Telegram Founder on WhatsApp Hacks: Backdoors Are Camouflaged as Security Flaws

Telegram Founder on WhatsApp Hacks: Backdoors Are Camouflaged as Security Flaws

Durov says that despite iOS devices having “loads of privacy-related issues,”, WhatsApp is the culprit here, as the corrupt video vulnerability exposes not only iPhones, but also Android and Windows Phone devices.

Protect Your Browsing With DNS Over TLS

Protect Your Browsing With DNS Over TLS

What Can You Do. Support for DNS over TLS isn’t as mature as HTTPS yet, but it’s still easy enough to get set up and use.Your Windows PC is now configured to use Stubby to send your DNS over TLS.

German Data Protection Agency: Windows 10 1909 Enterprise Telemetry can be fully disabled

German Data Protection Agency: Windows 10 1909 Enterprise Telemetry can be fully disabled

The report, which you can access here (German PDF) suggests that organizations who may buy Enterprise or Education editions of Windows 10 may disable the sending of Telemetry data entirely in Windows 10 version 1909.

Windows 10 Privacy: Debotnet 0.5 update brings massive improvements

Windows 10 Privacy: Debotnet 0.5 update brings massive improvements

The third-party category lists options to block the Chrome Software Reporter Tool, CCleaner monitoring, or Adobe's Acrobat Reader online service while Ninite Apps options to download and install popular applications using Ninite.

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

The issue is this: Firefox versions for desktop older than the just-patched version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade.

How my application ran away and called home from Redmond

How my application ran away and called home from Redmond

After about a minute later we received Slack alert that the Beacon has managed to find a leak from the lab environment.I logged in to my Windows test machine to see if the Beacon is still running.

How to Revert Your Windows 10 Account to a Local One (After the Windows Store Hijacks It)

How to Revert Your Windows 10 Account to a Local One (After the Windows Store Hijacks It)

Not only is this an annoyance but if you end up in some comedy-of-errors situation where someone who isn’t you logs into the Windows Store then it converts your local user account to a Microsoft account with their login credentials.

Digital Billboards Are Tracking You. And They Really, Really Want You to See Their Ads.

Digital Billboards Are Tracking You. And They Really, Really Want You to See Their Ads.

“If you’re not using data to better plan and buy ads, then you’re probably not doing out-of-home the right way.”.The out-of-home market provides a fresh window into how consumer data is being used by advertisers.

Windows will improve user privacy with DNS over HTTPS

Windows will improve user privacy with DNS over HTTPS

There are now several public DNS servers that support DoH, and if a Windows user or device admin configures one of them today, Windows will just use classic DNS (without encryption) to that server.

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft already offers Windows Secure Boot, a feature that checks for cryptographic signatures to confirm software integrity.Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way.

Google’s auto-delete tools are practically worthless for privacy

Google’s auto-delete tools are practically worthless for privacy

Still, it’s unusual for advertisers to target users based on their activity from months earlier, Dweck says.Still, he acknowledges that a daily auto-delete window would significantly affect advertisers’ ability to target Google users based on a profile of their search activity.

Confirmed: Windows 10 Setup Now Prevents Local Account Creation

Confirmed: Windows 10 Setup Now Prevents Local Account Creation

On Windows 10 Professional, there’s reportedly a “Domain Join Instead” option that will create a local user account.Windows 10 offers no option to create a local account from within the setup process.

Microsoft Just Hid The ‘Use Offline Account’ Option For Installing Windows 10, Here’s Where To Find It

Microsoft Just Hid The ‘Use Offline Account’ Option For Installing Windows 10, Here’s Where To Find It

Then, when presented with the option to connect to a network, you could simply hit the “I don’t have internet,” click through to “Continue with limited setup”, after which you would be presented with an option to create an offline account.

Windows Defender ranked one of the best antivirus solutions

Windows Defender ranked one of the best antivirus solutions

In the German independent research institute’s May/June 2019 ‘best antivirus software for Windows Home Users’ report, Windows Defender is one of four products to receive perfect 6 out of 6 scores in the protection, performance, and usability categories.

Private Internet Access users can now resolve internet names with the Handshake Naming System (HNS)

Private Internet Access users can now resolve internet names with the Handshake Naming System (HNS)

Starting since version 1.30 , the Mac, Linux, and Windows Private Internet Access (PIA) desktop clients have come with the ability to change the selected Name Server from PIA’s Domain Name System (DNS) servers to using one of PIA’s Handshake Name System (HNS) servers.

