Windows 10 News and info | Forum
March 26, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1] 2 3 ... 10
 1 
 on: Today at 04:15:41 PM 
Started by javajolt - Last post by javajolt
An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.

Researchers found that many of these pre-installed apps have access to very intrusive permissions out of the box, collect and send data about users to advertisers, and have security flaws that often remain unpatched.

On top of this, many pre-installed apps (also referred to as bloatware) can't be removed, and also use third-party libraries that secretly collect user data from within benign-looking and innocently-named applications.

The study is, by far, one of the most complex endeavors of its kind, and included both an analysis of device firmware, app behavior, and the internet traffic the apps generated.

THIRD-PARTY LIBRARIES

One of the first things that researchers spotted was the incessant use of third-party libraries (or software development kits --SDKs) inside many pre-installed applications.

While using an SDK to simplify the coding of basic tasks is commonplace in the web, desktop, and mobile development community, researchers noted that the most commonly encountered third-party libraries were all advertising and user tracking-related.

The research team said it found 164 different advertising SDKs inside nearly 12,000 apps and an additional 100 different analytics libraries inside almost 7,000 apps.



This suggests that a large chunk of pre-installed apps are tracking users right from the get-go, from the moment they turn on their brand new Android smartphone.

PROBLEMS WITH CERTIFICATES

The research team also found several hundreds of pre-installed apps that were signed with certificates that were either self-signed or featured an "Issuer" field that contained generic terms such as "Android" (115 apps) or "Android Debug" (42 apps).

Usage of this type of generic certificates prevented investigators from finding out who developed these apps that were being included with the devices they were testing.

Furthermore, some pre-installed apps were signed with certificates belonging to companies known to engage in user tracking --such as Adups, AccuWeather, or GMobi.

PERMISSIONS

Researchers also looked at the permissions these pre-installed apps received, and more particularly at "custom permissions."

The term "custom permissions" refers to a type of permission level for the Android operating system that is set up by phone manufacturers. Vendors create custom permission schemes in which they provide bulk access to various OS features for pre-installed or preferred apps.

"An exhaustive analysis of custom permissions [...] suggests (and in some cases confirms) the presence of service integration and commercial partnerships between handset vendors, [mobile network operators], analytics services (e.g., Baidu, IronSource, DigitalTurbine, and Facebook), and online services (e.g., Skype, LinkedIn, Amazon, Spotify, CleanMaster, and Dropbox)," the research team said.

"We also found custom permissions associated with vulnerable modules (e.g., MediaTek) and harmful services (e.g., Adups)."

Furthermore, researchers also identified six different versions of the Facebook app, three of which were never available through the official Google Play Store.

"According to users' complaints, two of these packages (com.facebook.appmanager and com.facebook.system) seem to automatically download other Facebook software such as Instagram in users' phones.



But in addition to custom permissions, researchers also discovered that many apps also had access to way too many "standard" permissions, which the pre-installed apps didn't necessarily use and theoretically would remain as an open door for future abuse.

For example, researchers found 55 pre-installed apps that were granted access to more than 100 permissions, with one app (com.cube26.coolstore) having access to 144 permissions, while another app (com.jrdcom.Elabel) having 145 permissions.

According to researchers, the most used permission among apps that also embed a third-party SDK is the permission to read system logs, followed by the ability to mount/unmount storage space, and the ability to install other apps.



EXPOSED APP COMPONENTS

Academics also looked at pre-installed apps that exposed their internal components to other apps via an Android inter-app communication mechanism known as "intent."

Researchers said that of the 82,501 apps they analyzed, 6,849 left internal components exposed to external queries by other apps installed on the same device, and, inherently, exposed all their functions and permissions to lower-privileged apps -- a well-documented attack vector.

USER DATA COLLECTION

The research team also took a fine tooth-comb to 3,118 pre-installed applications and analyzed the behavior of these apps and the data they were accessing.

Their findings found that the vast majority of pre-installed apps were coded to access device logs, get a list of locally installed apps, get network settings, or had the ability to run native code.



Further, researchers looked at what domains these apps communicated with. The results of this query weren't surprising, as most pre-installed apps reported back to advertising and analytics vendors such as Alphabet (Google's parent company), Facebook, and Amazon.



All in all, researchers said that nearly all apps that were capable of accessing and collecting user data were actively using this access to send data to third-party servers.

