Google: timeline for distrusting all Symantec Certificates in Chrome

Google published a timeline recently on the Google Security blog which highlights the timeline for dropping support for Symantec-issued certificates in Chrome.

The company plans to drop full support in Chrome 70, but will distrust certificates that were issued before June 1, 2016 as early as March 15, 2018 (Chrome 66).

The core of the issue surrounding Symantec certificates — the business operates under brand names such as VeriSign, Thawte, Equifac, RapidSSL or GeoTrust — is that Symantec “entrusted several organizations with the ability to issue certificates without the appropriate or necessary oversight” according to Google.

symantec certificate google chrome firefox

Symantec was aware of these security deficiencies, and incidents in the past showed just how bad it was. In 2015 for instance, certificates were created covering five organizations including Google and Opera without the knowledge of the organizations involved.

Symantec came to an agreement with DigiCert under which DigiCert will acquire Symantec’s website security and PKI solutions business.

Google plans to remove trust from all Symantec-issued certificates in Chrome in the coming year. The company published a timeline that highlights the most important dates of the process.

  • October 24, 2017 — Chrome 62 Stable — Chrome highlights if a certificate of a site will be distrusted when Chrome 66 gets released.
  • December 1, 2017 — DigiCert’s new infrastructure will be “capable of full issuance”. Certificates issued by Symantec’s old infrastructure from this point forward will cease working in future updates. This won’t affect certificates issued by DigiCert.
  • March 15, 2018 — Chrome 66 Beta — Any Symantec issued certificate before June 1, 2016 is distrusted. Sites won’t load but throw a certificate alert instead.
  • September 13, 2018 — Chrome 70 Beta — Trust in Symantec’s old infrastructure is dropped entirely in Google Chrome. This won’t affect DigiCert issued certificates, but will block any site that uses old certificates.

Chrome users cannot really do anything about this, as website operators need to switch to a certificate that is still trusted by Google as early as March 14, 2018. The only option that users of the browser have is to let website operators know about certificate issues should they not be aware of this.

Mozilla will match the dates proposed by Google earlier according to a post by Gervase Markham on the Mozilla Dev Security Policy group.

Webmasters who run sites with Symantec certificates need to add new certificates to their web properties before the deadline to ensure continued access to those properties. One option that webmasters have is to use Lets Encrypt which offers free and automated certificates.

Summary

Article Name

Google: timeline for distrusting all Symantec Certificates in Chrome

Description

Google published a timeline recently on the Google Security blog which highlights the timeline for dropping support for Symantec-issued certificates in Chrome.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand.You can follow Martin on Facebook, Twitter or Google+

Problem with FB timeline

Hey Reddit I have an issue with Facebook since 2 weeks. Actually all pages I like have disappeared from my timeline. I only see posts of my friends and that’s it. Try to check my settings but I have not found anything and I did not change it. I used Facebook to check articles but now everything disappeared except my friends’ new post. Any idea?

Xbox One’s Twitter App Now Lets You See Your Timeline While Watching Videos

The Twitter app for Xbox One has received an update and the application now allows users to see their own timeline while watching videos. Apart from this, the app now supports 360-degree live videos as well and allows users to watch two live streams at the same time as well. Separately, Microsoft is now planning to ease up the banning system on Xbox Live.

First talking about the Twitter app for Xbox, earlier users could see the top comments about a particular video while watching it, with “Multi-timeline viewing” feature, users will be able to see their timeline as well as a wide range of commentary from a variety of accounts, as per the update log. Apart from this, users will now be able to see two live streams with picture-in-picture mode at the same time and have the option to toggle between the two.

With ‘Global live video selection’ feature, users can click at any place from the globe and get to see the live videos from that region with their app. Engadget points out in its report that the company has further added the option to stream 360-degree live videos to the app with latest update as well.

Finally coming to the Xbox Live banning system, Microsoft’s Xbox vice president Mike Ybarra has explained in a Battle.net forum post that the company will be changing the Xbox Live reputation system to improve user experience. In his post, Ybarra said that on the basis of the feedback from players from different multiplayer games, including competitive ones like Overwatch, the company is going to change the way reports affect players’ ability to join and play multiplayer games.

