Technology Mania : 04/10/17

Monday, April 10, 2017

Microsoft Finally Reveals What Data Windows 10 Collects From Your PC

Wednesday, April 05, 2017 Mohit Kumar

Since the launch of Windows 10, there has been widespread concern about its data collection practices, mostly because Microsoft has been very secretive about the telemetry data it collects.

Now, this is going to be changed, as Microsoft wants to be more transparent on its diagnostics data collection practices.

Till now there are three options (Basic, Enhanced, Full) for Windows 10 users to select from under its diagnostics data collection section, with no option for users to opt out of sending their data to Microsoft.

Also, the company has never said precisely what data it collects behind these options, which raised huge privacy concerns among privacy-conscious users.

But now for the first time, Microsoft has revealed what data Windows 10 is collecting from your computer with the release of the Windows 10 Creators Update, bringing an end to nearly two years of its mysterious data collection practices.

The Windows 10 Creators Update, which will be available from April 11 for users to download for free, comes with a revamped Privacy settings section.

During the process of upgrading to the Creators Update, you will be displayed a new Privacy Settings screen that will ask you to toggle the following features:

Location – Allow Windows and apps to request your location and share that data with Microsoft.
Speech Recognition – Allow Cortana and Windows Store apps to recognize your voice and send that data to Microsoft to improve speech recognition.
Tailored experiences with diagnostic data – Allow Microsoft to use diagnostic data from your computer to offer tips and recommendations.
Relevant ads – Allow apps to use advertising IDs to show ads more interesting to you based on your app usage.
What's more? On Wednesday, Microsoft published a massive list of diagnostics data – both the Basic and Full levels of diagnostics – on its TechNet site, showing what data gets collected.

Basic – The Basic level collects a limited set of data that is critical for understanding the device and its configuration. This data includes basic device information, quality-related information, app compatibility, and Windows Store.
Full – The Full level collects data for the following nine categories: common data; software setup and inventory data; product and service usage data; browsing, search and query data; content consumption data; linking, typing, and speech utterance data; and licensing and purchase data.

Windows chief Terry Myerson said in a blog post published Wednesday that Microsoft hoped the transparency would allow users to make "more informed choices" as the company starts rolling out its new Creators update to the operating system.

This more transparency in gathering diagnostic data after two years of the Windows 10 release is likely Microsoft's response to European Union regulators that's publicly pressuring the company about its privacy practices for the past year.

In February, European Union regulators said they're still unsatisfied with the privacy changes announced by Microsoft and seeking further clarification from the company.

Marisa Rogers, the privacy officer of the Microsoft's Windows and Devices Group, said that the company is planning to "share more information about how [it] will ensure Windows 10 is compliant with the European Union's General Data Protection Regulation."

U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

Thursday, April 06, 2017 Swati Khandelwal

Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China's President Xi Jinping.

According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the "Events" page of the US National Foreign Trade Council (NFTC) website in February.

Dubbed 'Operation TradeSecret,' the attack against the NFTC site is seen as an attempt to conduct surveillance on the main industry players and lobbyists closely associated with U.S trade policy activities.

Researchers say hackers placed a malicious link on the NFTC website, inviting the organization's board of directors to register for a meeting in Washington DC on March 7. But clicking on the link deployed a spying tool called "Scanbox."

Dates back to 2014, Scanbox – previously used by nation-state threat actors associated with the Chinese government – has the ability to record the type and versions of software a victim is running and run keyloggers on compromised computers, said Fidelis researcher John Bambenek.

"This attack was really at its core a reconnaissance attack. Anyone who visited this calendar entry would expose their software versions and use a JavaScript keylogger that could expose their identity," said Bambenek.
"Traditionally these attacks are used to precisely identify targets and help them craft targeted phishing attacks using exploits they know the victim is vulnerable to."The malicious link was active on the NFTC website between February 27 and March 1. The malware was already removed from the site by the time Fidelis contacted NFTC.