"We also observed instances of hardware and network fingerprinting capabilities, often collected under the term 'device capability,' and also analytics services that track the installation and removal of apps (notably news apps,such as those made by CNBC, The Daily Beast, Bloomberg, TechCrunch, and The Economist, among others)," researchers said. "More intrusive behaviors include apps able to collect and send email and phone call metadata."

PRE-INSTALLED MALWARE

The research team's analysis also revealed some edge cases. For example, researchers found instances of known malware in the system partition of some devices, mostly in low-end smartphones, but also in some high-end handsets.

"We identified variants of well-known Android malware families that have been prevalent in the last few years, including Triada, Rootnik, SnowFox, Xinyin, Ztorg, Iop, and dubious software developed by GMobi," researchers said.

In addition, researchers also found a secretive data collection service put inside a FOTA (firmware-over-the-air) update mechanism developed by Redstone Sunshine Technology Co., Ltd..

"This app includes a service that can collect and disseminate dozens of data items, including both user and device identifiers, behavioral information (counts of SMS and calls sent and received, and statistics about network flows) and usage statistics and performance information preinstalled package," researchers said. "We emphasize that the data collected is not only remarkably extensive but also very far away from being anonymous as it is linked to multiple user and device identities."

And last, but not least, researchers also identified 612 pre-installed apps that included factory/engineering-related code that granted the apps extremely deep access to the device and its operating system.

Most of these factory/engineering-related functions were harmless, researchers said, such as hardware tests, but some of the code could also root devices.

RESEARCH PAPER

"As we demonstrated in this paper, this situation has become a peril to users' privacy and even security due to an abuse of privilege, such as in the case of pre-installed malware, or as a result of poor software engineering practices that introduce vulnerabilities and dangerous backdoors," the research team concluded about the state of Android pre-installed apps.

"Despite a full year of efforts, we were only able to scratch the surface of a much larger problem," they added. "This work is therefore exploratory, and we hope it will bring more attention to the pre-installed Android software ecosystem and its impact on users' privacy and security."

More details about their research are available in an academic paper named "An Analysis of Pre-installed Android Software" that will be presented at the IEEE Symposium on Security and Privacy in late May 2019.

source

 2 
 on: Today at 03:08:32 PM 
Started by riso - Last post by riso
The European Parliament has voted to adopt the highly controversial Article 13 provision which would govern the production and distribution of content online under the auspices of increasing copyright protections. Tuesday’s move will update the EU's 20-year-old copyright rules and will govern audiovisual content, much to the dismay of many social media users who have already begun outpouring their grief online.
However the parliament said in a statement that sharing memes and gifs has been protected “even more than it was before” and they will continue to be available and shareable on online platforms.
MEPs passed the legislation by 348 votes to 274 Tuesday. Opponents had hoped for last-minute amendments to be made but their efforts were in vain.
Article 13 or ‘The Directive on Copyright in the Digital Single Market’ makes all platforms legally responsible for the content hosted and shared on their platforms.
The process of updating the bloc's copyright laws began in the European Commission two years ago, ostensibly to protect Europe's publishers, broadcasters and artists and guarantee fair compensation from big tech companies.
The onus will now be on tech companies to clamp down on content-sharing on their platforms, which will likely ensure yet more draconian policing of speech and content.
EU member states now have two years to pass their own laws putting Article 13 into effect.
Tech giant Google said that while the directive is “improved” it will still lead to legal uncertainty and will damage Europe’s creative and digital economies.
Critics have argued that the only way for Article 13 to be effectively enforced would be through the use of upload filters which automatically check content to see if it's copyrighted or not, at least in theory. However, the exact mechanics of such a system have yet to be fully debated and the potential for abuse is immediately clear.

What will it mean for our Forum and site is unknown for now but one thing is for sure it's a dark day for internet freedom.
riso

 3 
 on: Today at 01:51:16 PM 
Started by javajolt - Last post by javajolt
An early build of Microsoft’s upcoming Chromium-based Edge browser has recently leaked online.

This browser, which despite carrying the same name as it’s predecessor, will be built from a completely different foundation, and therefore, provide a completely refreshed experience for those who are already familiar with the current manifestation of Microsoft Edge.

This new browser is built on Chromium, powered by the Blink browser engine, whereas the old browser was powered by EdgeHTML.