“In short, we’ll change it so that it will have no impact on a player’s ability to join and play multiplayer. It could still impact a reported player’s (this takes many reports over time, not just a few) ability to communicate with non-friends in multiplayer games, but it won’t prevent them from playing,” Ybarra said. The changes are expected to be made later this month.

How hateful alt-right trolls hijacked your timeline

Not surprisingly, the paper found that “Computational propaganda flourished during the 2016 US Presidential Election.” Tell us Americans that and we’ll remind you that bears make fecal deposits in the woods. We know, we knew, we saw it coming a mile away (but had no idea how to stop it). The same was true during the 2016 UK Brexit referendum, where political bots played a strategic role in shaping Twitter conversations and keeping pro-Brexit hashtags dominant.

The paper noted these incidents, and a few more. It found that automated posting accounts, combined with fake news and troll armies and harassment campaigns, have re-imagined the art and practice of authoritarian soft power in the 21st century.

Our “Facebook president”

The researchers wrote that Facebook plays a critical role in grooming young minds with political ideology because companies “such as Facebook, are effectively monopoly platforms for public life.”

Add Facebook advertising to the computational propaganda mix, and you’ve got a mind-blowing toolset for emotionally manipulating people — without their knowledge — into believing, saying, and fighting for whatever you want.

The Oxford paper concluded that “Computational propaganda is now one of the most powerful tools against democracy.”

One thing we’ve learned in the past few years is that the core messages of political propaganda on social media are driven by humans. Their job is to cover up for people in power, motivate and empower harassment, and make us too discouraged to do anything about their wrongdoings. In case you’re wondering, the people at the bottom of the propaganda chain know exactly what they’re doing.

Some love their jobs, others do not. In 2015, one of Russia’s professional trolls went to press detailing her role in making people think the murder of Russian opposition leader Boris Nemtsov was at the hands of his own friends, rather than by government hitmen, as is widely suspected. “I was so upset that I almost gave myself away,” Lyudmila Savchuk said to press.

The paid pro-government trolls work in rooms of 20; it was reported in 2015 that their numbers are in the thousands, making posts and comments all day, every day. Upon leaving, Savchuk said her goal of going to press with documentation, including video, was to get it closed down,” she told The Telegraph. “These people are using propaganda to destroy objectivity and make people doubt the motives of any civil protest. Worst of all, they’re doing it by pretending to be us, the citizens of Russia.”

Another ex-propaganda troll, Marat Burkkhard, was assigned to spreading racist memes about public figures like President Obama. It’s enough to make one wonder more about America’s rise in open racism online. “The most unpleasant was when we had to humiliate Obama, comparing him with a monkey, using words like darkie, insulting the president of a big country,” he said.

“I wrote it, I had to.” Saying he quit for his own sanity, he added, “if every day you are feeding on hate, it eats away at your soul.” He also noted that in his particular propaganda factory, his office seemed split 50-50 in how everyone felt about what they were doing: half were racist patriots, and the rest were just in it for the money.

That was all before the US election, and what became known as Trump team’s super-obvious social media influence campaigns.

The new golden age of propaganda began much earlier than Brexit or 2016’s American presidential disaster. Last year, Leo Benedictus revealed that troll political armies could be had for the right price in a range of countries that included Russia, Israel, Ukraine, UK, North Korea, South Korea, and Turkey. He wrote, “Long before Donald Trump met Twitter, Russia was famous for its troll factories – outside Russia, anyway.” He explained:

Allegations of covert propagandists invading chatrooms go back as far as 2003, and in 2012 the Kremlin-backed youth movement Nashi was revealed to be paying people to comment on blogs. However most of what we know now comes from a series of leaks in 2013 and 2014, most concerning a St Petersburg company called Internet Research Agency, then just “Internet Research”. It is believed to be one of several firms where trolls are trained and paid to smear Putin’s opponents both at home and internationally.

