Germany mulls giving end-to-end chat app encryption das boot

Found on The Register on Tuesday, 28 May 2019
Browse Software

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.

True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply.

So any open-source and decentralized messenger will be ruled illegal then?

SaaS Performance Breaks: How Can Enterprises Protect Themselves?

Found on eWEEK on Saturday, 25 May 2019
Browse Software

Software-as-a-service (SaaS)-based applications are now the lifeblood of most organizations, but they’re certainly not foolproof. Breaks in performance (speed, availability, reachability) are occurring more frequently for popular applications.

Enterprise users have become so reliant on SaaS apps that when these slow down or become unavailable altogether, key departments—and in some cases, an organization’s entire revenue-generating engine—go idle.

If the software you need to run your core business is only online available, then you are not allowed to complain about any downtime. Plan correctly so you can keep things running even if your connection drops.

Global virus fear prompts update for old Windows

Found on BBC News on Thursday, 16 May 2019
Browse Software

One patch is for Windows XP, which debuted in 2001 and Microsoft stopped supporting in 2014.

It was "highly likely" the vulnerability would be exploited if it went unpatched, wrote Simon Pope, Microsoft's director of incident response, in a blog about the bug.

Market industry data suggests about 3.75% of desktop machines currently use XP or its variants.

So much for a so-called dead system.

Windows 10 May 2019 update blocked for anyone using USB or SD storage

Found on Ars Technica on Wednesday, 24 April 2019
Browse Software

Because of an issue that's frankly remarkable, Microsoft is blocking the update for anyone using USB storage or SD storage. That is to say: if you have a USB hard disk or thumb drive, or an SD card in an SD card reader, the update won't install.

As with so many Windows 10 bugs, the real question here is how on Earth this was only detected at this late stage in development. USB storage is not esoteric or unusual, and a problem like this is going to affect a large proportion of Windows 10 users.

It's getting more and more ridiculous. It's as if Microsoft tries to look incompetent.

Microsoft going to extreme lengths to ensure May update avoids mistakes of 1809

Found on Ars Technica on Thursday, 04 April 2019
Browse Software

It's going to be the May 2019 update, because Microsoft is being a great deal more cautious about this release. Next week, a build will be pushed to the Release Preview ring, which should provide around a month of testing before its expected release date.

If Microsoft sticks with its plan to leave the feature update optional until it becomes a prerequisite for support, many Windows 10 users may not find themselves upgrading for more than a year after its release.

It cannot really get any worse than 1809. Well, probably not...

Google: Play Protect cut harmful Android app installs by 20% in 2018

Found on Venturebeat on Friday, 29 March 2019
Browse Software

Google says that Google Play Protect, Android’s AI-driven built-in defense mechanism that scans over 50 billion apps every day on-device and upwards of 500,000 in the cloud, substantially cut down on the number of Potentially Harmful Applications (PHAs) in Google Play.

The question is, where is the difference between malware and apps that monetize your private data. Software requires access to all sorts of data, for what it does not have any reason but to collect and sell it.

Windows 7 end-of-life nag messages will start showing up next month

Found on Ars Technica on Wednesday, 13 March 2019
Browse Software

Starting next month, the operating system will show users a "courtesy reminder" to tell them that security updates will cease and that Windows 10 (and hardware to run it on) exists. Microsoft promises that the message will only appear a "handful of times" during 2019 and that there will be a "do not notify me again" checkbox that will definitely suppress any future messages.

Update reminders are well-remembered from the times when Microsoft tried to force everybody onto Windows 10; even against their will.

Windows 7 Extended Security Updates will double in price each year

Found on Ars Technica on Thursday, 07 February 2019
Browse Software

For organizations already subscribing to Windows Enterprise, the first year of updates will cost an additional $25 per device. This doubles to $50 for the second year and $100 for the third year.

For companies sticking with Windows 7 Pro instead of subscribing to Windows Enterprise, the first year will cost $50 per device and will double each subsequent year to $100 and then $200.

Or just migrate to Linux.

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

Found on The Register on Wednesday, 06 February 2019
Browse Software

When he published on February 1, in conjunction with the LibreOffice fix notification, OpenOffice still had not been patched. Inführ says he reconfirmed that he could go ahead with disclosure even though OpenOffice 4.16 has yet to be fixed.

His proof-of-concept exploit doesn't work with OpenOffice out-of-the-box because the software doesn't allow parameters to be passed in the same way as the unpatched version of LibreOffice did. However, he says that the path traversal issue can still be abused to execute a local Python file and cause further mischief and damage.

Oracle does not have much interest in products it can't use to make money. Otherwise LibreOffice wouldn't have been forked.

Google Play apps with >4.3 million downloads stole pics and pushed porn ads

Found on Ars Technica on Friday, 01 February 2019
Browse Software

Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.

Trend Micro researchers discovered another batch of apps that falsely promised to allow users to “beautify” their pictures by uploading them to a designated server. Instead of delivering an edited photo, however, the server provided a picture with a fake update prompt in nine different languages. The apps made it possible for the developers to collect the uploaded photos, possibly for use in fake profile pics or for other malicious purposes. The developers took pains to prevent users from detecting what was happening.

Hopefully that help to teach users the lesson not to install random software just because it is in some official store. On the other hand, when looking at users in general, there is not much hope.