The NFTC's staff and board represent many influential people and companies -- from President Rufus Yerxa, the U.S. Ambassador to GATT to executives from major companies including Google, Amazon, eBay, IBM, Coca-Cola, Microsoft, Oracle, Cisco, KPMG, Pfizer, Visa, Ford, Halliburton, and Walmart.

Although Fidelis detected no further attacks on NFTC board members, the security firm believed the hackers were after a full range of entities relevant to the trade negotiations due to take place Thursday between US and China.

This is the second time in a week when APT10 cyber espionage campaign has come to light. A report released this week by BAE Systems, and PwC also claimed that APT10 was targeting managed IT services providers (MSPs) and their customers across the globe to steal sensitive data.

WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

Friday, April 07, 2017 Swati Khandelwal

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA).

Named Grasshopper, the latest batch reveals a CLI-based framework developed by the CIA to build "customised malware" payloads for breaking into Microsoft's Windows operating systems and bypassing antivirus protection.

All the leaked documents are basically a user manual that the agency flagged as "secret" and that are supposed to be only accessed by the members of the agency, WikiLeaks claims.

Grasshopper: Customized Malware Builder Framework
According to the leaked documents, Grasshopper framework allows the agency members to easily create custom malware, depending upon the technical details, such as what operating system and antivirus the targets are using.

The Grasshopper framework then automatically puts together several components sufficient for attacking the target, and finally, delivers a Windows installer that the agency members can run on a target's computer and install their custom malware payloads.

"A Grasshopper executable contains one or more installers. An installer is a stack of one or more installer components," the documentation reads. "Grasshopper invokes each component of the stack in series to operate on a payload. The ultimate purpose of an installer is to persist a payload."The whistleblowing website claimed the Grasshopper toolset was allegedly designed to go undetected even from the anti-virus products from the world's leading vendors including Kaspersky Lab, Symantec, and Microsoft.

CIA's Grasshopper Uses 'Stolen' Russian Malware
According to WikiLeaks, the CIA created the Grasshopper framework as a modern cyber-espionage solution not only to be as easy to use as possible but also "to maintain persistence over infected Microsoft Windows computers."

"Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption)," Wikileaks said in the press release.One of the so-called persistence mechanisms linked to Grasshopper is called Stolen Goods (Version 2), which shows how the CIA adapted known malware developed by cyber criminals across the world and modified it for its own uses.

One such malware is "Carberp," which is a malware rootkit developed by Russian hackers.

"The persistence method and parts of the installer were taken and modified to fit our needs," the leaked document noted. "A vast majority of the original Carberp code that was used has been heavily modified. Very few pieces of the original code exist unmodified."It is not yet clear how recently the CIA has used the hacking tools mentioned in the documentation, but WikiLeaks says the tools were used between 2012 and 2015.

So far, Wikileaks has revealed the "Year Zero" batch which uncovered CIA hacking exploits for popular hardware and software, the "Dark Matter" batch which focused on exploits and hacking techniques the agency designed to target iPhones and Macs, and the third batch called "Marble."

Marble revealed the source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.

Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

Saturday, April 08, 2017 Mohit Kumar

Remember The Shadow Brokers? They are back.

A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back.

Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to "Equation Group" – an elite cyber attack unit linked to the NSA.

Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million).

However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000).

Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN

The password mentioned above for the encrypted NSA files was made public through a blog post published today.

The blog post, titled "Don't Forget Your Base," has been written as an open letter to President Donald Trump, containing political views expressed by the Shadow Brokers on Trump's recent policies and events, like the Goldman Sach, the air strike against Syria and removal of Steve Bannon from the National Security Council, among others.

A security researcher, who uses Twitter handle x0rz, has uploaded all files after decryption on Github and confirmed that the archive includes:

rpc.cmsd a remote root zero-day exploit for Solaris – Oracle-owned Unix-based operating system.
The TOAST framework that NSA's TAO (Tailored Access Operations) team used to clean logs of Unix wtmp events.
The Equation Group's ElectricSlide tool that impersonates a Chinese browser with fake Accept-Language.
The evidence of the NSA operators' access inside the GSM network of Mobilink, one of the Pakistan's popular mobile operator companies.

