Tag Archives: being

Trend Micro apps fiasco generates even more questions

The saga surrounding Trend Micro apps being removed from the Mac App Store for gathering data inappropriately drags on, but the company’s latest admission raises even more questions.

In the latest update to its response to allegations that its Mac apps were stealing user data, Trend Micro admitted that it published another banned app — Open Any Files: RAR Support.

Thomas Reed, director of Mac and mobile at Malwarebytes Labs, had previously found the Open Any Files app — listed as being developed by Hao Wu — to be gathering the same data as the Trend Micro apps, transmitting that data to Trend Micro servers and promoting Trend Micro’s Dr. Antivirus app, which was one of the six Trend Micro apps banned initially by Apple. 

While the cybersecurity company based in Japan did not explain why it did not take ownership of the Open Any Files app before, Trend Micro admitted the app used “the same module” to collect browser history data as the other Trend Micro apps. As such, the company said it would “no longer publish or support this product.”

Reed found the admission interesting because Trend Micro had previously described Open Any Files as an affiliate app.

“I’m not sure who Hao Wu is. I had assumed it was someone who was abusing the Trend affiliate program to get paid for referrals to their apps. It’s very odd that Trend is now saying that they own that app,” Reed said via Twitter direct message. “Why would their own app use App Store affiliate links when linking to other apps they own?”

Reed added that Malwarebytes had found the Open Any Files app to be “very shady” and so he had been tracking it since December.

“[Promoting other Trend Micro apps] was its sole purpose. The other functionality it provided was extremely minimal, and it used [a] trick to get triggered any time the user opened an unfamiliar document type,” Reed said. “I’m not entirely sure what the point is. These are all junk apps that are a dime a dozen on the App Store. They really don’t provide much — if any — value to the user, in my opinion. I suspect the data collection was a primary goal, but that’s just a theory.”

When questioned about Open Any Files and the other Trend Micro apps, the company refused to answer and instead linked to the updated blog post, noting that it now has an FAQ and “will continue to be updated with other questions and answers.”

Reed said the company didn’t seem ready to talk about the issues with the Trend Micro apps for Mac, but they should have been because changes to the apps indicated they expected the controversy.

“One thing that is striking is their claim about displaying [an end-user license agreement] that the user has to agree to. That was not the case in any of our testing, which actually started back in December, and was repeated several times right up to just before publication of our article,” Reed said. “Someone on Twitter posted a couple screenshots… before September 7 and after September 7. Before, no EULA. After, the EULA appeared. They knew this was coming, and their response was to add a EULA rather than remove the data exfiltration code.”

For Sale – Logitech Mice (Faulty/Spares/Repairs) – Free

Logitech M705 and Logitech M310.

Both have tracking issues unless they are being used with a mouse mat. No unifying receiver.

Would rather give it away to someone that may be able to fix as opposed to throwing them out.

Thanks for looking

Price and currency: Free (just cover postage)
Delivery: Delivery cost is not included
Payment method: Paypal Gift
Location: Harrow
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Bing helps you learn more about the news in less time

Being an informed consumer of the news is more challenging today than it used to be. We live in a busy world where dozens of headlines compete for our attention every day. On top of that, it’s difficult to know if you’re getting all sides of a story or just leaning into an echo chamber, and it can feel like a full-time job to seek out various points of view.

At Bing, we want to empower users to get an overview of the news in less time. That’s why we built the Bing spotlight that provides overviews of news topics that you can see right in the Bing search results when you search for major developing news stories.

Spotlight shows users the latest headlines, a rundown of how the story has developed over time, and relevant social media posts from people around the web. Spotlight also shows diverse perspectives on a given topic so users can quickly get a well-rounded view on the topic before deciding what they want to go deeper on and read by clicking on any of the articles.

Spotlight is currently available on Bing desktop and mobile web in the US.


 

Users’ trust in the news we present is of the utmost importance to Bing, and we’re committed to providing a well-rounded view of news from diverse, quality sources.

To start, Bing monitors millions of queries and news articles every day and identifies impactful stories that evolve over a period of weeks or months. We look at various user signals such as queries and browser logs, and document signals from publishers such as how many publishers cover a story, their angles, and how prominently they feature the story on their site.  For controversial topics, in the Perspectives module, we show different viewpoints from high-quality sources. For a source to be considered high quality, it must meet the Bing News PubHub Guidelines, which is a set of criteria that favors originality, readability, newsworthiness, and transparency. Top caliber news providers identify sources and authors, give attribution and demonstrate sound journalistic practices such as accurate labeling of opinion and commentary. Behind the scenes, we leverage our deep learning algorithms and web graphs of hundreds of millions of web sites in the Bing index to identify top sources for national news, per category, query, or article. Our goal is to provide broader context for impactful stories, from politics to business to major disasters, and much more.

To try the new experience, search for major news topics like self-driving cars on Bing.com, or find the latest spotlights on the Bing.com homepage carousel.

