LastPass unpatched zero-day vulnerability; Windows 10’s Anniversary update is just what everyday users need; How to clean your Windows registry and speed up your PC ; Removing Windows 10’s default apps isn’t easy, but CCleaner can help; Slimmed down 2TB Xbox One S hits stores August 2 for $399; Flaws in wireless keyboards let hackers snoop on everything you type – and much more news you need to know.
LastPass unpatched zero-day vulnerability gives hackers access to your account – The security flaw was one of “a bunch of critical problems” discovered by a prominent researcher who simply took a quick look at the software.
Cybersecurity firm offers users reimbursement for ransomware infections – Security firm SentinelOne is confident it can beat any of today’s ransomware — and is willing to put money behind that claim.
Here are the key security features coming to Windows 10 next week – Here’s a look at Windows Information Protection and Windows Defender Advanced Threat Protection, two new features that will be launching next week with the latest major update to Windows 10.
Windows 10’s Anniversary update is just what everyday users need – It can’t be disputed: Windows 10 has been a wild success for Microsoft, after being installed on more than 350 million devices. To mark this, August 2nd is the release of the Anniversary Update which brings a slew of tweaks, fixes and new features. Before I move on, fun fact: it took 25 PC builds and 16 mobile builds for Windows Insider Program participants — the highest engagement from both testers and Microsoft ever seen with this version of the OS. If you care for nothing else of this update, just know that there’s a “dark mode” in Windows now (finally). However, with an update this big it might be worth updating your computer, for once.
The Anniversary Update’s most exciting features: Windows 10 users weigh in – We know Microsoft’s spin on the Anniversary Update for Windows 10, but here’s what users say they’re most pumped about.
Removing Windows 10’s default apps isn’t easy, but CCleaner can help – Microsoft makes it hard to remove its built-in apps in Windows 10, even if you really don’t want them. CCleaner gives you a way, though, and we’ll show it to you here.
Remix OS for PC moves to Android 6.0, new features in tow – Android Nougat is around the corner and with it comes split windows. But while Google is still adjusting to having more than one app window on the screen at the same time, Jide is already perfecting its craft. With Remix OS for PC, it has brought desktop-like Android computing to PCs and Macs running on Intel and AMD chips. Now with the latest update, the giving those same computers a taste of Android 6.0 Marshmallow, as well as improvements to its window management features.
How to clean your Windows registry and speed up your PC – A cluttered registry can slow Windows to a crawl, but cleaning it effectively isn’t easy. We put several registry cleaners to the test and offer tips to help you get your registry down to size and improve your PC’s performance.
Opera Mini on Android gains video download feature – If you are one of the folks who loves to watch video on your phones as you spend time out of the home or office, you might not like the fact that the video uses up a bunch of your data. A new version of Opera Mini for Android has launched and it has a feature that will allow you to download your favorite videos and take them with you on the go.
Android’s new Emergency Location Service could save your life – Google is rolling out a feature that will give your exact location to emergency services if you dial their number.
BlackBerry ditches the physical keyboard for its second Android phone – The Canadian hardware company’s second Android handset features a 5.2-inch full HD display, in place of BlackBerry’s trademark physical keyboard. The rather formally named DTEK50 runs Android Marshmallow coupled with a slew of security features aimed at maintaining the company’s long-standing privacy focus. Among them is the titular DTEK app designed to monitor account and hardware access, a secure boot process, full disk encryption, and a variety of additional security patches on top of Google’s mobile operating system.
Twitter for Android adds a night mode option – Do you like browsing Twitter before bed? If so, the Android app was just updated with a feature that makes doing so a bit more friendly: night mode. When activated, the bright Android app for Twitter is toggled over to a theme that’s much easier on the eyes in a dark room. Turning the night mode on is as simple as flipping a switch; you can turn it off whenever you want, as well, to get the light theme back.
How to turn off web notifications in Chrome, Edge, and Firefox – Web notifications are great, except when they aren’t. Here’s how to disable them off on a site-by-site basis.
