Apple’s FaceTime privacy bug allowed possible spying


Social media caught fire yesterday as the news of a new Apple bug spread. It seemed that there was a flaw in FaceTime that allowed you to place a call to someone, but listen in on their microphone if they didn’t pick up. Worse, as the news spread, it turned out that there was also a way to capture video from the camera on the target device, and that this issue was affecting not just iPhones and iPads, but Macs as well.
The result was a chorus of voices all saying the same thing: turn off FaceTime. The good news, though, if you’re just tuning in now, is that this is completely unnecessary, as Apple has disabled the service that allowed this bug to work.
How did the bug work?
The bug relied entirely on a feature of iOS 12.1 and macOS 10.14.1 called Group FaceTime. If you are using an older version of iOS or macOS, you have nothing to fear.
The bug involved doing something a bit unusual with Group FaceTime. First, you would have to place a FaceTime call to your intended victim. Next, while the call is still ringing, you would need to bring up the Add Person screen and add yourself to the call. Doing this would invoke Group FaceTime, and the microphone of the intended target would be activated, even if they didn’t answer.
Capturing video from the target phone’s camera required one of two known techniques. One would be to hope that the recipient pressed the power button on the phone to “decline” the call, in which case the camera would turn on as well. (Of course, if they pressed it twice, as some have become accustomed to doing on iPhones in these days of scam calls, that would cut the video off again. But you’d still see a flash of video.)
Alternately, you could apparently join the call from another device, which would also turn on the recipient’s camera. (Although I was able to test and verify everything else, I didn’t know about this trick until after Apple disabled Group FaceTime, so I can’t verify this one from personal experience.)
What were the dangers?
To make this work, you would need to rely on the target not answering, which could potentially be orchestrated if the target’s activities were known and it was likely that he or she would both be disinclined to answer at the time of the call, and be doing or saying something of interest. (I think we can all think of at least one such activity!)
Fortunately, this did pretty much rule out generalized surveillance, though nonetheless, there were some valiant efforts (most likely pranks) in the brief time the bug was known.


This also didn’t open up an open-ended wiretap. FaceTime rings for a while, but not forever. At most, you might get about a minute or so of spying. It’s also not the stealthiest of attacks, since you’d literally be announcing yourself in the process.
All this means that the risks were fairly low for anything beyond a prank. I personally did not feel it necessary to turn off FaceTime on my devices. Once I was aware, I could have simply covered the camera and ended the call—or had a little fun with the caller by playing Rick Astley into the phone’s mic!
How was this resolved?
Apple temporarily solved the problem by disabling Group FaceTime on their servers. This means that you can no longer add people to a FaceTime call, so the bug currently cannot be triggered. Apple will undoubtedly release iOS and macOS updates with a fix for this bug.
It’s unknown how soon Apple will re-enable Group FaceTime after that update is released, so if you’re on iOS 12.1 or macOS 10.14.1, it will be of great importance to install the next update in a timely fashion! You don’t want to be caught with your pants down (possibly literally) on a vulnerable system after the Group FaceTime switch is turned back on.
How did this happen?
Apple has had an unusually large number of high-profile and embarrassing bugs of late, which has led many people to ask what has happened to Apple’s quality assurance process. This bug is no exception.
Worse, it appears that at least one person knew about the bug almost two weeks before the news broke, and had been trying to alert Apple.



It’s unknown at this point exactly which points of contact for Apple this person was using, so it’s entirely possible that the right people at Apple didn’t learn about it until they saw it on the news. Since Apple didn’t disable Group FaceTime until after the news broke, I would hope that this is the case. It would be far more concerning if the right people at Apple knew about the bug, but didn’t make the call to disable Group FaceTime.
What’s the takeaway?
Bottom line, at this point, there’s absolutely no reason to panic or to turn off FaceTime. If you turned off FaceTime, and you want to turn it back on, it’s safe to do so, as long as you don’t delay installing the next update. There’s no indication that FaceTime can be abused without having Group FaceTime available.
There will be some who cite this as a reason to delay installing system updates. They will say that you should wait and let others work out the bugs. However, this is questionable advice. If you stay on an old version of iOS or macOS, you are using a system that has known security issues. That’s a far riskier proposition than updating to a newer version of the system where there aren’t (yet) any known security issues. From a security perspective, you should always install updates in a timely fashion.

