By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Europe’s top court has made a ruling that could affect scores of websites that embed the Facebook  ‘Like’ button and receive visitors from the region. The ruling by the Court of Justice of the EU states such sites are jointly responsible for the initial data processing — and must either obtain informed consent from site visitors prior to data being transferred to Facebook or be able to demonstrate a legitimate interest legal basis for processing this data. The ruling is significant because, as currently seems to be the case, Facebook’s Like buttons transfer personal data automatically, when a webpage loads — without the user even needing to interact with the plug-in — which means if websites are relying on visitors’ ‘consenting’ to their data being shared with Facebook they will likely need to change how the plug-in functions to ensure no data is sent to Facebook prior to visitors being asked if they want their browsing to be tracked by the ad tech giant. The background to the case is a complaint against online clothes retailer, Fashion ID, by a German consumer protection association, Verbraucherzentrale NRW — which took legal action in 2015 seeking an injunction against Fashion ID’s use of the plug-in which it claimed breached European data protection law. Like ’em or loathe ’em, Facebook’s ‘Like’ buttons are an impossible-to-miss component of the mainstream web. Though most Internet users are likely unaware that the social plug-ins are used by Facebook to track what other websites they’re visiting for ad targeting purposes. The Fashion ID case predates the introduction of the EU’s updated privacy framework, GDPR, which further toughens the rules around obtaining consent — meaning it must be purpose-specific, informed and freely given. Today’s CJEU decision also follows another ruling a year ago, in a case related to Facebook fan pages, when the court took a broad view of privacy responsibilities around platforms — saying both fan page administrators and host platforms could be data controllers. Complete details can be found on OUR FORUM.

Microsoft recently revealed that the outdated Intel RST driver causes system reliability problems on Windows 10 May 2019 Update. To prevent further problems, Microsoft has opted to block the May 2019 Update to such PCs. If you’re running outdated versions of the Intel Rapid Storage Technology drier, you won’t be able to install the May 2019 Update, according to Microsoft. If you attempt to install Windows 10 May 2019 Update with Update Assistant Tool, you’ll receive an error message. Microsoft says the upgrade block is lifted when updated Intel RST driver is running, but users are reporting that they are still unable to install Windows 10 May 2019 Update. Even if you installed an updated driver, there’s a chance that you still won’t be able to upgrade to Windows 10 version 1903. According to various reports (1, 2, 3,) – the above error notification won’t go away and the upgrade installation refuses to proceed. “I’ve literally been trying to fix this for hours. I’ve updated the version numerous times, uninstalled everything numerous times, yet every time I try to update, I get the same error over and over again,” a user documented the problem on Reddit. “Same issue as well. I’ve tried the recommended version, the latest and uninstalled. Continue to get the same Upgrade error about RST compatibility,” another user noted. It’s not clear why the upgrade is still being blocked, but it could be possible that Update Assistant Tool is unable to detect the new driver. A solution is yet to be found, but if you really want the May 2019 Update, you can manually install it with Media Creation Tool only after double-checking the driver version. We will continue following this thread and report any updates or workarounds as they become available. For the complete publication of this article, Please stop by OUR FORUM.

The issue with Huawei as a "threat" to security is code language. Huawei IS a threat, but only to the security of other telecoms in the West because the Chinese got to a viable 5G network before anyone else did. In a recent piece about the politicization of news concerning the Chinese telecom giant Huawei, some of our readers on made interesting comments that actually help one to connect the dots and see more clearly just how invasive the US government thinks it can be in terms of one’s personal privacy. The comments in question (slightly redacted for conciseness here), said the following: “Huawei categorically will NOT put back doors in their hardware for the NSA and other alphabet agencies to use to spy on all of us. That is the REAL reason.” “The [effort] to demonize Chinese companies, especially the two biggest and best Chinese tech companies, has two [purposes]: one is to use their plight as leverage in the ongoing trade negotiations; the other is the US desire to destroy the Chinese economy so China would have to submit under US hegemony. [Looking] at the spying accusations with a bit more common sense: what would China want to do with this flood of useless information? Contrary to the NSA who justifies its $85bn yearly budget by compiling a file on every person in the world and especially in the US to prevent terrorism, China spies only in directed ways. The terrorism the NSA is afraid of is not ISIS type terrorism from outside and it hasn’t prevented any of these attacks. What the NSA and the US government are afraid of is revolt by organized citizens. Hence the surveillance and scrutiny of activists and any organized group of people. China has no use for such data from the US and given a smaller budget, uses it to keep order in China and elsewhere by spying when other signs indicate a problem could be brewing. Dragnets are the specialty of US [spycraft].

