By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

There are times when corporations lose their temper. Well, they're people too. In Microsoft's case, it's people and politics that are driving the company crazy. I'm quite used to hearing that Microsoft has annoyed someone. Usually, it's a Windows user who's angry about Redmond's keenness to slip unwanted products onto their screens. I was rather moved, then, to hear that Microsoft itself is enduring conniptions of the most fundamental kind. You see, the company recently commissioned research company YouGov to ask 5,000 registered voters about their innermost feelings. One or two deeply felt highlights emerged. 90% of respondents admitted they're worried every time they share their information online. 70% privately pointed their fingers at the US government. They said it isn't doing enough to protect their personal data. A similar 70% said they'd like to see the next administration enact privacy legislation. How do I know this made Microsoft angry? Well, these details come from a bracingly seething blog post -- published this week -- from the company's "Corporate Vice-President For Global Privacy and Regulatory Affairs and Chief Privacy Officer." Extraordinarily, we're talking about just one person with all those titles, Julie Brill. She doesn't think the US government is doing brilliantly. Brill tried to rein in her irksome. She began by talking about the importance of data in our new, more domestically confined world. She said: "Data is critical not just in rebuilding our economy but in helping us understand societal inequalities that have contributed to dramatically higher rates of sickness and death among Black communities and other communities of color due to COVID-19. Data can also help us focus resources on rebuilding a more just, fair, and equitable economy that benefits all." A fundamental problem said Brill is the lack of trust in society today. In bold letters, she declared: "The United States has fallen far behind the rest of the world in privacy protection." I can't imagine it's fallen behind Russia, but how poetic if that was true. Still, Brill really isn't happy with our government: "In total, over 130 countries and jurisdictions have enacted privacy laws. Yet, one country has not done so yet: the United States." Brill worries our isolation isn't too splendid. She mused: "In contrast to the role our country has traditionally played on global issues, the US is not leading, or even participating in, the discussion over common privacy norms." That's like Microsoft not participating in the creation of excellent smartphones. It's not too smart. Brill fears other parts of the world will continue to lead in privacy, while the US continues to lead in inaction and chaos. It sounds like the whole company is mad as hell and isn't going to take it anymore. Yet it's not as if Microsoft has truly spent the last 20 years championing privacy much more than most other big tech companies. In common with its west coast brethren, it's been too busy making money. Brill is undeterred. She tried to offer good news. Some states are taking the matter of privacy into their own jurisdictions. And then she offers words of hope that, to this reader at least, swim in baths of sarcasm: "There are also signs of real interest among some members of Congress." Real interest among members of Congress can often feel like real sincerity. You hope it's there, but you suspect it's not. Yet I sense Brill doesn't have too much hope in governmental action. So, spurred again by the company's research, she turned to the corporate world. "The YouGov study found that significantly more people believe companies bear the primary responsibility for protecting data privacy -- not the government," she said. Yet what do those companies do? They make privacy controls your responsibility, dear citizen. Full details are posted on OUR FORUM.

This underappreciated Android gem can protect your privacy and make your phone significantly more secure, but it's up to you to dust it off and use it. It's amazing how many useful Android features get buried in the operating system and then forgotten over time. When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way. One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014. Guest Mode, in case you've also forgotten, does exactly what you'd expect: It gives you an on-demand way to switch your phone into a blank-slate-like state, where your personal apps, accounts, and data are all securely tucked away and you instead get an out-of-the-box-like experience, with only the basic preinstalled system apps in place. It's almost like an incognito mode of sorts, applied to your entire phone: All your regular stuff is gone, and nothing done in that environment has any impact on your standard smartphone setup. The implications for that are enormous. The biggest realistic threat with smartphone security, after all, isn't the coming invasion of scary-sounding malware monsters (which, as we've discussed to death 'round these parts, are more about sensationalism and security software sales than any pressing, practical danger). Nope — it's your own negligence and occasional lapse in judgment. And even if you take every possible step to protect your privacy and strengthen your phone's security, all it takes is a single, brief pass-off of your device to the wrong person to send all your best-laid efforts swirling down the drain. Whether we're talking about sensitive company data or your own personal photos, messages, and maybe even browsing history, it doesn't take long for the wrong set of eyes to see something they shouldn't — whether it's deliberate or by mistake. That's exactly the sort of slip-up Android's Guest Mode can prevent — and best of all? Once you remember that it's there, it's simple as can be to deploy. First things first, we need to make sure your phone is set up properly to support the feature, as it's often disabled by default these days. If you have a Samsung phone, unfortunately, you're out of luck here, as Samsung has for no apparent reason opted to remove this standard operating system element from its software. When you're ready to exit out of Guest Mode and get back to normal, just repeat the same first two steps from above — opening the Quick Settings panel and tapping the user profile picture — and this time, select "Remove guest" from the menu that comes up. That'll completely erase and reset everything that was done in that temporary profile and, once you put in your PIN, pattern, or password (or use biometric authentication), take you back to your own standard Android setup. A pretty useful possibility, right? The power's been right there at your fingertips all along — and now that you've got it activated and in the back of your mind, you can tap into it anytime the need arises. Visit OUR FORUM for more details and a guide on how to enable this privacy measure.

