Notebookcheck

Security

     restrict settings
additional restrictions: Security
The phased rollout of the Windows 10 Fall Creators Update is now complete. (Source: Microsoft)

Windows 10 Fall Creators Update (1709) is now fully available

The phased rollout of the Windows 10 Fall Creators Update has reached the final stage with it now being fully available to all Windows 10 computers.
HP Elitebook Folio 1040 G4 (FHD, 7820HQ) Laptop Review

87% HP Elitebook Folio 1040 G4 (FHD, 7820HQ) Laptop Review

Beauty and a beast. The EliteBook 1040 G4 now offers Intel's Core i7-7820HQ. The quad-core processor is quite a step up from most ultrabook CPUs, but how does it compare to more powerful devices and Intel's own 8th-gen Kaby Lake R silicon?
Intel Core i7-7820HQ | Intel HD Graphics 630 | 14" | 1.5 kg
Skype's new private conversations feature uses the Signal Protocol for end-to-end encryption. (Source: Signal)

Microsoft brings end-to-end encryption to Skype in collaboration with Signal

There were some fairly large privacy concerns that arose early in the life of Skype. Microsoft has tried to allay those fears in recent times, but the integration of end-to-end encryption using the open-source Signal Protocol is the strongest privacy move they've made to date.
The new AMT hack can bypass all known security measures. (Source: Anandtech)

Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom

F-Secure's security researchers discovered another flaw in Intel's Active Management Technology (AMT) that a hacker can potentially misuse to gain remote access to a system.
'Haswell' CPU owners are getting increased security at the expense of reliability. (Source: Overclock3D)

Intel 'Haswell' and 'Broadwell' CPU users complain of higher system reboots after applying Meltdown and Spectre patches

Users of older generation 'Haswell' and 'Broadwell' Intel CPUs are reporting of constant reboots after applying patches to address the Meltdown and Spectre vulnerabilities. Intel is looking at issuing a revised firmware to address specific issues related to these CPUs.
AMD chips are also vulnerable to Spectre. (Source: AMD)

AMD chips also vulnerable to Spectre exploit

AMD has revealed that its chips are also vulnerable to the Spectre exploit. Although not as vulnerable as Intel's chips, it is working with operating system vendors and developers to patch affected systems.
Google has pulled 63 apps found to serve up porn ads. (Source: PC World)

Google pulls 63 Android apps serving up porn ads

Google's Play Store has once again been beset with supposedly vetted apps hiding malware. On this occasion, 63 apps have been pulled from the Play Store after it was discovered they harbored malware serving up porn ads.
North Korean military parade, North Korean Android malware targets defectors and their supporters

North Korean malware targets defectors and their supporters

McAfee researchers recently uncovered a hacking operation that targets North Korean defectors and those who help them, using popular chat apps and social media services (Facebook included) to deliver malware to their Android devices.
Meltdown and Spectre threats could also hit Chromebooks with the exception of those with ARM processors

Meltdown and Spectre patches not coming to older Chromebooks

Although some ARM-driven Chromebooks do not need patching, there are also a few Chrome OS-powered notebooks that will not get any sort of protection from Meltdown and Spectre, including the Acer C7 and the Samsung Chromebook 5.
Another one. (Source: XDA-Developers)

OnePlus caught swiping user data again, only this time also sending it to China-controlled servers

OnePlus has been caught manhandling user data again, with a OnePlus 3T user on the OnePlus forums showing proof of his clipboard app sending data to an Alibaba-controlled server.
Microsoft blames the security update bricking systems on AMD. (Source: basstechintl)

Microsoft's Meltdown and Spectre security updates have been bricking AMD machines

Microsoft has halted some security updates for AMD-powered computers due to said updates apparently bricking people's machines. Microsoft blames inaccurate documentation provided by AMD.
The Gen 3 ThinkPad X1 tablet comes with a detachable keyboard and a Pen Pro stylus. (Source: Lenovo)

CES 2018 | Lenovo launches Gen 3 ThinkPad X1 tablet with larger 3K screen and updated specs

Compared to the Gen 2, the latest model integrates a bigger 13-inch IPS touchscreen with 3K resolution, CPUs updated to Intel's gen 8 Core i7 ULVs and extended security features including a fingerprint reader compatible with Windows Hello and an infrared sensor. Shipping will begin this January and MSRP starts at US$1,599.
...
Andy Rubin's Essential Phone gets January 2018 Spectre and Meltdown fix