Okay, so we get that troll armies and their bots do propaganda stuff to make politicians look bad. But what happens when they go after regular people? Or, like in the US now, end up with an entire resistance movement?

We get a clear picture by looking at what Russia’s government did to its resistance during the country’s 2011-2012 elections for president and Duma (its lower house of parliament). Just a couple of months before this week’s Oxford paper came out, a more instructive study on social media propaganda was published, called Communication power struggles on social media: A case study of the 2011–12 Russian protests.

When people started to mobilize and place calls to action on social media and blogs, Putin’s patriotic hackers DDoS’d every site possible, including LiveJournal, where the government was already running its posting and commenting campaigns. Those they couldn’t disable with traffic overload, like Twitter, they attacked with other means.

How? By manipulating people’s perceptions and emotions about the resistance, according to the paper. “Our analysis suggests that, in particular, the Russian government successfully used Twitter to affect perceptions of the oppositional movement’s success and legitimacy,” the researchers wrote.

This included “diminishing and discrediting the resistance,” (like insisting on low turnout numbers for protests) but also by “exaggerating, enthusing, and claiming broad public support” for pro-government … well, everything. They also elevated — through creating an appearance of popularity — certain players to be spokespeople for the propaganda topics of the day.

Finally, they created a culture of fear that encouraged people to self-censor.

“Spiral of silence”

The researchers noted how support began on Twitter for anti-corruption and anti-Putin resistance in December 2011, but that widespread delegitimization for the movement (as well as belittling), and visibility of pro-Putin messages shifted that conversation by January 2012. In addition, “Critical voices were discredited and political elites were represented as legitimate.”

The Russian regime’s anti-resistance messaging made it seem “indisputable that Putin enjoyed broad support among Russians,” and so “the protest movement began to dissolve quickly.” The paper said:

Our analysis highlights that the growing feeling of futility and disillusionment affecting the oppositional movement more broadly was clearly reflected on Twitter in the weeks leading up to the presidential election. With the political discourse on Twitter beginning to noticeably shift in favor of the Putin supporters, oppositionally minded people on Twitter may have started to slide into a so-called “spiral of silence”.

They perceived their political view to be in a shrinking minority, finding insufficient resonance in the discourse on Twitter, and gradually stopped to speak up, turning rather inward in growing self-doubts and disillusion.

They also distributed their messages well, reaching tons of people — which is social media advertising’s core promise, we should note. I think now we’re starting to see exactly why Facebook’s emotional manipulation activities are a threat to democracy in line with the Oxford study’s conclusion about computational propaganda.

In the 2011 example, the Russian government, with all its resources, was far more effective at influencing people on Twitter than those who dared question the people in power.

In conclusion, the researchers wrote:

In the end, no matter how much “real” support Putin had, our analysis of the political discourse suggests that the perceived support had a real effect on the opposition and general public on Twitter. This shows that regardless of the promises that new digital technologies hold in terms of empowerment of marginalized or weaker (political) actors, these technologies are still part of the overall system of power—in particular, uneven resource distributions—and may therefore still be utilized by governments in their favor.

In other words, our study empirically confirms that indeed “whoever has enough money, including political leaders, will have a better chance of operating the switch in its favour.

It looks like a blueprint for what’s happening on American Twitter day and night right now. Though compared to Russia’s successful 2011 resistance suppression, Trump’s trolls and botmasters are pretty bad at winning hearts and minds. Maybe that’s partly why social media propaganda is looking likely to get folded into the Mueller probe.

In any case, the new golden age of propaganda is here. The companies whose structures it thrives on, in all its hideousness and viciousness, are loath to change their business models to stop it. The illness is not our fault, though that’s what they hope to convince us of, in this, our new futuristic system of oppression.

Just don’t let the fact that it looks like Idiocracy make you take it any less seriously.

Image: OLGA MALTSEVA/AFP/Getty Images (Lyudmila Savchuk)

Destiny 2 beta COUNTDOWN – PS4, Xbox One start time, date, timeline, pre-order codes | Gaming | Entertainment

Destiny 2 developer Bungie is about to launch the beta on PS4 and Xbox One.

