By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A long-standing Twitter issue allows bad actors to manipulate tweets so that they appear to contain content from one site, but actually, link to a completely different one. This enables creating tweets that look like legitimate articles from well-respected sites but actually link to pages serving phishing, malware, or scams. Whenever you share a new link in a tweet, Twitter will send a bot to the linked web page and check for special meta tags in the HTML source. If these tags exist, Twitter will use the information on the page to create a rich media block called Twitter Cards that is filled with additional text, images, or video. Bad actors, though, can manipulate how Twitter accesses a linked-to page so that the Twitter cards are created from metadata found on another site. Terence Eden discovered that a problem occurs when a page linked in tweet monitors for the Twitter Card Generator's user agent of "Twitterbot/1.0." If the user agent is detected, it will redirect the bot to a different page; otherwise, it will display the normal content. When the Twitter Card Generator is redirected, it will use the metadata on the page it landed on to create the Twitter Card. While the card will look like it came from the redirected site, it will still link to the URL originally posted in the Tweet. As you can see, it is easy to see how this could help malicious actors. Eden found this after noticing a promoted tweet from an account that currently has a low follower count and an even smaller list of followers. The tweet was a cryptocurrency scam about Singapore and while the card showed a story from CNBC, clicking on it led to a completely different website. Looking at the source code of the app, the redirect was revealed. Checking the link with Twitter's Card Validator also shows that the card is redirected to CNBC's website. Learn more by visiting OUR FORUM.

Microsoft officials said last month that they were putting AI algorithms in place that would automatically update those on older variants of Windows 10 to 1903, the May 2019 Update via Windows Update. Today, July 16, is the day when this auto-updating process is kicking off, according to the Windows Update Twitter account.  As of today, Microsoft is starting to initiate the Windows 10 May 2019 Update (1903) for those with devices "that are at or nearing the end of service and have not yet updated their device," Microsoft's documentation says. Microsoft officials said back in May that the company planned to do this starting in June 2019. "Based on a large number of devices running the April 2018 Update, that will reach the end of 18 months of service on November 12, 2019, we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process."  The reason many devices are still on the April 2018 Update is at least in part because the Windows 10 18H2 Update (1809) was a buggy mess.  Microsoft's July 16 note says this process will be staggered, with officials prioritizing those devices "likely to have a good update experience and quickly put safeguards on other devices while we address known issues." Windows 10 Home and Pro users who get the 1903 update pushed to them will still have the ability to pause the update for up to 35 days, Microsoft notes. As my ZDNet colleague Ed Bott noted today, business users who use the Semi-Annual/Semi-Annual Targeted options for updating, Microsoft will begin pushing to some business customers on older versions of Windows 10 the 1903 release next week, Tuesday, July 23, 2019. As is the case with Windows Update, the business updating process will be staggered, with certain devices blocked if Microsoft determines the update experience may go bad. Learn more by visiting OUR FORUM.

Microsoft is rolling out to Windows Insider testers in the Slow Ring its second test build of Windows 10 19H2, AKA 1909. Today's build includes fixes plus a handful of new features. The fixes can be applied immediately, but the new features are all turned off by default at the moment so that it can test the off-by-default technology it will use when it delivers this feature update to mainstream users this fall. Today's 19H2 test build, No. 18362.10005, adds a change enabling third-party digital assistants like Amazon's Alexa, to voice-activate above the Lock screen. It also includes a key-rolling or key-rotation feature that enables secure rolling of recovery passwords on MDM-managed Azure Active Directory devices in certain circumstances to help prevent accidental recovery-password disclosure. And it includes an update to keep Windows containers from supporting mixed-version container pod scenarios since Windows containers require matched host and container versions. However, as of right now, all of these new features are off by default in this test build, just as they will be in the final version of Windows 10 19H2/1909. Microsoft officials said the plan is that the team "may ship features in these updates turned off by default and turn them on via controlled rollouts" in the name of getting better feedback on overall build quality. Microsoft's plan is to follow up today's build with another 19H2 test build that turns these features back on for a subset of Insider testers. In addition to these features, today's 19H2 test build includes fixes that were part of the Cumulative update for the May 2019 Update which Microsoft released on Patch Tuesday last week. There's more but you need to visit OUR FORUM.

