June 2020 - wlug - University of Waikato Mail Lists

Google Removes 25 Android Apps Caught Stealing Facebook Credentials

by Peter Reutemann

'Google has removed this month 25 Android apps from the Google Play Store that were caught stealing Facebook credentials. From a report: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground. If the app was Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login page (see image below: blue bar = actual Facebook app, black bar = phishing page).' -- source: https://tech.slashdot.org/story/20/06/30/1411202 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week

1
0
0 0

Android's AirDrop Competitor Is Coming Soon

by Peter Reutemann

'Android's long-awaited "Nearby Sharing" feature, which allows you to share files between Android devices wirelessly, is rolling out to beta testers. Android Police reports: Nearby Sharing may appear slightly differently depending on the type of content you try to share. In all cases, it shows up as an app in the apps list on the share sheet, but you may also get a smaller prompt just under the content preview, more like it did in the previous Android 11 video leak. We tested it on a Pixel 4 XL and Pixel 3a running Android 10, but the appearance may also vary on other versions of Android. Note that Nearby Share works for both files like photos or videos, as well as other shareable content like Tweets and URLs. It probably works with a lot of things. Select Nearby Share in the share sheet as the target, and you're prompted to turn on the feature, if it's the first time you've used it. The quick setup process lets you configure your default device name and device visibility settings, though those can also be changed later. Once you have it enabled, Nearby Sharing starts looking for other nearby devices. The interface is pretty simple: A big X in the top left corner backs you out, your avatar on the right takes you to a settings pane that lets you configure things like your device name, visibility, and which mechanism to use to make the transfer (i.e., whether to use your internet connection for small files, to stick to Wi-Fi, or to always share offline). Google says Nearby Share is currently in limited testing via the Play Services beta: "We're currently conducting a beta test of a new Nearby Share feature that we plan to share more information on in the future. Our goal is to launch the feature with support for Android 6+ devices as well as other platforms."' -- source: https://mobile.slashdot.org/story/20/06/30/2014259 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week

1
0
0 0

Apple Declined To Implement 16 Web APIs in Safari Due To Privacy Concerns

by Peter Reutemann

'Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices. Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices. Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor. Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader. Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes. Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes. Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices. Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors. [...] The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices. ' -- source: https://apple.slashdot.org/story/20/06/29/1456247 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 1 day

2
1
0 0

A decidedly non-Linux distro walkthrough: Haiku R1/beta2

by Peter Reutemann

'Earlier this month, the Haiku project released the second beta of its namesake operating system, Haiku. Haiku is the reimagining of a particularly ambitious, forward-looking operating system from 1995—Be, Inc.'s BeOS. BeOS was developed to take advantage of Symmetrical Multi-Processing (SMP) hardware using techniques we take for granted today—kernel-scheduled pre-emptive multitasking, ubiquitous multithreading, and BFS—a 64-bit journaling filesystem of its very own. [...] In June 2020—nineteen years after OpenBeOS was born, and sixteen after its rename to Haiku—the project released its second beta distribution. The project still adheres to backward application compatibility with 1990s BeOS—although only in its 32-bit version, which I did not test.' -- source: https://arstechnica.com/gadgets/2020/06/a-decidedly-non-linux-distro-walkth… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 1 day

2
1
0 0

Firefox 79 Stable Will Let Users Test Unreleased Features Using 'Experiments'

by Peter Reutemann

'Both Edge and Chrome already allow users to try unreleased, experimental features (by typing about:flags in the address bar). Soon there'll be a similar "Firefox Experiments" option starting in Firefox 79. Slashdot reader techtsp shares this report from the Windows Club: Mozilla has a dedicated Experimental Features page on MDN just for that. But limiting experimental features to Firefox's Nightly channel has a limitation: A fairly limited number of "curious" users. Now, extending some of these experimental features to stable releases will increase the scope of "Firefox Experiments" as a whole... This option will allow users to enable/disable experimental features under Preferences... [In Firefox 79] Navigate to Preferences by entering about:preferences in the browser's address bar or click the gear icon and got to "Preferences." Discover and set browser.preferences.experimental to True. Now, you should be able to see the "Firefox Experiments" menu under Firefox 79 Preferences.' -- source: https://tech.slashdot.org/story/20/06/27/0321206 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 3 days

1
0
0 0

Journalist's Phone Hacked: All He Had To Do Was Visit a Website. Any Website.

by Peter Reutemann

'The iPhone that Moroccan journalist Omar Radi used to contact his sources also allowed his government to spy on him (and at least two other journalists), reports the Toronto Star, citing new research from Amnesty International. Slashdot reader Iwastheone shares their report: Their government could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment. Yet Radi was trained in encryption and cyber security. He hadn't clicked on any suspicious links and didn't have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked. Instead, a report published Monday by Amnesty International shows Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website. Forensic evidence gathered by Amnesty International on Radi's phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser. Two more human rights advocates in Morocco have been targeted by the same malware, the article reports.' -- source: https://yro.slashdot.org/story/20/06/27/029222 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 3 days