If you use Office 365's webmail interface to prevent email recipients from seeing your local IP address, you are out of luck. When sending email through Office 365, your local IP address will be injected into the message as an extra mail header. Operating a web site and focusing on infosec related topics has made me a paranoid person.  This leads me to send replies to stranger's emails via webmail so I do not expose my local IP address for security and to protect my privacy. It turns out that if you have been using the Office 365 webmail interface to hide your IP address, you are not hiding anything. When sending an email via Office 365, the service will inject an additional mail header into the email called x-originating-ip that contains the  IP address of the connecting client, which in this case is your local IP address. BleepingComputer tested the webmail interfaces for Gmail, Yahoo, AOL,, and Office 365. None of the webmail interfaces other than Office 365 injected the user's local IP address, which is what most have come to expect when using webmail. If you are using Office 365's webmail interface and wish to keep your local IP address private, at this point you will need to connect to the webmail using a VPN or Tor. This will cause the services' IP address to be injected into the email rather than your local one. According to responses in Microsoft answers forums, Microsoft removed the x-originating-ip header field in 2013 from Hotmail to offer their users more security and privacy. For Office 365, who caters to the enterprise, this header was intentionally left in so that admins could search for email that has been sent to their organization from a particular IP address. This is especially useful for finding the location of a sender in the event an account has been hacked. More complete details can be found on OUR FORUM.

Facebook’s Messenger Kids app is built around a simple premise: children shouldn’t be able to talk to users who haven’t been approved by their parents. But a design flaw allowed users to sidestep that protection through the group chat system, allowing children to enter group chats with unapproved strangers. For the past week, Facebook has been quietly closing down those group chats and alerting users, but has not made any public statements disclosing the issue. The alert, which was obtained by The Verge. Facebook confirmed to The Verge that the message was authentic, and said the alert had been sent to thousands of users in recent days. “We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats,” a Facebook representative said. “We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.” The bug arose from the way Messenger Kids’ unique permissions were applied in group chats. In a standard one-on-one chat, children can only initiate conversations with users who have been approved by the child’s parents. But those permissions became more complex when applied to a group chat because of the multiple users involved. Whoever launched the group could invite any user who was authorized to chat with them, even if that user wasn’t authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users, a violation of the core promise of Messenger Kids. Learn more by visiting OUR FORUM.

Microsoft says that several changes designed to make Office 365 licensing technology more reliable for subscription-based Office clients will be rolled out during August. Office 365 is part of the Microsoft 365 software offer which also bundles Windows 10 and EMS (short for Enterprise Mobility + Security), a bundle that provides customers with an easy way of enjoying a simple to manage and secure online productivity platform in Microsoft's vision. "In August, we’ll start slowly rolling out these changes to commercial customers on Monthly Channel. The roll-out will continue to Semi-Annual Channel (Targeted) in September, and Semi-Annual Channel in January 2020," says Microsoft. While the Office activation and licensing changes will affect both users and admins who manage Office 365 devices, the activation process will not be changed in its entirety. More to the point, Office users will still have to activate their installation by sign-in in on their devices, with the software to automatically detect their credentials and activate itself if single sign-on is enabled. Also, Office users can still deploy and activate Office 365 apps on up to five desktop devices, five smartphones, and five tablets as part of their Office 365 subscription. The changes Microsoft will start rolling out during August are designed to remove prompts when deactivating Office installations, as well as automatically sign out users when the sign-in limit is reached. This new groups expiration policy will allow all Office 365 admins to improve their groups' lifecycle management once it reaches public preview by making sure that active groups are not haphazardly removed and data is irremediably lost. Learn more by visiting OUR FORUM.