Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

March, 2016:

Microsoft 10 Mobile – Detailed evaluation of operating system

PC Magazine shares an in-depth evaluation of the Microsoft 10 Mobile operating system

http://www.pcmag.com/review/343083/microsoft-windows-10-mobile

ProsCortana digital assistant. Continuum for use with monitor and keyboard. Windows Hello biometric sign-in. Intuitive, one-hand capable interface. Tie-ins with Xbox, Office, Skype, OneDrive, and Band. Excellent keyboard. Good game selection.

ConsApp store has fewer and less feature-full apps than competing phone OSes. Not all older phone models are upgradeable.

Bottom LineWindows Phone may be the neglected sibling among smartphone operating systems, but it brings some unique advantages nevertheless.

Microsoft’s mobile operating system has struggled in recent years. Android and iOS basically own the market. But the leading desktop OS vendor isn’t giving in on the quest to disrupt the duopoly that currently dominates the smartphone landscape. A big part of its strategy ties in with its still-dominant position on the desktop. Though Windows 10 Mobile is not identical to Windows 10 on the desktop, it shares a great many features and capabilities with its big brother, and ties in tightly with other Microsoft services such as Office 365, Skype, OneDrive, and Xbox One. The OS also boasts standout capabilities like the Cortana intelligent voice assistant, Continuum, which lets you use your phone as a full-size PC, and Windows Hello, which lets you log in with your face. Can all this cool tech spur wider use of the third phone OS? Only time will tell.

Android Security – Truecaller call management vulnerability

Cheetah Mobile security labs note a new vulnerability in the popular phone call management application Truecaller impacting numerous Android devices

http://www.cmcm.com/blog/en/security/2016-03-28/974.html

This vulnerability, which has been fixed in the latest Android update, could have allowed anyone to potentially gain access to Truecaller users’ information and change their call blocking settings. The millions of Android users who downloaded this app on their smartphones could be in danger.

The CM Security Research Lab recommends that Truecaller Android users update to the latest version on Google Play immediately. The researcher found that Truecaller uses devices’ IMEI as the only identity label of its users. Meaning that anyone gaining the IMEI of a device will be able to get Truecaller users’ personal information (including phone number, home address, mail box, gender, etc.) and tamper app settings without users’ consent, exposing them to malicious phishers.

By exploiting this flaw, the attackers can:

1. Steal personal information like account name, gender, e-mail, profile pic, home address, etc.
2. Modify a user’s application settings:
3. Disable spam blockers
4. Add to a black list for users
5. Delete a user’s blacklist

Twitter Security – Two Step account verification when logging in

Security expert, Graham Cluley shares detailed step-by-step instructions to enhance security during login to Twitter

https://www.grahamcluley.com/2016/03/twitter-login-verification/

If you have been following my recent “How to” series, you now know how to protect your Google account with two-step verification (2SV).   You might have even decided to set up 2SV with the Google authenticator app, which means you will now be able to receive verification codes for your Google account in the absence of internet access or mobile service.

Two-step verification might be less secure than two-factor authentication, but in adding an extra step to a login process, it does enhance your overall account security. That is true for each and every web account on which you activate 2SV, including your social media accounts.

Twitter calls its implementation of 2SV “Login Verification”.  In this guide, I will discuss how you can activate Login Verification on your Twitter account. My article will include steps for activating login verification via SMS text messaging and via Twitter’s mobile app for Android.

Malware – USB Thief highly advanced and stealth-like threat

USB Thief is a data stealing malware agent that resides on an infected USB device.  ESET has excellent documentation on this new advanced threat.

http://www.darkreading.com/attacks-breaches/dangerous-new-usb-trojan-discovered/d/d-id/1324853

http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/

‘USB Thief’ could be used for targeted purposes, researchers at ESET say.  The Internet and the growing interconnectedness of networks have made it incredibly easy for threat actors to deliver and propagate malware. But not all cyber threats are Internet-borne.  Take USB Thief, new malware sample that researchers at security firm ESET recently discovered.  As its name implies, the malware is completely USB-borne, meaning it spreads exclusively through devices that plug into the USB port of computers.

