Hackers exploit Flash vulnerability in Yahoo ads

The New York Times reported on hackers exploiting Flash vulnerability in Yahoo ads.

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday.

The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.

“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”

Firefox users got lucky.

Inside the sad, expensive failure of Google+

Mashable reported on the sad, expensive failure of Google+.

Google’s effort to build a social network to rival Facebook began with a bold, company-wide yell. Now Google appears to be winding down Google+ with barely a whimper.

This week, four years and one month after launching Google+ with the stated mission to “fix” online sharing, Google announced it would eliminate a much-criticized requirement to use a Google+ account when signing on to other Google services like YouTube. The move is the clearest indication yet that Google is ditching its playbook of trying to push everyone in the world use its social network.

I have moved away from Google+ for quite some time, pushing articles to it to share to followers but nothing more than that.

The security flaw Google built into Android

MIT Technology Review reported on the security flaw Google built into Android.

When security problems are discovered in Microsoft’s Windows operating system, or Apple’s mobile or desktop equivalents, those companies can push out an update to affected computers. You get a message telling you to install the update, direct from the company who made the software. In the case of Microsoft’s Windows 10, being released Wednesday, such updates are automatic and mandatory for home users. (This model doesn’t always work perfectly—Apple, for example, has been accused of being too slow to roll out important security patches.)

Google can’t push you an update for Android. It hands out the operating system to device manufacturers for free. They get to tinker with it to add features or apps of their own and are the only ones—along with cellular carriers in some cases—that can push updates to the devices they sell. Google does bind companies that use Android with some restrictions (for example to do with using its app store) but doesn’t require them to push out security updates quickly.

What’s a possible solution?

Google’s desktop operating system, Chrome OS, has a much smarter design when it comes to security updates. They download in the background and install themselves. Many security engineers at Google surely wish they could do the same with Android. But the way Google has established Android’s business model makes that unlikely. Device makers and carriers appear to prioritize their own businesses and independence from Google above keeping their customers’ devices secure. Expect more news of worrying Android security holes that won’t be fixed.

Either you live with it, keep up with the newest Android phones that come with the latest OS software, or walk away.

Samsung glamour days over as it fights to save mobile market share

Reuters reported on Samsung’s fight to save mobile market share.

Behind Samsung’s reality-check is the fact it is stuck with the same Android operating system used by its low-cost competitors, who are producing increasingly-capable phones of their own.

“The writing has long been on the wall for any premium Android maker: as soon as low end hardware became ‘good enough,’ there would be no reason to buy a premium brand,” said Ben Thompson, an analyst at Stratechery.com in Taipei.

It’s a race to the bottom for Android makers. It is not something surprising. We just need to look at the PC market to expect what the trend would be like.

Microsoft posts record loss as it writes down Nokia

Reuters reported on Microsoft’s record loss as it writes down Nokia.

Microsoft Corp reported a $3.2 billion quarterly net loss, its biggest ever, as the company wrote down its Nokia phone business and demand fell for its Windows operating system.

No big deal. It’s just $3.2 billion loss. I mean, look at Apple, they are in trouble with a record $7.7 billion profit.

Apple reports record third quarter results

Jim Dalrymple reported on The Loop reported about Apple’s record third quarter results.

Apple on Tuesday reported a third quarter profit of $10.7 billion on revenue of $49.6 billion. This compares to revenue of $37.4 billion and net profit of $7.7 billion in the year ago quarter.

$10.7 billion but people think Apple is losing it.

Goodbye, Android

Lorenzo Franceschi-Bicchierai wrote on Motherboard about switching from Andoird.

As security expert Cem Paya put it, that was a conscious decision Google made when it created Android. Paya called it a Faustian deal: “cede control over Android, get market-share against iPhone.” Basically, Google was happy to let carriers put their bloatware on their Android phones in exchange to having a chance to fight Apple for in the mobile market. The tradeoff was giving carriers and manufacturers control over their Android releases, leaving Google unable to centrally push out operating system updates.

Some carriers and manufacturers are better than others, it’s true, but they all pretty much suck when it comes to pushing updates. There really isn’t a better way to put it.

As security researcher Nicholas Weaver put it in a (now deleted) tweet, ”Imagine if Windows patches had to pass through Dell and your ISP before they came to you? And neither cared? That is called Android.”

Web browser efficiency

BatteryBox reported on Chrome vs Safari vs Firefox web browser efficiency.

Averaging data from all websites tested, Safari won first place with 6hours 21min of total usage, Firefox second with 5hours 29min of usage, and Chrome last with 5hours 8min of usage.

Basically, if you simply switch to using Safari instead of Chrome, on average you could get an extra 1 hour of usage from your battery life. It’s actually a pretty good browser, and now has a fair amount of extensions available.

Sometimes it’s not about having the latest and greatest features, but what goes on behind the scenes that matters.

Solitaire for Windows 10 is a fremium game

Time reported on [the ridiculous hidden inside Windows 10 TIME](http://time.com/3977862/windows-10-solitaire/).

The newly released Windows 10 features the Solitaire Collection, which includes several variants of the classic card game. However, unlike the version of the game you played at your grandma’s house in the ‘90s, Windows 10 Solitaire comes packed with advertisements. To get rid of the ads and earn some in-game currency (yes, this centuries-old game is borrowing from Candy Crush), users can pay $1.49 per month or $9.99 per year.

When your OS is free, it’s not the product. You’re the product. At least, this is how Microsoft seems to think. Note how Mac OS X is free but it doesn’t try to sell ads to you. That’s giving utmost priority to the user experience.

Privacy issues with Windows 10

The Next Web reported on privacy issues with Windows 10.

Data syncing by default

Sign into Windows with your Microsoft account and the operating system immediately syncs settings and data to the company’s servers. That includes your browser history, favorites and the websites you currently have open as well as saved app, website and mobile hotspot passwords and Wi-Fi network names and passwords.

[..]

Cortana is a sexy spy in the machine

To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device.

Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.”

[..]

Advertisers will know exactly who you are

Windows 10 generates a unique advertising ID for each user on each device. That can be used by developers and ad networks to profile you.

[..]

Your encryption key is backed up to OneDrive

Not necessarily a bad thing but something you should be aware of. When device encryption is turned on, Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key. That’s backed up to your OneDrive account.

[..]

Microsoft can disclose your data when it feels like it

This is the part you should be most concerned about: Microsoft’s new privacy policy assigns is very loose when it comes to when it will or won’t access and disclose your personal data:

We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.

Something to consider if you’re considering switching to Windows 10. Something to be aware of if you’re already on Windows 10.