The new Edge browser built on Chromium will eventually replace the old Edge browser in Windows 10. EdgeHTML, however, will continue to be a part of Windows as it’s a critical and heavily integrated component in many of Windows 10’s features.

User Interface

Running the new Edge browser for the first time, you’ll be greeted with a prompt asking you to import data from your previous browser, something that will certainly help smooth the transition for converts from other browsers. Right away, the UI looks like a blend between Google Chrome’s layout and subtleties, masked with the fonts and iconography of Microsoft’s Fluent Design language.

The new tab page looks a lot like Microsoft Edge on Android, with the Microsoft logo promoted at the top. The list of frequent sites is designed just like the frequent apps in the search UI from the latest Windows Insider builds. You can customize the layout of the new tab page from a hamburger menu in the corner. You can set the daily Bing wallpaper as the background, or bring back the informational page like in the current version of Edge.

Rounded corners and drop shadows are everywhere to be seen, which in my opinion make this new browser look even nicer than the current version of Google Chrome. It doesn’t quite feel as native as the old Edge browser, largely due to the lack of acrylic, highlight, reveal, and connected animations.

Those who are most familiar with Google Chrome will probably feel more at home with this new browser than people who’ve become accustomed to Microsoft Edge. For the mass majority of people, this will probably be a good thing. I expect that some of Microsoft Edge’s unique features will eventually make their way to the new browser.

Performance

Because this version of Microsoft Edge and Google Chrome are based on Chromium, they both perform more or less identically. Websites load quickly, and Google sites, such as YouTube perform exactly as you would expect on Chrome.

Page scrolling also performs exactly as it does on Google Chrome- not particularly well. It’s not terrible, but scrolling webpages with a precision trackpad or touch screen feel nowhere near as reactive and smooth as it does in the old Edge browser. It just doesn’t feel native. If there’s anything I hope Microsoft can bring over from the old Edge, it’s the smooth scrolling. Ultimately, however, the mass improvement in overall page performance probably outweighs the simple things like this.

Document Reading

Anyone who’s been following the Windows Insider program for the last couple years knows the amount of work Microsoft has put into the PDF and eBook experience in Microsoft Edge. It’s so good, I even coined Microsoft Edge the best document reader for your PC in my Windows 10 October 2018 Update video. The feature set is so thorough, the UI so organized, and the reading experience an absolute breeze. The new Edge Browser on the other hand… it’s not so great.

It would really be a shame if all the work put into Document reading in the old Edge browser went to waste. Opening and navigating large PDF files in the new Edge is difficult, and all the unique reading and markup tools are gone. ePUB files aren’t even supported, but I’m sure Microsoft already has plans for re-implementing these features. The Microsoft Store has an entire section dedicated to eBooks, so I’m not worrying yet. This is nowhere near a final product.

Websites as apps

Indicative of Microsoft’s push for the adoption of PWA’s, the new Microsoft Edge allows you to ‘Install’ PWA’s onto your device. On any website, you can open the Edge Menu, select ‘Apps’ from the list, and “Install” that app onto your device.

Doing so will pop the site out into its own Window, and add a shortcut to your all apps list on the Start Menu. Now, the website can be used just like any other app on your PC. Interestingly, Edge allows you to do this with literally any website, whether or not the site is a PWA.

Right now, it doesn’t seem like any websites will work offline even if ‘Installed’ through Microsoft Edge. Presumably, in the future, some web-apps may be able to work offline through this feature.

Microsoft Edge Insider

The new Microsoft Edge will presumably become available to Windows Insiders in the near future. The Microsoft Edge Insider sign-up page is and already has been open to all users for some time now. When the time comes, pre-release builds of the new Microsoft Edge, as well as an official statement on its progress will become available for everyone.

source

 4 
 on: Today at 10:09:12 AM 
Started by javajolt - Last post by javajolt
Apple released today security updates for iOS, fixing 51 vulnerabilities in version 12.2 of the operating system. The products impacted are iPhone 5s and later, iPad Air and newer, 6th generation iPods.

Products running tvOS - Apple TV 4K and Apple TV HD, which is based on iOS to a large degree, should be updated to 12.2 as they are also affected by 36 of the same vulnerabilities.

The list of patches covers a wide variety of bugs an adversary could potentially manipulate to obtain effects like denial-of-service, privilege escalation, and information disclosure to gaining root privileges, overwriting arbitrary files, or executing code of the attacker's choice.

