Connect with us

Biz & IT

This Week in Apps: Apple caves to China’s App Store demands, Q3 trend outlook, more

Published

on

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support, and the money that flows through it all.

The app industry in 2018 saw 194 billion downloads and more than $100 billion in purchases. Just in the past quarter, consumer spending exceeded $23 billion and installs topped 31 billion. It’s a fact: we spend more time on our phones than we do watching TV.

This week, the only thing on everyone’s minds was App Store censorship and Apple’s capitulation to the Chinese government. We also looked at the launch of a high-profile Catalyst app’s launch, and delved into a new analysis of Q3 trends.

Apple caves to China’s demands on App Store censorship

App Store censorship is a hot topic again this week, as Apple made the disappointing decision to cave to demands from Chinese officials to pull the HKmap app, which was being used by pro-democracy protestors in Hong Kong to crowdsource information about police presence and street closures. Apple originally banned the app, then changed its mind and allowed it back in the App Store, which prompted criticism by the Chinese government — which led Apple to pull the app down again.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Ukraine says Russia hacked its document portal and planted malicious files

Published

on

Ukraine has accused the Russian government of hacking into one of its government Web portals and planting malicious documents that would install malware on end users’ computers.

“The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities,” officials from Ukraine’s National Coordination Center for Cybersecurity said in a statement published on Wednesday. “The malicious documents contained a macro that secretly downloaded a program to remotely control a computer when opening the files.”

Wednesday’s statement said that the methods used in the attack connected the hackers to the Russian Federation. Ukraine didn’t say if the attack succeeded in infecting any authorities’ computers.
A large body of evidence has linked Russia’s government to several highly aggressive hacks against Ukraine in the past. The hacks include:

  • A computer intrusion in late 2015 against regional power authorities in Ukraine. It caused a power failure that left hundreds of thousands of homes without electricity in the dead of winter.
  • Almost exactly one year later, a second attack at an electricity substation outside Kyiv that once again left residents without power
  • A malicious update for widely used tax software in Ukraine that distributed disk-wiping malware to users. The so-called NotPetya worm ended up shutting down computers worldwide and led to the world’s most costly hack.

Elsewhere, Russia’s SVR intelligence agency has also been accused of carrying out the recently discovered hack that targeted at least nine US agencies and 100 companies in a supply chain attack against customers of the SolarWinds network management software.

Wednesday’s statement didn’t identify which of several known Russian hacking groups was accused of the breach.

Macro attacks like the one mentioned in the statement typically work by tricking Microsoft Office users into enabling macros, often under the guise that the macro is required for the document to display properly. The macros then download malware from an attacker-controlled server and install it.

The statement provided no details on how or when Ukraine’s System of Electronic Interaction of Executive Bodies—a portal that distributes documents to public authorities—was hacked or how long the intrusion lasted.

Indicators that someone has been compromised include:

Domain: enterox.ru

IP addresses: 109.68.212.97

Link (URL): http://109.68.212.97/infant.php

Wednesday’s statement came two days after Ukraine’s National Coordination Center for Cybersecurity reported what it said were “massive DDoS attacks on the Ukrainian segment of the Internet, mainly on the websites of the security and defense sector.” An analysis revealed that the attacks used a new mechanism that hadn’t been seen before. DDoS attacks take down targeted servers by bombarding them with more data than they can process.

Continue Reading

Biz & IT

Android users now have an easy way to check the security of their passwords

Published

on

Getty Images

Google is adding its password checkup feature to Android, making the mobile OS the latest company offering to give users an easy way to check if the passcodes they’re using have been compromised.

Password Checkup works by checking credentials entered into apps against a list of billions of credentials compromised in the innumerable website breaches that have occurred in recent years. In the event there’s a match, users receive an alert, along with a prompt that can take them to Google’s password manager page, which offers a way to review the security of all saved credentials.

Alerts look like this:

Google

Google introduced Password Checkup in early 2019, in the form of a Chrome extension. In October of that year, the feature made its way into the Google Password Manager, a dashboard that examines Web passwords saved within Chrome that are synchronized using a Google account. Two months later, the company added it to Chrome.

Google’s Password Manager makes it easy for users to directly visit sites using bad passwords by clicking the “Change Password” button displayed next to each compromised or weak password. The password manager is accessible from any browser, but it works only when users sync credentials using their Google account password, rather than an optional standalone password.

The new password checkup was available as of Tuesday on Android 9 and above for users of autofill with Android, a feature that automatically adds passwords, addresses, payment details, and other information commonly entered into Web and app forms.

The Android autofill framework uses advanced encryption to ensure that passwords and other information are available only to authorized users. Google has access to user credentials only when users 1) have already saved a credential to their Google account and 2) were offered to save a new credential by the Android OS and chose to save it to their account.