Providing different perspectives in our spotlight experience is part of a broader effort to help our users be more informed with various perspectives on a range of topics, from news to common health questions. We’re working hard to expand the range of topics covered by this approach, including expanding the numbers of topics spotlight covers, to help you become more informed in less time and effort. We hope you’re as excited about these updates as we are!

Wanted – GPU cheap as chips

Hey all, after being a bit of a plonker, I’ve managed to break my GPU and can’t afford a new one for the next few weeks.

Not looking for much, literally the cheapest GPU I can find. Cex sell the 6850 for £20, so that should be a decent baseline for people to go on what I need. I’d sooner give someone on here the money rather than Cex or a shop.

Let me know,

Thanks.

Location: Skegness

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Infosec mental health support and awareness hits Black Hat 2018

LAS VEGAS — Rather than continue being reactive to social issues, Black Hat 2018 took steps to be more proactive in addressing and bringing awareness to the topic of infosec mental health.

The Black Hat conference set up a “self-care” lounge for attendees and included two complementary sessions covering the negative infosec mental health issues of depression and burnout and how the cybersecurity community can prove to be a source of aid for those suffering from post-traumatic stress disorder (PTSD).

During “Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community,” speakers Christian Dameff, emergency medicine physician and clinical informatics fellow at the University of California, San Diego, and Jay Radcliffe, cybersecurity researcher at Boston Scientific, shared personal stories of depression and burnout, as well as ways to identify symptoms in oneself or in co-workers.

Radcliffe noted that the widely acknowledged skills gap could be a contributing factor of infosec mental health issues. 

“With global staffing shortages in information security, we’re seeing departments that should have 10 people work with five. And that increases stress,” said Radcliffe, adding that infosec workers can even have a “hero complex” that leads to taking on more work than is healthy.

Radcliffe said workers and employers should keep an eye out for common symptoms, including, “feeling cynical, no satisfaction from accomplishments, dreading going to work and no work-life balance.” He suggested options such as speaking to counselors, therapists and psychologists, and also being mindful that workers take vacations and managers ensure time off is encouraged.

In the talk, “Demystifying PTSD in the Cybersecurity Environment,” Joe Slowik, adversary hunter at Dragos Inc., expanded on those topics and talked about how working in the infosec community helped him deal with PTSD from his military service in Afghanistan.

Slowik was careful to point out that PTSD should not be confused with burnout, depression or other infosec mental health issues because, as he wrote via email, certain “solutions or mitigations that may be appropriate for one, [may not be for] others.”

“For example, it is likely advisable to tell someone to step away from work for a bit to combat burnout — but in the case of PTSD where an individual may gain empowerment or agency from doing work they love/are successful at, such a step may in fact be counterproductive (it is for me),” Slowik wrote. “Similarly, for depression, treatment may simply be a combination of taking time away, medication, and some degree of therapy, whereas successful treatment of PTSD requires more intensive interventions and likely must be ongoing and continuing to be effective. Combining all of these into the same category means very real mistakes can be made, which at best leave a situation unresolved, and at worst exacerbate it.”

Slowik added that being in the infosec community was “empowering” because it allowed him “to do well at doing good.”

Information security work has allowed me to reclaim a sense of agency by having direct, measurable, recognizable impact in meaningful affairs.
Joe Slowikadversary hunter, Dragos Inc.

“One of the more pernicious aspects of PTSD is a loss of agency deriving from a moment of helplessness when one’s life/integrity was placed in severe danger or risk — re-experiencing this event leaves one feeling worthless and helpless in the face of adversity,” Slowik wrote. “Information security work has allowed me to reclaim a sense of agency by having direct, measurable, recognizable impact in meaningful affairs, and at least for me has been instrumental in moving beyond past trauma.”

The talks showed two sides of the security community that don’t often get talked about: how the work can be both the cause of — and the remedy for — infosec mental health issues.

The attendance for the two talks was noticeably lower than for the more technical talks. It is unclear if this was due to poor marketing, unreasonable expectations for attendance, or the social stigmas surrounding mental health issues.

Slowik said he was grateful for those who attended and noted that the lower attendance could also be attributed to his talk being “the first scheduled talk the morning after Black Hat’s infamous parties.”

“Numbers are irrelevant, as conversations after the presentation made it clear this really reached members of the audience,” Slowik wrote. “My only hope is that this talk, along with other items from the Black Hat Community track, are made publicly available since so many good lessons and observations were made in this forum and these should be shared with the wider information security community.”

Meltdown and Spectre disclosure suffered “extraordinary miscommunication”

LAS VEGAS — Despite Google’s own Project Zero being part of the discovery team for the Meltdown and Spectre vulnerabilities, Google itself wasn’t notified until 45 days after the initial report was sent to Intel, AMD and ARM.

Speaking at a panel on Meltdown and Spectre disclosure at Black Hat 2018 Wednesday, Matt Linton, senior security engineer and self-described “chaos specialist” at Google’s incident response team, explained how his company surprisingly fell through the cracks when it came time for the chip makers to notify OS vendors about the vulnerabilities.