This data-stealing Trojan could be used for targeted attacks on systems disconnected from the Internet. Some obvious examples of air-gapped systems that would fall into this category, and that would be of interest to the authors of USB Thief, would be industrial control systems controlling equipment at critical infrastructure facilities including power plants, nuclear facilities, shipyards, and elsewhere.  ESET describes it as very sophisticated, especially for its ability to avoid detection and reverse engineering.

The malware attaches as a plugin or a dynamically linked library (DLL) into the command chain of applications that are typically stored on USB devices, like Firefox, Notepad++, and TrueCrypt, ESET security researcher Tomas Gardon said in the blog post announcing the discovery.

Whenever these applications are executed, the malware runs in the background and steals data without giving users an inkling of what’s going on. Because it exists on a USB stick, the malware leaves no trace of its presence on any computer on which it runs. USB Thief’s real difference, though, lies in its self-protecting capabilities, according to Gardon. For starters, each malware sample is tied directly to the specific USB stick on which it is installed. A sample of USB Thief from one USB will not run if it is copied and pasted on another device.

Microsoft Minecraft – Study documents educational benefits of game

Microsoft Minecraft is a challenging game which was found to help promote learning based on recent study:

http://www.cnet.com/special-reports/minecraft/mindcraft-helping-students-learn

Microsoft’s popular video game Minecraft helps kids learn everything from programming, science and math to art, languages and history. Concerned because you can’t pry your daughter away from Minecraft? Worried that your son spends every moment obsessing over moves in the super-popular video game?   Chill. It turns out that Minecraft builds up brain cells instead of dissolving them.

Minecraft isn’t about bloody broadswords and burning rubber. It has no complex story lines or gorgeously rendered images of alien soldiers. Instead, it’s filled with people, animals, trees and buildings that look as if they were built from digital Legos. And in a way, they were: The Minecraft universe is made up of blocks representing materials such as dirt, trees, stone, ores and water. Players mine and then use these blocks to craft the shelters, tools and weapons they need to protect themselves against nightly attacks from monsters called “mobs.”

Kids pick up more advanced computer skills through Minecraft’s “command blocks” — code that changes the rules of the game. That can be anything, from altering the weather to generating an invincible flying squid.  “Because there’s no overt goal, no immediate plot, no structure, you have the flexibility and freedom to do what you want,” says Jeff Haynes of Common Sense Media, which rates software and games for age appropriateness and gives Minecraft a top “learning” score. “It fosters life skills like creativity, curiosity, exploration and teamwork.”

Microsoft Edge – Built-in Ad blocking may appear in future release.

At the Microsoft Build conference, improved built-in ad blocking was potentially noted for a future version of Microsoft Edge

http://www.pcworld.com/article/3049998/browsers/report-microsoft-will-build-ad-blocking-into-a-future-version-of-microsoft-edge.html

Microsoft is working to build ad blocking into the “next” version of Microsoft Edge, according to a report. A slide was presented by Microsoft executives. “Build ad blocking features into the browser” is “targeted for the next version” of the browser, version 4682811.

When and if it arrives, ad blocking inside Microsoft Edge would make it the second major browser to natively kill ads; Opera is testing a developer version of its browser that does the same thing. Other browsers have flirted with native ad blocking, including Samsung’s native Web browser for Android. Most of the remainder, including Apple’s Safari and Google Chrome, enable ad blocking through the use of plugins, which companies like Opera say is less effective than blocking them natively.

Microsoft didn’t say exactly when the new versions of Edge will debut with ad blocking built in. Microsoft has said previously that it has begun seeding the Edge browser, with just a few supported extensions, to its Insider group of beta testers.

Microsoft BUILD Conference – March 2016

This key product event started today and shares some of Microsoft’s key strategies for the coming year:

http://www.winbeta.org/news/microsofts-5-biggest-announcements-build

Microsoft just held an event in San Francisco — at the Moscone Centre, specifically — and used the time to talk about Windows, bots, Skype, Cortana, and lots more. Speakers included Satya Nadella, Terry Myerson, and Bryan Roper who wore his trademark fedora. The company also talked about Tay, the AI that went on a rampage, acknowledging that it failed Microsoft’s own standards for decency. “It’s not going to be about man vs. machine,” Nadella said. “It’s going to be about man with machine.”