SOURCE

PIVOTING PEOPLE  2000 FREE LICENSES

Find the exact matching character among a bunch of characters created to confuse you. This requires a lot of attention to the finest details - like the colour of the hands, shoes or tie.
Difficulty
[*]Mix and match the settings to make this game easier or more difficult.
[*]Timed Mode -you have a limited amount of time to find the character (choose casual or expert)
[*]Click Mode - you can only make a limited amount of mistakes (choose casual or expert)
[*]You have to look very carefully - there’s only going to be 1 character that matches the one you’re looking for and the differences can be subtle - it could be just the colour of the tie that differs from the other characters.


:arrow: https://game.giveawayoftheday.com/pivoting-people/

About:
GoalEnforcer Visual Goal Setting Software.Set your Goals, Plan Faster and Accomplish More
How do you achieve your goals? Do you set a plan, establish focus, and then…never get around to actually achieving anything? If you’re on the hunt for a goal planning solution that actually works, look no further than today’s discount software promotion, GoalEnforcer Starter Edition!

GoalEnforcer Starter Edition is a visual goal planning application that empowers you to plan, maintain focus, and achieve goals faster and more effectively than any other method. With GoalEnforcer Starter Edition, you’ll be able to leverage the power of recursive visual thinking to bolster your productivity.

How easy is it to use GoalEnforcer Starter Edition? Just drag and drop virtual objects to establish and edit a goal achievement plan, then track your progress using color coding, status reports, and progress charts. There’s even a calendar view to remind you of critical dates, and a hyperfocus view to optimize your attention. You can even sent status reports emails and post progress charts to websites to keep your friends, family, and colleagues up to date!

More Info:
http://www.goalenforcer.com/

GP:
http://www.bitsdujour.com/software/goale...00-percent

Note:
Registration Info are not generic..Please login & get your unique key!

48 hours or less time remaining..

SERPstash Premium: Lifetime Subscription $29 $500.00 94% off

https://stacksocial.com/sales/serpstash-...dium=email
Page Builder Pro: Lifetime Subscription $39 $745.00 94% off

https://stacksocial.com/sales/page-build...dium=email
Hiveage Invoicing: Lifetime Basic Subscription $49.99 $1,740.00 97% off
https://stacksocial.com/sales/hiveage-ba...dium=email
Bizplan Premium: Lifetime Subscription $49 $99 $2,940.00 Price Drop!
https://stacksocial.com/sales/bizplan-pr...dium=email
PostFly Instagram Automation: Lifetime Subscription $39 $1,080.00 96% off
https://stacksocial.com/sales/postfly-ag...dium=email

Get A Chance To Join The Division® 2 Private Beta

AMD and Ubisoft have teamed up to bring you access to Tom Clancy’s The Division® 2 Private Beta! Sign up now for a chance to play The Division 2 Private Beta.*
Register to receive the AMD Gaming newsletter now for your chance to play to The Division® 2 Private Beta

Access to the game will be from 11AM EST on February 8, 2019 to 4AM EST on February 11, 2019

https://www.amd.com/en/gaming/thedivisio...06827924=1

Offcloud Download Manager: Lifetime Subscription
Unlock, Download & Backup Your Favorite Content on This Secure, Cloud-Based Solution

$49.99 $699.99 92% off

Description
Meet Offcloud, the cloud-based download manager that makes it easy to access and download your favorite content online. Offcloud lets you unlock and rapidly download content from blogs, media, BitTorrent, streaming or storage sites and securely back it up for access whenever you want. And, instead of shuffling downloads from your desktop to the cloud, Offcloud lets you automatically transfer any data from the web to FTP and popular cloud storage sites, like Dropbox. 

• Unlock & download any content found on blogs, media, BitTorrent, streaming or storage sites
  
• Download any content without worrying about speed & bandwidth limitations
  
• Securely backup your favorite online content to a private space & access it whenever you want
  
• Automatically transfer any data from the web to your remote space, such as FTP or cloud storage
  
• Use w/ hundreds of sites, including YouTube, Soundcloud & Vimeo
  
• Fetch data from .torrent & magnet links using the cloud-based BitTorrent client
  
• Convert any online pages into PDF documents or read-it-later HTML
  
• Enjoy dozens of tools, a reliable API & a world-class customer service to get the most out of Offcloud
  

• The nearly 750,000 registered users speak for the quality of the service....With its practical functions and its scope of features it is in our eyes one of the branch’s top services.
  

