TMO Link

Link

T-Mobile Announces New ‘Magenta MAX’ 5G Plan

Andrew Orr ·

T-Mobile announced on Monday the release of its new Magenta MAX 5G plan. It includes 40GB of mobile hotspot.

Magenta MAX delivers unlimited Premium Data — 4G and 5G — on your smartphone. That means you can’t be slowed down based on how much you use. Plus, Magenta MAX is made for video streaming with UHD (ultra-high definition) streaming up to 4K resolution and Netflix on Us on all MAX plans, now including single line customers. And Magenta MAX comes with the industry’s most generous smartphone mobile hotspot at 40GB of high-speed data included for consumers.

Link

Chick-fil-A Uses FaceTime and iPads to Speed Up Drive-Thru

Andrew Orr ·

Chick-fil-A has been experiencing big drive-thru lines during the pandemic and it’s using Apple technology to speed it up.

The chain stands out from the drive-thru crowd in large part thanks to its workers with iPads who take orders from cars even before they reach the window.

“Some restaurants are using [FaceTime] during extreme weather as another measure to protect Team Members and/or for additional social distancing during COVID,” Chick-fil-A said in a statement.

Link

Encrypted Cloud Storage Service ‘Cryptee’ Announces Massive Update

Andrew Orr ·

Cryptee is an end-to-end encrypted cloud storage service and announced a huge update on Sunday.

We’ve re-designed the entire platform, re-engineered everything from ground up, added hundreds of new features, and created an entirely new Cryptee experience for you. Along the way we’ve realized it’s going to be a massive leap forward, so we thought we should get a new logo too.

I think Cryptee is a great service and one that I’ve recommended in the past.

Link

Mysterious ‘Silver Sparrow’ Malware Confuses Researchers

Andrew Orr ·

Over the weekend we got news of a mysterious piece of malware called Silver Sparrow. It has infected 30,000 machines so far and there is a version of it built for M1 Macs. But security researchers can’t figure out its purpose.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Link

Chrome OS Passes macOS to Become Second Most Popular Desktop OS

Andrew Orr ·

New data shows that Chrome OS has overtaken macOS to become the second most popular desktop OS. Chrome OS rose from 6.4% in 2019 to 10.8% in 2020.

Despite the fact that macOS landed in third, viewing this as an example of Google beating out Apple directly might not be accurate. Rather, it’s likely that Chrome OS has been primarily pulling sales and market share away from Windows at the low end of the market. Mac market share actually grew from 6.7 percent in 2019 to 7.5 percent in 2020.

Link

Email Spy Pixels are a Widespread Problem, Says BBC

Andrew Orr ·

At the BBC’s request, email service “Hey” analyzed its traffic and found two-thirds of emails sent to users contained a spy pixel.

Defenders of the trackers say they are a commonplace marketing tactic. This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles. Hey’s co-founder David Heinemeier Hansson says they amount to a “grotesque invasion of privacy”. And other experts have also questioned whether companies are being as transparent as required under law about their use.

These pixels are tiny 1×1 images embedded in photos that can track a variety of data points. You could turn off “Load Remote Images” automatically in Settings > Mail, but then of course they would load along with other photos when you want to see them.

Link

DNS Provider ‘Quad9’ Announces Move to Switzerland

Andrew Orr ·

Quad9 is a non-profit DNS provider, so called because of its 9.9.9.9 DNS server. It announced on Wednesday it has moved its headquarters from California to Zürich, Switzerland supported by Packet Clearing House and SWITCH.

Quad9’s move to Switzerland is being facilitated by SWITCH, one of Switzerland‘s centers of competence for internet security. The foundation operates several critical infrastructures and has been committed to greater cybersecurity for decades to make the internet a more secure place for its users. SWITCH is taking a seat on Quad9’s foundation council and contributing to Quad9’s governance.

Interesting move. For many people, private services and companies located in a country like the U.S. is a negative. This is because of the Five Eyes Alliance.

Link

LastPass to Restrict Free Users to One Device Type on March 16

Andrew Orr ·

LastPass announced a move to restrict free users of its password manager. Starting March 16 these users will be limited to one device type.

LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type.

As alternatives I recommend 1Password as well as the open-source app, Bitwarden.

Link

Microsoft Testing xCloud For Web, Opening up to iPhone and iPad

Charlotte Henry ·

Microsoft has started testing its xCloud game streaming service through a web browser, according to The Verge. This opens up the possibility it will work on iPhones and iPads.

