...from:
http://www.theverge.com/2014/11/27/7298717/windows-10-consumer-features-jan…
Microsoft to unveil Windows 10 consumer features at January event
Consumer Preview is on the way
* By Tom Warren<http://www.theverge.com/users/tomwarren>
* on November 27, 2014 10:10 am
* @tomwarren<https://twitter.com/intent/user?screen_name=tomwarren>
*
85<http://www.theverge.com/2014/11/27/7298717/windows-10-consumer-features-jan…>
[windows10jay.0.0.jpg]
Microsoft is planning to detail the consumer features of Windows 10 at an event in January. While Microsoft will be present at the Consumer Electronics Show in early January, sources familiar with the company’s plans tell The Verge that Microsoft will hold a separate press event in late January to unveil the consumer preview of Windows 10. Microsoft previously promised "early 2015<http://blogs.windows.com/bloggingwindows/2014/09/30/announcing-windows-10/>" for a discussion on consumer features, and it appears the company is on track.
Microsoft’s first unveiling of Windows 10 was a small low-key event in San Francisco<http://live.theverge.com/microsoft-windows-9-event-live-blog/>that lasted around an hour, but we’re told the company’s consumer feature unveiling will be more significant. Microsoft has a large number of features to discuss, including a new touch interface dubbed Continuum<http://www.theverge.com/2014/9/30/6873963/windows-10-continuum-touch-interf…>. The software giant will also detail its plans for Windows phones and tablets, and possibly dashboard updates for its Xbox One gaming console. Windows 10 is designed to run across multiple devices, including PCs, tablets, phones, and the Xbox One. We understand Microsoft will announce the details of its Windows 10 consumer event before the end of the year.
More Windows 10 Information:
http://technet.microsoft.com/en-us/windows/windows10.aspx
Wayne Billing
Classroom Technology Support
Audio Visual and Classroom Technology Support
Computer and Network Support
130 Machray Hall Building
204-474-6649
204-807-3153 (cell)
204-474-7625 (fax)
Wayne_Billing(a)umanitoba.ca<mailto:Wayne_Billing@umanitoba.ca>
...from:
http://arstechnica.com/tech-policy/2014/11/european-parliament-votes-in-fav…
European parliament votes in favor of breaking up Google
[cid:5ADFFBCA-0F87-4B7D-9B3C-51F70D0B6494]
Trey Ratcliff / flickr<http://www.flickr.com/photos/stuckincustoms/4323977677/>
In a vote on Thursday, European Parliament members voted 384 to 174 in favor<http://www.reuters.com/article/2014/11/27/eu-google-idUSL6N0TH2FS20141127> of a resolution that calls for the unbundling of search engines from other commercial services to ensure competition among online companies. Although Google is not named specifically in the resolution, it's clearly targeted at the dominant search engine.
The resolution would still have to be approved by the European Commission, the executive branch of the European Union, to take effect, but the overwhelming vote in favor of separating search from other online products increases the likelihood that Google could face a major regulatory headache.
In a press release<http://www.europarl.europa.eu/news/en/news-room/content/20141125IPR80501/ht…>, the European Parliament called on EU member states and the European Commission to “break down barriers to the growth of the EU's digital single market” (a “single market” refers to the EU as an association of 28 countries trading freely between each other without restrictions). The Parliament also “stressed the need to prevent online companies from abusing dominant positions.”
Lawmakers expressed concern, in particular, that Google was using its dominance to promote its own services unfairly and to obscure the services of its competitors. In the resolution, the Parliament asked the European Commission “to prevent any abuse in the marketing of interlinked services by operators of search engines,'” and asserted that "Indexation, evaluation, presentation, and ranking by search engines must be unbiased and transparent.”
Reuters reports that European Competition Commissioner Margrethe Vestager “has said she will review the case and talk to complainants before deciding on the next step.” Earlier this month, when the Financial Times reported<http://arstechnica.com/tech-policy/2014/11/europes-parliament-poised-to-cal…> on the draft resolution, it noted that the European Commission has been investigating Google for unfair practices for years. Earlier this week, US lawmakers urged<http://arstechnica.com/tech-policy/2014/11/us-lawmakers-ask-europe-not-to-b…> the European Parliament not to vote to break up Google.
Google declined to comment<http://www.reuters.com/article/2014/11/27/eu-google-idUSL6N0TH2FS20141127> to Reuters. Ars has contacted Google and will update if we receive a response.
This is only the latest in a slew of troubles Google has had with European regulators. It has also seen regulation, fines, and warnings from Europe with respect to taxation, copyright concerns, and the “right to be forgotten<http://arstechnica.com/tech-policy/2014/05/google-must-erase-inadequate-lin…>.”