More key findings will come as soon as other security researchers delve into the dump.

At the time, it's not confirmed whether the group holds more NSA hacking tools and exploits or this is the last batch of documents the Shadow Brokers stole from the United States intelligence organization.

Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

Sunday, April 09, 2017 Swati Khandelwal

It's 2017, and opening a simple MS Word file could compromise your system.

Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.

The Microsoft Office zero-day attack, uncovered by researchers from security firms McAfee and FireEye, starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object.

When opened, the exploit code gets executed and makes a connection to a remote server controlled by the attacker, from where it downloads a malicious HTML application file (HTA) that's disguised as a document created in Microsoft's RTF (Rich Text Format).

The HTA file then gets executed automatically with attackers gaining full code execution on the victim’s machine, downloading additional payloads from "different well-known malware families" to take over the victim's PC, and closing the weaponized Word file.

Zero-Day Attack Works on All Windows OS — Even Windows 10

According to researchers, this zero-day attack is severe as it gives the attackers the power to bypass most exploit mitigations developed by Microsoft, and unlike past Word exploits seen in the wild, it does not require victims to enable Macros.

Due to these capabilities, this newly discovered attack works on all Windows operating systems even against Windows 10, which is believed to be Microsoft's most secure operating system to date.

Besides this, the exploit displays a decoy Word document for the victims to see before terminating in order to hide any sign of the attack.

"The successful exploit closes the bait Word document and pops up a fake one to show the victim," McAfee researchers wrote in a blog post published Friday. "In the background, the malware has already been stealthily installed on the victim's system."

"The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office."

Microsoft is aware of the zero-day flaw as the researchers say they responsibly disclosed the issue to the company after detecting active attacks leveraging this unpatched flaw back in January this year.

FireEye disclosed the details of the vulnerability a day after McAfee went public with the flaw.

The next scheduled Microsoft's release of security updates is this Tuesday, so it's highly unlikely the company will be able to deliver a patch before that day.

How to Protect Yourself against this Attack?

Since the attack works on fully patched systems, users are highly advised to follow the below recommendations to mitigate such attacks:

Do not open or download any suspicious Word files that arrive in an e-mail, even if you know the sender until Microsoft releases a patch.
Since the attack does not work when a malicious document is viewed in Office Protected View feature, users are advised to enable this feature to view any Office documents.
Always keep your system and antivirus up-to-date.
Regularly backup your files in an external hard-drive.
Disabling Macros does not offer any protection, but yet users are advised to do so in an attempt to protect themselves against other attacks.
Always beware of phishing emails, spams, and clicking the malicious attachment

A lot of 32-bit apps will stop working after Apple iOS 11 launches in September

We have heard of Apple killing support for 32-bit apps lately. This became clearer after the launch of iOS 10.3 where Apple put out clear warnings through pop-up messages hinting that older apps will not work with future versions of iOS. Now there’s more news on this front and it even includes speculation about future Apple processors not including 32-bit support altogether.

9to5mac reports that Apple will be making a drastic change this fall. A prominent developer Steven Troughton-Smith put out tweets explaining that this Apple will cease to support these older apps. While hundreds of 32-bit apps continue to work right now (with the warning pop-up) these may no longer work or show up on the App Store after iOS 11 come out in September this year.

Smith puts it out clearly that developers either need to upgrade of they will be chucked out of the iOS ecosystem once users upgrade to iOS 11.

Additionally, Smith also speculated that A-Series chips from Apple in the future may not even include support for 32-bit instructions. With these missing at the hardware level in upcoming iPhones, there is literally no future for these 32-bit apps.

Indeed, the move comes as no surprise as Apple has been warning users about coaxing their app developers to upgrade their apps. The move comes as Apple seems on a warpath to remove older, problematic and abandoned apps (ones that haven’t been updated for years) from its App Store in a bid to maintain higher app quality standards over quantity. Since the announcement in September, Apple has managed to purge about 50,000 such apps from the App Store. iOS 11,l with its new standards, is expected to reveal a better kill rate for abandoned apps.