The Danger Coming To Google’s Chrome

The Danger Coming To Google’s Chrome

That’s why we don’t use Google Chrome as a browser on Macs, Windows PCs, iPads, iPhones, and jump through hoops to rid it on Chromebooks. Google is an ad business that gives away free software in exchange for the rights to exercise its ability to extract private information from users.

Windows 10, Office Online users get new warning over data privacy

Windows 10, Office Online users get new warning over data privacy

Netherlands authorities last year cited eight undocumented privacy issues with ProPlus versions of Office 2016 and Office 365 that allowed Microsoft to collect Dutch-created user content from the apps that was stored on US servers and potentially exposed to US law enforcement.

New DPIA on Microsoft Office and Windows software: still privacy risks remaining (short blog)

New DPIA on Microsoft Office and Windows software: still privacy risks remaining (short blog)

On behalf of the Dutch Ministry of Justice and Security, Privacy Company has investigated the privacy risks related to the use of Microsoft Windows 10 Enterprise, Office 365 ProPlus and Office Online, as well as the mobile Office apps.

New York City to Consider Banning Sale of Cellphone Location Data

New York City to Consider Banning Sale of Cellphone Location Data

Telecommunications firms and mobile-based apps make billions of dollars per year by selling customer location data to marketers and other businesses, offering a vast window into the whereabouts of cellphone and app users, often without their knowledge.

Bypassing anti-incognito detection in Google Chrome

Bypassing anti-incognito detection in Google Chrome

Using this information, I came up with a simple rule for detecting incognito mode i.e if the temporary storage quota <= 120MB then its safe to say that it’s an incognito window.

Upgrade Readiness

Upgrade Readiness

Upgrade Readiness is a feature in Windows that according to [1], "collects system, application, and driver data for analysis. It can collect "detailed computer and application inventory" and "guidance and insights into application and driver compatibility issues, with suggested fixes".

ITWire - Microsoft Office 365 and Windows 10 barred from use in German schools

ITWire - Microsoft Office 365 and Windows 10 barred from use in German schools

Ronellenfitsch adds, "As soon as, in particular, the possible third-party access to the data in the cloud and the issue of telemetry data have been resolved in a comprehensible and data protection-compliant manner, Office 365 can be used as a cloud solution by schools."

SoylentNews

SoylentNews

I spent the afternoon poking through update files and security bulletins and trying to get an on-the-record response from Microsoft. I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own.

Pale Moon forum

Pale Moon forum

A malicious party gained access to the at the time Windows-based archive server () which we've been renting from Frantech/BuyVM, and ran a script to selectively infect all archived Pale Moon .exe files stored on it (installers and portable self-extracting archives) with a variant of Win32/ClipBanker.

Keep Firefox from leaking your data all over the internet

Keep Firefox from leaking your data all over the internet

Among the threats Mozilla's Firefox web browser for Windows and MacOS can protect you from are trackers that gather your browsing history, cryptominers that secretly use your device's resources to mine cryptocurrency and fingerprinters that uniquely identify you based on your device, settings and apps.

Microsoft stirs suspicions by adding telemetry files to security-only update

Microsoft stirs suspicions by adding telemetry files to security-only update

Nearly three years ago, Microsoft split its monthly update packages for Windows 7 and Windows 8.1 into two distinct offerings: a monthly rollup of updates and fixes and, for those who are want only those patches that are absolutely essential, a Security-only update package.

Hackers Infect Pale Moon Archive Server With a Malware Dropper

Hackers Infect Pale Moon Archive Server With a Malware Dropper

The Pale Moon web browser team announced today that their Windows archive servers were breached and the hackers infected all archived installers of Pale Moon 27.6.2 and below with a malware dropper on December 27, 2017.

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative

Credit: IntelThe NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.

Upgrade Readiness deployment script

Upgrade Readiness deployment script

Error creating or updating registry key: CommercialId at HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection Verify that the context under which the script in running has access to the registry key. The SetupCommercialId function updates the Commercial Id at the registry key path: HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection Verify that the configuration script has access to this location.

GitHub - sh-dv/hat.sh: A Free, Fast, Secure client-side File Encryption.

GitHub - sh-dv/hat.sh: A Free, Fast, Secure client-side File Encryption.

AES-GCM - exportKey. async function exportCryptoKey(key) { const exported = await window.crypto.subtle.exportKey( "raw", key ). async function decryptMessage(key) { let encoded = getMessageEncoding(); let decrypted = await window.crypto.subtle.decrypt({ name: "AES-GCM", iv: iv }, key, ciphertext ) .then(function (decrypted) { (new Uint8Array(encrypted)); }) .catch(function (err) { console.error(err); }); }.

More