News Article | February 20, 2017
In November of last year, a law enforcement agency deployed a Tor Browser exploit on a dark web child abuse site. Sources told Motherboard that the company which developed and sold the exploit was Exodus Intelligence, a US firm that also sold information about the attack to defensive clients. Now, Logan Brown, the company's president and CEO, has elaborated on why Exodus provided the exploit. His comments give a glimpse into the dynamics of the hacking marketplace; especially relevant when investigators are increasingly turning to hacking tools to identify criminals who use anonymity technology. "I wanted to help take a person down," Brown said during a recent Mozilla and Stanford Center for Internet and Society panel on government hacking, a video of which was posted on YouTube on Saturday. "It wasn't such a deal of, am I supplying the government with something they're going to use against innocent people, but it was more of, 'we need help, can you help us?' Yes I can," he continued. This particular exploit took advantage of a vulnerability in Mozilla's Firefox browser (the Tor Browser is based on Firefox, and uses much of the same code base). Last year, details of the attack were sent to Mozilla, when a user found the exploit targeting Tor Browser users in the wild. Mozilla patched the vulnerability. Motherboard found that the exploit had been deployed on The Giftbox Exchange, a child abuse site that ran as a Tor hidden service. International policing organization Europol holds documents related to the site. According to one report, the accompanying malware was activated once a user logged into Giftbox. But judging by Brown's comments, the agency that used the exploit may only have been after one target—even though it appears they deployed it in a wider fashion. "It was kind of the shotgun approach," Brown said. "Six hours after we supplied it to them, they threw it, they got their guy, but it was reckless, it got monitored, and released." Brown said Exodus does not work with that agency any more because of this case. Brown also hit upon a point which often comes up around the exploit industry: how can suppliers be sure their code is going to be used responsibly? "We can have all the legal paperwork we want, we can have all the regulations, we can have all the handshakes and all the agreements we want—end of the day, it's kind of an honor system," Brown said. Indeed, exploit and malware clients from governments have been caught using hacking tools against journalists, activists, and dissidents. In one case, Ethiopia used spying technology from Italian surveillance company Hacking Team to monitor journalists in the US. Brown said Exodus had been approached by a customer from Ethiopia, but had declined to deal with them, and has also denied sales to "allied countries" too. And in a similar way to how Brown said this exploit was used with a "shotgun approach," experts have said that other law enforcement hacking campaigns have been akin to using malware like a grenade, rather than a scalpel. "They didn't care about being stealthy, they didn't care about any of the clean up," Brown said. Get six of our favorite Motherboard stories every day by signing up for our newsletter .
News Article | February 10, 2017
The next virtual reality arena is poised to invade is the web browser, or more specifically, Chrome. Google has announced that people may now view VR content using the Chrome app on Android devices compatible with the company's Daydream View headset, such as the Pixel and Pixel XL. This marks the first time that such a functionality is being built as part of a stable Chrome build. Thanks to WebVR technology packed in the latest version of Chrome, programmers can now create VR-ready websites. Those into VR should find it pretty compelling that Chrome now natively supports VR experiences, and one can only imagine the possibility of this extending onto other VR headsets, such as Facebook's Oculus Rift VR Headset. WebVR makes it easy for developers to create a VR experience that'll work and translate well across a multitude of VR platforms, instead of laboriously creating separate experiences just to support each one. Think of it as a website that will display properly whatever browser or device is being used to view it. That's the principle underpinning WebVR, as per CNET. Google developed WebVR in collaboration with Mozilla, the Oculus team at Facebook, and other partners. So far, Mozilla, creator of Firefox, has only enabled WebVR on developer builds of its browser, though it plans to release it widely in the coming months, which entails support for Oculus Rift and HTC Vive. VR content on Chrome will work with Daydream View when used with the Pixel handsets, and it pretty much entails the normal process of sliding in the phone into the headset, wearing it, and partly using motion control for navigation. Of course, WebVR is pretty much useless if there's no content to gawk at. Luckily, Google has a cache of VR-ready sites that users in possession of a Daydream View headset can take advantage of. There's Bear 71, an interactive documentary about nature; Matterport, a library brimming with 360-degree environments, including celebrity homes; Within, a roster of VR films; WebVR Lab, a smorgasbord of interactive VR worlds, and