Google Maps gets color coded visuals, areas of interest – Map and navigation apps, be they from Google, Apple, previously Nokia, or even Microsoft, can be life savers, especially when venturing into territory unknown. But that only works if you can actually make heads or tails of the information crammed within. Making something look prettier isn’t just a matter of aesthetic enhancement. It can also be about whether you’ll be able to tell one road or area from another at a glance. That is why in its latest Maps update, Google is splashing some new colors and removing a few lines for the sake making Google Maps easier to “read”, even when you’re mind is stressed out from getting lost.
Say Farewell to SMS-Based Two-Factor Authentication? – If you’ve used text messaging for two-factor authentication, it might soon be a thing of the past. The U.S. National Institute for Standards and Technology (NIST) says in a new draft of its Digital Authentication Guideline that SMS-based two-factor authentication should not be used due to security concerns. “[Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance,” the documents reads. … in the guideline, NIST argues that it’s too easy for people to obtain a cell phone and there’s no way for the site operator to know whether the person who receives the verification code is even the correct recipient. The technology, in other words, isn’t nearly as secure as some had hoped.
New attack bypasses HTTPS protection on Macs, Windows, and Linux – A key guarantee provided by HTTPS encryption is that the addresses of visited websites aren’t visible to attackers who may be monitoring an end user’s network traffic. Now, researchers have devised an attack that breaks this protection. The attack can be carried out by operators of just about any type of network, including public Wi-Fi networks, which arguably are the places where Web surfers need HTTPS the most. It works by abusing a feature known as WPAD—short for Web Proxy Autodisovery—in a way that exposes certain browser requests to attacker-controlled code. The attacker then gets to see the entire URL of every site the target visits. The exploit works against virtually all browsers and operating systems.
Flaws in wireless keyboards let hackers snoop on everything you type – Your wireless keyboard is giving up your secrets — literally. With an antenna and wireless dongle worth a few bucks, and a few lines of Python code, a hacker can passively and covertly record everything you type on your wireless keyboard from hundreds of feet away. Usernames, passwords, credit card data, your manuscript or company’s balance sheet — whatever you’re working on at the time. It’s an attack that can’t be easily prevented, and one that almost nobody thought of — except the security researchers who found it.
Over 100 suspicious, snooping Tor nodes discovered – Over 72 days, computer science PhD student Amirali Sanatinia and Guevara Noubir, professor at the College of Computer and Information Science at Northeastern University uncovered nodes on the network which were not behaving as they ought. The nodes, otherwise known as Tor Hidden Services Directories (HSDirs), servers which receive traffic and directs users to hidden services, are a crucial element needed to mask the true IP of users on the network.
The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters – Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, hospitals, elevators, and the power grid. In these stories, thousands of people die. Chaos ensues. While some of these scenarios overhype the mass destruction, the individual risks are all real. And traditional computer and network security isn’t prepared to deal with them.
Serious security flaws found in Osram smart bulbs – The smart home tech company reportedly won’t patch all of the vulnerabilities.
Ransomware 2.0 is around the corner and it’s a massive threat to the enterprise – The profits from ransomware are making it one of the fastest growing types of malware and new versions could negatively impact entire industries, according to a Cisco report.
10 tips to avoid ransomware attacks – As ransomware increasingly targets healthcare organizations, schools and government agencies, security experts offer advice to help IT leaders prepare and protect.
Keys to Chimera crypto ransomware allegedly leaked by rival crime gang – Sometimes, the fierce competition in the booming crypto ransomware market works in the favor of the victims whose priceless data is held hostage. That appears to be what played out on Tuesday when the criminals behind a package known as “Mischa” published what’s purported to be the secret crypto keys for the rival Chimera malware.
LogMeIn merging with Citrix’s GoTo business – Remote access software maker LogMeIn is merging with Citrix’s GoTo business, the companies announced Tuesday, in a deal valued at $1.8 billion. Citrix said back in November that it would spin off its GoTo family of products as a separate company — by combining the spinoff with a merger, the transfer (in the guise of a merger) is tax free for Citrix. This sort of transaction is called a “Reverse Morris Trust.” The deal has been unanimously approved by the boards of directors of both Citrix and LogMeIn.