• Any device with a web browser
  

• Length of access: lifetime
  
• Redemption deadline: redeem your code within 30 days of purchase
  
• Updates included
  
• Version 1.0
  
• Max number of devices: 10
  
• Unlimited link generation
  
• Cyberlockers and file hosting sites
  
• Video streaming services
  
• BitTorrent links and magnets
  
• PDF and PocketHTML conversion
  
• Unlimited proxy bandwidth
  
• 30GB of monthly premium bandwidth
  
• 50GB of cloud space
  
• Generous fair use quotas
  
• Constant improvements
  

• Instant digital redemption
  

Firedrop - 100 GB of cloud storage for free

The Firedrop service allows you to store your files in the cloud, providing backup photos, documents and video content. Free account includes 100 GB of cloud storage, web access and applications for Windows and Android

To get 100 GB of cloud storage in the Firedrop service, follow these steps:

Register for a free account. https://firedrop.com/register.html
Confirm your email address (check your spam folder).
Use web access or install applications for Windows and Android

Quote:Good news today for people who want a premium software to create DVD from multiple video formats. DVDFab DVD Creator is a premium software running on Windows 10/8.1/8/7 (32/64 bit).  UniqueFREE and DVDFab will giveaways 10.000 license keys (ten thousands) to our readers and visitors all over the world. Thanks Rita Xu from DVDFab for this giveaways.

1. Like our fan page at here(optional)
   
2. Subscribe to our feed at here (optional)
   
3. (Require) Share this giveaways to your social account. Why? This is ten thousands license keys giveaways – why don’t help your friend get one free? After you share this post as public on your social account – a form will display allow you submit your name and email to request a free license key.
   

1. The form will send your request directly to DVDFab DVD Creator author, then they will send the license key to your e-mail. (It may take some time for them to send depend on number of requests).
   
2. The giveaways program will last for 7 days from today January 29, 2019
   
3. The license key is for one year only. You can renew the software or remove it after one year from the day you active the program.
   
4. Please leave your review/comment using the comment form below. (Depend on number of your comments on UF you will get a better rank and more gift from us in the future).
   

Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments.
The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous campaign’s attack volume, reported Juraj Janosik, senior software engineer at ESET, in a company blog post on Monday.
Janosik said that 52 percent of the Shade attachments ESET detected between Jan. 1 and Jan. 24 went to Russian addresses, while the next most targeted countries were Ukraine, France, Germany and Japan.
The phishing emails feature Russian subject lines and content that attempt to trick recipients into believing they have received order updates from legitimate organizations such as Russian bank B&N Bank and the retail chain Magnit. One sample email was supposedly sent from a company manager with details from an unspecified order.
The malicious JavaScript files are found within a ZIP archive file named info.zip or inf.zip. Opening the .js file unleashes a malicious downloader identified as 
Win32/Injector, which is downloaded from the URLs of legitimate WordPress sites that were previously compromised by automated bots using brute-force attacks. 
“Our telemetry data shows hundreds of such URLs, all ending with the string “ssj.jpg”, hosting the malicious loader file,” Janosik wrote.
The downloader subsequently decrypts and launches Shade, which is also known as Troldesh. ESET notes in its blog post that Shade has existed in the wild since late 2014, and encrypts “a wide range of file types on local drives” before presenting the victim with ransom instructions written in Russian and English.
Brad Duncan, a handler with the SANS Internet Storm Center, previously addressed this Shade operation in a SANS ISC InfoSec forum post that was published shortly after the October campaign was discovered. In the post, Duncan said that potential victims “would need to be on a vulnerable Windows host with poor security measures” in order to be infected by opening the malicious attachment.
Duncan said that upon analyzing the malware in his lab environment, he found that the host started generating Tor traffic, and then “checked its IP address and generated encrypted SMTP traffic to smtp.mail.ru.”

SOURCE

https://letscrackon.org/competitions/

https://gleam.io/vnOZZ/win-1-of-5-avast-...cluded-vpn

COMING SOON  Get it free in February 2019.


Native Instruments: KOMPLETE START Production Suite 

FREE PRODUCTION SUITE

• Produce and perform with over 2,000 studio-quality sounds – for free
  
• 15 pro-grade synths and sampled instruments, plus effects, loops, and samples
  
• Browse, preview, and play it all in your recording software with KOMPLETE KONTROL
  
• Available February 2019
  

About:
A game made in combination of arcade and easy-logic gameplay styles. You need to magnetize and connect all orbs with a same color in tasks for logic and fast reaction.

Features:
- 35 levels
- Soundtracks in various styles
- Eye-catching graphics
- Random schemes of level decoration



GP:
https://game.giveawayoftheday.com/magnetic-pairs/#

About:
A fascinating arcade puzzle game, performed in a style close to neon. You need to place all the blue rings on the red squares at the least number of moves.

Features:
- 60 levels
- 13 soundtracks
- Eye-catching graphics
- Random color scheme

GP:
https://game.giveawayoftheday.com/glowing-sokoban/#

What does ‘consent to tracking’ really mean?