...from:
http://arstechnica.com/tech-policy/2014/11/us-lawmakers-ask-europe-not-to-b…
US lawmakers ask Europe not to break up Google
European parliament considering a nonbinding resolution to unbundle search engines.
by Jon Brodkin<http://arstechnica.com/author/jon-brodkin/> - Nov 26 2014, 10:50am CST
* Share<https://www.facebook.com/sharer.php?u=http%3A%2F%2Farstechnica.com%2Ftech-p…>
* Tweet<https://twitter.com/share?text=US+lawmakers+ask+Europe+not+to+break+up+Goog…>
134<http://arstechnica.com/tech-policy/2014/11/us-lawmakers-ask-europe-not-to-b…>
[cid:DA28E3AB-355C-4A9E-9DBD-70C0B0BCA57D]
keso s<http://www.flickr.com/photos/keso/108805307/>
A European proposal to unbundle search engines from other commercial businesses—which could result in the breakup of Google—has brought a response from US lawmakers.
"Capitol Hill hit back at EU lawmakers on Tuesday for politicizing an antitrust investigation into Google, as tensions rose ahead of a European parliamentary vote calling for the possible break-up of the technology group," the Financial Times reported last night<http://www.ft.com/intl/cms/s/0/3d903290-74c9-11e4-a418-00144feabdc0.html#ax…>.
Lawmakers sent letters to European counterparts expressing alarm at the proposal. The letters don't specifically mention Google, the world's largest search company, but neither does the European draft resolution. That says the European Commission should "consider proposals with the aim of unbundling search engines from other commercial services." The resolution in the European parliament is likely to pass on Thursday, but it would be nonbinding, because any final action would have to be taken by the European Commission, the executive branch of the European Union.
One European member of parliament argued that "search engines like Google should not be allowed to use their market power to push forward other commercial activities of the same company.” However, EU digital commissioner Günther Oettinger spoke out against a breakup of Google.
US House Judiciary Committee Chairman Bob Goodlatte (R-VA) wrote<http://judiciary.house.gov/_cache/files/930df244-ccf0-44c6-965d-6f91712adb2…> to European members of parliament, calling himself "troubled to learn that some European elected representatives are encouraging antitrust enforcement efforts that appear to be motivated by politics, rather than grounded in factual and legal principles. We believe that antitrust enforcement should be applied independent of politics and firmly rooted in our shared international principles. Policies that run counter to these principles undermine our free markets and ultimately harm both our businesses and our consumers."
Another letter from US lawmakers said "'proposals that seem to target US technology companies' raised questions 'about the EU’s commitment to open markets,'" the Financial Times reported. The letter was signed by Senators Ron Wyden (D-OR) and Orrin Hatch (R-UT) and Reps. Dave Camp (R-MI) and Sander Levin (D-MI).
A third letter<http://eshoo.house.gov/uploads/Letter%20from%20U%20S%20%20Congressional%20D…> signed by 12 members of US Congress led by Rep. Anna Eshoo (D-CA) said the resolution "would deter continued innovation and investment from US based Internet companies." The letter described "the transformative impact of online based services, including e-mail, social media, and search on our society and the economy," plus the contributions of US companies to the European economy.
"It is therefore troubling to us that the European Parliament is suggesting an action that would stem cross-border data flows at the expense of millions of people across Europe who enjoy the use of these online services every day," the letter states. "We support healthy competition and a fair playing field for Internet companies in the US and around the globe, and we believe these goals can be accomplished through the traditional regulatory process."
...from:
http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-vict…
Malware’s new target: your password manager’s password
Citadel trojan attempts to grab your master key.
by Robert Lemos<http://arstechnica.com/author/roblemos/> - Nov 19 2014, 12:42pm CST
* Share<https://www.facebook.com/sharer.php?u=http%3A%2F%2Farstechnica.com%2Fsecuri…>
* TweetCyber criminals have started targeting the password managers that protect an individual's most sensitive credentials by using a keylogger to steal the master password in certain cases, according to research from data-protection company IBM Trusteer.<https://twitter.com/share?text=Malware%E2%80%99s+new+target%3A+your+passwor…>
Cyber criminals have started targeting the password managers that protect an individual's most sensitive credentials by using a keylogger to steal the master password in certain cases, according to research from data-protection company IBM Trusteer.