If you are unsure about which apps on your iOS device are 32-bit, you can simply head to Settings> General> About> Applications. If you are able to open the ‘applications’ page, then you do have one or more 32-bit apps running on your device and they’ll be listed there. If not, you will simply not be able to open the Applications section, which means that you have nothing to worry about.

If you do find some 32-bit apps that you can’t live without, you’d better hope that the app’s developer will listen to your piteous pleas for an update. If not, tough luck.

Publish date: April 10, 2017 1:50 pm| Modified date: April 10, 2017 1:50 pm

Apple files patent for new AirPods case that will charge other devices

The Apple AirPods have been criticised for their design, battery life and most of all, availability. But it seems Apple has big plans for their awkward wireless earphones. The company has filed for a patent around the AirPods and its something quite out of the ordinary.

According to the patent documents, a special case for the Airpods will offer provision for inductive charging. This means it could provide power to devices such as Apple Watch, iPods, iPhones, iPads and even MacBooks in the future.

The schematics of the case show a watch on top of the case, which is probably the most suitable device. The current Apple Watch Series 2 comes with a 273 mAh battery while the current AirPods case has a 398 mAh battery. If Apple were to make a slightly bigger case, it could very well charge the AirPods and the watch.

The patent goes on to say, “Such devices can include, for example, portable music players (e.g., MP3 devices and Apple’s iPod devices), portable video players (e.g., portable DVD players), cellular telephones (e.g., smart telephones such as Apple’s iPhone devices), video cameras, digital still cameras, projection systems (e.g., holographic projection systems), gaming systems, PDAs, as well as tablet (e.g., Apple’s iPad devices), laptop (e.g. MacBooks) or other mobile computers. Some of these devices can be configured to provide audio, video or other data or sensory output.”

But in making a bigger case, Apple could risk the factor of portability. Of course, this is just a patent filing and it doesn’t mean that we are going to see an AirPods case with inductive charging anytime soon.

Publish date: April 10, 2017 1:11 pm| Modified date: April 10, 2017 1:11 pm

Xiaomi Mi 6 rumours: GFXBench leak gives details on two variants of the Mi 6

Xiaomi Mi 6 render. Image: Android Headlines

As rumours keep coming in, we are getting excited for Xiaomi’s new flagship smartphone. The Mi 6 has leaked on numerous occasions and now we have an alleged specifications sheet of the upcoming device, courtesy GFXBench.

The device name says Xiaomi Sagit, which could be the codename for the Mi 6. The handset is running on Android 7.1.1 which is nice to see. We can also see the display section pointing to a 5.1-inch dimension with Full-HD resolution. Some of the other specifications have pairs which probably means that two variants of the Mi 6 were benchmarked.

The SoC is an octa-core Qualcomm chip with an Adreno 540 GPU. Clearly it is the Snapdragon 835. However, there are two clock speeds. Which means one of the variants will be clocked at 2.2 GHz while the second one at 2.4 GHz. Xiaomi is known to underclock SoC for its devices and the Mi 6 will get the same treatment. Rest of the specifications point to 4 GB of RAM as well as 6 GB of RAM and for storage we have 64 GB and 128 GB.

As for the camera, there is a 12 MP sensor on the back with 4K video support. On the front there is an 8MP that can also shoot 4K videos.

The Xiaomi Mi 6 is expected to launch this month in China as said by CEO Lei Jun.

Publish date: April 10, 2017 12:50 pm| Modified date: April 10, 2017 12:50 pm

Cloud will be an enabler of innovation and growth: Here’s how to leverage it

By Narsimha M

Previously, enterprises viewed cloud as a way to reduce costs and optimise their workloads. Today, the cloud is no longer about merely simplifying infrastructure but about providing faster applications. Delivering applications faster, with innovative features, is the key to creating exciting user journeys and improving customer stickiness. Empowered thus, organisations are increasingly putting customer experience ahead in their strategy for business growth.