Post GDPR, many social media platforms will ask end users to consent to some form of tracking as a condition of using the service. It’s easy to make assumptions as to what that means, especially when the actual terms of service or data policy for the service in question is tough to find, full of legal jargon, or just long and boring. Part of the shock of Facebook stories was in discovering just how expansive their consent to tracking really was. Let’s take a look at what can happen after you hit OK on a new site’s Terms of Service.
What we think they’re doing
Most commonly, users think that social media sites limit their tracking to actual interactions with the site while logged in. This includes likes, follows, favorites, and general use of the site as intended. Those interactions are then analyzed to determine a user’s rough interests, and serve them corresponding ads.
We asked some non-technical Malwarebytes staffers what they thought popular companies collected on them and got the following responses:
“Hmm I would assume just my name, birthday, trends in the hashtags I use, and locations I’m at. Nothing else.”
“As far as IG goes, I’m guessing they collect data on the hashtags I follow and what I look at because all the ads are home improvement ads.”
While these are common use cases for tracking, innovations in user surveillance have allowed companies to take much more invasive actions.
What they’re actually doing
The Cambridge Analytica reports were quite shocking, but in theory their data practices were actually a violation of the agreement they had with Facebook. Somewhat more concerning are actions that Facebook and other social media companies take overtly with third parties, or as part of their explicit terms of service.
In June 2018, a New York Times report revealed partnerships between Facebook and mobile device manufacturers allowed data collection on your Facebook friends, irrespective of whether those friends had allowed data sharing with third parties. This data collection varied by device manufacturer, and most were relatively benign. Blackberry, however, seemed to go beyond what most of us expect to be collected when we log in:


Facebook has been known for years to have somewhat creepy partnerships like this. But what about other platforms? Instagram has an interesting paragraph in its terms and conditions:

Does communications include direct messages? How long is this information stored, where, and under what conditions? It could be perfectly secure and anonymized, but it’s difficult to tell because Instagram is a little vague on these points. Companies tell us what they collect consistently but they don’t always tell us why or disclose retention conditions, which makes it difficult for a user to make a proper risk assessment for allowing tracking.
Outside of the Facebook family of products, Pinterest does some data sharing that you might not expect:
undefinedKudos to Pinterest for providing clear opt-out instructions.
A reasonable user might not expect that when consent to tracking connected with a Pinterest account, they would also agree to offsite tracking. Pinterest does stand out, however, by presenting well organized and clear information followed by simple opt-out instructions after each section.
What they might be doing
Most platforms that engage in user tracking do so in ways that raise concern, but are not overtly alarming. Abuses we’ve heard about tend to center on the tracking company sharing information with third parties. So what might happen if the wrong third party gains access to this data?
In 2016, a Pro Publica investigation was able to use Facebook ad targeting to create a housing ad that excluded minorities from seeing it. (This probably violates the US Fair Housing Act.) Using user data to discriminate in plausibly deniable ways predates the Internet, but the unprecedented volume of data collected makes schemes by bad actors much more efficient and easy to launch.
A more speculative harm is the use of tracking tags on sensitive websites. In France, a government website providing accurate information on reproductive health services was using a Facebook tracker. A “trusted partner” receiving user metadata, as well as which sections of the site that user clicks on, has the potential to be profoundly invasive. From a risk mitigation perspective, a user with a Facebook account might not have anticipated this sort of tracking when they initially consented to Facebook’s terms of service.

A common counter to complaints regarding user tracking is, “Well, you agreed to their terms, so you should have expected this.” This is arguably applicable to basic metadata collection and targeted ads, but is it reasonable to expect a Facebook user to understand that their off-platform browsing is subject to surveillance as well? User tracking has progressed so far in sophistication that an average user most likely does not have the background necessary to imagine every possible use case for data collection prior to accepting a user agreement.
What you can do about it
If any of the above examples make you uncomfortable, check out how to secure some common social media platforms using internal settings. If you want to implement additional technical solutions, browser extensions like Ghostery and the EFF’s Privacy Badger can prevent trackers from sucking up data you would prefer not to hand over.
Messenger services are a bit harder to transition away from, but not impossible. Signal is a well-regarded messenger app with end-to-end encryption, and a history of respecting user privacy. Alternatively, Wire can provide a more business-oriented alternative, with screen sharing, file sharing, and access role management.
Most important is to stay suspicious when accessing a new platform. No one can mishandle data that you never agree to hand over to begin with. Stay vigilant, stay safe, and enjoy your social media platforms knowing exactly how your data is being used.

https://blog.malwarebytes.com/security-w...ign=q4fy19

Quote:One year after the launch of Sophos Home Free & Premium, we are proud to announce that version 2.0 of Sophos Home debuts Wednesday, January 30th. It is the perfect opportunity to re-engage your audience about the benefits of the business-grade security for home you get with Sophos Home


