Microsoft's removal of its hold on patents to the exFAT file system, through the Open Invention Network (OIN), has made it available on the Linux kernel for use by the open source community.

The company joined the Open Invention Network (OIN) in late 2018 in a move perceived as its endorsement of open source, which it essentially agreed to grant royalty-free and unrestricted license to its patent portfolio. Microsoft has now also removed its hold on the patents related to the exFAT file system, which Linux users have had to undergo hard times dealing with on their PCs.

The exFAT (Extended File Allocation Table) is a file system released by Microsoft for Windows, which made debut with Windows CE 6.0., and had remained a proprietary software, only available to paid Microsoft subscribers.

Albeit, the exFAT file system is also compatible with macOS, but Linux users had been in pains dealing with exFAT-formatted SD cards and flash drives on their PCs. And in comparison to the erstwhile FAT32 which only support file size of up to 4GB, the exFAT allows nearly unlimited for both partition and file sizes.

Though, there's FUSE-based workarounds implemented to achieve a level of compatibility with Linux, and Samsung haven also published its own Linux driver for the exFAT file system, but still nothing worked better.

Microsoft maintains that this latest addition to the open source patent consortium, is the company’s effort to ease things up for Linux users and in fact, the whole of the open source community.

Additionally, the company has also integrated its software with Linux via Windows Subsystem for Linux (WSL) on Windows 10.

Microsoft's romance with Open Source, brings exFAT File System to Linux



Facebook had after several testing released a privacy tool, called 'Off-Facebook Activity' to allow users to have more control over their data and also be able to choose which specific parts of their data to share with advertisers and which to remove.

While the social network giant, Facebook had earlier resorted to many privacy measures with the sole aim to give users more granular control and have better transparency about how they and other third-party apps use the data, this is perhaps the first time it is giving users total control in clearing data from third-party websites and apps.

Facebook has seemingly ran into some challenges with privacy, as it tries to organize browsing data by date, which instead the former privacy tool organizes by profile, making it a bit difficult to single out an individual user's browsing history data.

What does and does not qualify as Off-Facebook Activities?



As Facebook is privy to collect information of users in different ways, first it does so through the filling out of your information into its platform via website and apps, and secondly, it tracks your browsing history via the Login with Facebook, embedded Like button, Facebook comments, and other hidden script called Facebook Pixel embedded on most websites.

Now, through these several processes Facebook is able to know which websites a user visit, even when not on the platform itself. And perhaps you've experienced whenever you scroll through your Facebook feed, it displays advertisements from specific brands especially those websites you recently visit.

These are what is classified as Off-Facebook activities and serves to help them to target ads more effectively, albeit evading users privacy. But with the new 'Off-Facebook Activity' Tool, concerned users should now be able to clear their personal data on the platform.

Steps to clear your Data using the Off-Facebook Activity Tool



The new tool makes it possible for you to be able to view a summary of your data which other websites or apps sent to Facebook through its various tools, and also allow you to disconnect the data or even all future activity altogether from your Facebook account.

Simply navigate to your account's Settings and you'll see the Off-Facebook Activity tab, click on it. Then you will be able to see the websites and apps that have been tracking your activity for ad targeting by sending reports to Facebook.

Now, just tap on the "Clear History" button to clear every of your browsing history and disconnect your account from the selected apps and websites or even prevent all of the third-part sites from tracking you in the future.

How to use 'Off-Facebook Activity' Tool to clear your personal data



Google has made proposal for a set of open standards on privacy, dubbed Privacy Sandbox, that will fundamentally prevent profiling of users and still support Free and Open Internet for digital advertisements.

While the issue of targeted advertising encroach on web users privacy, with tracking technologies becoming too invasive through intrusive practices by advertisers to accurately identify individuals for ads serving, there is now serious concerns amongst Internet users.

Google wants to help in finding a solution that will both protect users privacy and also help web content remain freely accessible on the web. The idea of Privacy Sandbox is to ensure secure environment for personalization that fundamentally protects user privacy. It includes new approaches that ensure ads will continue to be relevant for users, but without user data been shared with websites and advertisers, by anonymously aggregating the data, and maintaining more information on-device only.

The company hopes to work with the web community in developing the new standards to advance privacy, and by following the web standards process and seeking industry feedback on ideas for the Privacy Sandbox.

As part of its effort to advance privacy, Google had earlier made known its plans to improve the classification of web cookies, by giving clarity and visibility to the cookie settings, as well as aggressively blocking all fingerprinting techniques, thereby allowing users to evade web tracking.