SketchFab. Those who don't have the luxury of owning Daydream View may still partake in this new technology. "If you don't have a headset you can view VR content on any phone or desktop computer and interact using your finger or mouse," wrote Megan Lindsay, Google's product manager, in a blog post. Additionally, Google will also make it possible to view VR-ready websites using Cardboard, it's less sophisticated DIY VR headset. Until now, Daydream and Cardboard had been restricted to VR apps, but it's now opening up to Google's widely recognized, browser, which should make accessing VR-ready sites easier. Of course, given that the technology only supports Daydream View, alongside the desktop version of Chrome, it's obvious that iPhone won't join the fun, but iOS may soon be privy to VR experiences once Google rolls out full cardboard support. Thrilled for WebVR? Feel free to sound off in the comments section below! © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | February 21, 2017
TETTNANG, Germany--(BUSINESS WIRE)--Updating and patching software is more than a convenience. It is an essential element in online security as the average computer contains a wide range of applications requiring hundreds of updates and patches each year. While some updates are automatic, many require users to search and directly download the needed updates. However, many people are annoyed by popups and unsure of the proper update regime, so they don’t update regularly –– and this puts them and their computers at risk. Given this substantial vulnerability, Avira has launched the Software Updater to enhance user security and its premium Software Updater Pro to put the entire update process on automatic pilot. Keeping computers updated is a joyless task from two primary perspectives. First, the average computer runs more than 20 various applications. It is an organizational task to keep track of what software needs to be updated, go find the updates, and download them to the end computer in a timely fashion. Second, “update fatigue” is a major issue as people are tired of the barrage of update notifications and the disruption to their daily workflow. Counting software vulnerabilities is a never-ending task. In 2016, there were 6435 new vulnerabilities in applications, browsers, mobile devices, and operating systems, according to CVE Details. This list included 1437 vulnerabilities in Mozilla’s Firebox browser, 1370 in Google’s Chrome, and 986 in Adobe’s Flash Player. While software updates may seem like an annoying morning reminder, patching vulnerabilities is key to online security. The US Computer Emergency Readiness Team has found that keeping computers updated can prevent many as 85 percent of targeted attacks. “Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker,” pointed out US CERT in its Alert (TA15-119A) on the Top 30 Targeted High Risk Vulnerabilities. With over 6000 vulnerabilities uncovered annually, there is an ongoing race between cybercriminals and software developers for the end computer. Cybercriminals seek to transform new vulnerabilities into a zero-day, open door for malware. Developers work to create and distribute an update that will patch the newest vulnerability. Meanwhile, the success of either side can depend on whether or not the user gets around to installing the latest update. The vast numbers of unpatched computers are clearly a huge attraction to cybercriminals. This last December, Avira identified and stopped over 26 million exploit kits on their way to users’ computer. The race is on. Software Updater Pro lets the user decide how and when to bring in the updates. “The security benefits are absolutely clear to staying fully updated. But, in our design of this updater, we worked to make the user’s day-to-day experience be just as easy and as hands-off as they want it to be,” stated Victor Mihaiu, Product Manager at Avira for Software Updater Pro. Users have a choice between fully automatic updates and one-click installations: *Fully automatic – Users makes a list of software and app updates that can be installed without their further input. Once an update is available, the updater automatically downloads and installs it without requiring additional actions from the user. *One click – Once the Software Updater Pro interface is opened, users can select specific software to be updated with a single click, no further action required. The automatic and one click updates are key features in the Avira Software Updater Pro. Smart Signal detection is available in both the premium and in the free Software Updater to help users find outdated software and navigate to the to the developer’s website with the help of our Publisher URL Database for a direct download. “Good home security practices are simple, almost automatic. With Avira Software Updater Pro, our goal has been to make it as simple as possible for people to keep their digital lives safe and in order,“ said Andreas Flach, Executive Vice President of Product Development at Avira. “Both the free and the premium Software Updater variants perfectly dovetail into our growing family of consumer products and help support our company mission of protecting people in the connected world.” Avira Software Updater and the premium Software Updater Pro can be downloaded at Avira.com and the major download sites.