In this digital age, data has become paramount. Data is the lifeblood of today’s digital marketplace – the means by which digital enterprises uncover how lean are their operations, how effective are their processes and how engaged are their customers. The ability to leverage data about every customer action can help enterprises craft delightful customer offerings – and this is where cloud is a key differentiator.

Cloud as an enabler of innovation and growth

Applications on the cloud work dynamically to ensure always-on and always-available business operations. With integrated data analytics powered by big data, enterprises can enhance their decision-making process by gleaning insights into possible downtime incidents and failures, understand how their customers interact with their products and services and build services to improve customer satisfaction.

Image Credit: IBM

Take for example, a global automobile manufacturer that used APIs to leverage big data on cloud and offer real-time contextual services for drivers as well as the extended automobile ecosystem. This way, the company moves beyond being just car manufacturers, but also a creators of a complete experience that covers financial services, concierge services and more, all with the car at the center.

Deploying applications on cloud allows enterprises to play with new functionalities, set up infrastructure much faster than before and go live within days. DevOps plays a vital role in helping such enterprises change on the go and adopt new technologies by leveraging agile practices and people transformation. For instance, an education service provider has leveraged a cloud-based platform that integrates niche enterprise resource planning (ERP) solutions and applications to create an integrated community cloud that now connects over 450 schools. This ensures seamless and uniform learning for students of all schools irrespective of location while simplifying the management.

Multi-cloud environments give businesses the flexibility to reduce their dependency on a single cloud provider. In doing so, these environments simplify large-scale operations, manage a variety of workloads and prevent vendor lock-in while improving reliability and accelerating operations – for themselves and their customers.

An enterprise may choose to keep their external facing applications on one cloud vendor while keeping their internal applications hosted on another cloud vendor.

Three ways to leverage the cloud

Lift and shift
By moving applications in their current state from an on-premise server to that in a cloud environment, enterprises can infuse better functionalities, ensure higher security and deliver a better customer experience at a much lower cost. A case in point here is of a global provider of technology and hardware for document and information management that embarked on a journey to move their services to private clouds, by simply consolidating 9 data centers to two tier-III data centers. By reducing their server count, they not only increased system availability to 99.99 per cent, but were able to slash costs for hosting, hardware, utility, and licensing infrastructure by 30 percent. Besides improving performance, migrating to cloud has helped the client deliver new hosting services for their customers.

Image: Microsoft

Re-engineer applications
Enterprises need to modernise and upgrade many of their existing applications to be able to work with modern technology. Applications need to be upgraded to function seamlessly in a cloud environment to make them truly scalable and efficient. For example, a software developer for legal firms had designed their products to run on physical servers within law firms. While this was done to safeguard sensitive information, data could be only be accessed from within the customers’ offices. To make things simpler for their customers, the company re-engineered their software to work on the cloud on a multi-tenant model. Now, the software is provided as a service with improved performance and 99.99 per cent system availability. Besides reducing costs incurred by customers, they increased their business by targeting new segments such as small, medium and large firms who can buy their products with zero investment in hardware.

Cloud Native Applications
While a large number of enterprises are still investing in moving/re-engineering applications for a cloud environment, for many a parallel journey of building applications that are cloud-first is the way forward. This involves understanding cloud computing architecture and taking advantage of cloud computing frameworks, to build and deliver various services directly from the cloud. Recently, a global retailer looking for scalability, agility, productivity, and performance deployed a cloud-based solution that merged a robust e-commerce platform with various systems such as content management, search and recommendations, and cart management. The new platform has helped the retailer rapidly deploy their digital solutions and enter new markets such as Australia, the Middle East and China.

Today, cloud is already an enabler of transformation for organisations looking for simpler operations and leaner workloads. Going forward, it is set to drive greater innovation and growth. The way forward is to leverage cloud along with innovative and emerging technologies such as IoT, blockchain and AI, thereby creating a robust digital foundation that will help smart organisations stay ahead.

The author is SVP and Head – Infosys Validation Solutions & Cloud, Infrastructure and Security, Infosys

Publish date: April 10, 2017 10:52 am| Modified date: April 10, 2017 10:52 am