By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Apple scans photos to check for child sexual abuse images, an executive has said, as tech companies come under pressure to do more t. o tackle the crime. Jane Horvath, Apple’s chief privacy officer, said at a tech conference that the company uses screening technology to look for illegal images. The company says it disables accounts if Apple finds evidence of child exploitation material, although it does not specify how it discovers it. Apple has often clashed with security forces and authorities, refusing to break into criminals’ phones and applying encryption to its messaging app in the name of protecting its users’ privacy. Speaking at the Consumer Electronics Show in Las Vegas, Ms. Horvath said removing encryption was “not the way we’re solving these issues” but added: “We have started, we are, utilizing some technologies to help screen for child sexual abuse material.” An Apple spokesman pointed to a disclaimer on the company’s website, saying: “Apple is dedicated to protecting children throughout our ecosystem wherever our products are used, and we continue to support innovation in this space. “As part of this commitment, Apple uses image-matching technology to help find and report child exploitation. Much like spam filters in email, our systems use electronic signatures to find suspected child exploitation. “Accounts with child exploitation content violate our terms and conditions of service, and any accounts we find with this material will be disabled.” The company did not elaborate on how it checks for child abuse images, but many tech companies use a filtering system called PhotoDNA, in which images are checked against a database of previously identified images using a technology known as “hashing”. The technology is also used by Facebook, Twitter, and Google. Apple made a change to its privacy policy last year that said it may scan images for child abuse material. Ms. Horvath defended Apple’s decision to encrypt iPhones in a way that makes it difficult for security services to unlock them after the FBI raised the prospect of another clash with the company by asking it to unlock an iPhone allegedly owned by a dead gunman who killed three people at a naval base in Florida last month. “End to end encryption is critically important to the services we come to rely on…. health data, payment data. Phones are relatively small they get lost and stolen. More posted on OUR FORUM.

In the days after the US government said it would bar Huawei Technologies Co from buying vital American components, the Chinese company’s founder, Ren Zhengfei, pulled together an emergency meeting of his top lieutenants at headquarters in Shenzhen. In a large conference room, the billionaire asked for a report from the head of each business unit on how they would be affected by the Trump administration’s ban, which blocks US companies from supplying everything from semiconductors to the software. Their assessments were dire. "We thought we had lost the world,” said Will Zhang, who attended as president of corporate strategy. It turns out they were far too pessimistic. Huawei recorded an 18% rise in sales to a new high of 850bil yuan (RM500.52bil) last year, although that was down from about 23% in the first half and missed its own internal targets. Company projections for 2020 are similar. Huawei holds the enviable position of being the world’s largest supplier of communications equipment to telecom operators and the largest smartphone maker globally after Samsung Electronics Co. Huawei isn’t just surviving; it’s actually thriving in some areas. The question is for how long. Last week, executives warned in a New Year’s memo that survival itself is a priority, urging employees to brace for a difficult 2020. Inventories stockpiled months in advance of the May blacklisting are drying up. The company can no longer count on momentum alone to drive the business, Rotating Chairman Eric Xu warned. How Huawei survived the US blacklisting could prove a case study in unintended consequences and a vast shift underway in global IT production. Huawei is a big customer for all of its suppliers, and a few actually cut ties after the blacklisting. Others lost out to rivals in Japan and South Korea. But American companies with extensive global operations, including Microsoft Corp and chipmaker Micron Technology Inc, found legal ways around the ban, leaning on the production outside the US so Huawei-destined products wouldn’t be hit. Huawei itself put armies of engineers to work redesigning products to reduce its reliance on American parts. Trump’s attack also had surprising implications for Huawei’s brand. A few countries, like Australia, agreed with the US president’s assessment and barred its equipment from their networks. But in the rest of the world, Huawei’s name recognition soared. After laboring in obscurity for decades, the maker of digital piping was suddenly front-page news everywhere. Beyond the US and its close allies, telecom operators wanted to find out what all the fuss was about. In China, consumers and carriers rallied to Huawei’s side in response to what they saw as unfair persecution, driving a sales boom. The Trump sanctions in some ways validated Huawei’s ability to develop cutting-edge technology, from fifth-generation networking gear to AI chips. Follow this in-depth on OUR FORUM.

Several major Microsoft products will reach their end of support during 2020, with Office 2010, Visual Studio 2010, Windows 7, Windows Server 2008 (including 2008R2), and multiple Windows 10 versions including 1803 and 1903 being some of the most important ones. For products that have reached their end of support, Microsoft stops providing bug fixes for issues that are discovered, security fixes for newly found vulnerabilities, or technical support. Customers who still use end of service software are advised by Redmond to upgrade as soon as possible to the latest on-premise or cloud version to keep their systems secure and bug-free. However, as Microsoft says on its support website, "For customers requiring more time to move to the latest product, the Extended Security Update (ESU) program is available for certain legacy products as a last resort option. The ESU program provides security updates only for up to 3 years, after the End of Support date. Contact your account manager, partner or device manufacturer for more information." "Modern Lifecycle Policy covers products and services that are serviced and supported continuously" according to Redmond's support site with the company providing a minimum of 12 months' notification before ending support if no replacement product or service is available. According to Microsoft, a very long list of products governed by the company's Fixed Policy will also reach their end of support in 2020. "Fixed Lifecycle Policy applies to many products currently available through retail purchase or volume licensing," says Microsoft. This policy provides customers with at least 10 years of support (a minimum of 5 years of Mainstream Support followed by 5 years of Extended Support), with some exceptions. Besides the long list of products being retired, there are also many of them that will move to Extended Support from Mainstream Support in 2020. "Extended Support lasts for a minimum of 5 years and includes security updates at no cost, and paid non-security updates and support," says Microsoft. "Additionally, Microsoft will not accept requests for design changes or new features during the Extended Support phase." More in-depth details along with links, and detailed lists can be found on OUR FORUM.