19 issues reported in Webkit

Referring to a batch of serious memory corruption vulnerabilities addressed in iOS 12.2, Alex Stamos, reputed security professional, and former chief security officer at Facebook, noted that maybe Apple's big media events should not coincide with their round of bug fixes.



By far, most of the vulnerabilities were in Webkit, the web browser engine Apple uses in many of its products, including Safari, Mail, and App Store.

Most prevalent among them were memory corruption bugs that could be exploited to lead to arbitrary code execution via processing maliciously crafted web content.

Apple dealt with these errors by improving memory handling, state, and management.

Another memory-related problem, tracked as CVE-2019-8562, could be leveraged to allow a process to bypass sandbox restrictions. In this case, the solution was to improve validation checks.

Also affecting Webkit in previous versions of iOS is a flaw (CVE-2019-6222) that permits websites to access the microphone without showing any sign of the active state.

The same effect would be obtained through a separate bug (CVE-2019-8566) in ReplayKit component for recording or streaming video from the screen, and audio from an app or straight from the microphone.

Apple's list of security improvements for the current iOS release informs that an attacker could use two vulnerabilities for universal cross-site scripting (XSS) - CVE-2019-8551, and to learn sensitive user information (CVE-2019-8515).

Additionally, an adversary could take advantage of a different Webkit bug (CVE-2019-8503) that allows a website to execute scripts in the context of another website.

Kernel trouble and malicious SMS

Six issues affect the kernel in earlier iOS versions, which could cause a system crash or corruption (CVE-2019-8527), allow malicious apps to read memory layout (CVE-2019-8540, CVE-2019-6207, CVE-2019-8510), or gain elevated privileges (CVE-2019-8514).

Exploiting CVE-2019-7293 enables a local user to read kernel memory and extract sensitive information present there.

An interesting vulnerability reported by an anonymous researcher is CVE-2019-8553, which affects the GeoServices component.

Apple's brief explanation of its impact notes that an attacker could send the victim a "malicious SMS link" to obtain arbitrary code execution.

Apple's inventory of security patches is impressive not only because of the high number of problems being addressed but also through the seriousness of some of the vulnerabilities. Applying these updates should happen as soon as possible, as they pose significant risks to the security of the products they affect.

source

 5 
 on: Today at 10:01:30 AM 
Started by javajolt - Last post by javajolt
HTC Vive is one of a long line of virtual reality (VR) headset manufacturers that are building head-mounted displays (HMD) for business use, making a surprise announcement last month which unveiled the HTC Vive Focus Plus. Today, the company unveiled Vive Focus Plus pricing, availability, and some new features.



The standalone headset will be available from 15th April 2019 via HTC Vive’s official website for £639 GBP (exVAT) and in Europe will be bundled with Advantage (£115 exVAT) – which offers dedicated support and service utilities for Vive Enterprise products – an enterprise licence and 2-year commercial warranty for a total of £754.

An upgraded version of the original HTC Vive Focus standalone headset, the Plus version has new Fresnel lenses for improved crisper visuals from the single AMOLED display which boasts a 2,880 × 1,600 resolution. The headset also comes with new 6DoF controllers, enhanced comfort for longer use sessions, and support for the Vive Wave Platform.

There’s also the new multi-mode capability turning the Vive Focus Plus into a VR hub for multiple content sources,  compatible with PC VR, PCs/laptops, smartphones, game consoles, 2D video streaming devices, live 360 camera streaming and upcoming Cloud VR services.

“With the unveiling of these enhancements for Vive Focus Plus, the VR industry is taking a big step forward with this new generation of full-fidelity standalone VR devices enabling total freedom of interaction and freedom of connection,” said Alvin Wang Graylin, China President, HTC in a statement. “We’re thrilled so many developers and partners are supporting this product with exciting experiences across a wide range of use cases, showcasing  the incredible opportunity for VR/AR to enter all facets of our lives“



Vive Focus Plus will be initially sold in 25 markets worldwide, supporting 19 languages. For further updates keep reading VRFocus.

HTC Vive Focus Plus Specs:

• Display: 3K AMOLED (2880×1600)

• Processor: Qualcomm Snapdragon™835

• Audio: Built-in Speaker

• Tracking: Inside-Out

• Frame Rate: 75Hz

• Field of View: 110-degrees

• Battery: 4000 mAh

• Controller: 6DoF

• Data Connectivity: Wi-Fi® 802.11 a/b/g/n/ac

• Memory (RAM/ROM): 4/32 GB

• Connector: USB Type-C

• Charging: QC3.0

• Encryption: File-based (same security as Andriod Smartphone)

source

 6 
 on: Today at 01:02:17 AM 
Started by javajolt - Last post by javajolt
Sony has revealed a VR adaptation of Iron Man during today’s State of Play stream.