The research<http://securityintelligence.com/cybercriminals-use-citadel-compromise-passw…> found that a configuration file, which attackers use to tailor the Citadel trojan for specific campaigns, had been modified to start up a keylogger when the user opened either Password Safe or KeePass, two open-source password managers. While malware has previously targeted the credentials stored in the password managers included in popular Web browsers, third-party password managers have typically not been targeted.
While the current impact of the attack is low, the implications of the attacker’s focus is that password managers will soon come under more widespread assault, Dana Tamir, director of enterprise security for IBM Trusteer, told Ars Technica.
“Once the malware captures this master key, then they can use that master key to exercise complete control over the machine and any of the user’s online accounts,” she said.
Cyber criminals have increasingly focused on stealing passwords from online repositories and services. Passwords are generally not considered an adequate security solution for important data or online services because easy-to-remember passwords are also easier to guess, reducing the security of the protected data.
Password managers boost the security of online accounts by allowing users to create a different and complex password for each of their accounts, additionally encrypting the information to prevent access. But the technology is not foolproof, as researchers found this summer when they published details of flaws<http://arstechnica.com/security/2014/07/severe-password-manager-attacks-ste…> in five different programs for storing passwords.
Yet, when implemented correctly, the software can allow individuals to securely store a different credential for every site and system they use, avoiding reusing keys.
It's no surprise, then, that attackers have started targeting that master key.
The Citadel configuration files found by the IBM researchers commanded the malware to begin keylogging whenever Password Safe or KeePass started running. The system also monitored for passwords to an authentication solution known as the neXus Personal Security Client. The master passwords, if captured by the program, were sent to a legitimate Web server that appeared to have been compromised by the attackers.
It was not clear whether the attack was part of a targeted campaign or just opportunistic attackers aiming to grab credentials from users of the password managers, IBM Trusteer’s Tamir said. Despite the attack, password managers are still better than just using a few passwords, or worse, a single password, she said.
“I think that password managers and authentication solutions are more critical than ever,” Tamir said. “But it is important to keep in mind that these solutions are not sufficient in and of themselves—they have to be accessed from a clean machine.”
Wayne Billing
Classroom Technology Support
Audio Visual and Classroom Technology Support
Computer and Network Support
130 Machray Hall Building
204-474-6649
204-807-3153 (cell)
204-474-7625 (fax)
Wayne_Billing(a)umanitoba.ca<mailto:Wayne_Billing@umanitoba.ca>
Last month Apple announced ApplePay in the USA. (Coming to Canada early 2015)
This month, Google has just announced that their electronic pay system "Google Wallet" won't work online starting March, 2015.
Is Google offering a replacement product?
No, Google is not offering a replacement processing solution for digital goods on websites.
...from:
http://www.engadget.com/2014/11/13/google-wallet-digital-goods-shutdown/?nc…https://support.google.com/wallet/business/answer/6107573
Google Wallet won't let you buy digital goods on the web past March 2015
[cid:AB6D7D91-270F-4E30-8186-9ED65408E17D]<http://www.engadget.com/2014/11/13/google-wallet-digital-goods-shutdown/>
Sad news, web merchants: if you relied on Google Wallet to process the online payments for your feline subculture e-zine (or any other digital product you've got kicking around), you'd better start looking for something else to do the job. On March 2, 2015, Google will officially pull the plug on its Wallet for Digital Goods API, which means anyone who hasn't switched to another payment processor -- like PayPal, for instance -- will be serve up 404s left and right to anyone trying to buy stuff from them.
Why? Mostly because the "industry has matured a lot" since the thing launched back in 2012<http://www.engadget.com/2012/10/04/google-wallet-reaches-the-web-reminds-mo…>, meaning that Google's facing some seriously stiff competition and doesn't feel up to the fight. Don't panic, though: let's just take a moment to run through what's happening and to whom. You can still use your NFC-laden Android phone to pay for your Haribo cola gummies down at the local Wawa - that's a completely separate part of the business. You can still process in-app payments through Google Wallet if you're a developer, too, because the last thing Google needs is to pull the rug out from under the app creators that make them money. And yes, you can still use Google Wallet online to buy physical products, like, say, a Domino's Pizza. Thank heavens for that, right?
...from:
http://www.cbc.ca/news/technology/apple-downplays-risk-of-masque-attack-aft…
Apple downplays risk of Masque Attack after U.S. government warning
['We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,' Apple said in an official statement.]
'We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,' Apple said in an official statement. (Hannah Yoon/ Canadian Press)
Apple is downplaying a risk of a security bug in its mobile operating system for iPhones and iPads that the U.S. Department of Homeland Security warned users about yesterday.