Google has also made available its documentations on the specific problems they are trying to solve with the Privacy Sandbox, and have shared series of explainers with the web community. As the project will require significant thought, debate and input from stakeholders and generally, this may take multiple of years.

Privacy Sandbox: Google's new initiative for Open Standards on Privacy



Microsoft's open source code editor, Visual Studio Code was adjudged as one of the best text editors for programming, and the bringing of the Visual Studio Code as a Snap, to cater for the open source community has endeared it to the highly disparate Linux crowd.

Now, the company has released a new extension for Visual Studio Code, dubbed Web Template Studio (WebTS) to provide a platform to create web applications effortlessly and to enable developers generate a ReadMe.md with step-by-step guide on the development process.

While the Visual Studio Code serves as redefined editor for building modern web and cloud applications, with full support for debugging of a number of frameworks; the availability of WebTS will help developers to generate boilerplate code for each web app with options to choose between any of the different front-end/back-end frameworks, pages and cloud service.

Microsoft had earlier released Snap, the new universal packaging system for Linux apps, which is capable of been updated on any supported distro without affecting the host, and is hugely loved by the open source community.

This new extension will bring several app page templates to the Visual Studio Code, such as grid page, blank page, list, and master detail, to help developers in creating web apps more easily; and given that web apps created using WebTS posses well structured and readable code, which can also incorporate cloud services on Azure, makes implementation faster.

The Web Template Studio supports languages such as Node.js and Flask (for backend); with React, Vue and Angular (for frontend) and it's currently available on GitHub, so developers can contribute to further improve it or employ the tool for their projects.

Microsoft launches new extension (WebTS) for Visual Studio Code



Apple's browser engine, WebKit has announced a new tracking prevention policy which is aimed at bolstering privacy on the Safari browser and thus help to protect users on Apple's ecosystem.

While the open source project, WebKit announcement is following on the heels of Mozilla's push for privacy with its own anti-tracking policy, that is solely targeted at quashing all the web tracking technologies that follow users on Firefox browser.

The WebKit Tracking Prevention Policy, among other things spelt out the types of tracking it will target and how it will effectively deal with the issues, with implementation of mechanisms in WebKit to prevent such web tracking procedures. And the ever evolving policy will also profile additional tracking techniques as they arise, in a bid to include the new techniques in the policy and implement measures to prevent them.

Before now, Mozilla had been the single advocate of the browser-side protection that block websites from following web users online, which tracking has been proven to benefit advertisers who target specific users, even though it invades their privacy. With Firefox 67 which was released in May, the company debuted Letterboxing feature to protect against the so-called window-size related fingerprinting, which is employed in the profiling and tracking of Web users, whereby their personal information are collected from their various devices for identification.

Apple WebKit will bar any cross-site tracking and fingerprinting, with Safari browser already blocking some of the cross-site tracking techniques under its Intelligent Tracking Protection (ITP), which debuted with macOS Mojave and iOS 12; albeit it's still lacking in full blockade - as such information that can be used to identify some trackers are non-existence.

That's what the new policy will seek to address, through the discovery of additional tracking techniques, including the types of tracking created and how to deal with their effects.

Ironically, both Mozilla's Firefox and Apple's Safari browsers have been on the losing side in the browser wars, with huge declines in user share in the recent months; and despite Google's Chrome stealthy position, it has continued to climb in user share worldwide.

And perhaps, there will be a likely reversal in usage as more users begin to see the implementation of effective privacy policies from the competitors, that is, if privacy means anything for the average web users.

Apple to turn full throttle on Privacy with Safari Anti-tracking mechanism



While Spotify boasts of millions of songs available for streaming, you can only download and listen to it on the platform as Spotify songs are protected by DRM, and that limits how users could enjoy the songs in many ways. As a freemium service, it offers basic features for free with advertisements; albeit you can get music videos with additional features such as improved quality and better streaming as a premium subscription.

And the digital rights management (DRM) protection measures are set of access control technologies meant to restrict how proprietary or copyrighted works are used. The technologies only try to control the modification and distribution of such works such as multimedia content, and also systems within specific devices that enforce the policies. For instance, Apple too uses DRM to protect contents on iTunes, App Store, etc. Just as Spotify Music Streaming service uses DRM to protect their music, even though the DRM technology remains a controversial issue and hasn't been universally received across the globe.