Coming in 2019, Iron Man VR is currently labeled as a PSVR exclusive. In the new game, you’ll be able to fight using the titular hero’s repulsor beams, unibeams, and fists.

Iron Man VR is in development by French studio Camouflaj. Known for the stealth-based Republique game, they sure have a decent track record.

Iron Man VR looks to be a fantastic time. As a fan of PSVR, I’m excited to see just what we can be treated to. Hopefully, the game is a lot more than what’s shown in the trailer.



With Avengers: End Game releasing next month, Iron Man VR may be the last we see of the hero for a while. Well, he’s probably going to pop up in Square Enix’s Avengers game, but I could die before that happens.

source

 7 
 on: March 25, 2019, 05:14:04 PM 
Started by javajolt - Last post by javajolt
A scheme to stealthily run video ads behind banner images drained users' batteries and data while they used popular Android apps.

Aniview denies any involvement and instead says the platform and banner ads and code, which were created by one of its subsidiaries, were exploited by a malicious, unnamed third party.

“BuzzFeed brought to our attention that there is an abuse activity, as an immediate action, we stopped this activity and started and continue an internal incident review,” said Aniview CEO Alon Carmel in an emailed statement. “We notified and emphasized our clients that the use of our platform must be according to our policy and the IAB and TAG guidelines.”

It’s just one of the many ways ad fraudsters siphon money out of the global digital advertising industry, which will see more than $20 billion stolen this year. This scheme in particular highlights once again how ad tech companies exploit insider access and technical knowledge to participate in ad fraud.

“I don’t even think about me being ripped off,” Julien told BuzzFeed News. “All I think about is them damaging the app’s reputation. It can cost money to [a user] and drain his battery. This is the thing that makes me really mad.” (BuzzFeed News agreed to withhold his full name and the name of his app due to concerns about people wrongly thinking it was knowingly part of the scheme.)

Here’s how the scheme works. Julien sells a banner ad, which appears in the app and is visible to his users. Then, hidden from view behind that banner, fraudsters conceal autoplaying video ads that no human being actually sees, but which register as having been served and viewed. In this scenario, Julien gets paid for the small banner ad in his app that users see, but the fraudsters earn many times that amount by stuffing far more lucrative video ads behind the banner. Ultimately, it’s the brands whose ads were shown in hidden video players that lose money to those running the scheme.

“Fraudsters are purchasing cheap in-app display inventory and are filling it with multiple video players behind innocuous fake branded display ads,” said Asaf Greiner, the CEO of Protected Media.


A breakdown of how the scheme works-click to enlarge

This type of ad fraud is known in the industry as in-banner video ads and has been documented in the past. Greiner’s team identified a new version of it last fall and said in total they’ve seen tens of millions of dollars' worth of fraudulent video ads running per month as a result.

The ad fraud lab run by DoubleVerify, a digital measurement company, identified the same in-banner video ad fraud scheme at the end of last year, according to Roy Rosenfeld, the company’s VP of product management.

He told BuzzFeed News the fraudsters “did a very good job at hiding and obfuscating what they were doing” and were “quite sophisticated in the thinking behind how they can monetize that
[video] inventory.”

DoubleVerify saw at least 60 million ad calls being made for fraudulent video ads per month, though Rosenfeld noted that not all of those ad slots were filled.

Aniview and its subsidiary, OutStream Media, were identified by Protected Media as being part of the scheme after the fraud detection firm gathered and analyzed video evidence, code, and other information during an investigation.

Rosenfeld said DoubleVerify’s investigation identified that “the Aniview player was heavily driving” the fraudulent video ad activity. He said his team identified the same code and other materials as Protected Media had.

Carmel, of Aniview, told BuzzFeed News that his company “does not knowingly engage in any fraudulent activity” and said his team has been trying to stop this activity on their platform since they were the first contact by Protected Media last month. He acknowledged that OutStream Media, the company identified by Protected Media, is a subsidiary of Aniview. But he said it had ceased operations last summer and that Aniview is in the process of legally shutting it down. He said the ad fraud documented by Protected Media and DoubleVerify was done by bad actors using the Aniview video ad platform, as well as images and code created by OutStream Media, in an unauthorized way.

