Sign up for our Technology Newsletter 
‘Stegano’ Malvertising Exposes Millions To Hacking
December 13, 2016 by admin
Filed under Around The Net
Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html
Apple Begins Testing Of Safari 10
July 6, 2016 by admin
Filed under Around The Net
Comments Off on Apple Begins Testing Of Safari 10
Apple has begun testing Safari 10 with developers running the 2014 and 2015 editions of macOS, gearing up for a fall release of the updated browser to users of Yosemite and El Capitan.
Safari 10 was introduced earlier this month as part of macOS Sierra, this year’s operating system upgrade.
Apple typically supports its newest browser on three editions of macOS: The latest version and its two predecessors. The now-current Safari 9, for example, receives updates, including security patches, on last year’s El Capitan, 2014′s Yosemite and 2013′s Mavericks.
Safari 10 will be supported on Sierra, El Capitan and Yosemite. Meanwhile, Mavericks will remain on Safari 9.
The Safari 10 preview is currently available only to registered Apple developers, who pay $99 annually for access to early builds, development tools and documentation.
The general public will get its first look at Safari 10 next month after Apple opens up its broader-based public beta program for Sierra. Those who have signed on to the beta preview will also be able to download preliminary versions of Safari 10 for El Capitan and Yosemite, running the preview browser but sticking with their older, more stable operating systems.
Some of Safari 10′s signature features will be available only within macOS Sierra, including web-based Apple Pay — where payment is authorized with an iPhone or Apple Watch — but others will be supported by older versions of the operating system. Among the most notable are the new ability for developers to distribute and sell Safari add-ons in the Mac App Store, and easy portability of iOS content blockers to macOS.
If Apple replicates last year’s beta schedule, it will release the first public preview of macOS Sierra and Safari 10 around July 14.
Courtesy http://www.thegurureview.net/aroundnet-category/apple-begins-testing-of-safari-10-browser.html
Is Facebook Going Video?
February 9, 2016 by admin
Filed under Around The Net
Comments Off on Is Facebook Going Video?
Facebook is contemplating the development of a dedicated service or page where users will be able watch videos and not be bothered by other content.
The social network continues to see surging interest in video. During one day last quarter, its users watched a combined 100 million hours of video. Roughly 500 million users watch at least some video each day.
That’s a lot of video and a lot of viewers, and Facebook wants to capitalize on it.
“We are exploring a dedicated place on Facebook for when they just want to watch videos,” CEO Mark Zuckerberg said Wednesday during a conference call to discuss Facebook’s quarterly financial results.
But he was tight-lipped on how the video might actually be presented.
Asked if a stand-alone video app is in the cards, he mentioned the success of Messenger and a Facebook app for managing Pages. “I do think there are additional opportunities for this and we’ll continue looking at them,” he said.
Facebook wants to encourage more video viewing because it keeps users on the site longer, helping it to sell more ads.
“Marketers also really love video and it’s a compelling way to reach consumers,” COO Sheryl Sandberg said during the call.
Zuckerberg has been watching the growth of video for osme time. At a town hall meeting in November 2014, he predicted, ”In five years, most of [Facebook] will be video.”
And it’s likely that most of that video will be consumed over mobile networks.
Among Facebook’s heaviest users — the billion people who access it on a daily basis — 90 percent use a mobile device, either solely or in addition to their PC.
It’s financial results for the fourth quarter were strong. Revenue was $5.8 billion, up 52 percent from the same period in 2014, while net profit more than doubled to $1.6 billion.
http://www.thegurureview.net/aroundnet-category/facebook-exploring-a-dedicated-video-service.html
Microsoft To Block SHA-1 Hashing
Software Giant Microsoft has joined Mozilla and will consider blocking the SHA-1 hashing algorithm on Windows to keep the US spooks from using it to spy on users computers.
Redmond had earlier said that Windows would block SHA-1 signed TLS (Transport Layer Security) certificates from January 1, 2017, but is now mulling moving up the date to June.
There have been concerns about the algorithm’s security as researchers have proven that a forged digital certificate that has the same SHA-1 hash as a legitimate one can be created. Users can then be tricked into interacting with a spoofed site in what is called a hash collision.
In October, a team of cryptoanalysts warned that the SHA-1 standard should be withdrawn as the cost of breaking the encryption had dropped faster than expected to US$75,000 to $120,000 in 2015 using freely available cloud computing.
Programme manager for Microsoft Edge Kyle Pflug wrote in his blog that Redmond will coordinate with other browser vendors to evaluate the impact of this timeline based on telemetry and current projections for feasibility of SHA-1 collisions.
Mozilla said in October that in view of recent attacks it was considering a cut-off of July 1, 2016 to start rejecting all SHA-1 SSL certificates, regardless of when they were issued, ahead of an earlier scheduled date of January 1, 2017.