“The story of Google’s perspective on Meltdown begins with both an act of brilliance and an act of extraordinary miscommunication, which is a real part of how incident response works,” Linton said during the session, titled “Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre.”

Even though Project Zero researcher Jann Horn was part of both the Meltdown and Spectre discovery teams, Linton said, Project Zero never notified Google directly. Instead, the Project Zero group followed strict guidelines for responsible vulnerability disclosure and only notified the “owners” of the bugs, namely the chip makers.

“They feel very strongly in PZ [Project Zero] about being consistent about who they notify and rebuffing criticism that Project Zero gives Google early heads up about bugs and things,” Linton said. “I assure they did not.”

Project Zero notified Intel and the other chip makers about the vulnerabilities on June 1, 2017. It had been previously reported that Google’s incident response team wasn’t looped into the Meltdown and Spectre disclosure process until July, but it wasn’t entirely clear why that was. Linton explained what happened.

“[Project Zero] notified Intel and the other CPU vendors of these speculative execution vulnerabilities and they said a third of the way through the email that ‘We found these, here are the proof of concepts, and by the way, we haven’t told anyone else about this including Google, and it’s now your responsibility to tell anyone you need to tell,’ and somewhere along the line they missed that piece of the email,” he told the audience.

Linton said the CPU vendors began the Meltdown and Spectre disclosure process and started notifying companies that needed to know such as Microsoft, but they apparently believed Google had already been informed because Project Zero was part of the discovery teams. As a result, Google was left out of early stage of the coordinated disclosure process.

“As an incident responder, I didn’t find out about this until mid-July, 45 days after [the chip vendors] discovered it,” Linton said.

The miscommunication regarding Google was just one of several issues that plagued the massive coordinated disclosure effort for Meltdown and Spectre. The panelists, which included Eric Doerr, general manager of the Microsoft Security Response Center, and Christopher Robinson, principal program manager and team lead of Red Hat Product Security Assurance, discussed the ups and down of the complex, seven-month process as well as advice for security researchers and vendors based on their shared experiences.

Editor’s note: Stay tuned for more from this panel on the Meltdown and Spectre disclosure process.

For Sale – Aorus X7 v6 17.3″ GTX1070 G-Sync Gaming Laptop

Hi,

I’m selling my gaming laptop as it is no longer being used after getting another desktop.

It’s an Aorus X7 v6 with the following spec,

Intel Core i7 6820HK
32GB DDR4 RAM
512GB M.2 NVMe + 1TB HDD
8GB GTX 1070
17.3″ 1440p 120Hz G-Sync screen
RGB Keyboard

The laptop was purchased from Scan in Jan 2017 and is excellent condition with no marks or scratches and comes in it’s original box.

[​IMG]
[​IMG]
[​IMG]
[​IMG]
[​IMG]

Price and currency: £1200
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Dunfermline
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Aorus X7 v6 17.3″ GTX1070 G-Sync Gaming Laptop

Hi,

I’m selling my gaming laptop as it is no longer being used after getting another desktop.

It’s an Aorus X7 v6 with the following spec,

Intel Core i7 6820HK
32GB DDR4 RAM
512GB M.2 NVMe + 1TB HDD
8GB GTX 1070
17.3″ 1440p 120Hz G-Sync screen
RGB Keyboard

The laptop was purchased from Scan in Jan 2017 and is excellent condition with no marks or scratches and comes in it’s original box.

[​IMG]
[​IMG]
[​IMG]
[​IMG]
[​IMG]

Price and currency: £1200
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Dunfermline
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Aorus X7 v6 17.3″ GTX1070 G-Sync Gaming Laptop

Hi,

I’m selling my gaming laptop as it is no longer being used after getting another desktop.

It’s an Aorus X7 v6 with the following spec,

Intel Core i7 6820HK
32GB DDR4 RAM
512GB M.2 NVMe + 1TB HDD
8GB GTX 1070
17.3″ 1440p 120Hz G-Sync screen
RGB Keyboard

The laptop was purchased from Scan in Jan 2017 and is excellent condition with no marks or scratches and comes in it’s original box.

[​IMG]
[​IMG]
[​IMG]
[​IMG]
[​IMG]

Price and currency: £1400
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Dunfermline
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Aorus X7 v6 17.3″ GTX1070 G-Sync Gaming Laptop

Hi,

I’m selling my gaming laptop as it is no longer being used after getting another desktop.

It’s an Aorus X7 v6 with the following spec,

Intel Core i7 6820HK
32GB DDR4 RAM
512GB M.2 NVMe + 1TB HDD
8GB GTX 1070
17.3″ 1440p 120Hz G-Sync screen
RGB Keyboard

The laptop was purchased from Scan in Jan 2017 and is excellent condition with no marks or scratches and comes in it’s original box.

[​IMG]
[​IMG]
[​IMG]
[​IMG]
[​IMG]

Price and currency: £1400
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Dunfermline
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.