Microsoft has been warning us that this day would come. And now, it’s almost here. Windows 7 end of life lands on January 14, 2020. After that deadline, Windows users running older versions of the desktop operating system will face a difficult choice – cough-up for a hefty bill to upgrade to Windows 10 or brace themselves for some dangerous risks on their home PC. By ending support for the aging Windows 7 operating system, which was first launched back in July 2009, Microsoft will stop rolling-out updates with new features, security updates or protections against malware. That means any issues with the software – or any new vulnerabilities discovered by cybercriminals – can be leveraged from indefinitely. Less serious, perhaps – but this also means any annoying bugs or glitches that crop-up will also be immortalized in the operating system. If you’d like to benefit from the latest security protections and anti-virus solutions from Microsoft, you’ll have to update your machine to an operating system the Redmond-based company does support – namely, Windows 10. Although Microsoft has offered free upgrades to users running official versions of its operating systems in the past, that’s not possible at the moment. We’ve heard from a number of loyal readers who swear there are still ways to upgrade to Windows 10 from Windows 7 for free using tools provided by Microsoft, however representatives from Microsoft tell us that its no-cost upgrade offer expired on July 29, 2016, and there is no officially sanctioned way to update your machine without paying. The firm also says that for the vast majority of Windows 7 users, moving to a new device with Windows 10 preinstalled is the recommended path – not upgrading the operating system on the older hardware. "Today’s PCs are faster, lightweight yet powerful, and more secure, with an average price that’s considerably less than that of the average PC over nine years ago," Microsoft said in an email sent to us. If you’re still pretty fond of your old computer and don’t like the idea of upgrading the hardware simply to ensure that Microsoft supports the operating system that you’re using – it could be a costly update. Further details are posted on OUR FORUM.

Microsoft sued a cyber-espionage group with North Korean links tracked as Thallium for breaking into its customers' accounts and networks via spear-phishing attacks with the end goal of stealing sensitive information, as shown by a complaint unsealed on December 27. "To manage and direct Thallium, Defendants have established and operate a network of websites, domains, and computers on the Internet, which they use to target their victims, compromise their online accounts, infect their computing devices, compromise the security of their networks, and steal sensitive information from them," Microsoft's complaint says]. The lawsuit was filed by Microsoft on December 18 in the U.S. District Court for the Eastern District of Virginia, as first reported by Bloomberg Law's Blake Brittain. According to Microsoft, Thallium targets both public and private industry targets and it has been observed while previously attacking "government employees, organizations and individuals that work on Nuclear Proliferation issues, think tanks, university staff members, members of organizations that attempt to maintain world peace, human rights organizations, as well as many other organizations and individuals." The North Korean hackers are also believed to have been active since at least 2010 according to Redmond's complaint, and it is known for being behind spear-phishing attacks they operate via legitimate services such as Gmail, Yahoo, and Hotmail. A list of 50 domains used by Thallium in their attacks is available in Appendix A of Microsoft's complaint against the hacking group. Netscout's ATLAS Security Engineering & Response Team (ASERT) also tracks one of the North Korean hacking group's campaigns as STOLEN PENCIL. According to Netscout, the hackers' STOLEN PENCIL APT campaign has been targeting academic institutions since at least May 2018 in spear-phishing attacks with the end goal of stealing credentials. Based on several shared resources, Palo Alto Networks' Unit42 also linked Thallium's STOLEN PENCIL campaign with a malware dubbed BabyShark and delivered as part of a spear-phishing campaign focused "on gathering intelligence related to Northeast Asia’s national security issues," starting with November 2018. "Well-crafted spear-phishing emails and decoys suggest that the threat actor is well aware of the targets, and also closely monitors related community events to gather the latest intelligence," Unit42 said. Follow the link to OUR FORUM for more.

Microsoft is working on adding support to the Outlook on the web browser-based client for sending emails via alias email addresses (also known as aliases or proxy addresses). After the feature's release, Office 365 customers will be able to send messages via Outlook on the web using any previously set up alias besides their primary SMTP address. Email sender aliases support will prove useful for users who need to send emails from multiple branded domain names or on behalf of a specific company team or department. Having the choice to choose any alias available for their account will also remove the hassle of setting up shared Office 365 mailboxes or creating additional POP or IMAP accounts. "So to kick-off our journey to provide you and your users with the flexibility to send email using an alias, we're excited to announce that soon Outlook on the web (aka OWA) will natively support the ability to choose the sender or FROM from a drop-down list right within the compose pane," says the planned feature's Microsoft 365 roadmap entry. "And when the recipient receives that message, the FROM and REPLY TO will show that alias, regardless where the recipient's mailbox happens to live." This new feature designed to allow Office 365 customers to send email from proxy addresses (aliases) from Outlook on the web is currently under development, with Microsoft planning to make it generally available in all Exchange environments during Q4 2020. In related news, Microsoft is working on adding the highly popular Outlook for Windows Message Recall feature to the Exchange Online hosted cloud email service for businesses. Once it will roll out to all Office 365 environments during Q4 2020, the Message Recall feature will make it possible for users of Microsoft's cloud email to retrieve emails not yet opened by the recipients, regardless of the email client they use. Redmond is also planning to add protection against Reply-All email storms in Exchange Online sometime during Q3 2020, an issue impacting Office 365 members of improperly locked down email distribution lists. Reply-All storms (aka reply-allpocalypses) are huge chain reaction email sequences usually started by one of the members of a large email list who replies to the entire list using the "Reply All" feature. This can lead to accidental Distributed Denial of Service (DDoS) incidents that could take down some of the email servers used to deliver the numerous replies. Follow this and more on OUR FORUM.

 

Translate