Microsoft patches Google-outed Windows security hole
As promised, Microsoft has issued a fix for the Windows security flaw that Google disclosed before a patch was ready. The update tackles vulnerabilities in numerous versions of Windows (from Vista through Windows 10) that would let an attacker get control of your system through a malicious app. You’re already safe if you use Windows 10 Anniversary Update and an up-to-date browser, we’d add — this is for people who can’t or won’t move to a newer operating system.
You have a strong incentive to upgrade quickly if you’re affected. The attack is known to have been used by hacking group Strontium for a low-intensity but targeted phishing campaign. It’s not certain that other organizations used the hole, but you likely don’t want to find out about new attacks first-hand.
The patch ends a brief but tumultuous episode between Google and Microsoft. Google published details of the flaw after learning that it was already being used for real-world attacks, but Microsoft criticized the move as irresponsible. It put users at “potential risk” by making it easier for malware writers, the Windows creator said. Whether or not that’s true, the question is whether or not the two sides are taking steps to minimize these issues in the future — ideally, any security disclosure comes with a patch ready and waiting.
Via: ZDNet
Source: Microsoft
Alphabet’s drone service reportedly nixes Starbucks delivery deal
It looks like Alphabet is walking back its Project Wing drone delivery initiative. Some employees are being told to seek other jobs within the company formerly known as Google, and the outfit even killed a partnership with Starbucks, according to Bloomberg. Wait, Starbucks? Apparently, there were talks of using the drones to deliver coffee, much in the way that Chipotle was going to fly burritos to Virginia Tech students. Google provides WiFi at some of the coffee chain’s locations. “Those plans were nixed largely over disagreements about the access to customer data that Alphabet wanted,” according to Bloomberg’s sources. Sounds like classic Alphabet.
It follows some belt-tightening around Mountain View, with the search juggernaut “pausing” the rollout of its Fiber internet service, and a few key departures from the mysterious X Lab. The company announced it was making marginal strides to not losing money recently, so more moves like this shouldn’t come as a surprise.
Source: Bloomberg
Android’s latest update doesn’t patch major security flaw
The November Android security update is live and it fixes 15 critical vulnerabilities, but it doesn’t patch a major Linux kernel exploit that can give hackers quick and complete access to devices running on Google’s OS. Researcher Phil Oester discovered the flaw (CVE-2016-5195) in October, though he believes it’s existed since 2007. The exploit is known as “Dirty COW” because of its basis in copy-on-write systems (and maybe because that name is adorable).
With this month’s security update, Google did roll out a “supplemental” firmware fix for Dirty COW across Nexus and Pixel devices. Plus, Samsung released a patch for its devices this month, according to Threatpost. An official Android patch for the Dirty COW issue is expected to land in December.
Oester, the researcher who discovered the flaw, told V3 that it’s “trivial to execute, never fails and has probably been around for years.” Dirty COW is sophisticated, and Oester said he was only able to catch it because he had been “capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox.”
“I would recommend this extra security measure to all admins,” Oester said.
Via: Threatpost, Ars Technica
Source: Android Security Bulletin
Browser add-on caught selling identifiable web histories
When you include the word “trust” in your internet company’s name, you’re under more pressure than most to respect the privacy of your customers… and one firm is learning that lesson the hard way. Web of Trust Services’ browser add-on has left the extension libraries for Chrome, Firefox and Opera after a German broadcaster’s investigation revealed that Web of Trust was collecting and selling users’ web histories to third parties. While the company said that it was anonymizing data, that didn’t hold up under scrutiny. The broadcaster managed to identify over 50 people from sample data, and uncovered everything from active police investigations to the implied sexual orientation of a judge.
Also, a German data protection commissioner chastised WoT for not doing enough to get the consent of its users (and there are many of them, with 140 million downloads) before gathering and selling info. Moreover, there’s evidence that the software can run the code it wants on any web page. There aren’t any known in-the-wild exploits, but that’s not exactly reassuring.