Essential Phone gets Spectre and Meltdown fix

Although the Spectre and Meltdown vulnerabilities are quite serious and Microsoft already issued patches that take care of them, smartphone makers are not that fast. Surprisingly enough, Andry Rubin's Essential Phone is one of the first handsets to get a fix for the two problems mentioned above.
The new 802.11ax protocol will bring higher peak data rates and efficiency. (Source: Intel)

CES 2018 | Intel's new 802.11ax Wi-Fi portfolio promises 40% higher data rates and enhanced packet efficiency

Intel will be expanding its home Wi-Fi portfolio with new 802.11ax chipsets for 2x2 and 4x4 home routers. The new IEEE standard promises 40% higher peak data rates and increased average throughput in congested environments.
Verizon HQ in New York, Verizon acquires Niddel

Verizon acquires Niddel

Verizon decided to buy Niddel for improving its malware detection and response for enterprise customers thanks to the machine-learning-based automated threat hunting technology of the latter.
Intel purportedly knew of architecture vulnerabilities six months ahead of Coffee Lake launch (Image source: Intel)

Intel purportedly knew of architecture vulnerabilities months ahead of Coffee Lake launch

The PR blunders will likely haunt Intel for the rest of the year as fans ponder if the chipmaker could have delayed Coffee Lake even further to address the critical concerns at the silicon level.
Image: Computerworld.com

Apple devices are already protected against Meltdown without any hit to performance

With the massive vulnerabilities recently discovered in Intel CPUs, the main question on everyone's minds are when affected devices will be updated to guard against possible exploits. Apple is ahead of the game; apparently, the latest versions of their various operating systems protect against Meltdown, and a fix for Spectre is coming to Safari in the next f...
...
Linux Mint 18.3 running the Cinnamon desktop environment. (Source: Linux Mint)

Linux Mint 19.x 'Tara' to release in mid 2018

The next version of Linux Mint, Linux Mint 19, will release sometime in May or June this year. The popular Linux distro will be based on Ubuntu 18.04 LTS.
It is rumored that an embargo on the details of the flaw are due to be lifted later this month, after patches have been issued. (Source: Intel)

UPDATE | Intel hardware flaw will cause a drop in performance for kernel heavy processes once fixed

Updated with response from Intel. A security flaw has been found in the way that Intel processors from the last ten years handle kernel memory. The solution being implemented in the Windows and Linux kernels can vary from virtually no impact up to 20% or 30% for processes that involve a high number of kernel calls, such as writing to databases.
...
Spectre is more difficult to pull off, but it is harder to mitigate, as well. (Source: Google)

Microsoft releases emergency patches to address Meltdown and Spectre vulnerabilities affecting most current processors

Windows promptly released security updates for all the Windows 10 builds in ordered to fix the Meltdown and Spectre vulnerabilities discovered by the Google Project Zero team earlier this week. Although there have not been reports of exploited systems, Windows 10 users had better install the patch.
The Archive Poster Chrome extension has been caught mining cryptocurrency. (Source: Google)

Google axes popular Chrome extension for secretly mining cryptocurrency

Google has pulled Archive Poster from the Chrome Web Store. The Chrome browser extension was caught secretly mining cryptocurrency in the background whenever Chrome was open on an affected user's PC.
Honey Quest uses technology to target ads based on the user's viewing habits. (Source: NY Times)

Android games found tracking users' TV viewing habits

Many Android games have been found to track the user's TV viewing habits for displaying ads. The games use software from Alphonso that collects data from the phone's microphone, identifies the audio stream, and displays targeted advertising.
Nokia 2 cheap yet durable Android smartphone

Nokia 2 is more durable than expected

Although it can be acquired for just US$100 in the United States, the Nokia 2 has a frame and physical buttons made of metal that allow it to withstand more punishment than most competitors.
Downloads for the desktop version of Ubuntu 17.10 have been temporarily stalled. (Source: OMG! Ubuntu)

Ubuntu 17.10 'Artful Aardvark' burrows into PC BIOSs causing boot issues

The latest Ubuntu release has a bug in the Intel SPI driver in the Linux kernel that seems to be corrupting UEFI firmware on certain Lenovo and Acer laptops leaving users with no options to change UEFI settings or select an alternative boot method.
Eelo prototype software running on a LeEco Le2. (Source: eelo)

Eelo, the Google-less Android OS from the creator of Mandrake Linux

Eelo is a new non-profit project started by the founder of Mandrake Linux with the goal of creating a fully open-source smartphone environment (Android, associated software, and associated services). It is in the early stages but they already have some functioning Google-less prototypes.
LG has announced Android Oreo rollout for the South Korean market. (Source: LG)