Emotet diversifies arsenal with new lures to trick users into infecting themselves. In today's cyber-security landscape, the Emotet botnet is one of the largest sources of malspam — a term used to describe emails that deliver malware-laced file attachments. These malspam campaigns are absolutely crucial to Emotet operators. They are the base that props up the botnet, feeding new victims to the Emotet machine — a Malware-as-a-Service (MaaS) cybercrime operation that's rented to other criminal groups. To prevent security firms from catching up and marking their emails as "malicious" or "spam," the Emotet group regularly changes how these emails are delivered and how the file attachments look. Emotet operators change email subject lines, the text in the email body, the file attachment type, but also the content of the file attachment, which is as important as the rest of the email. That's because users who receive Emotet malspam, besides reading the email and opening the file, they still need to allow the file to execute automated scripts called "macros." Office macros only execute after the user has pressed the "Enable Editing" button that's shown inside an Office file. Tricking users to enable editing is just as important to malware operators as the design of their email templates, their malware, or the botnet's backend infrastructure. Across the years, Emotet has developed a collection of boobytrapped Office documents that use a wide variety of "lures" to convince users to click the "Enable Editing" button. But this week, Emotet arrived from a recent vacation with a new document lure. File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button (don't press it). According to an update from the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world. Per this report, on some infected hosts, Emotet installed the TrickBot trojan, confirming a ZDNet report from earlier this week that the TrickBot botnet survived a recent takedown attempt from Microsoft and its partners. These boobytrapped documents are being sent from emails with spoofed identities, appearing to come from acquaintances and business partners. Furthermore, Emotet often uses a technique called conversation hijacking, through which it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and adding the boobytrapped Office documents as attachments. The technique is hard to pick up, especially among users who work with business emails on a daily basis, and that is why Emotet very often manages to infect corporate or government networks on a regular basis. In these cases, training and awareness is the best way to prevent Emotet attacks. Users who work with emails on a regular basis should be made aware of the danger of enabling macros inside documents, a feature that is very rarely used for legitimate purposes. Knowing how the typical Emotet lure documents look like is also a good start, as users will be able to dodge the most common Emotet tricks when one of these emails lands in their inboxes, even from a known correspondent. For more detailed information visit OUR FORUM.