To its credit, WoT is taking steps to mend its ways. It’s reexamining its privacy policy, offering an opt-out for the data you share and revamping the way it ‘cleans’ data to get rid of potentially identifying info. Its previous approach “may not have been sufficient” to fully anonymize your data, a spokesperson tells The Register. The company is quick to add that only Mozilla pulled the add-on — WoT says it voluntarily yanked the add-on from the Google and Opera portals to “make appropriate changes.”
You should see an improved version of the add-on in the weeks ahead. However, questions remain: why sell histories without explicitly warning users, and making absolutely sure there wasn’t identifying data? And why not make data sharing opt-in? No matter what the answers, the findings are a reminder that promises of anonymized data by themselves aren’t enough. A company has to make sure that your sensitive content remains a secret in practice, not just in theory.
Via: The Register
Source: NDR.de (translated), Web of Trust, GitHub
Google Home teardown confirms two mics and Chromecast’s chips
See those parts meticulously laid out in the image above? That’s what a Google Home looks like after it’s been torn down by iFixit. The team known for dismantling the hottest gadgets has opened up Mountain View’s Echo competitor to confirm that it has two microphones. Echo has seven, but Google says Home has the capability to differentiate voice patterns from background noise despite having fewer mics. iFixit also had déjà vu while looking at its parts, because the chips on its motherboard (besides a semi-conductor) appeared in the 2015 version of Chromecast.
Before the team got to the motherboard, though, they had to deal with some super sticky adhesive that protects half of an array of capacitors in charge of detecting your fingers on the device. Despite the troublesome adhesive, iFixit gave the device an 8 out of 10 in repairability since it has minimal moving components. You can see what the team had to go through to completely tear the Home apart on its website if you want to know what makes it tick.
Source: iFixit
YouTube is now streaming HDR video
We knew it was coming, but it’s finally here: YouTube is now streaming High Dynamic Range (HDR) video. Google announced today that it’s enabled support for the the display technology, allowing viewers with HDR TVs and monitors to enjoy content with increased clarity, color range and contrast.
Although 4K video has been available on YouTube for some time, Google has waited on incorporating HDR. Only now are TV makers baking it in as standard, while popular gadgets like the Chromecast and PlayStation 4 recently got the feature.
High Dynamic Range, in simple terms, doesn’t change the number of pixels that you see, it just gets more out of them. HDR offers a wider range of contrast and brightness than standard HD or UHD, allowing the resulting images to show more detail in darker parts of the screen and highlight a wider range of colors. You should be able to pick out details that you may not have noticed before.
Google worked with a number of YouTubers — including MysteryGuitarMan, Jacob and Katie Schwarz and Abandon Visuals — to have premium HDR content ready for launch, but anyone can now upload their visually enhanced video.
Starting today, you can watch YouTube videos in HDR on supported devices, such as HDR TVs with the new Chromecast Ultra, PCs hooked up to an HDR monitor and soon on all 2016 Samsung SUHD and UHD TVs.
Gmail for iOS is finally on par with the Android version
Google wants its services to be on as many devices as possible — to meet that goal, the company has been putting out excellent versions of its apps on the iPhone for years now. That is, except for Gmail, arguably Google’s best-known tool beyond search. The Gmail iOS app was essentially broken when it launched back in 2011. A big update in 2012 made things much better, but the app has only changed in fits and starts since then. Its design doesn’t fit at all with Google’s current standards and it can be very slow. It gets the job done, but there are absolutely better options for accessing Gmail on the iPhone, including Google’s own Inbox app.
Thankfully, Google has finally decided it’s time to bring Gmail for iOS into the modern era. The new Gmail app for the iPhone and iPad rolling out today and it brings both design and functionality up to part with the Android app. Indeed, the app is basically indistinguishable with its Android counterpart now. The basic feature set is essentially unchanged — you have access to all your Gmail labels and the excellent search feature. You can add multiple accounts, and the app reflects whatever Inbox style you’ve picked on the desktop (priority inbox, starred email first, the various tabs grouping social, promotional and update emails and so forth).
All of this worked in the old Gmail app. It was just much uglier if we’re being honest. Now, the bright colors and animations of Material Design are present, emails have a small avatar showing you the sender, the sidebar lets you switch accounts faster — the whole thing looks better and is more efficiently designed.
