Microsoft dodges questions about free versions to pirates, Parallels users
Microsoft has made a passing attempt to clarify some of its policy on free upgrades to Windows 10. In an interview, senior director of product marketing at Microsoft Aaron Woodman detailed what the company has decided about the offering -- and an alarming amount of decisions seem to have not been made yet about licensing the OS.
Other members include Microsoft, LinkedIn, Evernote, DropBox, many others
Nearly all of the tech industry, including Apple, Google, Microsoft, Yahoo, and LinkedIn have co-signed a letter to the US government, calling for reform of Section 215 of the Patriot Act before it expires and is likely renewed in May. The coalition is seeking an "effective end to bulk collection" of user metadata, "transparency and accountability mechanisms" for federal and industry reporting, and eased declassification of Foreign Intelligence Surveillance Court decisions.
Twitter starts testing automatic playing of promoted videos in iOS apps
Twitter is starting to test automatically-playing videos in its apps. According to Ad Age, the service will autoplay promoted video ads to some Twitter users in the United States using the official iOS app. While the videos will play muted, some users will see a looping six-second preview while others will see the the full video in a loop, with both groups able to select the video to view it full screen and with sound turned on.
Game streaming service resets all accounts as security measure
Twitch has warned users that their account information may have been compromised in a breach. The game streaming service has attempted to protect its users from any further potential security issues arising from the possible intrusion, by reseting the passwords and stream keys for all accounts, as well as disassociating them from linked YouTube accounts.
New Android Lollipop security function prevents locking when smartphone is held
Android users may be able to use their smartphone for longer periods without seeing their lock screen, thanks to a new feature spotted rolling out to Smart Lock on Android Lollipop devices. On-body detection will keep a smartphone or tablet unlocked if it detects it is being carried, automatically reinstating the lock when it detects it has been placed down on a surface.
Leading reseller B&H gets Apple mini-store at brick-and-mortar Manhattan HQ
Although many MacNN readers will be familiar with B&H Photo Video through the company's online site via its frequent mention in our various deals posts, the firm is actually the largest non-chain electronics retailer in the United States, having a midtown Manhattan location since 1973 and being a widely-recognized photo, video, and Apple specialist. Earlier this week, the store opened its Apple-authorized "store within a store" focusing on Apple products.
Early 2015 MacBooks, MacBook Pros get separate version
Apple on Thursday has updated OS X Yosemite 10.10.2 (only) with a new security update. While details are not available, the update could possibly be the first to address an https vulnerability known as FREAK, which can compromise secure web browsing on a variety of systems and applications. In addition, the company has issued an update for iPhoto to further help with the eventual transition to Photos, as well as clear up a few bugs.
Proposal could provide affected Target breach victims with up to $10,000
Target has agreed to a potential settlement with victims of the retailer's major breach of late 2013. Still needing to be approved by a federal judge, the settlement in the class-action lawsuit will involve Target placing $10 million in escrow for payment to victims, with the possibility of some individuals receiving as much as $10,000 in damages over the hacking.
Apple releases new Safari betas for OS X 10.9 and 10.8
On Wednesday, Apple updated the developer versions of Safari with two new betas aimed at users of older OS X versions, specifically 10.8 (Mountain Lion) and 10.9 (Mavericks). The new versions follow a slight update to the current Safari versions for OS X 10.8 and later that contains several WebKit fixes for security issues. Version 7.15 is for Mavericks, while Mountain Lion owners will see only version 6.2.5.
Potential but unwieldy security threat to those running pre-iOS 8.1.1
A new device on the market costing $300 could be used by attackers to crack the PIN codes on iOS devices running system versions older than iOS 8.1.1. While the chances of it being used on someone's personal device are extremely low -- since it requires both physical access to the device as well as a great deal of time -- users can protect their devices and foil the so-called "IP Box" attack by moving to a more complex passcode.