When a user interacts with a password by either filling it into a form or saving it for the first time, Google uses the same encryption that powers the Privacy Checkup in Chrome to check if the credential is part of a list of known compromised passwords. The Web application interface sends only passwords that are cryptographically hashed using the Argon2 function to create a search key that’s encrypted with Elliptic Curve cryptography.

In a post published Tuesday, Google said that the implementation ensures that:

  • Only an encrypted hash of the credential leaves the device (the first two bytes of the hash are sent unencrypted to partition the database)
  • The server returns a list of encrypted hashes of known breached credentials that share the same prefix
  • The actual determination of whether the credential has been breached happens locally on the user’s device
  • The server (Google) does not have access to the unencrypted hash of the user’s password and the client (User) does not have access to the list of unencrypted hashes of potentially breached credentials

Google has written more about how the implementation works here.

On most Android devices, autofill can be enabled by:

  1. Opening Settings
  2. Tapping System > Languages & input > Advanced
  3. Tapping Autofill service
  4. Tapping Google to make sure the setting is enabled

Separately, Google on Tuesday reminded users of two other security features added to Android autofill last September. The first is a password generator that will automatically choose a strong and unique password and save it to users’ Google accounts. The generator can be accessed by long-pressing the password field and selecting Autofill in the pop-up menu.

Users can also configure the Android autofill to require biometric authentication before it will add credentials or payment information to an app or Web field. Biometric authentication can be enabled inside of the Autofill with Google settings.

Continue Reading

Biz & IT

Report: Fry’s Electronics going out of business, shutting down all stores

Published

on

Enlarge / Fry’s Electronics in Fremont, CA.

Getty Images

Fry’s Electronics, the decades-old superstore chain with locations in nine American states, appears to have gone defunct. Bay Area TV station KRON-4 was the first press outlet to confirm the news late Tuesday, saying that Fry’s will shut down all 30 of its American locations. The retailer will reportedly make an announcement at some time on Wednesday via the Fry’s website.

Rumors began flying on Tuesday in the form of anecdotes from alleged Fry’s employees, who all reported that they’d been summarily fired earlier in the day with zero notice. One anonymous report posted at The Layoff alleged that every remaining Fry’s store in the US was “permanently closing tomorrow,” and that sentiment was echoed hours later at a Fry’s-related Reddit community. The Reddit post included the allegation that one store’s staffers were tasked with shipping any remaining merchandise back to suppliers during their final day at work.

Sacramento freelance journalist Matthew Keys followed these posts by citing an unnamed source—someone who had worked at Fry’s up until “this week”—who claimed that the electronics chain would make a formal announcement “this week” about closing all of its stores and liquidating any remaining assets. As the wave of rumors exploded, the official Fry’s website began serving 404 failures—yet some of its subsite content, particularly years-old press releases, remained active through Frys.com subdomains. As Tuesday wore on, the Fry’s retail site flickered into and out of normal service, even letting customers buy products after KRON-4’s report went live.

Spindles of savings

For years, Fry’s Electronics was the United States’ largest physical retailer dedicated to just about every computing and electronic device you could think of, particularly individual computer components. As the chain expanded to more stores throughout the US, particularly in taking over multiple defunct Incredible Universe locations, Fry’s rode the build-your-own boom of personal computing. If you built your own PC in the past two decades and lived within driving distance of a Fry’s, that store was likely where you began looking for motherboards, optical disc drives, RAM of all speeds and slots, and spindles of no less than 200 CD-Rs.

Additionally, the retailer was known for being the exclusive retailer partner for some odd merchandise, particularly the ill-fated Pono Player from famed musician Neil Young.

Through the ’00s, cashflow across the privately held Fry’s chain was apparently solid enough to survive a devastating internal meltdown: theft of over $65 million from the company’s coffers by its then-vice president.

But big-box retailers have long struggled in an Internet-shopping era, and the California-centric Fry’s hadn’t looked particularly strong as the pandemic wore down what appetite remained for in-person shopping. Shortly before the pandemic gripped the world, the chain shut down its Anaheim, CA location, which was followed by the November closure of its Campbell, CA store.

By 2020, the chain had already established a transition to consignment-style selling, which meant not paying manufacturers up-front for merchandise before putting it on store shelves. That practice has worked for some chains with a decades-long head start on the practice, particularly Wal-Mart. But in the case of Fry’s, this transition was met by electronics manufacturers who, in the Internet-rich era of 2019, had far less incentive to put their wares unpaid onto store shelves. (This will also reduce the defunct company’s potential to liquidate, as the consignment-based merchandise must simply be returned to original manufacturers—which may have been the final duty for remaining employees this week.)

Hence, Fry’s locations began earning a notorious reputation for barren store shelves. Now, apparently, their floors will be barren, as well. The company has yet to formally acknowledge layoffs or store closures at any of its social media channels—going so far as to delete its Facebook account and “lock” its Twitter profile—and as of press time, its website has yet to offer announcements about the company’s future.

Continue Reading

Trending