But, TunesKit affords you the best DRM removal tool so that you can convert Spotify songs and easily download millions of DRM-ed songs/playlists into any format, including MP3, AAC, WAV, FLAC, M4A, M4B and also for offline listening on all devices and players even without a premium subscription. TunesKit Spotify Music Converter is fully capable of converting all DRM protected Spotify Musics from DRM to other formats (including MP3, FLAC, AAC, and WAV) losslessly and you are able to freely download the music track and playlist offline for even supposedly unsupported devices without any limitations.

What are the key Features of TunesKit Spotify Music Converter?



  • Easily Convert protected Spotify songs and playlists to MP3, AAC, WAV, FLAC, M4A, M4B:
  • TunesKit Music Converter for Spotify offers the ability to download Spotify music, and also remove DRM to convert the songs, and playlists to popular formats, like MP3, AAC, WAV, FLAC, M4A, M4B for support on different devices, such as MP3 player, mobile device, sound system, and car radio. Additionally, you are able to play the downloaded Spotify music offline on the various devices.

  • Losslessly preserve quality and metadata of Spotify music as the original:
  • TunesKit Spotify Music Converter combines the latest DRM music decryption removal technology which makes it fully capable of cracking any DRM encryption technology employed by Spotify without any loss in the quality of the music. Unlike other Spotify music downloaders in the market, that only rip songs through recording with unexpected quality reduction on the final output, TunesKit Spotify Music Converter retain 100% ID tags and metadata of the original Spotify streams, such as track number, artist, genre, composer, etc.

  • Download any track, album, artist and playlist from Spotify within free subscription:
  • TunesKit Music Converter for Spotify allows the downloading of all kinds of music from Spotify easily just by dragging the Spotify track, artist or playlist to the screen and download will be completed in seconds with only one click.


Steps to setup TunesKit Spotify Music Converter for Windows



Simply download TunesKit Spotify Music Converter for Windows from the site. And once downloaded, then double tap on it to initiate the installation process, and accept the terms and conditions. Now choose the destination location for installing the app, among other setup requirements.



The installation is quite jiffy and completes in a few minutes, after which the application will then start. TunesKit has a clean UI that doesn't require a lot of learning curves to use.

As seen in the above image, there is provision to insert Spotify track link. Just copy and paste the song link, and from the list icon at the top panel you can customize the format. When finally done, simply hit the convert button. That's it!



Now, you'll have the converted file available in the output location you set. But remember, you must have got Spotify installed on your device before carrying out the setup and conversion.

Our Verdict!



TunesKit Spotify Music Converter is fully compatible with the Spotify application which makes launching it automatic. And the flawless running of the application makes removal of DRM protection from Spotify songs as easy as pie.

TunesKit Spotify Music Converter for Windows lets you download freely anywhere



The Firefox Password Manager is intended to help keep all users' passwords in one place, so that they can log in automatically onto websites, or find their saved passwords easily; but to ensure a foolproof security, it also gives you a master password.

While the password manager is active by default, and accessible by going to the Privacy & Security section on the Preferences page, however there is a catch, the master password itself is not turned on for fresh installs, which leaves the stored passwords vulnerable to hackers or cybercriminals.



The fix as issued by Mozilla, is rated as “moderate” – given that it does not allow just anyone to extract passwords from the computer – but Firefox users are advised to check to make sure their browser is up-to-date for their optimum security.

If you've got automatic update turned on, then you should make sure to verify manually that it is working properly. Albeit, the easiest way is to select the About Firefox menu, which shows you the version of the browser you’re currently running, and check for any update, or offers you haven’t received yet.



Once there’s an available update, you’ll see the [Restart to update Firefox] button: simply click it and you’re about now done – as Firefox will remember all the tabs you have open and the session cookies: what you set, exit, update, reload and promptly open your tabs back again.

And if all goes accordingly, you’ll be restored back to where you were, logged into the same sites and ready to continue where you stopped. It is, however, recommended never to store unprotected password databases on your computer.

Mozilla fixes the glitch with Firefox “master password” bypass



The renown Kaspersky security solution has been reported to be flawed with how it runs remotely-hosted JavaScript file in the source code of every website a user visits in its processes of matching the site against the list of suspicious web addresses on its database.

Kaspersky Lab is a cybersecurity and antivirus provider headquartered in Russia, but operational as a multinational holding company, with extensive facilities in the United Kingdom.

The flaw marked as CVE-2019-8286 and credited to Ronald Eikenberg, an independent security researcher, stems from how the URL scanning module (Kaspersky URL Advisor) integrated into the antivirus program works. While the profiling is even active in private browsing mode (otherwise known as Incognito Mode in Chrome browser), with the flaw exposing a user by disclosing the UUID (Universally Unique Identifier) information associated with that user to every visited website.