Company discovered breach seven months after intrusion
Washington state-based healthcare provider Premera has suffered a massive cyberattack, which has potentially led to the theft of 11 million customers' data. More than six million people affected by the breach live in Washington state, with many employees of Microsoft and Amazon at risk. The initial attack happened on May 4, 2014, with the realization that the system had been breached not occurring until January 29, the same day fellow provider Anthem realized that they had been attacked.
HTTPS bug still just a proof of concept, no proof of any successful wide attacks
Researchers at FireEye have continued looking at FREAK https attack vulnerabilities, and have found a number of top apps on Apple's iOS app store and Google Play Android apps remain vulnerable to the vector, despite a system-level patch being available on both platforms. The company found 5.5 percent of iOS apps it surveyed were still vulnerable on iOS 8.1 but only seven apps under 8.2, which contained Apple's patch. However, even with current patches, 11.2 percent of the top Android apps were susceptible.
Fingerprint scanning, face and iris recognition coming to Windows 10
Windows 10 will be including more alternative log-in systems when it launches, with Microsoft embracing biometric security on computers. The software giant also advises that the team behind Windows 10 have made changes to the way it compresses system files and how the operating system handles recovery functions, helping reduce the software's footprint on the device's storage.
Hearing before Committee on Oversight and Government Reform today
US Federal Communications Commission head Tom Wheeler is appearing before the Committee on Oversight and Government Reform today, to defend the agency's Title II and net neutrality regulation. In a prepared statement before the group, Wheeler calls the buildup to the decision "one of the most open and expansive processes" that the FCC has ever run, and decries accusations of improper influence by President Obama in drafting the Open Internet Order.
SecuTablet uses hardware from Samsung Galaxy Tab S 10.5
BlackBerry's enterprise partnership with Samsung and IBM has resulted in the launch of new hardware. The SecuTablet is a mobile device that borrows the physical design and specifications of the Samsung Galaxy Tab S 10.5 combined with BlackBerry's SecuSuite software, with the company claiming it to be secure enough for national and international public sector markets and enterprise.
Anti-terror legislation seen as license to spy, would have driven western companies away
A proposal that would have mandated that high-tech hardware and software have "backdoors" installed that would be accessible by the government, as well as forcing companies to provide keys for any encryption schemes used on the devices or in programs, has been suspended from proceeding through the legislative process. In addition, the proposal would have mandated all data created by Chinese users would have been required to remain in China, requiring hundreds of western services to build data centers in the country.
MacNN and Electronista daily deals for March 13, 2015
Welcome to Daily Deals, the weekday post when the staff of MacNN and Electronista search for discounts and deals on hardware, software, games, gadgets, and other tech for you, our discerning readers. Today, in a particularly storage-heavy edition, we've got the 1TB Samsung 850 Pro SSD, a bare 4TB hard drive intended for network-attached storage, and an inexpensive Epson WorkForce desktop printer.
The password app does so much more
We're not here to lecture. You know you need a password manager, and you know that 1Password gets praised a lot for how it stores your passwords, and how it generates stronger ones than mere mortals could. We could just point out that 1Password is now free for basic use on iOS, but instead, we're going to enthuse. Specifically, we are here to enthuse about what else 1Password does that makes it such a useful tool on our Macs.
No surprises; Title II a light touch, debate terms bandied about defined finally
The US Federal Communications Commission has published its new Open Internet order, also known as net neutrality and Title II order, in full. The document spells out specifically which aspects of the 80-year-old Title II concept will be applied to Internet Service Providers, as well as specifics of the net neutrality order.
WaterField Designs unveils Zip Brief for new MacBook
Accessory maker WaterField Designs announces the refined Zip Brief, created to protect and showcase the new 12-inch Apple MacBook. The Zip's internal pockets cradle the MacBook on one side and accessories on the other, and offer an angled front pocket that can hold a smartphone, wallet or commuter pass. The exterior combines leather with waxed canvas or ballistic nylon. TSA-friendly, the Zip can be fully opened for airport security while contents remain safely secured. The Zip Brief can be pre-ordered now for $180, with shipping starting at the end of March.