Sources familiar with Microsoft’s Xbox plans tell The Verge that employees are now testing a web version of xCloud ahead of a public preview. The service allows Xbox players to access their games through a browser, and opens up xCloud to work on devices like iPhones and iPad. Much like how xCloud currently works on Android tablets and phones, the web version includes a simple launcher with recommendations for games, the ability to resume recently played titles, and access to all the cloud games available through Xbox Game Pass Ultimate. Once you launch a game it will run fullscreen, and you’ll need a controller to play Xbox games streamed through the browser.

Link

Pandora Announces ‘Artist Takeovers’ With Guest Artists

Andrew Orr ·

Pandora announced a new feature for its music stations called Artist Takeovers. It features music handpicked by a different artist with special audio commentary.

The new Artist Takeover series began rolling out in recent months with Shawn Mendes, Chris Stapleton, and more. Artist Takeover Modes are a pop-up experience on stations, and selections from each carry over into Pandora Stories playlists for continued listening.

Artist Takeovers are an extension of Pandora Modes, a feature allowing you to customize your listening experience on favorite Pandora stations by offering a set of selectable “modes” that give more control over the kinds of songs that are played.

I think this sounds like a great feature. It brings to mind guest stars on Apple Radio 1.

Link

Google Photos for iOS Adds Video Editing, New Photo Editing Features

Andrew Orr ·

Google has added new editing features to its Photos app on iOS, including video editing. New editing features will be available exclusively to Google One members.

Starting today, we’re bringing some of the editing features currently available on Pixel to Google One members as a part of their membership. These effects transform your portraits using machine learning: with Portrait Blur, you can blur the background post-snap, and with Portrait Light, you can improve the lighting on faces in portraits. Both features work for photos just taken or images from the past — even if the original image wasn’t taken in portrait mode.

Link

35 Companies Including Apple Hacked in Supply Chain Attack

Andrew Orr ·

Security researcher Alex Birsan was able to breach over 35 companies’ internal systems, including Apple, Microsoft, PayPal, Spotify, Netflix, and others. He did this through bug bounty programs and pre-approved penetration testing arrangements (aka, he’s one of the good guys). He earned over US$100,000 in bounties.

The attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company’s internal applications.

Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Link

Hackers Tried to Poison Florida Town’s Water Supply

Andrew Orr ·

Most security news I’ve shared involves purely digital hacking. This story from Reuters is a case of using hacking to affect the physical world, like an attempt to poison a town’s water supply.

The hackers then increased the amount of sodium hydroxide, also known as lye, being distributed into the water supply. The chemical is typically used in small amounts to control the acidity of water, but at higher levels is dangerous to consume.

Oldsmar Mayor Eric Seidel said in a press conference on Monday that the affected water treatment facility also had other controls in place that would have prevented a dangerous amount of lye from entering the water supply unnoticed.

Link

Browser Favicons Can be Used to Track You Online

Andrew Orr ·

Software designer Jonas Strehle discovered that browser favicons can be used to give you a unique ID that can be used to track you across the web. It works even if you use privacy tools like a VPN, incognito browsing, deleting cookies/browser cache, and others.

To be clear, this is a proof-of-concept and not something that Strehle has found out in the wild. Strehle’s supercookie program (which uses a Cookie Monster favicon) is a proof of the concept described by the university researchers.

Link

Adobe Adds Document Collaboration to Photoshop, Illustrator, Fresco

Andrew Orr ·

Adobe announced on Tuesday new document collaborations for Photoshop, Illustrator, and Fresco.

The Invite to Edit feature in Photoshop, Illustrator, and Fresco allows asynchronous editing on all surfaces across the desktop, iPad, and iPhone (Fresco). Now collaborators can edit a shared cloud document, one at a time. Just save your. PSD or. AI files as cloud documents and send invitations for others to edit them. You can also edit files that have been shared with you. In addition, you can access your shared cloud documents on assets.adobe.com and the Creative Cloud Desktop app.

Link

Android Could Mimic iOS 14 App Tracking Transparency

Andrew Orr ·

A report from Mark Gurman suggests that Google could add the App Tracking Transparency privacy feature to Android. But it wouldn’t be as private since Google is ultimately an advertising company.

A Google solution is likely to be less strict and won’t require a prompt to opt in to data tracking like Apple’s, the people said […] To keep advertisers happy while improving privacy, the discussions around Google’s Android solution indicate that it could be similar to its planned Chrome web browser changes.