The old Gmail also didn’t perform like a native app. It reminded me of the old days of app, where many of them were simply a UI wrapper around content being pulled from the web. That made it feel like you were waiting much longer for emails to load than was reasonable in this day and age.
That’s all changed now — there’s no doubt that Gmail is much faster than it used to be. And there are a few new features to the app. They’re not new if you’ve used Gmail anywhere else, but they’re finally in the iOS app. First of all, the super-handy “undo send” feature is now available, saving your butt if you fire off an email to the entire company instead of just one person. You can also swipe a message to automatically archive or delete it, depending on your preference.
As I mentioned, the whole app is faster, but search in particular got an overhaul. Now, you’ll see search results auto-populate as you type, so you don’t have to finish a word or hit enter to find the email you’re looking for. Overall, the app feels like a cross between the old, traditional Gmail app and Inbox, which already had these new features. But if you aren’t a fan of Inbox’s grouping and snoozing features and just want the basic, plain-vanilla Gmail, this app absolutely does the trick.
Google is also bringing a smaller update to the Calendar app for the iPhone today as well (sadly, the update doesn’t include iPad compatibility). There’s not much here, but Google did add one pretty useful feature: Events, reminders and goals that from your Google Calendar are now integrated into the iPhone’s spotlight search. So if you’re looking to make Google Calendar your main option over the built-in iPhone option, things should be a little easier. Google also added support for non-Gregorian calendars like Lunar, Islamic and Hindu — so if you want to see those dates alongside the standard options, that’s there. And if you want to quickly see a full week’s view, just rotate your phone to landscape mode.
Both the updated Gmail and Calendar apps should be rolling out to the App Store today. If you’ve been longing for a first-party Gmail app that feels up-to-date in 2016, definitely download today’s update. It’s been a long time coming, and after a few years using Inbox I might be ready to make the standard Gmail my main email app again. Here’s hoping Google keeps updating it in a timely fashion rather than letting languish for years again.
Android Auto is now a standalone app you can download to your phone
If you’ve driven a car in the past decade or so, you’ve likely noticed just how lousy most in-car user interfaces are. That makes things like Google’s Android Auto and Apple’s CarPlay a real blessing — but the downside is that you’ll either need to have a relatively new car or purchase a fairly expensive new head unit. Fortunately, Google is making good on a promise it made earlier this year: You can now download the Android Auto app to your phone, which gives anyone access to Android’s driving-focused experience.
You can download the app like any other from the Play Store. Then it’s just a matter of giving the app access to various permissions like calls and messages so that it can play them back for you. Once the app is set up, you’re presented with basically the same interface you’d otherwise see on the screen of a car running Android Auto.
If you haven’t used Android Auto before, it gives you quick access to a small set of features you might want while driving. Probably the most important of those are music and directions. When I launched Android Auto on my Pixel phone, I was presented with a card for controlling my Google Play Music account and one-tap directions to a few places I had recently looked up. Tapping any of those brings you deeper into the app, and tapping the standard Android menu icon presents a few more options.
But in keeping with the focus on driving, not every feature of the app is available. WIth Music, for example, I can get shortcuts to my playlists, queue, podcasts, recent activity and a selection of Google Play Music’s “music for driving” stations. But I can’t just flick through my entire library or search with an on-screen keyboard. Google wants your eyes on the road. However, if you need to do more in the app, you can tap the microphone button and perform a voice search.
Other cards that appear on the screen include your current weather as well as recent calls and messages you may have received. Again, you can’t respond to messages — or even read them. But you can have Google read them back to you. If you get a call, you’ll be presented with full-screen caller ID and big buttons to press to either pick up the call or let it go to voicemail. Likewise, when you receive a text message, you can tap a big button to respond with your voice or mute notifications.
Your missed calls and messages appear on the main Android Auto screen where you can tap to respond (with your voice) or return the call. Messages also have a one-tap auto response, set by default to “I’m driving right now.” After you listen a text message, Android Auto helpfully tells you that you can hit the mic button and say “reply” to send a message back.