Initial 2010 Stuxnet patch left Windows PCs vulnerable for five years
Microsoft has finally fixed an issue with Windows that allowed it to be vulnerable to the Stuxnet worm, by issuing another patch. An initial fix released in August 2010 to fix the USB exploit is claimed by security researchers not to have completely solved the problem, subsequently keeping all Windows PCs susceptible to the attack over the last five years, though a patch released today as part of "Patch Tuesday" is claimed to solve it once and for all.
New Snowden documents tell of attempts to compromise Xcode
The Central Intelligence Agency (CIA) has been trying to compromise iOS devices for a number of years, a report claims. Documents leaked by whistleblower Edward Snowden reveal that a secret annual conference called the "Trusted Computing Base Jamboree" was used to discuss various ways to exploit security in consumer devices and electronics, including iPads and iPhones, as part of ongoing attempts by intelligence agencies to use consumer devices for surveillance.
Security update 2015-002 fixes problem is OS X, iOS 8.2 patches iOS version
On Monday, Apple issued a security update for OS X 10.8 or higher that resolves a recently-discovered vulnerability in the SSL/TLS protocol that could have allowed supposedly secure communications -- such as bank transactions -- to be decrypted and intercepted. The flaw, known as FREAK (meaning "Factoring RSA Export Keys") forced the security back to a weaker "fallback" standard that had since been cracked. The new update, 2015-002, fixes the flaw in OS X, while today's iOS 8.2 release patches the issue for iOS devices.
Some of the best -- and worst -- trends in tech this week
The MacNN Podcast is now up to episode five, and this week we looked at the new Microsoft Office 2016 preview; the disturbing trend of legitimate app makers inserting adware (or worse) into their apps to make a few extra bucks; the news from last week's Mobile World Congress, including the new Samsung Galaxy S6 and S6 Edge; our favorite reviewed apps of the week, and more news about Monday's public debut of the Apple Watch.
Details of Apple Pay on iPhone 5 family revealed
Apple Senior Vice President Eddy Cue made an appearance at Oakland, California's Oracle Arena, and showed off the Apple Watch's Apple Pay functionality -- and took a veiled swipe at a competitor at the same time. Sporting the stainless steel model of the Watch, Cue showed how the device functions with the iPhone 6 series family, as well as confirmed an important detail of how the Apple Watch will bring Apple Pay to the iPhone 5 series of phones.
Move comes just days before Apple Pay comes to Apple Watch
In the wake of erroneous reports in the mainstream media that Apple Pay was in some fashion vulnerable, compared to our more accurate analysis of the issue, they at least got one point right -- many banks had light security on Apple Pay card account establishment. Over the course of the week, and in light of the negative publicity, this appears to be changing. Reports are coming in that some of the more vulnerable banks are tightening up Apple Pay account establishment, with multiple identification steps required, where there may have previously only been one, poorly-secured, method of adding credit cards.
Product debut build-up resulting in rare access to CEO and design chief
A new interview with Apple design head Sir Jonathan Ive and recent remarks by CEO Tim Cook are shedding some light (and building up hype) for both the Apple Watch and the current outlook of the company and the men who run it. Ive, in an interview with London's Financial Times, explains the rationale behind the development of the Apple Watch, while Cook expanded on his view on privacy, and Apple's industry leadership. In other news, a forthcoming Apple Watch app has already set the bar to a new low.
Toolbar removable by deleting in the browser extension menu
Oracle's Java Update 8 Update 40 for OS X has an unexpected surprise for installers. The update instructions note that the company has "partnered with companies that offer various products" and will install the borderline-malware Ask.com toolbar into unsuspecting OS X users' systems.
Some claim that installation was without user permission
BitTorrent client µtorrent is plaguing its users by installing a virtual currency miner alongside its latest revision. While the company denies tricking users into installation, the torrent client does come bundled with "Epic Scale," a Windows application that is used to mine Litecoin. Some users claim to have discovered it only after noticing significant processor load following installation of the client.