The UUID can easily be traced to a particular individual and capturable by any website, or even third-party analytics services, since the file contains a string which is unique to the Kaspersky user.

Kaspersky, on the other hand, has acknowledged the flaw and issued a patch for it by assigning a general constant value mark (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) for all Kaspersky users instead of the Universally Unique Identifier. But even with that, the Kaspersky URL Advisor still exposes users by allowing websites and third-party services to know if a visitor has the antivirus software installed on their system.

This particular issue has been classified as User Data disclosure, and could allow an attacker to prepare and deploy a more malicious script to track the perceived protected user with an implant on the web servers.

Though, users can disable this tracking altogether by manually disabling the URL Advisor on the software by going to Settings, click on Additional, then Network, and uncheck the traffic processing box.

How Kaspersky Antivirus flaw exposes users to advanced Web tracking



ClickDo is a UK based SEO agency, made up of SEO experts who are intensely result-oriented. As every online business need to stand out from the crowd, which is the only way to guarantee appearance in search engine results, they'll need to employ some techniques to boost their website's search engine optimization.

While local search engine optimization is focused on optimizing business website so that it will be available on the top search results whenever a user searches for a local keyword for its products or services. If you are searching for London's best SEO services and marketing consultancy agency, look no further than ClickDo.

Fernando Raymond, the CEO & Founder at ClickDo is a renown SEO expert with amazing track records that speak volume, and such assurance from the company as "Give us 100 days, we will double your traffic" - sums up the result-oriented nature of the coy.

Why hire a SEO Agency?



Nowadays, every information is available at our fingertips, and not only one-word answer or approach, but full encyclopedia that's present in just one single click. And these needs of web searchers are taken up by search engines like Google where they prefer sites with complete in and out details about the related topic all in a single source.



As such, search engines follow a pattern to only show those sites in its result that cover the topic in a holistic manner. That's where the job of a SEO expert comes in, SEO serves to help in increasing the traffic flow to your website, and the optimization work affords it the better chances to reach more people. Albeit, SEO works take time and resources to get the desired results.

Why CHOOSE ClickDo for YOUR SEO SERVICES?



ClickDo boasts of having the #1 SEO Consultant in London, in the person of Fernando Raymond onboard, who brings his wealth of knowledge in Local SEO in auditing your business website to make sure everything is in perfect shape.

However, you don't have to take our words for it, find below a sample of recent local SEO service project successfully delivered to its client, so that you'd know what to expect in your own business site's traffic.



The website formerly could not even come first page for its own keywords for years after a major penalty. But when Fernando Raymond was contacted by the client, ClickDo expertise helped in bringing back the website to rank #1 on Google UK for their most competitive keywords.

Also note that organic traffic is perhaps the best for high conversions and even though you get traffic from Google AdWords it won't quite measure up to it, as it comes at a higher cost.

ClickDo Review: Best SEO Agency In London (UK) for Local SEO Services

.

Microsoft had deferred the Windows 7 Extended Security Updates deadline beyond January 2020, given that Enterprises are still grappling to upgrade to the newer operating system, so that now the extended support will culminate to three years of the deadline.

The company in a bid to make the migration easier and smoother, has launched what it calls "FastTrack", which program comes free with the purchase of a minimum of 150 licenses for any of the eligible Enterprise subscription plans or services, including Office 365 as well as Microsoft 365 (M365), the pricier bundles Office and a plethora of other management and security tools.

While Windows 7 Extended Security Updates will continue through to January 2023, it will only be available for PCs running Windows 7 Professional/Enterprise edition, with those versions of Windows obtained through volume licensing deals.

According to Microsoft, FastTrack will also help in deploying a service or subscription, with Desktop App Assure, it will work with customers to ensure that the desktop application running under Windows 7 will continue to run on Windows 10 after the successful migration. Albeit, the tool is designed to assist only Enterprise or Professional customers migrating from Windows 7 or Windows 8.1 Enterprise or Professional, to Windows 10 Enterprise.

Microsoft, however did emphasize on Professional-to-Enterprise migration too, and will provide Windows 10 deployment guidance to help in the upgrade from Windows 7 and Windows 8.1 Professional to Windows 10 Enterprise. But, it should be noted that FastTrack does not involve Microsoft's sending of engineers to an organization to supervise the OS upgrade, instead representatives are made available for consultation to provide guidance.