The United States Computer Emergency Readiness Team, based at the Department of Homeland Security, issued an alert<https://www.us-cert.gov/ncas/alerts/TA14-317A> Thursday about the Apple iOS "Masque Attack" technique<http://www.cbc.ca/news/technology/apple-ios-bug-makes-iphones-ipads-vulnera…>, announced by the internet security firm FireEye in a blog post Nov. 10<http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-…>.
FireEye said the technique allows hackers to replace one of the users' existing apps with malware, for example, replacing a user's banking and email apps with malware that sends banking and email data directly to the attackers. The company said recent Wirelurker attacks<http://www.cbc.ca/news/technology/apple-devices-hit-by-wirelurker-malware-i…> in China started to use a "limited form" of Masque Attacks to attack iOS devices via a USB connection.
But in an official statement emailed to CBC News on Friday, Apple said, "We’re not aware of any customers that have actually been affected by this attack."
The company added, "We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software."
The statement came more than three days after CBC News sent Apple an email request for comment about FireEye's blog post<http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-…>.
In response to the Apple statement, Vitor de Souza, vice-president of global communications for FireEye, noted that with most cyberattacks, the victim doesn't know they have been compromised.
"We are not saying that this is a widespread attack, but we believe consumers should be aware so they take the necessary precaution," he added in an email to CBC News on Friday.
But Chris Mills, a writer for the technology website Gizmodo, wrote that he thinks the attack is "not anything to worry about."
"See, the 'attack' requires the user to first follow a dodgy-looking link, then click past an iOS pop-up warning people about downloading malicious apps. Not to mention, the hacker needs access to an iOS Developer Enterprise Program account," he wrote. "If we pretend that ignoring the built-in safeguards and then downloading dodgy apps is a security flaw, then every single major operating system, mobile or otherwise, has a security flaw."
However, users commenting on the article disagreed,
Apple recommended that in order to protect themselves:
* Customers should only download from "trusted sources like the App Store."
* Users should pay attention to warnings when they download apps.
* Enterprise users should install custom business app from their company's secure website<http://support.apple.com/en-us/HT6584>.
[The original attempts to break in to Home Depot computer systems were stymied by their firewalls. The attackers didn't focus on Home Depot directly; they focused on exploiting the computers of 3rd party contractors doing work within Home Depot buildings. The breaches began only when visiting contractors attached their own (already exploited) computers inside the Home Depot firewalls or when they given credentials to penetrate the firewalls from already exploited computers at the contractors home offices.]
....from:
http://9to5mac.com/2014/11/09/home-depot-windows-breach-macbooks-iphones/
Home Depot blames security breach on Windows, senior executives given new MacBooks and iPhones<http://9to5mac.com/2014/11/09/home-depot-windows-breach-macbooks-iphones/>
[Home Depot Windows]
Earlier this week, The Wall Street Journal<http://online.wsj.com/articles/home-depot-hackers-used-password-stolen-from…> published an in-depth look at The Home Depot’s recent security breach<https://corporate.homedepot.com/mediacenter/pages/statement1.aspx> of its payment data systems, in which 56 million credit card accounts and 53 million email addresses of customers were compromised. A root cause of the security breach: a Windows vulnerability in the retailer’s main computer network.
“Once inside Home Depot’s systems after gaining credentials from the outside vendor, the hackers were able to jump the barriers between a peripheral third-party vendor system and the company’s more secure main computer network by exploiting a vulnerability in Microsoft Corp.’s Windows operating system, the people briefed on the investigation said,” writes the WSJ’s Shelly Banjo.
The report claims that while Microsoft did issue a security patch after the breach began, which was installed by The Home Depot, the fix arrived too late. According to sources familiar with the investigation, the hackers already had the ability to move across The Home Depot’s systems, including its point-of-sale system, as if they were high-level employees.
The report unravels a lot of details related to how the security breach played out, with one anecdote that I found particularly interesting. Following the breach, an IT employee allegedly purchased two dozen new MacBooks and iPhones for senior executives at The Home Depot, indicating that the home-improvement retailer may have lost at least some confidence in its Microsoft-based systems.
MacBooks and iPhones have faced their fair share of security vulnerabilities<http://9to5mac.com/2014/11/05/wirelurker-malware/> over the past few years, although recent studies conducted by Kaspersky Labs<http://securelist.com/analysis/kaspersky-security-bulletin/58265/kaspersky-…> and similar firms have proven that both devices remain highly secure platforms in terms of protection against malware and other threats. But whether shiny new Macs and iPhones in The Home Depot’s boardroom will help it prevent another massive security breach remains to be seen.