Hesse is one of German's states and the State's Privacy Commissioner has warned that data stored in the cloud by Office 365 could be accessed in the United States. In effect, personal information related to teachers and students would be in the cloud and available to US agencies. Michael Ronellenfitsch, Hesse's data protection commissioner stated that, even if such information was stored in European data centers, it remained "exposed to possible access by US authorities." Ronellenfitsch continued to say that public institutions in Germany "have a special responsibility with regard to the permissibility and traceability of the processing of personal data." Further, the German Federal Office for Information Security (BSI) noted that Windows 10 sends "a wealth of telemetry data to Microsoft." BSI requested Microsoft advise them what data they take, but had received no response. Commentary suggested that data could include anything from standard software diagnostics to user content from inside applications, potential sentences from documents and email subject lines. All of which contravenes the EU's General Data Protection Regulation (GDPR). For the past couple of years, Microsoft has provided a localized version of Office 365, which for quite some time Ronellenfitsch had supported, stating in 2017 that schools could use Office 365, provided that they adhere to Germany's data protection laws. Recently, permission to use that local resource was rescinded, when all services were migrated back to US datacenters. Ronellenfitsch asserts that mere consent to the rules Microsoft provides is not sufficient, because the data remains compromised as the security and traceability remain dubious. Check out OUR FORUM for more.

The Global Times reported that "it is possible for Huawei to build a sustainable smartphone ecosystem on the HongMeng OS and reshape the current market dominated by Android and Apple's iOS" TheDuran via Zerohedge… Huawei Technologies, the world’s largest telecommunications equipment supplier, is set to launch its HongMeng operating system (OS) as a potential alternative to Google’s Android OS, on August 9 at Huawei’s Developer Conference, industry insiders told the Global Times Wednesday.
According to media reports, the user experience (UX) design features a brand new ringtone and notification panel, a cleaner interface for the camera, more animation and faster speed. Users can also add widgets and personalize the locked screen. Citing industry experts (most likely of Chinese origin), the Global Times reported that “it is possible for Huawei to build a sustainable smartphone ecosystem on the HongMeng OS and reshape the current market dominated by Android and Apple’s iOS”, although the new system is primarily designed for industrial automation and applications in the Internet of Things (IoT). “Given the design features of the HongMeng OS, it can be a game changer in IoT-related areas, such as driverless cars and smart homes,” Fu Liang, a Beijing-based independent industry analyst, told the Global Times. According to Huawei’s website, the HongMeng OS is built with a processing latency of less than 5 milliseconds, which is especially required in circumstances involving IoT applications that often need to transfer large amount of data simultaneously. That said, broad consumer adoption is unlikely at first: “It’s not designed for phones as everyone thinks,” Ren Zhengfei, founder of Huawei, said in a recent interview with the French magazine Le Point.

Not only is your Google Home device listening to you, but a new report also suggests there might be a Google contractor who’s listening as well. Even if you didn’t ask your device any questions, it’s still sending what you say to the company, who allow an actual person to collect data from it. A new report from Belgian broadcaster VRT News describes the process by which Google Home recordings end up being listened to by contractors — and the scary part is that it apparently doesn’t take much, if anything, to start a recording. While the recordings are not listened to live, audio clips are sent to subcontractors. VRT, with the help of a whistleblower, was able to listen to some of these clips and subsequently heard enough to discern the addresses of several Dutch and Belgian people using Google Home — in spite of the fact some hadn’t even uttered the words “Hey Google,” which are supposed to be the device’s listening trigger. The person who leaked the recordings was working as a subcontractor to Google, transcribing the audio files for subsequent use in improving its speech recognition. They got in touch with VRT after reading about Amazon Alexa keeping recordings indefinitely. According to the whistleblower, the recordings presented to them are meant to be carefully annotated, with notes included about the speaker's presumed identity and age. From the sound of the report, these transcribers have heard just about everything. Personal information? Bedroom activities? Domestic violence? Yes, yes, and yes. While VRT only listened to recordings from Dutch and Belgian users, the platform the whistleblower showed them had recordings from all over the world – which means there are probably thousands of other contractors listening to Assistant recordings. Concerned about your privacy visit OUR FORUM.

 

GTranslate