LG V30 gets a taste of Oreo in South Korea sans Treble

LG has announced on its Korean website that it is rolling out Android 8.0 Oreo to its V30 handset. The update is currently rolling out in the Korean market but users have found that it does not support Project Treble.
No more 32-bit love from NVIDIA. (Source: Digital Trends)

32-bit NVIDIA drivers will soon be passe

The upcoming version 390 of NVIDIA's graphic driver will be the last to officially support 32-bit OSs. Barring a year's more time of security support for 32-bit drivers, all new features and enhancements will take the 64-bit route going forward.
Smartphone in smoke, the possible outcome of a Loapi Trojan malware infection (Source: Kaspersky Lab official blog)

The Loapi Trojan malware can blow up your Android phone

Android malware reaches a new high (or maybe "a new low," depends on how you see it) with the Loapi Trojan, a piece of code that can push the infected devices to the limit for mining Monero tokens until they blow up.
Keeper is being installed by default in new Windows 10 installations. (Source: User ToppestofDogs on Reddit)

Windows 10's included password manager can pose a security risk

A Google security researcher has discovered that the included third-party password manager in Windows 10, Keeper, comes with a security vulnerability that injects privileged UI into web apages that exposes a user's passwords.
The Vivo Xplay 7 will be the first smartphone to feature Clear ID. (Source: Forbes)

Vivo Xplay 7 will be first with under-screen fingerprint tech

The Vivo Xplay 7 has been revealed as the first smartphone to ship featuring under-display fingerprint authentication technology. Clear ID, developed by Synaptics, is twice as fast as 3D facial recognition systems like Apple's Face ID.
Mozilla in hot water after installing a browser add-on for some users without their permission

Mozilla in hot water after installing a browser add-on for some users without their permission

Some Firefox users recently found an unwarranted add-on installed in their browsers. The add-on, which is a page tool tied to the popular online show "Mr. Robot," was installed for some users that are a part of Mozilla's Studies program. While not malicious, the add-on was installed without the users' knowledge and raised some alarm from fervent Mozilla fans...
...
Under-display fingerprint tech coming from Synaptics in January (Source: Digtal Trends)

Under-screen fingerprint tech due January on flagship phone

A unnamed high-end smartphone will arrive with Synaptics new Clear ID under-display fingerprint authentication tech in January. According to Synaptics, the new technology is twice as fast as 3D facial recognition technology as featured on the iPhone X.
Pre-installed keylogger found in 460 HP laptop models in December 2017 (Source: Dash Force News)

More than 460 HP laptop models come with a pre-installed keylogger

Although this is not the first time it happens this year, HP has been caught red-handed once again. This time, the keylogger has been found in the Synaptics touchpad driver that ships with more than 460 HP notebook models.
Applications that misuse the accessibility service to add beneficial features for their users get a short pause from Google. (Source: JuralMin/Pixabay)

Google decides to re-evaluate whether they remove apps that misuse accessibility services, such as LastPass and Tasker

Google has asked developers whose apps use the accessibility permission to email them with how their app uses this permission to enhance user experience so that they can assess "responsible and innovative" use of the permission. While doing this they have put a pause on the 30 day 'modify or remove' notification they had previously given developers.
...
Spyware issues in late 2017 - Ethiopia spying on journalists

Commercial spyware is out of control

A fresh report published by The Citizen Lab revealed that Ethiopia, a country where less than 5 percent of the population has access to the internet, conducted a complex global cyber espionage campaign.
The Xiaomi Mi Notebook Pro.

PSA | Xiaomi issues BIOS fix for slow SSD performance in the Mi Notebook Pro

The Xiaomi Mi Notebook Pro suffered from less than ideal disk read and write speeds despite having a Samsung PM961 SSD onboard. A BIOS update is now available that enables full x4 bandwidth on the NVMe SSD PCIe lanes, leading to increased read/write speeds.
The primary use of the palm ID system would be an intuitive way to retrieve a forgotten password. (Source: Samsung)

Samsung could include palm ID system in future Galaxy phones

A recent Samsung patent describes how the palm scanner could help users remember forgotten passwords. The image of the user's palm features embedded incomplete characters that would appear random to other people, but could juggle the phone owner's memory into remembering the correct string.
Samsung Secure Wi-Fi VPN service (Source: SamMobile)

Samsung Galaxy Note 8 gets a VPN service with the latest update

Apparently as a response to the recently discovered (and patched) KRACK exploit, Samsung added a VPN service to the Galaxy Note 8. Known as "Secure Wi-Fi," this service encrypts all outgoing traffic to provide safe browsing while connected to unsecured public networks.
The Cherry MC 4900 is aimed at office and business environments that need extra security. (Source: Cherry)