Chrome, Firefox for OS X safe; no ETA on Android, Windows patches
In an advisory published on Thursday, Microsoft has admitted that all versions of its OS and browser are susceptible to the FREAK bug. Additionally, all BlackBerry devices are also vulnerable. The flaw allowing the attack exists in approximately 36 percent of websites that use HTTPS, and miscreants are able to intercept and modify data passing between a vulnerable browser and a susceptible site. Neither BlackBarry devices nor Windows devices were intially pegged as susceptible, due to a flaw in the coding of the test site.
Institutions having to redouble efforts to guard against traditional fraud, identity theft
The security built into Apple Pay is so resistant to tampering, reports the UK newpaper The Guardian, that criminals are focusing more than ever on traditional bank weaknesses surrounding common fraud and identity theft techniques, exploiting the lax identity requirements some banks employ for users who are adding credit cards to Passbook, which stores the data so that Apple Pay can later utilize it. So far, the fraud has racked up millions of dollars from stolen credit cards added to Apple Pay.
FREAK attack forces low-complexity '90s era encryption mandated by US
Researchers have discovered a critical flaw in the backbone of HTTPS-protected traffic, and it is an exploit that has potentially existed for decades. The flaw exists in approximately 36 percent of websites that use HTTPS, and miscreants are able to intercept and modify data passing between a vulnerable browser and a susceptible site. At the moment, OS X and iOS Safari and Chrome are vulnerable to the attack, as are virtually all Android devices ever produced, plus all browsers on Linux.
Austin-based music fest app will rely on 1,000 iBeacons to offer location-based info
The official SXSW music fest app for iOS and Android, SXSW Go, will tie into a network of 1,000 iBeacons placed around the festival's various venues to help users connect to friends, ensure they are at the right location, and let them know what events are scheduled at the venue they are in now, among other helpful information. Non-attendees can also use the app to view video feeds from various events.
Standalone monitoring camera does not require Wi-Fi
Panasonic has introduced the Nubo, a new surveillance camera that is claimed to be the first with built-in LTE connectivity. Buyers can already choose from a wide range of cameras connected via Wi-Fi or Ethernet, however the Nubo taps into an unaddressed niche market for monitoring in places where a Wi-Fi connection is not available.
Chinese-produced Grand S3 checks users vein pattern in eyes before unlocking
ZTE's latest flagship launching outside of China uses the owner's eyes to unlock the device, rather than codes or fingerprints. The latest in the Grand range, the ZTE Grand S3 uses EyeVerify's Eyeprint ID system to scan the eyes as a biometric authentication, instead of a fingerprint-based system used by some flagship devices, with Eyeprint ID keeping track of unique vein patterns on the eye itself.
Second-gen phone improves enterprise integration
Privacy company Silent Circle has revealed the second-generation Blackphone and announced plans for a security-focused Blackphone Plus tablet. The Blackphone 2 features a range of hardware upgrades, but many business buyers will also welcome expanded support for enterprise mobile-device management systems, such as Citrix.
Secure messaging, document editing, collaboration tools coming to nearly all
BlackBerry today unveiled a package of software and services to bring the platform's security features to smartphone and tablets running iOS, Android, and Windows operating systems. Coming to all platforms are the BlackBerry Productivity Suite, BlackBerry Communication and Collaboration Suite, and the BlackBerry Security Suite. The Productivity Suite allows users to manage work and personal messages, and edit documents across all devices. Additionally, all personal and work messages can be monitored one place, including email, text messages, and social networking accounts.
Visa, Mastercard allegedly pressured by Senator Leahy to cut off Mega
File storage locker Mega has experienced a major setback. Effective immediately, and at the alleged exhortation of the US government, Paypal has ceased processing payments for the service, despite PayPal's reported confirmation that Mega is a legitimate business. PayPal has since said that the company's "unique encryption model" securing its files presents an insurmountable difficulty to confirm legal compliance.
Apple adds gas station location info, school data to Maps app
Apple has added GreatSchools and GasBuddy to its list of sources for data in its Maps program. The latter company is said to be supplying Apple with gas station locations, exact business names and what major gasoline producer they are affiliated with, rather than the gas pricing spot-check that the company is known for. GreatSchools is likewise likely to be providing school locations information rather than specific school information.