News Article | February 27, 2017
You may not have brought Mozilla's Firefox browser with you when you added iPhones or Android phones to your life, but now you might well be using Mozilla software on your mobile device anyway. That's because Mozilla said Monday it's acquired Read It Later, the developer of the Pocket software for storing articles, videos and other content on the web. Ten million people actively use Pocket monthly as a mobile app or browser add-on, Mozilla said, with more than 3 billion pieces of content saved so far. The app also lets people discover what others have already stored, an idea called discovery. It's a hot business on app stores, news sites, and other realms because middlemen can profit by showing content advertisers have paid to blend in. That's how 25-person Pocket makes money. Pocket offers Mozilla a new way to pursue its mission of fostering a healthy diversity on the web even as we spend more of our time online within major centralized "silos" like Facebook. "They layer on top of all the different silos out there," said Denelle Dixon-Thayer, Mozilla's chief business and legal officer. "It creates openness in a way that historically wouldn't be there." Pocket gives Mozilla a foothold on iPhones, iPads and competing mobile devices powered by Google's Android software. Hundreds of millions of people still use the Firefox browser, but Google's rival Chrome has now claimed the lion's share of users, and Firefox is all but absent on mobile devices. That's a problem for the nonprofit organization because mobile devices account for much of the increase in online activity, and indeed phones are only way many use the internet at all. The Pocket activity is useful for another Mozilla initiative, Context Graph, a tool to recommend websites that people might find worth visiting based on what they and others view online. It's Mozilla's first acquisition, but not its last if Dixon-Thayer gets her way. "I would love to be able to grow our product portfolio," she said. Most people who use Pocket do so both with PC browsers and mobile apps, said Read It Later founder and Chief Executive Nate Weiner. A majority also use it for both saving and discovering content, he said. Mozilla has for years included the Pocket add-on by default in Firefox, with Mozilla sharing a portion of revenue from the sponsored content in Pocket's discovery feature, Dixon-Thayer said. Mozilla and Read It Later declined to disclose terms of the acquisition. Mozilla today gets the vast majority of its revenue from search engines -- especially Yahoo -- that can show ads when people use their browsers to search. Mozilla wants to diversify its revenue sources, though. CNET Magazine: Check out a sample of the stories in CNET's newsstand edition. Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it?
News Article | February 6, 2017
Those who are still using Microsoft's Windows Vista or XP on their aging machines will have one more thing to worry about later this year. Google recently announced that Gmail will stop supporting version 53 of Chrome or older by December. The halt specifically affects those still using Vista or XP since Google ended support for both systems since version 49 of Chrome. So what does this mean for users still unfortunately stuck with either operating systems? Will Gmail stop working in Chrome? Not exactly, but it would provide a lesser experience than modern, more updated Chrome versions. Google says the first thing that'll happen is that beginning Feb. 8, a banner will start sitting atop Gmail encouraging users to update to the latest version of Chrome. Of course, doing such won't be possible for Vista and XP users since they're locked down to version 49. Afterward, when December finally dawns, it appears Google will redirect Gmail users to the site's basic HTML version instead of the much snappier web version upgraded Chrome users are privy to at present. For Vista and XP users, if Gmail doesn't shift to its HTML version, then there's nothing to worry about. But if Google does implement the said change, then there's no recourse, at least within Google's ecosystem. Losing the current web app version of Gmail entails a handful of features, such as spell checker, import of contacts, rich text formatting, keyboard shortcuts, and more. Sure, that's a lot of useful extras, but those who only need to write and read emails, or send attachments on Gmail, then the HTML version should fare well enough, that is, unless Google implements further changes down the line that'll ultimately break the service. Of course, even with the impending halt of Gmail support, there are always third-party solutions. Vista and XP holdouts may turn to different email software such as Outlook Express or Mozilla's Thunderbird, which at present supports Windows XP SP3. Thunderbird pretty much provides every feature Gmail's HTML version won't, save for customized "from" addresses — also known as aliases — which are Google-dependent. But those with an alias already in use can use it with Thunderbird. Google stopped releasing Chrome updates for Vista and XP after version 49, since Microsoft itself no longer supports the operating systems. Those who will be affected by the change should have plenty of time to upgrade to a newer OS before Google starts reverting Gmail to its HTML version. Make sure to update to Windows 7, 8, or 10 before December, if you can. Anyway, it's high time users ditch Vista or XP, since a lot of programs are now unsupported on both operating systems. Hopefully Google doesn't bar anything else aside from Gmail, but the opposite sounds entirely plausible. In the rapidly moving tech world, companies just don't have enough compelling reasons to remain in support of older, possibly lagging operating systems. Will this affect you? Feel free to sound off in the comments section below! © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | February 28, 2017