Here were the biggest announcements.

1. Windows Ten has 270 million users
2. Bots are the future
3. Taking on the iPad Pro with Surface Pro
4. HoloLens is now shipping
5. Microsoft welcomes Xbox into the Windows family

McAfee Labs – March 2016 research report

McAfee Labs shares in their quarterly report growth in Mobile Security malware, Ransomware, and other threats.

http://www.eweek.com/security/slideshows/infection-data-shows-rise-in-mobile-malware-development.html

http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf

There are a number of truisms when it comes to IT security statistics, one of them being that, quarter after quarter, the volume of malware continues to grow. New data from Intel Security’s March 2016 McAfee Labs Threats Report 2016 bears that out, once again showing an increase in the total volume of malware, which now stands at approximately 500 million samples. While that total grows steadily, the same cannot be said for the volume of new malware samples, which doesn’t always follow an upward trajectory. For the first three quarters of 2015, McAfee Labs reported a downward trend in the volume of new malware samples that it detected. That trend, however, was reversed in the fourth quarter of 2015, with 42 million new malware samples detected—a 10 percent gain over the third quarter of 2015. A key driver of the new malware growth came by way of a burst in new mobile malware, which grew by 72 percent on a quarterly basis in the fourth quarter of 2015. In this slide show, eWEEK examines key takeaways from the March 2016 McAfee Labs Threats Report.

Apple – FBI accesses iPhone with help from security firm

With help from a mobile security firm, the FBI have broken into the iPhone for San Bernardino crimial case.

http://www.networkworld.com/article/3048731/fbi-hack-may-raise-questions-about-iphone-security.html

The FBI hack of an iPhone 5c running iOS 9 may have left the device just a little bit insecure in the eyes of some users, as the agency has not provided details of how it was able to access data on the phone used by the San Bernardino terrorist.

On Monday, the FBI told the court that the government had successfully accessed the data stored on the iPhone used by Syed Rizwan Farook and no longer required the assistance it was demanding in court from Apple.  But the FBI did not disclose in the court filing whether it would pass the information on the hack to Apple, raising questions whether there is a vulnerability in the device that Apple may not know about.

http://fortune.com/2016/03/29/apple-fbi-cracked-iphone/

A sampling of the latest statements circulated about the case:

Department of Justice: “The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple.”

Apple: “We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.”

Edward Snowden: “Journalists: please remember that the government argued for months that this was impossible, despite expert consensus.”

Cybersecurity commentator Errata Security: “I doubt the technique was the NAND mirroring one many have described, or the well-known “decapping” procedure that has a 30% of irretrievably destroying the data. Instead, I think it was an [zero day] or jailbreak. Those two communities are pretty large, and this is well within their abilities.”

Blogger Ben Thompson: “No one comes out of this looking good. Whatever alleged ‘marketing benefit’ Apple achieved from selling secure phones has to be dinged by the fact this phone was broken into; meanwhile the FBI not only didn’t get the precedent that Apple and other companies ought to help them, but also look rather foolish and incompetent.”

Windows 10 – Reaches 20 percent installation milestone in USA

Windows 10 usage continues to grow with those purchasing new PCs plus upgrading from prior versions of Windows 7 or 8

http://www.networkworld.com/article/3048736/windows/windows-10-passes-20-share-in-the-us.html

One in five Windows-powered devices steered to a host of U.S. government websites in March ran Windows 10, according to preliminary data.  For the first time, Windows 10 accounted for more than one-fifth of the visits to sites tracked by the Digital Analytics Program (DAP), which mines traffic to more than 4,000 websites on over 400 different domains maintained by U.S. government agencies, such as the Internal Revenue Service and the National Weather Service.

Through Thursday, Windows 10 recorded 20.2% of visits in March by Windows PCs, smartphones and tablets. That was a one-percentage point increase from February and more than two percentage points above January’s.  Microsoft has just over four months left to boost Windows 10 adoption by pushing the free upgrade to eligible Windows 7 and 8.1 devices. That deal is set to expire July 29, on the one-year anniversary of Windows 10’s launch.