1
0
0 0

Comcast Becomes the First ISP To Join Mozilla's TRR Program

by Peter Reutemann

'Comcast has joined Cloudflare and NextDNS in partnering with Mozilla's Trusted Recursive Resolver program, which aims to make DNS more trusted and secure. Neowin reports: Commenting on the move, Firefox CTO Eric Rescorla, said: "Comcast has moved quickly to adopt DNS encryption technology and we're excited to have them join the TRR program. Bringing ISPs into the TRR program helps us protect user privacy online without disrupting existing user experiences. We hope this sets a precedent for further cooperation between browsers and ISPs." With its TRR program, Mozilla said that encrypting DNS data with DoH is just the first step in securing DNS. It said that the second step requires companies handling the data to have appropriate rules in place for handling it. Mozilla believes these rules include limiting data collection and retention, ensuring transparency about any retained data, and limiting the use of the resolver to block access or modify content. Ars Technica notes that joining Mozilla's program means that Comcast agreed that it won't "retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser," along with other requirements. When the change happens, it'll be automatic for users unless they've chosen a different DoH provider or disabled DoH altogether. Comcast told Ars yesterday that "Firefox users on Xfinity should automatically default to Xfinity resolvers under Mozilla's Trusted Recursive Resolver program, unless they have manually chosen a different resolver, or if DoH is disabled. The precise mechanism is still being tested and the companies plan to document it soon in an IETF [Internet Engineering Task Force] Draft."' -- source: https://tech.slashdot.org/story/20/06/25/1953252 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 5 days

2
1
0 0

Ubuntu..

by john

One of the moderators asked (after using Simply Mepis) He wanted a more GUI system for another version of Linux OS. After we all gave an opinion favouring Ubuntu or Mint to meet his needs another member posted: "No, don't try Ubuntu. Right in the T&C it says all searches, including those of your own hard drive, go to the BBC and others. You really don't want an invasion of your privacy that includes all your search results including all your personal material effectively being public knowledge." I have a problem with this small "fact" and wonder about it's validity BBC. British broadcasting corporation. Blueberry county. Big beautiful clowns??? .-- Cheers John..

1 week, 6 days

3
3
0 0

Safari 14 Removes Flash, Gets Support for Breach Alerts, HTTP/3, and WebP

by Peter Reutemann

'Safari 14, scheduled to be released later this fall with iOS 14 and macOS 11, is a release that is packed choke-full with features. From a report: The biggest and most important of the new additions is support for WebExtensions, a technology for creating browser extensions. What this means for Safari users is that starting this fall, they'll see a huge influx of new Safari extensions as add-on developers are expected to port their existing Chrome and Firefox extensions to work on Apple's browser as well. Apple said that, for now, WebExtensions will only be available for Safari on macOS. Safari 14 is also an end of an era, as this will be the first version of Safari that won't support Adobe Flash Player content. But while old stuff is being removed, new stuff is also being added. One of the new technologies added to Safari is support for HTTP/3, a new web standard that will make loading websites faster and safer. Another important addition in Safari is support for WebP, a lightweight image format that has been gaining widespread adoption across the internet. The format, created by Google, serves as an alternative to the older JPEG format, and Safari has been the last browser to add support for it. [...] But Safari hasn't been lagging behind other browsers just in terms of HTTP/3 and WebP support. Apple has also added support for another cool feature, namely breach alerts, already present in both Chrome and Firefox. Starting this fall, Apple says that Safari 14 will scan a user's locally-stored passwords and show a prompt if one or more of the user's credentials are present in publicly available lists of breached accounts.' -- source: https://yro.slashdot.org/story/20/06/24/1753236 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 6 days

1
0
0 0

Google Says It Will Keep Less Browser History and Location Data By Default

by Peter Reutemann

'Google said Wednesday it was changing the defaults on its services in an effort to store less browser history and location data on its servers. NBC News reports: Google CEO Sundar Pichai said in a blog post that the first time a person turns on location history, the default option would be for the data to be stored for 18 months. Activity from the web and from apps would also default to 18 months for new accounts, he said. "This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it," Pichai said. There will be no automatic change for existing accounts and people who already have location history turned on in their Google settings, but the company plans to inform existing users of the option to set up auto-delete after three to 18 months, he said. People also have the option to turn the setting off.' -- source: https://tech.slashdot.org/story/20/06/24/2030254 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 week, 6 days

1
0
0 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug June 2020