“To be crystal clear, another customer on Aniview’s [self-serve] platform used this [video ad] player and is responsible for this activity and we took actions immediately to stop this activity,” he said.

“We are fighting against bad activities, pushing and focus on clean and legit activities and should not be blamed or framed for bad use of our platform."

Carmel could not say who this bad actor was or how they managed to gain access to content that was uploaded to an OutStream Media account on Aniview’s platform. He declined to identify the malicious actors or to share any details about them. He also acknowledged removing the photos and names of people, including his co-founder, Tal Melenboim, from Aniview’s website after being contacted by BuzzFeed News.

Two of the removed employees had leadership roles with OutStream Media in addition to their work at Aniview. Carmel, who previously co-founded the popular Jewish dating site Jdate, said they left the company to pursue other interests at the end of last year, and he neglected to remove them from the Aniview team page.

Carmel was provided with a copy of the malicious code used to place the banner ads and hidden video players. In addition to using the Aniview platform and banner ads from OutStream Media’s account on it, this code included the URL shoval.tv as a tracking pixel to gather data on ad performance. Shoval.tv is a domain name owned by Aniview cofounder Tal Melenboim. In an email to BuzzFeed News, Melenboim denied any involvement.

Carmel said the fraudsters must have copied the part of the code that included Shoval.tv from an earlier OutStream demo and said Shoval.tv is commonly used as a tracking URL by Aniview. The inclusion of this code means that only a person with access to shoval.tv would be able to track the performance of the fraudulent ads carrying this pixel.

Protected Media also found that a significant portion of the banner ads purchased for this scheme was bought using MoPub, the mobile ad network owned by Twitter. This does not mean MoPub was engaged in the scheme. But it does mean Twitter’s ad platform was exploited for months by fraudsters, and it earned commission on the ads bought using its tools. (Julien uses MoPub to help place ads in his app and says the company is responsive when he reports bad ads.)

“At this time, we can confirm that the suspicious activity in question is not being initiated by MoPub,” a company spokesperson told BuzzFeed News. “The activity observed by Protected Media stems from an ad that is initiating other non-viewable video ads to run in the background. We are currently investigating what the potential sources of the issue could be.”

This scheme illustrates one of the central challenges in reducing the massive, multibillion-dollar fraud problem in digital advertising: Nearly every player in the supply chain, except for the brands who spend money on ads, profits from fraudulent ad delivery. Even if they’re not involved in ad fraud, platforms such as ad networks and other intermediaries earn a share of the money spent on invalid ads. This creates a disincentive to stop fraud from taking place, according to Greiner.

“It’s an unfair kind of situation because anybody who behaves well and doesn’t allow this on their platform is being left out of the profit,” he said, adding that “there’s very little penalty and there’s a lot to gain — the numbers are just enormous.”

Investigating the scheme

Protected Media first detected the use of hidden video ads in October. Though not a new ad fraud technique, the company saw this iteration grow large enough that it warranted a closer look. After seeing which video players were being used to run the hidden ads, and which ad networks the fraudsters were buying the display ad from, Protected Media reached out to the relevant parties, including Aniview, last month. (Rosenfeld of DoubleVerify said it also identified the scheme late last year and began blocking it.)

Protected Media provided BuzzFeed News with video documentation of invalid video ads running behind banners that were created by OutStream Media, Aniview’s subsidiary. These video ads were served using Aniview’s platform and the banner ads were hosted on Aniview’s website with an account in OutStream Media’s name. This demonstrates a direct link between OutStream Media and the banners that were placed in apps such as Julien’s.

Protected Media also identified that the shoval.tv domain name owned by Aniview cofounder Tal Melenboim was used to track the performance of the fraudulent ads, adding yet another link to Aniview.

Given that information, Greiner believes “Aniview is the group who left no room for deniability — the others can claim ignorance.”

After BuzzFeed News first contacted Aniview, the company removed the LinkedIn page for OutStream Media and deleted people from the Aniview team page on its website. Two of the removed people were Melenboim, who had previously listed himself as the founder and CEO of OutStream Media on his LinkedIn, and his wife Mazal Melenboim, whose LinkedIn lists her as the head of media operations for Aniview and the head of operations for OutStream Media.