Start times and dates all depend on which platform you own and whether or not you pre-ordered the game.

PS4 owners get first dibs on the 2 beta, which , but only for pre-order customers. US fans can check out the Destiny 2 beta on July 18 at 10am PST.

The beta timeline continues on July 19 for Xbox One pre-order customers at 6pm UK time and 10am PST.

If you didn’t pre-order the Destiny 2 beta, then you can join in on July 21 at 6pm UK time and 10am PST. That’s on PS4 and Xbox One.

The beta comes to an end two days later on July 23, although exact times are yet to be revealed.

Interestingly, Bungie has already released an update to the Destiny 2 beta. Players must install the update before they can access the beta.

“An update for the Destiny 2 Beta is now available,” reads a Bungie post. “Players must install this update before they can access the Beta later this week.”

Unfortunately, there’s no word on the PC Destiny 2 beta, other than it’s likely to have an August release date.

Check out the Destiny 2 beta guide in the gallery below…

To gain early access to the Destiny 2 beta, fans will need to pre-order the game and redeem a code.

Beta codes can be redeemed on the Bungie website, although fans will have to set up a new account first.

“Go to Bungie.net/redeem and follow the instructions on the page,” reads a Bungie FAQ. “You will be required to log in with a valid Bungie.net account, verify your accessible email address, and enter your Destiny 2 Beta redemption code.

“At a later date, you will be contacted via your verified email address when you can return to the Bungie.net site and retrieve your Destiny 2 Beta download code. Codes may only be redeemed once, and redemption cannot be transferred or recovered to another account.”

Fans who pre-ordered from the PlayStation Store, Xbox Store or Blizzard Shop will automatically receive beta access.

Arguably the only downside to the Destiny 2 beta is that it doesn’t feature as much content as the beta for the original game.

Fans will be able to check out the opening story mission and a co-operative Strike, as well as two Crucible maps and modes.

This includes a brand new game mode called Countdown, as well as the classic Control mode.

Perhaps most excitingly of all is the chance to check out the , but only for a limited time on July 23.

Bungie has also said that while fans don’t need an Xbox Live or PS Plus subscription to play the story mission, they are needed for other content.

“In the D2 Beta, the Homecoming story mission will be open to all,” reads a Bungie post. “The Strike and Crucible will require PlayStation Plus and Xbox Live Gold.”

The Farm, which replaces The Tower from the original Destiny, is where players go to collect gear, check messages and interact with fellow Guardians.

And it looks like The Farm will give players even more ways to interact with each other.

The Farm can host 26 players at any given time, and will continue to evolve as you complete missions.

But perhaps the most exciting new feature is the football pitch, which even comes with goal posts and a scoreboard.

And to top it all off, anybody playing the beta unlocks an emblem that carries over to the full game on release.

And speaking of which, Destiny 2 has a September 6 release date on PS4 and Xbox One. A PC launch will follow on October 24.

iOS and Android security: A timeline of the highlights and the lowlights

When the modern mobile device first hit the shelves, the smartphone market wasn’t a target for the rampant malware and data theft we see today. Let’s hop into our very own wayback machine and examine iOS and Android security from inception to now to consider what has changed with each platform and with cybersecurity.

SEE: Lunch and learn: BYOD rules and responsibilities (Tech Pro Research)

iOS 1

The most important thing to know about the first iteration of the Apple mobile platform (released March 6, 2008) is that there was no app store; because of this, there were no authorized third-party applications in development. It only took a few months before unauthorized third-party apps started to appear—these apps were created by hackers and tinkerers that wanted more from the device.

Apple responded to this small wave of third-party apps by releasing the first .1 update to the platform, which locked down the operating system using encryption and certificate signing. Those third-party apps were no longer installable.