Microsoft will continue to offer customers on Windows Server's Extended Security Updates patches for "Critical" or "Important" rated vulnerabilities, with the top two tiers in its four-step risks ranking system.

How Businesses can leverage on FastTrack Assistance Program



SeekaHost offers cutting edge Web hosting solutions at bottom prices, without compromising on the quality of service, and guarantees optimal hosting availability that is unbeatable anywhere.

While many so-called cheap hosting services are often caught in lackluster services, where claims to offer 100% unlimited hosting for an outrageous price is more or less a ploy to corner your hard earned bucks. And those getting newly on board the website creation scenario, are faced with the choice of seeking a host that will not actually compromise on quality nor bore a hole in their pocket.

That is exactly what we want to offer with this review - SeekAHost is a great hosting provider based in the United Kingdom, with servers scattered all over the world for optimal service delivery.

Why SeekaHost?





Nowadays, everybody is seeking for a web hosting service that is first affordable, then reliable and efficient at the same time. SeekaHost offers the cheapest hosting services that will be suitable for both personal and business web hosting requirements, haven deployed the latest technologies in web hosting, with modern servers and infrastructures that guarantees integrity in the systems, tested for more than a decade to ensure best performance.

And their services are backed by 24/7 professional customer service personnel with years of experience in the web hosting verticals; you just can't go wrong choosing SeekaHost as your preferred web hosting service provider.

3 levels of Web hosting Packages



Personal hosting packages: This web hosting package is for hosting your personal website, it gives your stories wing and make them live on the Internet at a pretty cheap rate. The package starts at $1.99/month with 1 Domain, 1GB Disk Space, 10GB Data Transfer Unlimited Email accounts and it guarantees optimal service delivery.

Business hosting packages: The business web hosting is geared to provide a gateway to your customers, with enough power to ensure the success of your business in the digital economy. The plan starts at $7.99/month and includes 5 Domains, 10GB Disk Space, 100GB Data Transfer and Unlimited Email accounts.

Shared/Dedicated IPs: The Shared/Dedicated IPs plan is tailored for upcoming bloggers and include 500MB Disk Space, 5GB Data Transfer, 1 Website, 2 MySQL Database, cPanel Access, Free SSL Certificate, Unlimited Email accounts and Unlimited Sub Domains, all at $0.95 /month. What more would a newbie blogger ask for?

The package also comes with options to get your personal or small business sites up and running with the one-click WordPress installation for anyone who is looking to host their personal blogs for a low cost.

SeekaHost have robust network of servers stationed in different data centers around the world to guarantee optimal service delivery, as having your host near to your audience is a huge SEO advantage, and helps to ensure that your content can be accessed as fast as possible.

In conclusion, we are recommending SeekaHost mainly because of their cheap prices and vast network of servers that lets you choose where your site will be hosted, and the rigorous selection processes they put in to ensure that all data centers comply with the highest standards.

SeekaHost Review: Affordable Web hosting, Shared/Dedicated IPs and VPS Hosting



Google had been working on TouchID and fingerprint capabilities to enable users on Chrome to login to account via Web Authentication, and developers to access biometric authenticators through the Credential Management API's PublicKeyCredential type.

Now, the feature dubbed, "Local user verification" is rolling out to users to allow them to log into both native/web applications by registering their fingerprint or any of the other available authentication method set up to unlock their device, such as pattern, pins or password.

While in the future, this three APIs: Face Detection API, Barcode Detection API and Text Detection API, will along with the Face Detection API allow users to return the location of faces and other facial attributes like nose and mouth for a more accurate result.

The feature relies on Web Authentication API and the Client to Authenticator Protocol (CTAP), which are designed to offer simpler and more secure authentication methods that websites can use for secure web-based logins, taking advantage of Android's inbuilt FIDO2 certified security key capability that was rolled out earlier to all devices running Android 7.0 Nougat and later.

Google has also added the functionality to its web based password manage: passwords.google.com, which provides an online platform where users can view and edit their saved passwords.

The new authentication feature will be more useful for people with extreme security practices, who often create strong and unique passwords for every website and thereby faced with the trouble of having to remember each for every transaction. Google plans to expand this functionality to more Google services, including Google Cloud in the near future.

Google rolls out Fingerprint Authentication for Native Applications and Web services



If you are an Apple fan, you'd be familiar with the impressive continuity or convergence between their various devices. Take for instance, if you are watching a movie on Mac wearing earphones and got a call on your iPhone, you'll be presented the option of receiving the call right on your computer without resorting to your phone.