Carmel said the couple left Aniview at the end of last year and praised Tal Melenboim as a “reputable professional” who was “an asset to Aniview during his many years of employment.”

Tal Melenboim told BuzzFeed News in an email that he and his wife are not involved in any illegal activity. “It is important for me to point out to you, that if you got the impression that Aniview/Outstream Media or someone from our team, including me or my wife, is involved in an act of not legit activity, it is simply far away from the truth.” (Melenboim said that Carmel’s English is better than his and that as a result specific questions should be directed to him.)

Carmel said the Melenboims were removed from the company website at his direction after being contacted by BuzzFeed News and said it was an oversight that they were still on the site. He offered to provide a letter from the company’s legal counsel to testify to the fact that the Melenboims had not worked at Aniview since the end of last year. He also said other employees were removed from the company’s team page at the same time.

After BuzzFeed News emailed Carmel two links that showed the scheme was still active on his platform, the activity was quickly shut off. He said that was a result of his company being given the information necessary to shut it down.

One of the links BuzzFeed News provided to Carmel went to a page at play.aniview.com/outstreammedia/ that hosted the banner ads used in the scheme. These banners were generic images for companies and products such as Coca-Cola, M&M's, McDonald’s, and Disney. If a user clicked on them they were taken to the homepage of the Google Play Store, showing that they were not real ads.


The banner ads used in the scheme[/size][/float]Carmel said these images belonged to OutStream Media and were created as test images when the company was operational last year. He said someone used these images without permission to execute the fraud.

“The banners were ONLY used for reach media demos of outstream units,” he said in an email. “After seeing in your email that someone used our banner without our permission we removed it from our server. Thank you for pointing it out.”

Ultimately what Carmel claims is that an unknown bad actor created an account on his platform, and then used banner ad images created by his subsidiary to execute the fraud scheme. He declined to share information about the bad actor’s account, citing legal concerns. He also couldn’t say exactly how this actor knew about banner ads uploaded to the account of OutStream Media — a company Carmel says was only briefly operational last year. He suggested one of the organizations OutStream had previously tried to pitch its services to was involved.

“The demo page of Outstream units was public and as well have been sent to many potential customers (BTW, one of them was Buzzfeed),” he said in an email. Carmel did not provide contact information for the person at BuzzFeed he says received the OutStream pitch. He did provide screenshots of email templates that were sent to prospective clients in May of last year that included a link to a demo.

Carmel says the same bad actor must have copied the OutStream tracking code that included shoval.tv, the domain owned by Melenboim. This means the fraudsters were sophisticated enough to set up and manage the scheme, but would have left in a tracking pixel that prevents them from receiving performance data on their ads.

Greiner of Protected Media said several ad tech companies engaged in or facilitated this form of fraud. Aniview was the one they gathered the most convincing evidence about. Others continue to run the scheme after being contacted by Protected Media, and in at least one case an executive from an involved company even complained about being called out.

“One of them spoke to my VP of sales and said everybody does it, why are we picking on them,” Greiner said. “It’s something we hear too often, unfortunately.”

source

 8 
 on: March 25, 2019, 12:46:44 PM 
Started by javajolt - Last post by javajolt
Google Chrome and Chromium-based Vivaldi and Opera already support Picture in Picture mode where the user will be allowed to view a video on top of other windows in a mini window. Since new Microsoft Edge powered by Chromium now available is in version 75, it also supports PiP and you don’t need to enable any flag for it to work.



Picture in Picture mode in Microsoft Chromium Edge

1. Launch new Microsoft Edge browser

2. Visit YouTube

3. Play any video, right click on video two times and select “Picture in Picture”

4. You’ll see the video playing in PIP mode with back to tab option in new Edge browser

Apparently, there are related flags –Enable Picture in Picture and Enable the use of SurfaceLayer objects for Videos – for PiP in edge://flags which you don’t need to think about much, but you need to enable them if Picture in Picture doesn’t work in Edge browser.

At present, Mozilla is also working to bring Picture in Picture mode to the Firefox browser, you can test it in Nightly version.

source

 9 
 on: March 25, 2019, 10:24:12 AM 
Started by javajolt - Last post by javajolt


To further increase privacy, Telegram announced today that they have added a feature that allows users to delete any message in a one-on-one chat and have it be removed from both chat user's devices.