The last bit of the interface are three shortcut buttons at the bottom that go into navigation, the phone and music. You can access multiple audio apps besides just Google Play Music, provided you have them installed on your phone. Tapping the navigation button just shows you where you are on a map, with buttons to activate voice search as well as the Google Maps “search along my route” feature that lets you pull up nearby gas stations, restaurants and so on. And the phone app just shows recent calls, favorites and provides you with one-tap access to a number dialer.
You can customize your Android Auto experience a little bit in the settings menu. There are options to modify your auto reply message and set up some “auto launch” features. For example, you can set it so Android Auto starts up every time your phone connects to your car’s Bluetooth system. Lastly, you can set it up so that your screen stays on indefinitely when you’re using Android Auto, or set it to only do that when you have the phone plugged into a charger.
After a few days playing around with Android Auto on the Pixel, I’m sold on this as a quick and easy way to improve your driving experience, though you’ll absolutely need a hands-free phone mount for your dashboard to really use this properly. As someone who generally avoids making calls or sending messages when driving because of the fiddly, terrible UI in my car, this is a blessing.
There are only a few real downsides. For starters, you just don’t see a whole lot of info on your phone’s screen — the UI naturally makes things larger for readability and to make touch targets easier to hit. But that means you can’t see many items on your screen at a time. This is an instance when a bigger device like the Pixel XL would definitely be preferable. The other sad omission is you can’t say “OK Google” to start issuing voice commands. It’s a very strange thing to leave out, but Google has previously said it would add the feature eventually. Fingers crossed it happens sooner than later.
Regardless of what phone you’re using, though, there’s a good chance that Android Auto on a smallish screen is still going to be better and more intuitive than using what’s in your car right now. If you have an Android phone and a dashboard mount for your phone, this new app is definitely worth a shot.
Google Search will show election results as they come in
The US election has been good business for Google, thanks in part to its localized ballot data and state voting guides. The search giant wrote that it will soon show election results directly in search after polls close, including “Presidential, Senatorial, Congressional, Gubernatorial races as well as state-level referenda and ballot propositions.” It also revealed counties with the highest voter interest in key battleground states, based on the search query “where to vote.”
A lot of folks caught the election debates on the YouTube channels of Fox, NBC and other media outlets, instead of watching them on cable. Google has promised more of the same, saying you’ll be able to tune in to NBC, PBS, MTV, Bloomberg, Telemundo and The Young Turks on YouTube to watch live, post-election coverage. The company has also been encouraging folks to participate via its #voteIRL campaign (Facebook will also remind 100 million eligible voters that it’s election day). The latest #voteIRL YouTube video (below), features the POTUS himself encouraging you to go to the polls — even though he’s uncertain of what IRL even means.
Source: Google
Google snaps up the creators of a game-focused Android emulator
You can already run Android apps on a Chromebook, but would you run games and other intensive mobile apps on it? Probably not. However, Google might be taking steps to make that practical. The creators of LeapDroid, an Android emulator that specializes in games, have revealed that they’re joining Google just months after releasing it to the public. The team isn’t discussing “specific plans,” but they’re halting both development and support for LeapDroid. You can continue running the latest version, but you won’t get anything more than that.
It’s not clear just how the deal went down, although the team suggests that this isn’t a straight-up acquisition: LeapDroid is “not affiliated” with Google despite the move. We’ve asked Google for more details and will let you know if it can shed light on what’s happening.
However it happened, the move raises a few possibilities. On a basic level, it could help with Android’s performance in non-native environments — something as fast as LeapDroid could help developers testing Android apps, or give Chrome OS devices an extra boost running mobile titles. In the long term, though, it could be important for that oft-rumored Android/Chrome union. If you’re going to merge two largely disparate platforms, you want to eliminate as many potential hiccups as possible. While there’s no certainty that you’ll see conspicuous uses of LeapDroid’s tech, it won’t be surprising if the extra talent makes Google’s vision of computing that much more realistic.
Via: LeapDroid (Twitter)
Source: LeapDroid
AIVAnet 