Cherry outs the MC 4900 optical mouse with fingerprint reader

The MC 4900 mouse is designed to bring extra security to office and business environments through the integrated fingerprint reader. While the mouse has a modest 1375 DPI optical sensor, the fingerprint sensor is among the best capacitive sensing solutions on the market, with 508 DPI resolution, 12 FPS capture speed and AES128 USB encryption.
...
Logo of the Monero cryptocurrency, the main currency mined using the Coinhive browser-based miner. (Source: Monero)

New cryptomining exploit continues to use your resources even after the browser window is closed

Malwarebytes has identified the use of pop-under windows which contain a cryptomining script to bypass adblockers and continue to run even after the user has closed the visible browser windows.
Indian Intelligence Bureau calls out smartphone apps sending data to China

Indian Intelligence Bureau calls out smartphone apps sending data to China

The Indian Intelligence Bureau has directed its border troops to format their smartphones and delete a number of specified apps, citing the reason as a discovered data trail leading from these apps to China.
System76 Galago Pro Linux notebook

System76 to disable Intel Management Engine on its notebooks

While Intel is working with the big brands to patch the major security holes recently discovered in its Management Engine firmware, System76 plans to take it all to the next level by disabling IME entirely via a firmware update.
HP claims that customer privacy is very important and it only collects data with the consent of the user. (Source: HP)

HP releases official statement regarding spyware accusations

HP is dismissing all the allegations, claiming that Touchpoint Analytics only collects hardware data and sends it with the user's approval. The new version of the app did install itself without any user consent, but this was already covered by permissions given at the initial system install. LaptopMagazine tested the app and did not find anything suspicious ...
...
HP stealthily replace the older Touchpoint Manager with a Touchpoint Analytics Service app that is sending user data to HP's servers without consent. (Source: HP)

HP accused of spying on its customers through stealthy telemetry app

HP stealthily replaced the "Touchpoint Manager" app with a new version called "Touchpoint Analytics Service", causing full CPU usage on its clients' systems and syphoning user data.
They may take everything but never our freedom. Never our right to choose.

The fight for Net Neutrality is on...you should take action today

The US Federal Communications Commission is set to cast a vote that will repeal the Net Neutrality laws that keep the Internet fun for everyone. American or not, it's time you had a say in this matter. Let your voice be heard today.
Intel Core i9 processor retail box

A new set of Intel Management Engine vulnerabilities confirmed

Not long after a few security research groups discovered new vulnerabilities in the Intel Management Engine remote administration subsystem, the chipmaker confirmed these issues in a new security advisory that also lists other bugs that were located in its software tools.
Yet another Android exploit. (Source: Pixabay)

New Android security flaw allows screen recording without direct user permission

A security research firm has revealed an Android exploit which allows a rogue application to record all on-screen activity without the user's permission. This has been fixed in Android 8, but users on older versions are still vulnerable. Fortunately, the exploit works in a way which causes Android to create a notification in the status bar.
...
Smartwatches targetted at children, like the VTech Kidizoom, are now banned in Germany. (Image: VTech)

Germany bans smartwatches marketed at children

Children's smartwatches have been found to have glaring security holes, some of which can present a serious threat to the safety of the children that wear them. These security issues, along with privacy concerns, have led German officials to ban the sale of children's smartwatches.
Android Oreo has new APIs which help remove developers reliance on accessibility permissions. (Source: knd61/Pixabay)

Google's new security policy on accessibility features will limit or remove 'hundreds of good, useful apps'

The next stage of Google's push to improve Android security is putting a spotlight on applications which misuse accessibility features to add functionality that wasn't expressely designed to improve use for people with disabilities. Some popular apps affected include LastPass, Cerberus, and Tasker.
Amazon Key relies on a compatible smart lock, smart camera, and Amazon Cloud. (Source: Amazon)

Amazon Key lets couriers unlock your door when you're not home

Amazon has released their Amazon Key service which uses an Amazon produced smart camera, a smart lock from Yale or Kwikset, and the Amazon Cloud to allow delivery drivers to unlock your front door and leave your parcel inside.

Working For Notebookcheck

Are you a loyal reader of notebookcheck? Are you a techie who knows how to write? Then join our Team!

Especially wanted: 
German-English-Translator - Details here
Review Editor - 
Details here
News Editor - Details here

 

 

 

 

 

 

 

 

 

 

Tags

Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > Topics
Redaktion, 2013-05- 8 (Update: 2013-09-27)