Pebble releases preview of SDK 3.0 with color screen support
Pebble has released a new version of its smartwatch SDK, in preview. Version 3.0 is built with the Pebble Time in mind, including support for 64 colors in apps, a new animation framework, PNG and Animated PNG support, and automatic detection of which platforms the developer wants to build for when compiling. According to the company, developers looking to make apps for the new SDK will need to make relatively few changes to the application to get it to work.
Comments come in as expected, with threats of lawsuit and more work needed
As expected, the Federal Communication Commission's votes today have not gone unnoticed by the telecommunications and Internet industry. There are no surprises in the commentary generated by the vote, with posturing and veiled threats being delivered by those impacted negatively by the vote.
Revisions come at Google, advocacy group request for language clarification
On the eve of the net neutrality vote at the US Federal Communications Commission (FCC), chairman Tom Wheeler has reportedly made some changes to the proposal. Reportedly extracted by request of Google and some other public interest groups is a clause that could allow Internet Service Providers (ISPs) to charge websites for delivered content.
Cisco, Citrix also banned; government cites security concerns
A weekend move by China has stricken Apple, Intel, Cisco, Citrix, and McAfee from approved vendors for governmental purchase. Ostentibly to protect national security interests, the move appears to be more about giving state run and other Chinese companies a leg up on procurements in the country, similar to regulations inside the US government that does the same.
How to use the automatic text expansion in OS X and iOS to save typing
It's a funny world where most Mac users have heard of TextExpander by Smile Software, but so many of us don't even know that OS X has much of the same functionality built in for free. Strictly speaking, it is identical: your Mac can let you type a few characters, and it will expand that out into whole sentences, phone numbers you keep repeating, words you always find difficult to spell, and more -- assuming you've done some pre-configuration.
The MacNN Podcast for February 22, 2015
The MacNN Podcast hits its third broadcast and like the previous pair, touches on the hot button issues in the tech world! Join this week's hosts, MacNN Editor Charles Martin, alongside staff writer Michelle Elbert, reviewer William Gallagher, Managing Editor Mike Wuerthele, and contributor Sanjiv Sathiah as they discuss the events that got our attention, needed further discussion, or just plain tickled our fancy.
CTO admits Lenovo at fault for installing adware with security vulnerability
Lenovo has admitted wrongdoing in installing adware on its consumer notebooks, one that poses a security risk to its users. The PC producer's CTO Peter Hortensius has admitted that the company "messed up," with the firm not only providing tools to remove the software, but also actively encouraging customers to do so on their affected systems.
Apple's contract becoming major issue in 2015 LA election cycle
Signaling a complete end to the Los Angeles Unified School District's (LAUSD) plan of a computing device per student which began with a large and poorly-managed iPad program, Superintendent Ramon Cortines has declared that the district no longer has the funding to continue the effort. Confusingly saying that "education shouldn't become the gimmick of the year" when asked about the program, the school leader said that the district would attempt to provide computers when required for instruction and testing.
Ad-injection, monitoring of secure connections discovered in Superfish adware
Lenovo has been shipping PCs from its factory with adware pre-installed, according to reports. Notebooks from the manufacturer have been found to have Superfish software already installed without user intervention nor permission, with the software being used to inject extra advertising into websites, as well as being a potential security risk for end users.
First UK banks to use Touch ID to secure banking apps
Banks in the United Kingdom are starting to use Touch ID in their iOS apps for the first time. The Royal Bank of Scotland (RBS) and NatWest are rolling out Touch ID support to their banking apps starting from tomorrow, allowing bank customers to sign into the app using their fingerprint on iPhones, instead of using the current lengthy passcode system.
Equation Group claimed to have attacked major targets in over 30 countries
A secretive hacking collective that has been active for almost two decades has allegedly been uncovered by Kaspersky Lab. Dubbed the "Equation Group," because of their use of encryption algorithms and obfuscation methods, the hackers are apparently unique in that they created highly-professional tools and used "classic spying techniques" to retrieve data and affect systems used by high-value targets, such as governments, major national organizations, and other political targets.