A distributed denial-of-service attack (DDoS attack) sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all. While a DDoS attack is one of the least sophisticated categories of cyberattack, it also has the potential to be one of the most disruptive and most powerful by taking websites and digital services offline for significant periods of time that can range from seconds to even weeks at a time. DDoS attacks are carried out using a network of internet-connected machines – PCs, laptops, servers, Internet of Things devices – all controlled by the attacker. These could be anywhere (hence the term 'distributed') and it's unlikely the owners of the devices realize what they are being used for as they are likely to have been hijacked by hackers. Common ways in which cybercriminals take control of machines include malware attacks and gaining access by using the default user name and password the product is issued with – if the device has a password at all. Once the attackers have breached the device, it becomes part of a botnet – a group of machines under their control. Botnets can be used for all manner of malicious activities, including distributing phishing emails, malware or ransomware, or in the case of a DDoS attack, as the source of a flood of internet traffic. The size of a botnet can range from a relatively small number of zombie devices to millions of them. Either way, the botnet's controllers can turn the web traffic generated towards a target and conduct a DDoS attack. Servers, networks, and online services are designed to cope with a certain amount of internet traffic but, if they're flooded with additional traffic in a DDoS attack, they become overwhelmed. The high amounts of traffic being sent by the DDoS attack clog up or takes down the systems' capabilities, while also preventing legitimate users from accessing services (which is the 'denial of service' element).  An IP stressor is a service that can be used by organizations to test the robustness of their networks and servers. The goal of this test is to find out if the existing bandwidth and network capacity are enough to handle additional traffic. An IT department using a stressor to test their own network is a perfectly legitimate application of an IP stressor. However, using an IP stressor against a network that you don't operate is illegal in many parts of the world – because the end result could be a DDoS attack. However, there are cyber-criminal groups and individuals that will actively use IP stressors as part of a DDoS attack. What's widely regarded as the first malicious DDoS attack occurred in July 1999 when the computer network at the University of Minnesota was taken down for two days. A network of 114 computers infected with Trin00 malware all directed their traffic at a computer at the university, overwhelming the network with traffic and blocking legitimate use. No effort was made to hide the IP address of the computers launching the traffic – and the owners of the attacking systems had no idea their computers were infected with malware and were causing an outage elsewhere. The world didn't have to wait long after the University of Minnesota incident to see how disruptive DDoS attacks could be. By February 2000, 15-year-old Canadian Michael Calce – online alias MafiaBoy – had managed to take over a number of university networks, roping a large number of computers into a botnet. He used this for a DDoS attack that took down some of the biggest websites at the start of the new millennium, including Yahoo! – which at the time was the biggest search engine in the world – eBay, Amazon, CNN, and more. By the mid-2000s, it was apparent that DDoS attacks could be a potent tool in the cybercriminal arsenal, but the world was about to see a new example of how disruptive DDoS attacks could be; by taking down the internet services of an entire country. In April 2007, Estonia was – and still is – one of the most digitally advanced countries in the world, with almost every government service accessible online to the country's 1.3 million citizens through an online ID system. But from 27 April, Estonia was hit with a series of DDoS attacks disrupting all online services in the country, as well as parliament, banks, ministries, newspapers, and broadcasters. People weren't able to access the services they needed on a daily basis. For complete details visit OUR FORUM.

After tearing the PlayStation 5's guts apart earlier this week, Sony confirmed nearly everything we'd like to know on Friday about how its new console, launching November 12, will interface with PS4 games via backward compatibility. We should probably start with the big news that Sony has not cleared up just yet. Today, we received our first indication that PlayStation 5 will ship with something known as "Game Boost," which its Friday news post suggests "may make [select] PS4 games run with a higher or smoother frame rate." This suggestion doesn't come with a handy footnote pointing us to a list of affected games or features, however. Sony did not immediately respond to our request for clarification, so I'm left pointing to my recent deep dive with Xbox Series X's backward compatibility suite. What I found there was compelling: Most games play nearly identically on Xbox Series X as they do on Xbox One X, since console games are typically coded with hard limits on technical aspects. But in the case of games that launched on PS4 with "unlocked" frame rates and dynamic resolutions, well, the sky might be the limit. Will PS5 let those older, uncapped games tap into the full PS5 architecture or will certain CPU and GPU aspects be limited for compatibility's sake? I found that Xbox Series X was generally quite generous to the minority of games that could tap into increased horsepower, but there's no guaranteeing Sony will treat its older games the same way, in order to prioritize compatibility over upgrades. Additionally, will current-gen PlayStation VR games see their own boosts? "PSVR" is referenced repeatedly throughout today's new document but not in the brief mention of Game Boost. Existing PlayStation VR hardware seems to be entirely compatible with PS5, with Sony confirming once again that users will need a PlayStation Camera adapter to connect to PS5—and that those adapters will be free. How exactly PSVR owners will get those adapters remains to be seen. The matter of PS5 controller compatibility is a bit more complicated than Xbox Series' pledge of total forward and backward compatibility (with the exception of Xbox One Kinect, RIP). As has previously been hinted, PS5's new DualSense controller will work with older games, but PS4's DualShock 4 gamepad will not work with PS5 games. (Yes, you can still connect a PS4 DualShock 4 to play PS4 games on PS5. Whew, that's a mouthful.) In good forward-compatibility news, if you already bought an expensive add-on controller, Sony assures you that "specialty peripherals [from the PS4 era], such as officially licensed racing wheels, arcade sticks, and flight sticks," will work with PS5 software. When playing the PS4's library of PSVR games on PS5, Sony encourages users to stick with DualShock 4 as a gamepad, suggesting that the older gamepad offers the "best experience" in PSVR. This implies, but doesn't confirm, that DualSense will not work the same way as a DualShock 4 in PSVR games like Astro Bot, which relies heavily on gamepad motion sensing via tracking elements like its "light bar." You can also use existing PlayStation Move wands in PSVR games on PS5. Certain PS4 system features have been scrapped when moving forward to PS5. The DualShock 4's "share" button now brings up the PS5's built-in "create" menu, which appears to do all the stuff that "share" did on PS4 but with a few additional button shortcuts. And PS4 social features like tournaments, "in-game live," and second-screen app functionality have all gotten the axe. Complete details are posted on OUR FORUM.