Firefox maker Mozilla has shopped around and picked up Pocket, a bookmarking tool once called Read It Later, which is used to save articles for offline reading or content viewing at a later time. It's Mozilla's first acquisition. Pocket isn't totally estranged from Mozilla, having originated as a Firefox extension some years ago before expanding its team and creating a suite of apps for nearly every platform available. Also, since 2015, Pocket has been Firefox's primary bookmarking service. Pocket will continue operations as a Mozilla subsidiary. The company said that Pocket will help bring Mozilla to mobile devices, an area it has struggled to acquire foothold in. Mozilla is probably best recognized for Firefox, its web browser, arguably the most popular one until Google Chrome stole its steam. Mozilla has since lagged behind in the mobile era, incurring years of development time for its misstepped Firefox phone project and waiting until very recently to release the iOS version of Firefox worldwide. The slow but continuous decline of web browser usage on the desktop platform also renders the company's future at odds. Mozilla's purchase comes with 10 million Pocket users at present, alongside advertising opportunity for Mozilla, a premium subscription service, and on top of which analytics for publishers. More importantly, people seem to enjoy using it, as per a report by The Verge. "We love the way that they have the user-first mentality, very similar to the way we drive our products," Denelle Dixon, chief business and legal officer of Mozilla, said. Pocket contemplated about an acquisition six years ago, when Evernote volunteered to purchase it, back when the company was still named Read It Later. Nate Weiner, Pocket's CEO, rejected the offer when it became evident that the company was to be subsumed as an in-app Evernote feature instead of a disparate product. Pocket is a great app, but it's still unclear if it's also a great business, as noted by The Verge. With only 10 million monthly users, it's not exactly a force to be reckoned with, at least in the scale of mobile era standards today, especially considering that Pocket is an advertising-backed enterprise. The acquisition won't have Pocket altering its business or products immediately, according to Weiner. Over time, Pocket will be useful in helping Mozilla with its "context graph," endeavor, which is a recommendation engine for the web that will be integrated into a browser. Pocket, similarly, is kind of like a browser per se because apart from the content users already save, friends or other people can give recommendations on what to view next or to read and watch. Collectively, over 3 billion pages have been stored in Pocket. Pocket has the ability to make qualitative conclusions about an article's worth, of course, based on how many times a particular content has been saved, shared, viewed, and such. Maybe this points to what sparked Mozilla's interest — it's possibly aiming to take advantage of that algorithm for its conceptual recommendation tool and in turn roll it out to a larger user base than Pocket's. What isn't clear is if Pocket will indeed bring Firefox back into a broader, widespread discussion among users both casual and pro who have nestled with Chrome as their choice web browser. Time, however, will tell. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | February 24, 2017
Google has announced that it has cracked the Secured Hash Algorithm 1 (SHA-1) cryptographic function, marking a milestone that spells both danger and opportunity for the computing world. The unprecedented feat was achieved through the real-world collision attack on the cryptographic algorithm, which led to the production of two PDF files that contain similar SHA-1 signature. As a mathematical algorithm, the SHA-1 is capable of transforming a digital object into a hash or its representation. For example, if the algorithm is used to convert or verify an email signature, the SHA-1 will transform it into a string of 40 characters. The elaborate combination of numbers and the way SHA-1 attaches such strings into digital objects makes it an effective mechanism to authenticate digital files. Here, identical files can have the same SHA-1 hash but two different files cannot be identified with the same string of characters. However, that is what exactly the researchers at Google were able to achieve. With help from peers at CWI Institute in Amsterdam, they successfully created two different files with the same SHA-1 footprint. Google's successful breach is a critical security issue because the SHA-1 function is currently used in financial processes. Specifically, the algorithm is said to be still widely used to validate credit card transactions. It is also employed to verify electronic documents and software updates. "It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file," the webpage dedicated to the initiative explained. Google cited a specific example to demonstrate the breach's impact. When one creates a rental agreement that involves a digital signature, it is now possible for one of the parties to create another rental agreement with different clauses or provisions but with the same valid signature. To be fair, SHA-1, which was developed back in 1995, has already been labeled as unsafe. This was highlighted back in 2011 when the U.S. National Institute of Standards and Technology officially deprecated the algorithm especially in transactions conducted in federal agencies. Some companies have also followed suit especially after incidents involving the SHA-1 vulnerability affected even Apple. The algorithm was also partly blamed for the Dropbox hack that exposed 68 million user accounts. Again, many companies still use it even after such bans. For example, Mozilla has allowed Symantec last year to issue a SHA-1 certificate to Worldpay just to accommodate more than 10,000 payment terminals that have not been upgraded. These terminals were given the green light to communicate with servers that process consumer transactions. According to Google, many applications also still use the algorithm and it hopes that its practical attack will serve as an opportunity for the industry to adopt safer alternatives. In the meantime, you can protect yourself from risk by using Chrome for your transactions because the browser automatically treats those with SHA-1 certificates as insecure. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | February 23, 2017