What is new in Sophos Home Premium – PC


 
Artificial Intelligence
·         Originally created by data scientists at Sophos Labs for business customers. Now incorporated into the consumer offering – one of the first in the consumer cybersecurity space
·         Detects and blocks known and unknown malware in milliseconds
·         Predictive and intuitive, evaluates files before they even run and stops brand new, never-before-seen, “zero-day” attacks
Enhanced Real-Time Protection
·         Prevents cybercriminals from using un-patched vulnerabilities in your OS or apps as wide-open doors into your PC
·         Stops “trusted” apps from being controlled and inadvertently wreaking havoc on your system
·         Prevents rogue processes from capturing sensitive credential information, such as usernames and passwords, from memory
PLUS:
·         Scheduled Scans
·         Quarantine options
·         UI Enhancements
 
 


Key Messaging for Sophos Home Premium – Mac


 
Stop ransomware
·         Benefit: Protects your personal files and photos from being encrypted and held for ransom.
·         How we do it: Sophos Home Premium’s anti-ransomware technology observes all processes that interact with your valuable data. If we detect something unknown encrypting your data, we will terminate the action and roll back your data to a pre-tampered state.
 
Protect your privacy
·         Benefit: Blocks unwanted access to your webcam and microphone and stops apps from covertly sharing your personal information.
·         How we do it: Sophos Home Premium alerts you when an outside source is attempting to access your webcam or mic, giving you the option to allow or block the action. Plus, it leverages the vast Sophos Labs blacklist database to ensure you don’t inadvertently connect to dangerous phishing sites.

Quote:Password Depot is a powerful and very user-friendly password manager which helps to organize all of your passwords – but also, for instance, information from your credit cards or software licenses.
The software provides security for your passwords – in three respects: It safely stores your passwords, guarantees a secure data use and helps you to create secure passwords.
However, Password Depot does not only guarantee security: It also stand for convenient use, high customizability, marked flexibility in terms of interaction with other devices and, last but not least, extreme functional versatility.

• Best possible encryption. In Password Depot, your information is encrypted not merely once but in fact twice, thanks to the algorithm AES or Rijndael 256. In the US, this algorithm is approved for state documents of utmost secrecy!
  
• Double protection. You can secure your passwords files twice. To start with, you select a master password that has to be entered in order to be able to open the file. Additionally, you can choose to protect your data by means of a key file that must be uploaded to open the file.
  
• Protection against brute-force attacks. After every time the master password is entered incorrectly, the program is locked for three seconds. This renders attacks that rely on the sheer testing of possible passwords – so called “brute-force attacks” – virtually impossible.
  
• Backup copies. Password Depot generates backup copies of your passwords files. The backups may be stored optionally on FTP servers on the Internet (also via SFTP) or on external hard drives. You can individually define the time interval between the backup copies’ creation.
  
• and more
  

• Improved and modernized user interface.
  
• Improved performance on large databases with thousands of entries.
  
• New trial and freeware mode: The trial now works for 30 days without any restrictions. The freeware now has only one limitation: It can only be used with databases with max. 20 entries.
  
• Improved and reworked browser addons.
  
• Reworked password strength estimation with details on how the result was calculated.
  
• Reminder that the beginner mode is used to switch with reference to the expert mode.
  
• New actions for selected folders, such as search, print or export.
  
• Search results, Favorites or any folder can now optionally be exported as well.
  
• New entry type 'PuTTy connection' with support of protected sign-on.
  
• Revised database cleanup dialog box.
  
• The "Advanced Search" now also allows to search for entries with "History" and "Attachments".
  
• Offline mode: Databases from the Enterprise Server can now be conveniently used in the new offline mode, i.e. when the connection to the server is disconnected. If the connection to the server is renewed, an automatic synchronization takes place.
  
• New option to start the application with a time delay.
  
• Import options from numerous other password managers, as well as from old Password Depot databases themselves.
  
• Revised and improved online help.
  
• Assigned tags for better filtering of database entries.
  
• Options for displaying user name and password of the selected entry in Topbar.
  
• Improved Update Manager: Existing updates can now be installed with a single click.
  

Quote:InPixio Photo Clip 8.0 – the digital cutting tool – allows you to cut out any details, people, objects or even scenery from your photos and remove distracting details. 
Putting you back in control of your digital images.
You can also use these removed objects in other images to create photo-montages or collages. 
Allowing you to create impressive photo-montages!
The interactive assistant and tutorials will guide you enhancing all your photos!