Qualcomm has agreed to pay nearly $20 million to settle sex discrimination claims – The proposed settlement, which was reached before a suit was filed, requires Qualcomm to set up new policies and procedures to ensure women working in technical fields enjoy the same job opportunities as their male counterparts. “While we have strong defenses to the claims, we elected to focus on continuing to make meaningful enhancements to our internal programs and processes that drive equity and a diverse and inclusive workforce which are values that we share and embrace,” Qualcomm said, adding that it can’t comment further since the deal requires court approval. The deal was reached following months of negotiations as well as two mediation sessions earlier this year.
Apple’s profit fell 27 percent in Q3 2016, but earnings beat expectations – Apple’s quarterly profit fell 27 percent in Q3 2016, to $7.80 billion from $10.68 billion a year ago, but the company’s shares rose today as the earnings beat analysts’ expectations. Quarterly revenue was $42.36 billion, down from $49.60 billion in the year-ago quarter, a drop of 14.6 percent. When Apple announced its previous results three months ago, the company said it expected to make between $41 and $43 billion in revenue in the third quarter of fiscal 2016, with profit margins between 37.5 and 38 percent. Actual results were near the top end of the estimates; gross margin was 38 percent. “Analysts polled by Thomson Reuters estimated that Apple would post earnings of $1.38 a share on revenue of $42.1 billion,” The Wall Street Journal reported. Actual earnings per share were $1.42.
Investors realize Nintendo didn’t develop Pokémon Go and shares plummet – Nintendo’s shares plunged after the company said late Friday that the worldwide success of Pokémon Go will not significantly impact its financial results. Nothing Nintendo disclosed about the ownership of the game was new information, but markets were shocked anyway. The stock sank 18 percent to 23,220 yen at the close in Tokyo, the maximum one-day move allowed by the exchange, noted Bloomberg. After the drop, Nintendo’s stock remained flat. In morning trading today, the Kyoto-based company’s shares were down $2.36, or 8.14 percent, at $26.64.
Vizio acquisition by Chinese TV and content powerhouse LeEco could shake up U.S. market – The $2 billion purchase of Vizio makes LeEco the number-two player in the U.S. smart TV market, and provides an opportunity for its many content holdings.
Twitter is adding users, but its biggest problems still remain – In its fiscal second quarter earnings report released today, Twitter says it added 3 million users, about 1 million more than Wall Street was expecting. The service now counts 313 million total monthly active users. It also posted profit of 13 cents a share on revenue of $602 million, which is better on EPS and yet worse on revenue than what Wall Street was looking for. Analysts surveyed by Thompson Reuters had Twitter at a profit of 10 cents a share on revenue of $607 million. The big takeaway, however, is the year-over-year percentage growth, which at only 20 percent is at its lowest since Twitter went public. A year ago, the figure was 61 percent. Two years ago, it was 124 percent.
Games and Entertainment:
Slimmed down 2TB Xbox One S hits stores August 2 for $399 – After leaking and then confirming news of the slim, white, Xbox One redesign just over a month ago, Microsoft today announced that its Xbox One S console hardware refresh will hit retailers on August 2. A 2TB system will cost $399 and will be available in “limited quantities” in the US, Australia, New Zealand, and most of Europe on that day. Versions with 1TB and 500GB hard drives will be available for $349 and $299, respectively, at a later date.
Sonic the Hedgehog Is Really Trying to Get His Act Together for 25th Anniversary – Sonic the Hedgehog has had a rough time lately. Sega’s fast furball may have shared a degree of the fame of Nintendo’s Mario in the ’90s, but for more than a decade the scores for the games he starred in have been so low they could pass for autumn high temperatures in Fargo, North Dakota. Worse, an outrageously snarky official Twitter account consistently proved more entertaining than the actual games. But something wonderful happened last night during Sonic’s 25th birthday celebration at the San Diego Comic Con: Sega revealed not one but two upcoming Sonic games, and they look like they might actually be good.