Mozilla does not want Firefox to be left holding the bag in the competition among internet browsers. Several weeks ago, the company underwent a so-called brand refresh with the adoption of a new logo to purportedly let the public know what the company and its mission are all about. Now, the Firefox browser itself is poised to get updated with a nifty feature that will let users snooze the browser's tabs. You usually encounter the Snooze function every time your smartphone or a mobile device notifies you with an alarm. So it is a curious thing how Mozilla thought to implement it on the internet browser, particularly with how you use tabs. Mozilla is calling the new experimental feature SnoozeTabs and it is available to the Firefox Pilot Program. According to Mozilla, it is part of its effort to create a modern and more efficient browser. The company cited how users often find themselves reading an interesting article but is quite busy to spend time with it perhaps due to its length. SnoozeTabs will now let you dismiss the page to keep your desktop from getting cluttered. The feature will, however, allow you to set a time for when the tab can reappear. So the experimental Firefox build is starting to show a snooze icon on the top right portion of the browser where it is arrayed with the Bookmarks and Settings icons. Clicking it will reveal a dropdown menu where you can select the time it can resurface. The menu also provides other options that enable users to manage snoozed tabs. After the snooze ends, the tab will pop up again, this time with an orange Snooze icon alerting you that the tab has been brought back from hibernation. As previously stated, the SnoozeTabs feature is still within experimental stage. You can only use it by installing the downloadable file posted at the program's page. After installing the add-on, you also have to activate it via a page that can be accessed by clicking the Test Pilot icon. You should also remember that this build can also suffer some glitches and issues since it is not yet a stable version. To help Mozilla fix bugs, however, the Pilot Test build is outfitted with the Pulse feature, which allows users to send feedbacks directly to Firefox engineers. You can install it as an extension to the Pilot Test add-on. "By telling us how Firefox performed on a wide variety of sites, you will help us understand how Firefox is performing in general and also help our engineers understand where to focus their efforts to improve Firefox browser performance," Mozilla stated in a blog post. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | February 5, 2017
Given the current political climate, your Facebook feed can be a hotbed of daily stress and intrigue instead of being a brief respite from your daily routine. You may be tired of seeing one political rant after another, or perhaps you have grown weary and suspicious of the legitimacy of the news updates your Facebook friend has been relentlessly posting. Facebook recently rolled out an update that allows users to report what they deem as fake news, but this did not seem to abate the number of political news and updates being shared by your well-meaning friends. If you want to take a break from all of the political posts but you don't have the heart to unfriend anybody, consider using these two browser extensions to temporarily hide all the noise. This is a Google Chrome extension that works like a toggle switch — all you have to do is to click on the blue button that says, "Add to Chrome" to add it as an extension to your browser, then switch it "on" and "off." The developer of the browser extension does not, however, seem to say how it filters out the post, but it would be safe to say that it will be based on specific names and keywords. If you're not using Chrome, Social Fixer is another browser extension that filters out political posts. Unlike the Chrome plugin we first suggested, this one works on multiple browsers such as Mozilla and Safari. It is a bit more complicated to set up than the first one. Once you have added it as an extension to your browser, it will show up as a wrench icon in the upper right section of your Facebook page. Just click on the icon, click "Social Fixer Settings," then click on "Filters." Select the option "Election/Politics 2017" by clicking on the green plus sign. If you want to further customize it or if you want to hide only a certain political figure or political party, click on the option "Create a New Filter." Once finished, click on "Done Editing Filter." If you don't want to use any browser extensions, you can opt to simply "unfollow" a friend by putting your mouse on one of their posts and clicking "unfollow." This way, you will remain friends with that user but you won't be able to see their posts. If you don't want to banish friends completely from your timeline, you can hover your mouse on one of their stories and click on "Hide post." This notifies Facebook that you are not interested in seeing this friend's posts in the near future. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.
News Article | February 23, 2017
Mozilla has added a new tab-snoozing feature to Firefox Test Pilot – a program that gives users a taste of experimental browser add-ons. SnoozeTabs lets you dismiss open tabs temporarily, then restore them automatically after a certain period. It’s brilliant if you come across something interesting that you want to check out later, without the hassle of bookmarking it. To try it yourself, install the Test Pilot extension, then select SnoozeTabs from the main menu. A small alarm bell icon will appear in the toolbar. To snooze a tab, click this icon to hide it and choose when it should reappear – in a few hours, a few days, next time you reopen Firefox, or at a custom time and date. Test Pilot is a playground where you can try experimental features before they’re integrated into Firefox proper (or consigned to the great plugin repository in the sky). Mozilla offers users a selection of new tools and give feedback, which it can then use to develop or ditch ideas. Some might become fully integrated parts of the browser, whereas others might evolve into optional extensions. Other experimental features available in the current version of Test Pilot are: Test Pilot is an add-on rather than a whole new version of Firefox, so you can easily give it a try and remove it later.