By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for. But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement. Alphabet Inc.’s Google and Mastercard Inc. brokered a business partnership during about four years of negotiations, according to four people with knowledge of the deal, three of whom worked on it directly. The alliance gave Google an unprecedented asset for measuring retail spending, part of the search giant’s strategy to fortify its primary business against onslaughts from Amazon.com Inc. and others. But the deal, which has not been previously reported, could raise broader privacy concerns about how much consumer data technology companies like Google quietly absorb. "People don’t expect what they buy physically in a store to be linked to what they are buying online,” said Christine Bannan, counsel with the advocacy group Electronic Privacy Information Center (EPIC). "There’s just far too much burden that companies place on consumers and not enough responsibility being taken by companies to inform users what they’re doing and what rights they have.” Extensive details are posted at W10NI FORUM.

Microsoft has finally announced the official title of windows 10 Redstone 5, which will be known as the Windows 10 October 2018 Update. The firm, which had previously indulged in themed updates like the Anniversary Update, Creators Update and Fall Creators Update has now stuck to a more sensible name schema since April of this year which simply identifies the months and year the update is being released. This is also in line with how Windows versions are identified, give or take a month. “I’m pleased to announce that our next feature update to Windows will be called the Windows 10 October 2018 Update”, said Microsoft’s CVP Roanne Sones, “With this update, we’ll be bringing new features and enhancements to the nearly 700 million devices running Windows 10 that help people make the most of their time. We’ll share more details about the update over the coming weeks.” Microsoft’s Windows 10 October 2018 Update is being released sometime in October with the firm expected to conclude testing via Insiderbuilds sometime in September. The update focuses mostly on bug fixes and refinement to Windows and the implementation of the Your Phone feature which syncs mobile devices to the desktop. Follow this upcoming release on OUR Forum.

Internal system broadcasts happening inside the Android OS expose sensitive user and device details that apps installed on the phone can access without the user's knowledge or permission. The leaked data includes details such as the WiFi network name, WiFi network BSSID, local IP addresses, DNS server information, and the device's MAC address. This type of data might look innocuous, but it can be used to track users online and determine a user's real-world location. The leak happens because of an internal feature of the Android OS named "intents." Intents allow an app or the OS itself to send an internal system-wide message that can be read by all apps and OS functions running on an Android device. Mobile security researchers from Nightwatch Cybersecurity have discovered that the Android OS broadcasts information about the WiFi connection and the WiFi network interface via two separate intents —WifiManager's NETWORK_STATE_CHANGED_ACTION and WifiP2pManager's WIFI_P2P_THIS_DEVICE_CHANGED_ACTION. Apps installed on an Android —including their advertising components— can set up listening posts for these two intents and capture WiFi-related information even if they don't have the permission to access a phone's WiFi feature (granted by the user to apps at install time). This leak completely undermines the Android permission system, as it allows applications access to highly sensitive information without prompting the user for action. For example, an advertiser or a malicious threat actor who have tricked a user into installing a benign-looking app can harvest WiFi info from system-wide intents and use this data to query public databases of known BSSID identifiers —such as WiGLE or SkyHook— and track down a user's real-world location. In this scenario, the app doesn't need to ask for the WiFi Access permission, and indirectly through the harvested data, the Location Access permission as well. Find your way to OUR FORUM for more details.

Today Intel announced two new additions to the 8th Gen Intel® Core™ processor family: The U-series (formerly code-named Whiskey Lake) and Y-series (formerly code-named Amber Lake) are optimized for connectivity in thin, light laptops and 2 in 1s for the first time, while also providing ultimate mobile performance and long battery life. Intel says the new 8th Gen Intel Core U-series and Y-series processors raise the bar for connectivity, performance, entertainment, and productivity for today’s laptops and 2 in 1s. The 8th Gen Intel Core U-series processors bring integrated Gigabit Wi-Fi to thin and light mainstream laptops for the first time, delivering up to 12-times1 faster connectivity speeds. They also offer up to 2-times better performance, compared with a 5-year-old PC, and double-digit gains in office productivity for everyday web browsing and light content creation over the previous generation. “The new 8th Gen Intel Core processors extend once again our leadership in delivering exceptional performance. Now with Gigabit Wi-Fi, we’ve enabled faster PC connectivity, added more intuitive voice experiences and enabled longer battery life needed for the next wave of mobile computing,” said Chris Walker, vice president of the Client Computing Group and general manager of Intel Mobile Client Platform. 8th Gen Intel Core Y-series processors also deliver fast connectivity options, including fast Wi-Fi and LTE capabilities with unprecedented performance, to the some of the thinnest and lightest laptops and 2 in 1s in the market with double-digit gains in performance compared with the previous generation6, enabling fresh innovations in sleek and compact form factor designs with extended battery life. Both the U-series and Y-series processors have new and improved platform capabilities for more intelligent interactions with PCs, such as support for multiple voice services on the U-series and refinements to improve natural input options like touch and stylus for the Y-series. Full details posted on OUR FORUM.

According to reports, a security researcher has discovered an unpatched vulnerability in the Windows 10 operating system. The security researcher reportedly revealed the vulnerability on Twitter. It’s a zero-day flaw that exists in Windows 10 and it could allow an attacker to gain system privileges on an affected computer, according to CERT/CC vulnerability analyst Phil Dormann. The vulnerability was disclosed in a tweet by @SandboxEscaper and the account has been removed. It appears that vulnerability exists in task scheduler on Windows 10 but there’s no easy way to exploit the security flaw. The successful exploitation of the vulnerability requires the user to download a malicious app on a machine. “Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” the advisory reads. “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. A local user may be able to gain elevated (SYSTEM) privileges.” “A local user may be able to gain elevated (SYSTEM) privileges,” the advisory explains. Another report claims that the patch for the said vulnerability may land soon. There’s a chance that Microsoft will deploy updates to address this vulnerability on next Patch Tuesday, which takes place on September 11. For more stop by OUR FORUM.

Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. Thumbnail parsers are scripts that read files inside a directory and create thumbnail images to be used with GNOME, KDE, or other Linux desktop environments. This operation takes place every time a user navigates to folders, and the OS needs to display thumbnails for the files contained within. In recent years, security researchers have proven that thumbnail parses can be an attack vector when hackers trick a user into downloading a boobytrapped file on their desktop, which is then executed by the thumbnail parser. It's for this reason that the GNOME team added Bubblewrap sandboxes for all GNOME thumbnail parser scripts last year. But according to German security researcher and journalist Hanno Boeck, the Ubuntu operating system is disabling Bubblewrap support inside GNOME for all recent OS versions. Furthermore, Google security researcher Tavis Ormandy also discovered that GNOME Bubblewrap sandboxes were also missing in the default version of CentOS 7.x. But there's a valid explanation for what Ubuntu is doing, according to Alex Murray, Ubuntu Security Tech Lead at Canonical. Murray says the Ubuntu team opted to disable GNOME's Bubblewrap because they did not have the time and resources to audit the feature. Learn more by visiting OUR FORUM.