No Man’s Sky hit with last-minute delay on PC – PC players excited for the release of No Man’s Sky are going to have to wait a little bit longer to cruise around the universe. Originally scheduled to launch alongside the PS4 version on August 9, the PC version of the highly-anticipated game has been hit with another delay. That’s going to be disappointing to hear for eager gamers who have already had to deal with delays, but it’s not as bad as you may initially think.
Tim Sweeney claims that Microsoft will remove Win32, destroy Steam – Tim Sweeney doesn’t like Windows 10 or Microsoft’s Universal Windows Platform, the common development platform that allows developers to create software that can run on Windows on PCs, phones, tablets, HoloLens, and the Xbox. In March he published an op-ed in The Guardian saying that UWP “can, should, must, and will die” because, he claimed, Microsoft could use UWP to create a walled garden, with UWP games not available through competing stores such as Steam. Still apparently concerned with the health of the PC gaming industry, Sweeney is now claiming, through in an interview with the print-only Edge magazine, that Microsoft will use Windows updates to kill Steam.
Sega Mega Drive console with 80 built-in games goes up for preorder – Nintendo recently announced plans to capitalize on nostalgia with the NES Classic Edition, and now Sega is doing something similar. Now available for order is the Sega Mega Drive, as well as a Mega Drive/Genesis handheld console, to commemorate the 25th Sonic anniversary. The console costs about $65 USD, as does the handheld version, and comes packed with 80 integrated games including Mortal Kombat 1 – 3, a handful of Sonic games, Golden Axe 1 – 3, and a bunch more.
Nintendo NX detailed in new leak as a portable, cartridge-based console – Nintendo’s NX is still a console shrouded in mystery, but today a massive new leak might is dishing a lot of details about what it will offer when it arrives next year. Falling in with previous rumors, this leak also tips the NX as a portable console, but Nintendo is taking a more daring approach to handhelds this time around. Apparently, the NX will feature its own screen and detachable controllers that are housed on the device itself.
Free Xbox One/360 Games With Gold for August 2016 revealed – WWE 2K16, Spelunky, and more coming for Xbox Live Gold members.
Off Topic (Sort of):
The Motherboard e-Glossary of Cyber Terms and Hacking Lingo – One of the challenges of writing—and reading—about hacking is that it’s a world full of jargon and technical terms. It’s our job as journalists to translate this lingo and make it understandable to the average reader. Still, accuracy is important and sometimes you have to use the right terms. To help you navigate our stories during our special week on cybersecurity, The Hacks We Can’t See, (and our future and continued coverage of hacking) we thought it’d be good to have a little glossary. Here it is.
California to Require Registration of 3D-Printed Guns – California isn’t playing around with 3D-printed guns. As Motherboard reports, Governor Jerry Brown on Friday signed legislation that will now require anyone who 3D prints a gun to obtain a serial number or “other mark of identification,” and affix it to the weapon within 10 days. In addition, owners will need to have a background check and no 3D-printed guns can be sold or transferred to another party.
Judge Says Bitcoin Isn’t Really Money – Bitcoin is not money, according to a Florida judge. Miami-Dade Circuit Judge Teresa Mary Pooler ruled on Monday that since bitcoin is not backed by a nation or bank, and that it can’t be “hidden under a mattress like cash and gold bars,” it cannot be considered money. The case in question accused a man of selling and laundering $1,500 worth of bitcoin to undercover detectives, who said they wanted to buy stolen credit card numbers, according to the Miami Herald, which reported on the ruling.
Australian Dropbears win the Quidditch World Cup – The fictional game invented by JK Rowling has turned into a global competition between 21 teams, and this year Australia has taken home the gold.