But unfortunately, same can’t be said about Google products, with such convergence features lacking on Android, it has been a huge turn down, especially for those who are switching to Android phone from iPhone.

Even Chromebooks running Google's Chrome OS can't boost of the level of convergence in Apple products with Android, albeit as a larger ploy to tie Chromebooks and Android devices closer together, Google had earlier outlined authentication by a secondary device plan, which is to allow you bypass your phone or tablet’s lock screen (though, optional).

The limitation, however remains that you can only open your Chromebook with your Android device in your pocket, with the laptop automatically getting unlocked and signing you into your Google account, without requiring a password.

And still, the area where Android is found wanting is whenever you want to receive your call on desktop, it really can't beat Apple, no not yet — in the continuity or convergence capabilities, though you’ll be able to receive notifications about incoming calls and see your text messages right on desktop, but you just can't pick up from it.

When such limits exists in Google's own ecosystem, what then is to be expected from cross-platform compliance with Windows, given the general adoption of Android smartphone, Google should be thinking in the line of incorporating more convergence features into Microsoft systems.

Microsoft, on the other hand, have been trying hard to take charge of what’s running on Android, with additions like "Your Phone" app that Microsoft released in 2018. Since then, the company has also added other useful features such as SMS Organiser to help Android users achieve better cross-device compatibility with Windows 10.

For now, we can only make-do with the Your Phone app which lets you sync Android notifications to Windows 10, and also send/receive SMS on your PC. It also allows you to sync recent photos and videos, with support for both Android and iOS.

Google found wanting in Android/desktop Cross-platform compliance



The Chinese technology giant, Huawei has announced its long rumored operating system, Harmony OS (Hongmeng OS in Chinese) as a supposed Android alternative based on a micro-kernel modular created by the company.

While Huawei maintains that HarmonyOS is quite different from Android and iOS with more scalability across different kinds of devices, like wearables, smart televisions, IoT devices, refrigerators, and cars, among others. The company touts its modular design as a “decoupled” OS from hardware, meaning that developers will adapt to the software with just one attempt, and it's also much faster than Android.

The first device to run the new OS, is the new Honor Vision TV launched by Huawei's subsidiary company, with the new TV also featuring a smartphone-style pop-up camera, albeit, Huawei did not project the new Harmony OS as a direct competitor to Android, rather it will serve as a sort of plan B should the US authorities go ahead with sanctions to withdraw their Android license.

Harmony OS has been in development since 2012, with the initial target to cater for IoT products such as wearables, smart displays, smart speakers and so forth, but the unforeseen US trade issue with China has forced the company to rethink its future, thereby mandating the transformation of the OS to support multiple platforms.

At the moment, the OS doesn’t support Android apps out of the box, but developers only need a single coding to recompile their Android apps to work in Harmony.

However, the huge challenge for the company will be on how to woo developers to join in Harmony and build up the much needed app ecosystem that could measure up to Android. Even though Harmony OS is an open-source operating system, Huawei will have to offer lots of incentives to increase developers interest in the new platform.

And perhaps, the modularized Harmony OS can be harnessed to adapt more with flexibility to any device to create a seamless cross-device experience, with the distributed capability kit leading to a shared developer ecosystem.

Harmony OS: Does Huawei's new Operating System stand a chance?



The Web browser has become an ubiquitous hub for both work and play, often storing our most confidential information, including banking and other personal data than any other programs.

While most browsers offer to save your login details or personal data: which may include bank card details for online stores, and billing address, which convenience is to help you autofill such requirements on any website than filling out the forms all over again, so as to worry less about forgotten passwords or not having your card information beforehand.

But, with the convenience of the autofill data, cybercriminals can now scoop up data from your computer by getting it infected by a stealer malware — which is crafted to steal information from browsers.

According to Kaspersky Lab, browsers based on the Chromium engine (such as Chrome, Opera and Yandex.Browser) store user data in same place, making it easy for the stealer malware to find the stored data, albeit the data are stored in encrypted form, but as the malware already have access to the system, it acts as the request is coming from the computer users.

So the malware puts in a request to the browser’s data encryption tool to decrypt the information stored on the computer, which requests are seemingly from the user and considered safe by default, the stealer in turn will now get all the passwords and credit card details saved on the browser.

However, Firefox browser appears to function a bit differently, given that it hides the password databases from strangers, and creates a random profile name for it, so that the malware cannot decode where to look out for the stored information. Though, the file name with the saved data doesn't change, there is no protection to stop the stealer from sifting through all the profiles and identifying the required file, as the folders containing the data are stored in one place.