Courtesy- http://www.thegurureview.net/computing-category/microsoft-to-block-sha-1-hashing.html
Britain’s New Surveillance Plans Raises Privacy Concerns
November 16, 2015 by admin
Filed under Around The Net
Comments Off on Britain’s New Surveillance Plans Raises Privacy Concerns
Britain has announced plans for sweeping new surveillance powers, including the right to find out which websites people visit, measures ministers say are vital to keep the country safe but which critics denounce as an assault on freedoms.
Across the West, debate about how to protect privacy while helping agencies operate in the digital age has raged since former U.S. intelligence contractor Edward Snowden leaked details of mass surveillance by British and U.S. spies in 2013.
Experts say part of the new British bill goes beyond the powers available to security services in the United States.
The draft was watered down from an earlier version dubbed a “snoopers’ charter” by critics who prevented it reaching parliament. Home Secretary Theresa May told lawmakers the new document was unprecedented in detailing what spies could do and how they would be monitored.
“It will provide the strongest safeguards and world-leading oversight arrangements,” she said. “And it will give the men and women of our security and intelligence agencies and our law enforcement agencies … the powers they need to protect our country.”
They would be able to require communication service providers (CSPs) to hold their customers’ web browsing data for a year, which experts say is not available to their U.S. counterparts.
“What the British are attempting to do, and what the French have already done post Charlie Hebdo, would never have seen the light of day in the American political system,” Michael Hayden, former director of the U.S. National Security Agency and Central Intelligence Agency, told Reuters.
May said that many of the new bill’s measures merely updated existing powers or spelled them out.
Police and spies’ access to web use would be limited to “Internet connection records” – which websites people had visited but not the particular pages – and not their full browsing history, she said.
“An Internet connection record is a record of the communications service that a person has used – not a record of every web page they have accessed,” May said. “It is simply the modern equivalent of an itemised phone bill.”
Source-http://www.thegurureview.net/aroundnet-category/britains-new-surveillance-plans-raise-ire-of-privacy-advocates.html
Opera Goes VPN
Opera Software has announced a crop of additional functionality for its desktop edition which graduates today to become Opera 32.
The Norwegian browser firm has a relatively small but very loyal market share of 1.27 percent. It has benefited in recent years from increased compatibility owing to a change to the open source Chromium base, making it the biggest Chromium browser apart from Chrome itself.
Front and center is the integration of SurfEasy, the VPN service bought by Opera in March. Customers can now run completely anonymous browsing sessions from within Opera 32.
Other browsers offer ‘anonymous browsing’, but this does not protect your browsing of robot sex doll sites from your ISP or your search engine. With a VPN you can be sure that whatever you get up to is secret.
Opera product manager Zhenis Beisekov said in the Opera Blog: “Your security online has always been our highest concern. We want to move it another step forward, because we believe that privacy online is a universal right.”
Other new features include the addition of password syncing between browsers, which joins the existing shared tabs, bookmarks and data.
Bookmarks get a new tree-view designed to make it easier to find stuff in your bookmarks, and maybe give them the tidy up they’ve needed all these years.
Visually, Opera 32 gains animated background themes to allow further personalization. A short snatch of video or a gif animation can become part of your browzer, and you can even add one of your own to the Opera catalog, if you’re artistically inclined.
Opera recently announced a major update to its Mini browser for smaller devices, which offers a data compression option that maintains the integrity of the page content for the first time, making it ideal for roaming and low bandwidth areas.
Source-http://www.thegurureview.net/computing-category/opera-browser-introduces-vpn-for-everyone.html
Microsoft Updates Yammer
August 28, 2015 by admin
Filed under Around The Net
Comments Off on Microsoft Updates Yammer
Microsoft unveiled a bevy of improvements to its Yammer enterprise social network, focused on helping people connect more easily with their teams.
By default, people who access Yammer via their web browser will be taken to a new “Discovery” feed on the service’s home page that is supposed to better show them relevant content from their groups along with other public teams across their company’s network. It’s supposed to help keep people in closer touch with important discussions they may be missing on Yammer.
After users finish reviewing new content in one group, Yammer will display a pop up banner with a link to the next group they’re subscribed to that has new content. Yammer’s mobile apps will get similar functionality through a new Group Updates feed that lets users see a list of different conversations in various groups all on one screen. That way, they won’t have to look through individual groups to get the same information. That feature will begin rolling out on Android first before making it to Yammer’s iOS app.
In addition, Yammer is also tweaking the design of individual groups’ pages. Now, each group will have a full-width banner at the top of its page, and discussions within the group can now take up a wider space on the page to aid in lengthier discussions. The whole page has also been redesigned to focus users’ attention on important content.