Fortnite won’t be coming back to the App Store any time soon. On Friday, Judge Yvonne Gonzales Rogers refused to grant Epic Games a preliminary injunction against Apple that would force the game developer to reinstate Fortnite on the App Store, while simultaneously granting an injunction that keeps Apple from retaliating against the Unreal Engine, which Epic also owns. In other words, we now have a permanent version of the temporary restraining order ruling from last month. That means the state of affairs, in which Epic is banned from publishing new games on iOS and cannot distribute Fortnite on the App Store in its current form, will remain in place for the length of the trial — unless Epic decides to remove its own in-app payment mechanism that initiated the bitter legal feud in August. Rogers had previously suggested a jury trial might be appropriate as soon as next July, but ahead of today’s ruling, both parties said they would rather have the case decided by a judge. Today’s decision still prevents Apple from revoking Epic’s developer tools in a way that could have harmed its broader business. “Epic Games and Apple are at liberty to litigate this action for the future of the digital frontier, but their dispute should not create havoc to bystanders. Thus, the public interest weighs overwhelmingly in favor of Unreal Engine and the Epic Affiliates,” said the judge, keeping Epic’s Unreal Engine business from being harmed. “Epic Games is grateful that Apple will continue to be barred from retaliating against Unreal Engine and our game development customers as the litigation continues,” an Epic spokesperson said in a statement. “We will continue to develop for iOS and Mac under the court’s protection and we will pursue all avenues to end Apple’s anti-competitive behavior.” “Our customers depend on the App Store being a safe and trusted place where all developers follow the same set of rules,” an Apple spokesperson said in a statement. “We’re grateful the court recognized that Epic’s actions were not in the best interests of its own customers and that any problems they may have encountered were of their own making when they breached their agreement. For twelve years, the App Store has been an economic miracle, creating transformative business opportunities for developers large and small. We look forward to sharing this legacy of innovation and dynamism with the court next year.” Apple and Epic met in federal court again in September for another round, where the merits of the Fortnite developer’s antitrust case against Apple were argued before Rogers for a second time since Epic filed its lawsuit in August. Epic had a particularly rough go of it, as Rogers singled out the company for what she characterized as dishonest behavior that may prove the company poses a security risk to the iOS platform. “You did something, you lied about it by omission, by not being forthcoming. That’s the security issue. That’s the security issue!” Rogers told Epic, according to a report from CNN. “There are a lot of people in the public who consider you guys heroes for what you guys did, but it’s still not honest.” Rogers also brought up the fact that walled gardens and their standard 30 percent cuts are commonplace in the game industry, with console makers like Microsoft, Nintendo, and Sony implementing similar rules. Rogers said the case should likely go to a jury to decide and suggested a trial time frame of next summer. “It is important enough to understand what real people think,” said Rogers. “Do these security issues concern people or not?” The other benefit of a jury trial is that it may result in a stickier, more definitive ruling. The likelihood this case sees numerous appeals is high, and appellate courts are more likely to uphold a jury decision when appealed. That could avoid the case bouncing between courts for years to come. “I know I’m just a stepping stone for all of you,” Rogers added. Learn more by visiting OUR FORUM.