As for the precise method and type of storage for Microsoft Internet Explorer and Edge depends on the application version, but still the reliability also leaves much on the table. Again the malware can easily retrieve passwords and banking card details direct from storage, by requesting it seemingly on behalf of the computer user.

Afterwards, the malware will simply request the relevant browser to decrypt the files, and it usually succeeds, as the decryption of data request appears to come from the user, because it is supposedly acting on behalf of the users and the malware now sends the data back to the cybercriminals.

It is therefore recommended for security reasons that users do not entrust their important information like banking card details to browsers for storage, rather them should manually enter it each time there is need — even though it may take longer time, but this is safer. Otherwise, you can also make use of a trusted password manager.

Why you should not Store Personal Information with Browser Autofill



The Russian hacking group also known by aliases such as Pawn Storm, Sofacy Group, APT28, and Sednit, with the name "Fancy Bear" which was derived from a coding system used to identify them by the security researcher, Dmitri Alperovitch, are back in the news.

While Microsoft have long engaged in a silent war against the group, as they had mostly targeted Windows with their malware, and have chosen domain names heavily related to Microsoft products, which gave Microsoft a ground to carry out several lawsuit against them for reserving domain names that violate its trademarks.

The hacking group is believed to have links to Russia’s GRU military intelligence, which was responsible for IoT-based attack on some unnamed Microsoft product customers, with hundreds of thousands of business networking and storage devices have been compromised and loaded with so-called “VPN Filter” malware.

Microsoft Threat Intelligence Center researchers also discovered infrastructure communicating to several external servers, with attempts by the hackers to compromise popular IoT devices (including VOIP phone, office printer, and video decoder) across different locations.

According to the researchers, after gaining access to IoT devices, the hackers ran tcpdump to sniff network traffic on local subnets, and by enumerating administrative groups attempt, furthered the exploitation. The hackers were able to drop a simple shell script which enabled them to establish persistence on the network allowing extended access for exploitation.

The analysis of network traffic showed that the actors used stealthy means to gain initial access to corporate networks, albeit lack of full awareness by enterprises of the devices running on their networks could be blamed for the vulnerabilities.

Microsoft, however have shared the information with the manufacturers of the specific devices involved and have continued to explore new protections for their own products.

Microsoft traces IoT device exploits to the Russian hacking group



The Incognito mode is a browsing mode within the Chrome browser which allow web users to surf the net without the recording of their browsing history, and thus serve as a blockade to low-level tracking techniques.

While Incognito Mode can't be classified as an anonymity tool, it does offer a new window that's more like a newly installed browser in which there are no cookies, no bookmarks, no saved history and pre-filled forms.

But there is a loophole in Chrome that allow some websites to shut down users trying to slip past count meters via Incognito Mode, whereby they monitor an API that's automatically disabled in Incognito Mode; Google has followed suit to shut down the ability of sites to sniff out Incognito Mode through the API.

Since the FileSystem API leave traces of activity on someone’s device, websites can check for the availability of the FileSystem API to determine if a private session is occurring, now Chrome’s FileSystem API have been disabled in Incognito Mode to avoid leaving any traces of activity.

Another Chrome update in the Progressive Web Apps (PWA) support which mimics the experience of traditional apps, through the caching of a version on the device for offline use, that even if you don’t have an internet connection, you can still be able to use the web service, as locally-installed software with the flexibility of online services.

Google will simplify the installation of PWA with Chrome 76, that when the distributing website meets the PWA install criteria, the browser will display a small icon at the right edge of the address bar; and on clicking the icon initiates the PWA installation process.

The bringing of PWA to the forefront, means that Google will be raising more awareness of the standard, and as the line between traditional apps and web pages continue to get blurred, PWA will be fully supported on more modern browsers for better user experience.

Google closes loophole in Chrome Incognito Mode



The online security ecosystem is a fascinating area of computing, though it does have its own share of jargon, which terminologies will appear to the non-techie individuals as mere gibberish.

Such terminologies as spyware, adware, and malware can be really confusing, so it behooves us to break them down a bit, so that our non-techie readers can understand which is which, and what every specific term actually means. While many online surfer, take the term virus as generalized dangerous software on any computer, but not all the malicious software are viruses, as each has its own different characteristics.

Anyone using an Internet connected PC must have encountered a form of these dangerous software programs, either via file sharing with other online users or through streaming movies and music online, as such portals are where malicious actors come to play.

