user up to attack.
Smart TVs collect voice commands not conversations, Samsung advises
Initiative praising Apple, Samsung for strides in anti-theft measures
Smartphone thefts have precipitously declined in three major cities that spearheaded an anti-theft initiative that they claim has driven industry trends. According to a joint press release from New York, San Francisco, and London, iPhone thefts alone have fallen 25, 40, and 50 percent, respectively -- the law enforcement group claims that device "kill switches," known in the Apple world as "Activation Lock" and "Remote Wipe," are credited for the drop in stolen devices.
Bringing your 'brains' with you, safely and efficiently
You may have noticed that people rarely use the term "getting away from it all" when they talk about vacations anymore. Unless you are going camping in the middle of absolutely nowhere, or trying to do a cruise ship on the cheap, chances are you are in fact bringing some of "it" with you -- probably in the form of your iPhone, iPad or Mac (or all three) and a connection to the Internet. As jet-setting journalists, we have come up with a few tips for this over the years, which we now pass on to you.
Uber adds panic button, share ride status options to app in India
Uber has made changes to its mobile app in India, in order to help with rider safety, following rape allegations against one of its drivers in the country last year. Share my ETA has been replaced by Share Status, which lets the passenger share details of the car and driver' location and appearance to others, with two taps of a button instantly sending details to five pre-selected contacts. The second, a panic button marked with SOS, will help quickly make calls to authorities in the event of an accident or another emergency.
Press conference by Pai met with angry protestors seeking Title II
Current US Federal Communications Commission (FCC) member Ajit Pai (R) and ex-FCC chairman Michael Powell (R) have come out in opposition to current chairman Tom Wheeler's net neutrality and Title II regulation plan for broadband and cellular data carriers. Both men, aligned with the Republican party and seemingly operating in parallel with efforts in the House and Senate to stop the measure, are calling the chairman's proposal unnecessary given the current climate, and injurious to investment in US broadband.
Senate DHS chief's committee calling for FCC reasoning, communications
Following a similar move by the House, the Senate has launched its own investigation on the US Federal Communications Commission's upcoming call for Title II legislation of ISPs. Senate Homeland Security and Governmental Affairs Chairman Ron Johnson (R-WI) is giving the FCC two weeks to provide documents related to, and reasoning for, the call for "what new factors" after President Obama's remarks induced the FCC to apply Title II reclassification.
President seeks to strike balance between security and privacy
The Office of the President has announced a forthcoming White House Summit on Cybersecurity and Consumer Protection that will take place on Friday, February 13 at Stanford University. President Obama and representatives from business, government, cyber security firms and other interested stakeholders will gather in the hopes of finding a balance between protecting America's interests from the growing threat of cyber-attacks, while still protecting citizen privacy. Apple CEO Tim Cook is among those who have been invited to speak.
French ISPs have 24 hours to block content following government request
The French government is now able to order Internet service providers to block websites relating to terrorism and child pornography. The new law, brought into effect following its publication in an official journal and in development since mid-2014, forces ISPs to prevent access to specific content discovered by government officials within 24 hours of a request.
Personal information overheard by smart TV may be transmitted to third party
Fraudulent filings on the state level on the increase
Intuit, the company behind TurboTax, announced today that it has temporarily stopped the processing of state tax returns, in light of an increasing concerns over fraudulent filings. As of February 5, TurboTax has paused state filings, and Intuit hopes to resume transmitting state filings today. The company is working with state governments to clear up the mystery of the fraudulently-filed returns and allow filing to resume.
Keeper updates for iOS 8.2, adds SDK for third-party app integration
Password vault Keeper, a password vault solution that offers the program and basic service for free (with a document backup service available for a fee), has been updated for better compatibility with iOS 8.2. The password vault service can generate, store, and autopopulate highly-complex passwords for the user on all major smartphones, tablets, and computers.
Jury says Silk Road creator is Dread Pirate Roberts, faces life in prison
The founder and creator of the now-shuttered black market site Silk Road, Ross William Ulbricht, was found guilty by a jury of six men and six women, who deliberated for just 3.5 hours following a week-long trial. The case began in 2013, when Ulbricht was arrested in a library and his laptop seized. Ulbricht denied being the site's leader, the "Dread Pirate Roberts" (a reference from the movie The Princess Bride of a feared foe whose mantle is periodically taken up by successors), claiming that others ran the site. The jury did not believe him.
Security issue was being exploited in the wild, affects all platforms and previous versions
Adobe has again had to update it's Flash software for OS X, Windows, and Linux in light of a critical security flaw that allowed remote attackers to take over and control un-updated Macs or PCs, just 10 days after the previous critical fix was issued. The software is now updated to version 22.214.171.1245, up from version 126.96.36.1997. The update fixes CVE-2015-0313, a zero-day flaw that can be triggered simply by visiting infected websites with Flash turned on.
Package built for iOS 7, runs on iOS 8; limited possibility of spread
Security researcher Trend Micro has found another malware package that uses Apple's "ad hoc provisioning" feature to install. The software, called XAgent, is part of a phishing attack that harvests contact information from an infected phone, and emails itself to friends of the infected. Users must install the malware themselves, but could be tricked into doing so. Data stolen includes text messages, contact lists, pictures (specifically, screen shots), location information, and a list of installed applications.
Company believes medical, financial information safe
Health insurance provider Anthem, and its 37.5 million insured members, are the most recent victims of data theft. The insurer announced late yesterday that a data breach had occurred in one of its databases. Stolen are records containing personal information, including Social Security numbers and date of birth for both current and former employees, as well as customers spanning 10 years of service.
Proposal to be submitted for FCC discussion before end of the week
Officially launching what will become a highly-contentious fight in Washington DC, US Federal Communications Commission commissioner Tom Wheeler has officially stated that he is submitting "the strongest open Internet protections ever proposed by the FCC," which calls for the banning of paid prioritization, and the blocking and throttling of lawful content and services. The move by the chairman was expected, with AT&T and Verizon both threatening lawsuits to block the regulation.
Avast discovers Android app malware that triggers days after initial installation
Millions of Android users are at risk from malicious apps offered for download on Google Play, an antivirus firm has revealed. A card game called Durak downloaded between 5 million and 10 million times, an IQ test, and a history app are all said by an Avast researcher to include malware which can trick users into paying for services or buying apps they do not need.
To be used for gold models only
Some Apple Stores are already being equipped with custom safes in order to store the gold Edition models of the forthcomng Apple Watch, sources say. It's thought that the safes will be used to protect both for-sale inventory and any demo units, the latter of which will have to be removed from the showfloor overnight. Because demo hardware will have to stay fully charged, the safes are said to have MagSafe chargers mounted inside.
Suit seemingly compares Cablevision's public Wi-Fi with private routers
Cablevision Systems Corporation has filed a lawsuit in federal court for the Eastern District of New York against Verizon Communications, seeking an end to what it calls "its false, misleading and deceptive advertising claims about Wi-Fi service" related to Verizon's new 802.11ac Wi-Fi router, which has yet to see wide rollout. Cablevision's premise is that few customers would actually be in a position to achieve speeds faster than Cablevision's offerings, and it would cost them much more.
New security and convenience features in this updated password manager
Admit it: if you've already got 1Password, then you use it for creating superbly strong passwords for any site you use -- but the password you use to unlock the app itself is rubbish. That's partly because you've used this password since the dawn of time, and it's ingrained in you, but it's also because changing it across your Mac, iPhone and iPad is a pain. Not anymore. The new update is to the iOS version, but now if you change you password on your Mac, it will automatically change on your iOS devices.