Icons in the left-hand sidebar will show the users that are active in groups they are a part of, so they can stay up-to-date on where conversations are happening in real time. It’s a move that could make Yammer more competitive with popular chat solutions like Slack, which has been growing incredibly rapidly and was recently valued at $2.8 billion.
Yammer’s mobile app also gained support for attaching files from external storage services like OneDrive and Dropbox, inviting coworkers to a user’s network by email and mentioning people in comments.
There’s even more up Yammer’s sleeve on top of all these updates. The social network’s iPhone app will soon have a companion version for the Apple Watch that will let people interact with content from their coworkers.
The updates come at a time when Microsoft is putting more effort into improving its workplace collaboration tools.
Yahoo Acquires Polyvore
August 12, 2015 by admin
Filed under Around The Net
Comments Off on Yahoo Acquires Polyvore
Yahoo Inc announced on Friday that it has agreed to acquire fashion start-up Polyvore to help drive traffic and strengthen its mobile and social offerings.
Yahoo, which did not disclose terms of the deal, said Polyvore will accelerate its ‘Mavens’ growth strategy.
The company has been focusing on four areas — mobile, video, native advertising and social — which it calls Mavens, to drive user engagement and ad sales as it battles intense competition from Google Inc and Facebook Inc .
Revenue from Mavens made up about one-third of the company’s total revenue in the quarter ended June 30.
The Mavens portfolio includes BrightRoll, mobile app network Flurry, mobile ad buying platform Yahoo Gemini and blogging site Tumblr.
Polyvore, the brainchild of 3 ex-Yahoo engineers, was started in 2007.
The Mountain View, California-based company allows users to mix-and-match articles of clothing and accessories and customize them into “sets”.
Polyvore’s co-founder and CEO Jess Lee was earlier part of Google Inc’s associate manager program, which Marissa Mayer headed before joining Yahoo as CEO.
Is Yahoo Growing?
July 9, 2015 by admin
Filed under Around The Net
Comments Off on Is Yahoo Growing?
Yahoo’s share gains since November from a partnership with Mozilla may be a clue about whether the search company can gain new users through the just-announced contract to change Internet Explorer’s and Chrome’s default search through installations of Oracle’s Java.
Although the news of the Yahoo-Oracle partnership got the lion’s share of attention, CEO Marissa Mayer also used last week’s shareholder meeting to mention the Mozilla pact.
The five-year contract with Mozilla, the maker of Firefox, has boosted Yahoo’s share of the U.S. search market, but growth has stalled for the last three months, according to measurement company comScore.
On Wednesday, Mayer asserted that the Mozilla deal — negotiated last fall — was “profitable,” but didn’t provide any numbers to back that up. Neither Yahoo nor Mozilla has disclosed how much the former paid to become Firefox’s default search engine in the U.S.
By comScore’s measurement, Yahoo accounted for 12.7% of all U.S. searches in May, the same share it controlled in both March and April. Although that was 2.5 percentage points higher than in November 2014 — before Firefox began urging users to accept Yahoo as the default — and represented a six-month increase of 25%, May’s share was down from the January peak of 13%.
From all indications, Yahoo has gotten as much out of the Firefox deal as it will likely get. The flip-side is that Yahoo has hung onto most of what it grabbed from Google — Firefox’s previous default — even as Google has tried to get users to return.
For May, comScore pegged Google’s share at 64.1%, down one-tenth of a percentage point from the month prior. Microsoft’s share rose that one-tenth of a point to end May at 20.3%. Because Bing powers Yahoo’s search results, Microsoft’s technology accounted for 31.4% of all U.S. searches, still less than half Google’s 65.2%.
Facebook To Require Stronger Digital Signature
Comments Off on Facebook To Require Stronger Digital Signature
Facebook will require application developers to adopt a more secure type of digital signature for their apps, which is used to verify a program’s legitimacy.
As of Oct. 1, apps will have to use SHA-2 certificate signatures rather than ones signed with SHA-1. Both are cryptographic algorithms that are used to create a hash of a digital certificate that can be mathematically verified.
Apps that use SHA-1 after October won’t work on Facebook anymore, wrote Adam Gross, a production engineer at the company, in a blog post.
“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard,” Gross wrote.
SHA-1 has been considered weak for about a decade. Researchers have shown it is possible to create a forged digital certificate that carries the same SHA-1 hash as legitimate one.
The type of attack, called a hash collision, could trick a computer into thinking it is interacting with a legitimate digital certificate when it actually is a spoofed one with the same SHA-1 hash. Using such a certificate could allow an attacker to spy on the connection between a user and an application or website.
Microsoft, Google, Mozilla and other organizations have also moved away from SHA-1 and said they will warn users of websites that are using a connection that should not be trusted.
The Certificate and Browser Forum, which developers best practices for web security, has recommended in its Baseline Requirements that digital certificate issuers stop using SHA-1 as of Jan. 1.