What is a Malware and how does it affect Computers and Smartphones?



Malware is often confused with a virus, mostly they have malicious intents against the interest of the computer user rather than to cause harm to the system. It may include Trojan horses, ransomware, spyware, and adware, among others, which are all geared at stealing users personal information or data, while spying on their online activities.

For instance, there was a time Sony shipped Compact discs with rootkit silently installed on users' PCs with the sole intent of preventing illicit sharing or copying; but it also spied on users' listening habits, which created extra security vulnerabilities.

What is a Virus?



Virus is a program that replicates itself by modifying other computer programs and inserting own code, with the affected system said to have been "infected" - which means that the effect is mainly on the system, and it often employ complex stealth strategies to evade detection by antivirus software.

It is often mistaken as malware, but the later encompasses malicious programs such as computer worms, Trojan horses, ransomware, spyware, adware, and rootkits; also including malicious Browser Helper Object (BHOs), among others.

Though malware are less harmful to computer systems, protection against it is necessary to prevent data loss and hackers gaining access to your computer. For this purpose, there are several antivirus software, firewalls and other strategies that can be used to help protect against the infiltration of malware.

Additionally, it is recommended to always check for the presence of malware or any malicious activity on your PCs and smartphone, as recovering from such attacks can be a herculean task.

Jargon Buster: Get to know Terminologies in Online Security



TrickBot is back again in the news, after infecting nearly 250 million Google accounts, this time it has resurfaced with some new tricks - that's capable of disabling the Windows inbuilt antivirus software altogether.

Microsoft introduced the Windows Defender Advanced Threat Protection to its newest operating system, Windows 10, which protect the PCs by moving it up from isolated defenses to a smart, interconnected, and coordinated defense grid that is intelligent, simple to manage, and ever evolving.

But TrickBot has proven that the hallowed defense isn't quite foolproof, as the malware variant now has the ability to disable Windows Defender by deploying some tricks, which includes the deletion of the WinDefend service and subsequently terminating its associated processes.

TrickBot also deploys a DisableAntiSpyware Windows policy to fully thwart the Windows Defender, and equally disabling the real-time protection and Windows security notification service.

Though, there are still some level of protections available for Windows 10 users, like blocking access to Windows Registry and removal of admin rights, which can prevent TrickBot from successfully disabling the Windows Defender. Albeit, this line of defense itself will depend on how advanced the particular variant of TrickBot is actually, as it is known to download additional payloads in order to gain higher system privileges.

However, Windows 10 users should ensure that the “Tamper Protection” feature is enabled, even though the feature remains ‘On’ by default, the malware is capable of of disabling it and as long as it is enabled, Windows 10 users shouldn't be so much worried about the Trojan, as it makes it relatively safer by preventing the disabling of the Windows Defender.

TrickBot can disable Windows Defender Advanced Threat Protection



Google Play Protect is an anti-malware service that monitor apps for suspicious behavior, and amply ensures security by removing malicious apps before they can cause any damage on Android phones, introduced by Google.

The Play Protect is rather the pulling under the same umbrella of the former "Verify Apps" feature and tracking system, "Find My Phone" with some other nifty security systems into Android with the overall aim to protect Android devices from malware-ridden apps using in-built malware scanner.

But according to AV-Comparatives, an independent security analytics firm based in Austria, Google Play Protect performance is short of what was obtainable with third-party antivirus apps, which in its test involving Play Protect and popular antivirus apps like Avast, Avira, AVG, Bitdefender, F-Secure, Kaspersky, McAfee, and G Data, Google Play Protect scored 83.2% in malicious apps detection.

The malicious apps detection rate for Avast, Avira, AVG, Bitdefender, F-Secure, Kaspersky, McAfee, and G Data was at 99.9% with Trend Micro scoring a whopping 100% detection rate.

Google Play Protect’s in-built malware scanner was unsuccessful in detecting malware in apps, with what is perhaps the worst score in false-positive test. According to the test, 28 apps were flagged as ‘malicious’ by Play Protect wrongly out of 500 apps. Albeit, the Play Protect service continuous-scanning model was to ensure that even an app that appeared legit at installation could be red-flagged if it later tried to download a malicious module, but it proved insufficient to the safety of Android users.

Therefore, it remains sacrosanct that there is still need for third-party security apps, as Google’s efforts have been proven ineffective to solve the Android malware issue.

Google Play Protect Performs Worst than third-party antivirus apps