Facebook open sources Surround 360 camera with Ikea-style instructions – Facebook needs you to fill its News Feed, Oculus Rift, and Gear VR with 360 content. So today it put all the hardware and software designs of its Surround 360 camera on Github, after announcing the plan in April. Thanks to cheeky instruction manual inspired by Ikea’s manuals, you can learn how to buy the parts, assemble the camera, load the image-stitching software, and start shooting 360 content. Essentially 17 cameras on a UFO-looking stick, the Surround 360 camera can be built for about $30,000 in parts. The 4-megapixel lenses can shoot 4K, 6K, or 8K 360 video, and fisheye lenses on the top and bottom remove the blindspots. Facebook forced a random engineer to try to build the Surround 360 from the open source instructions, and found it took about four hours.
MIT Researchers working on glasses-free 3D for cinemas – Viewing digital images in 3D, whether it be in a theater or with something like a VR headset, operate on the same principles of separating what the left eye sees from what the right eye sees. Coincidentally, both those cases also have something in common: the need to use some eyepiece or, worse, headgear, to experience “true” 3D visuals. Glasses-free 3D has been a holy grail, especially in the entertainment industry, where solutions like that found on the Nintendo 3DS are too expensive to put on a giant screen. Luckily, researchers from MIT are working on such a solution and are calling it, what else, “Cinema 3D”.
Something to think about:
“The single biggest problem in communication is the illusion that it has taken place.”
– George Bernard Shaw
In Pursuit of Freedom – The Pushback Continues:
Illinois to Cops: Want to Use Stingrays? Get a Court Order – If law enforcement wants to track you down, one option is the stingray. It can mimic cell phone tower signals and trick devices into connecting, allowing police and investigators to find you or snoop on your conversations.
It’s a powerful tool, which is why the Illinois governor just signed a law that will require a court order before law enforcement can use stingrays, or cell site simulator devices, effective Jan. 1.
Under the Citizen Privacy Protection Act, “a law enforcement agency may not use a cell site simulator device, except to locate or track the location of a communications device or to identify a communications device, [and] a court order based on probable cause…is required for any permitted use of a cell site simulator device.”
“It is important that we take steps to enable police to effectively investigate and solve crimes using the latest technology, but it is equally important that we protect innocent people from unnecessary and unwarranted invasions of their privacy,” bill sponsor Daniel Biss said in a statement.
An Internet Censorship Company Tried to Sue the Researchers Who Exposed Them – Netsweeper is a small Canadian company with a disarmingly boring name and an office nestled among the squat buildings of Waterloo, Ontario. But its services—namely, online censorship—are offered in countries as far-flung as Bahrain and Yemen.
In 2015, University of Toronto-based research hub Citizen Lab reported that Netsweeper was providing Yemeni rebels with censorship technology. In response, Citizen Lab director Ron Deibert revealed in a blog post on Tuesday, Netsweeper sued the university and Deibert for defamation. Netsweeper discontinued its lawsuit in its entirety in April.
If the suit was successful, Deibert wrote, damages would have amounted to more than $3 million.
“It should be pointed out that this is not the first time a company has contemplated legal action regarding the work of the Citizen Lab,” Deibert wrote. “However, it is the first time that a company has gone so far as to begin litigation proceedings. I suspect it will not be the last.”
Europe gives Privacy Shield one year to work – Europe’s data protection authorities will hold fire for one year on the new Privacy Shield agreement, withholding any potential legal challenges until mid-2017.
In a statement [PDF] by the Article 29 Working Party (WP29), the influential body noted it was still unhappy with the final text of the agreement – which replaces the previous Safe Harbor agreement between Europe and the United States and covers transatlantic data flows – but that it would wait until the first annual review before putting forward any formal challenges.
The decision will come as a huge relief to US corporations who rely on the agreement for billions of dollars of trade.
The group had previously said the draft Privacy Shield agreement was “too complex … and therefore ineffective” and so overall was “not acceptable.”
Those criticisms led to changes being made – which the group acknowledges in its letter – but it remains skeptical that they will be sufficient.
Verizon’s Yahoo deal creates tracking powerhouse, privacy groups warn – Verizon’s planned US$4.8 billion acquisition of Yahoo will create an international consumer tracking powerhouse that raises serious privacy concerns, some privacy advocates said.