In other words, why even bother?

Link

Affinity Apps Updated With RAW Engine, Contour Tool, More

Andrew Orr ·

Serif has updated its line of Affinity apps to version 1.9. on Thursday. New features include a contour tool, a RAW engine, GPU acceleration, and plenty of other goodies.

A key feature which sets Affinity Photo apart from the competition is its non-destructive workflow, and that has been taken to another level again with the ability to add liquify adjustments as live, maskable layers. On top of that there are substantial improvements to its RAW engine, new linked layer functionality, path text, as well as a whole new mode to control the stacking of astrography images for stunning results.

Additionally, all Affinity apps are currently available with 50% discount as an initiative to support the creative community during COVID-19, from affinity.serif.com.

Link

Washington State Suffers Data Breach due to Contractor ‘Accellion’

Andrew Orr ·

Washington’s state government reported a data breach on Monday that could affect over 1.6 million people. The breach is connected to Accellion, a contractor involved with the state auditor’s office.

During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion’s file transfer service. Some of the SAO data files contained personal information of Washington state residents who filed unemployment insurance claims in 2020 […] may also include the personal information of other Washington residents who have not yet been identified but whose information was in state agency or local government files under review by the SAO.

Link

New Facebook Message Warns You of iOS 14 Ad Opt-In

Andrew Orr ·

In response to an iOS 14 feature that makes developers ask user consent to use their data, Facebook wants to remind people just how beleaguered it really is.

In the post, Facebook says that if users accept the prompts for Facebook and Instagram, the ads you see on those apps won’t change. “If you decline, you will still see ads, but they will be less relevant to you.” The tech giant notes that Apple has said that providing education about its new privacy changes is allowed.

To me, the most offensive part about this isn’t Facebook pretending to care about “businesses other than itself that rely on ads to reach products customers.” It’s how it says “This won’t give us access to new types of information.”

Link

Data Privacy Day 2021: Tresorit Responds to Encryption Backdoors

Andrew Orr ·

For Data Privacy Day 2021, companies with private products like Tresorit, ProtonMail, Threema, and Tutanota, have issued a joint statement about proposed laws about backdoored encryption.

[…] encryption is an absolute, data is either encrypted or it isn’t, users have privacy or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizens’ home and might begin a slippery slope towards greater violations of personal privacy.

Link

Apple Shares ‘MySwimPro’ in Developer Spotlight

Andrew Orr ·

Apple has highlighted Fares Ksebati and his app MySwimPro in its Developer Spotlight. It provides aquatic workout videos for athletes.

What do you know now that you wish you’d known when you started? That it’s really important to be consistent, that it takes time to develop, and that if you can just be a little bit better every single day, the compounding impact is absolutely insane. We’ve been at this for five years, which is more than 1,800 days, and we’re trying to be at least 1 percent better each day.

Link

Pixelmator Pro ML Super Resolution Now Removes WebP Compression Artifacts

Andrew Orr ·

Pixelmator Pro has a new update ready, version 2.0.4. It brings an improvement to its ML Super Resolution image upscaler. It can now remove compression artifacts from WebP files. Another improvement adds support for portrait masks in Apple ProRAW images.

Pixelmator Pro already supports the WebP file format and, as it gains more users around the web, it’s becoming clear that the WebP compression algorithm produces unique compression artifacts. ML Super Resolution has already been trained to remove JPEG artifacts when resampling images but, with today’s update, it can now remove WebP artifacts too.

Link

How Apple Improved iMessage Security in iOS 14

Andrew Orr ·

Project Zero, Google’s security team, reverse-engineered iMessage to see how Apple improved it in its latest OS 14 releases. Specially, how it has gained new protections against zero-day attacks using BlastDoor, resliding of the shared cache, and exponential throttling.

One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.

Link

Mark Zuckerberg says Apple is Anti-Competitive in Facebook Earnings Call

Andrew Orr ·

Mark Zuckerberg has once again criticized Apple for its privacy, saying that the company is anti-competitive because of iMessage (among other things).

We increasingly see Apple as one of our biggest competitors,” Zuckerberg said, noting that Apple’s iMessage software is preinstalled on iPhones — enabling it to become the most widely used messaging service in the United States, as opposed to Facebook’s WhatsApp — and that Apple’s growing investment in services also enables it to compete with Facebook and other apps that use its iOS software platform.