When Telegram first introduced the "unsend" feature, users were able to remove any message they sent within the last 48 hours from both devices. To further protect user's privacy, Telegram now allows you to delete any message, no matter how old, in a one-on-one chat and have it be removed from both the sender and recipient's device.

To use this feature, just tap and hold a message until the Delete option appears. Once you click on the Delete option, you will be asked if you want to delete the message for from your own chat or on both devices.



"Today, we are giving hundreds of millions of users complete control of any private conversation they have ever had," Telegram stated in a blog post. "You can now choose to delete any message you have sent or received from both sides in any private chat. The messages will disappear for both you and the other person – without leaving a trace."

For further privacy, Telegram is also introducing anonymous sending, which strips the link back to the original account profile of a forwarded message. This removes any verifiable method that shows a forwarded message came from a particular account.



Other features announced today include settings and emoji search field and the VoiceOver on iOS and TalkBack on Android accessibility features.

source

 10 
 on: March 24, 2019, 10:12:09 PM 
Started by javajolt - Last post by javajolt
Over the weekend, a leaked build for the Chromium-based Edge browser has been released that is providing users with their first look at the upcoming browser from Microsoft. If you are currently using Chrome, the reports indicate that this Edge preview browser feels, performs, and basically has the same features.

Microsoft has been quiet regarding their upcoming Microsoft Edge Insider browser, but a slow trickle of leaks has provided a bit more information. With this leaked build, though, users get their first full look at the upcoming Edge browser, which from all reports feels like it has the best chance of putting a dent in Google Chrome's market share.

While many people are concerned that Microsoft switching to Chromium could put all the control into Google's hands, when it comes to desktop operating systems, this may have the reverse effect.

As Windows dominates the desktop/laptop OS market and if Edge performs and offers the same features as Chrome, including full access to Chrome's extensions, many users may just use Edge instead. This could offer more control to Microsoft who may be able to influence how the browser is developed and what new web standards are pushed.

This may not be a good thing for other browser developers, such as Firefox or Opera, at least it could spread some of the control among multiple organizations.

Taking a look at the Microsoft Edge 75 Browser

The leaked Edge build is based on Chromium 75 and has an internal version of 75.0.107.0, which is slightly behind Chromium's Canary version of 75.0.3744.0.  When started, Edge will ask if you wish to import data such as favorites, autofill information, and history from Chrome.



Users who have tested the leaked build have also stated that browser performs really well when browsing the web and that it is more than ready for public preview.



Microsoft has modified the layout of the browser to make it feel more like a Microsoft application. For example, the Settings pages have a left-hand navigation bar similar to other Windows 10 apps.

Microsoft also included their own services into the browser. For example, Google Safe Browsing has been removed in favor of Microsoft's SmartScreen.



Edge supports Chrome Extensions

In addition to setting up a dedicated Microsoft Extension store, Edge also allows users to enable the installation of extensions from Chrome's web store. While they state that these extensions are unverified as a warning, and rightfully so with the Chrome Web Store's track record, it does provide an enormous pool of extensions that users can install right from release.



New Edge specific experimental flags

In addition to the normal features that come built into Chrome 75, Microsoft has also added their own experimental flags to the edge://flags screen.



The new flags found in Edge 75 revolve around specific Microsoft technologies such as Fluent, PlayReady DRM, Edge Reading View, and more. A list of the known new experimental flags are listed below:

Enable CDM Override Service

Enables a service to override the specific CDM supported for certain sites by a value supplied by Microsoft. – Windows
#edge-cdm-override-service

PlayReady DRM for Windows 10

If enabled, Edge will use PlayReady DRM for the com.microsoft.playready key system. This feature requires Windows 10. – Windows
#edge-playready-drm-win10

Fluent Controls

If enabled, HTML forms elements will be rendered using an alternative style to align with Microsoft's design language to improve touch and keyboard accessibility. – Mac, Windows, Linux
#edge-controls

Microsoft Edge theme

Use a light or dark theme (based on OS preferences) in your browser – Mac, Windows
#edge-follow-os-theme

Enable installation of extensions from Microsoft Store

Enables installation of browser extensions from Microsoft Store – Mac, Windows, Linux
#edge-installation-of-extensions-from-microsoft-store

Microsoft Edge Reading View

Enables Reading view in Microsoft Edge – Mac, Windows, Linux
#edge-reading-view

source

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page Today at 04:51:47 PM