Android 1.5

The early days of Android were very similar to that of iOS—it wasn’t until the Cupcake release (1.5, released April 27, 2009) that Android unleashed its own app store. In these early days, there was little to no vetting of software, but the platform had yet to become the target of malicious software; this can be easily attributed to a lack of audience (similar to iOS).

Although there was a lot of buzz surrounding Android, it had yet to gain enough traction to garner the attention of hackers and other types of security intrusions. Even so, Google enhanced the security of its fledgling platform with improvements that included the addition of ProPolice to prevent stack buffer overruns, safe_iop to reduce integer overflows, and chunk consolidation attacks and double free() vulnerabilities to prevent the addition of extensions to OpenBSD dlmalloc.

iOS 2

With iOS 2 (released July 22, 2008), the iOS App Store finally arrives, shrugging off those unauthorized third-party apps for good. Even with the App Store in play, jailbreaking communities began to rise, with the goal of unleashing the full potential of the device.

While this is happening, Apple introduces security-specific features to the platform: Support for Cisco’s IPSec VPN technology, WPA2 Enterprise and 802.1x authentication, configuration profiles that enforced security policies, and even the remote wipe capability.

Apple discovered and fixed a number of security-specific bugs that affected, including CFNetwork (CVE-ID: CVE-2008-0050), Kernel (CVE-ID: CVE-2008-0177), Safari (CVE-ID: CVE-2008-1588, CVE-ID: CVE-2008-2303, CVE-ID: CVE-2006-2783, CVE-ID: CVE-2008-2307, CVE-ID: CVE-2008-2317), and WebKit (CVE-ID: CVE-2008-1590, CVE-ID: CVE-2008-1025, CVE-ID: CVE-2008-1026).

Android 2

Android 2 (Eclair) was released on October 26, 2009. The Android market share was still under 3% at the time, so the target had yet to be painted on the back of Google’s mobile platform.

Eclair introduced a single interface for securely managing multiple online accounts as well as Microsoft Exchange support. At the time, there was very little discussion about the security of the Android platform. On May 20, 2010, Microsoft Exchange support in Android added security policies and Adobe Flash (which has long been considered a security issue in and of itself).

On December 6, 2010, Google added support for Near Field Communication (NFC) to Android; this is a technology that could lead to eavesdropping, data corruption/manipulation, interception attacks, and theft.

It wasn’t until January 18, 2011 when Android 2.2 (Froyo) rolled security updates into the platform. The next security update wouldn’t be added to Android 2 until November 21, 2011.

SEE: Download: Cybersecurity in an IoT and mobile world (TechRepublic)

iOS 3

iOS 3 rolled out on June 17, 2009. The biggest security addition to the platform was the ability for users to pay $100.00/year to enable the Find My Phone feature, which allowed users to locate their lost or stolen phone. This early iteration of Find My Phone was easy to circumvent—if Location Services was turned off or if a lock screen passcode wasn’t created, the feature wouldn’t work.

The third release of iOS fixed 46 security vulnerabilities, including CoreGraphics (CVE-ID: CVE-2008-3623), Exchange (CVE-ID: CVE-2009-0958), Image I/O (CVE-ID: CVE-2009-0040), International Components for Unicode (CVE-ID: CVE-2009-0153), and IPsec (CVE-ID: CVE-2008-3651, CVE-2008-3652).

Android 3

Android 3 (Honeycomb), released February 22, 2011, was the first tablet-only update to the Android platform. This release added two very important security updates to the platform: The ability to encrypt all user data and the disallowing of applications from having write access to secondary storage (such as memory cards) outside of designated application storage.

iOS 4

iOS 4 (released June 21, 2010) came with a number of interesting security updates. Users could now enable a long password instead of a four-digit PIN for the device lock screen. Apple included the ability to encrypt email attachments as long as the device was locked by a passcode. The encryption feature was extended to third-party apps for data encryption.

iOS 4 added a feature that would be a baseline for security features in the years to come: Users now had control over whether individual apps had access to location control.

This release fixed a whopping 65 vulnerabilities, including Application Sandbox (CVE-ID: CVE-2010-1751), CFNetork (CVE-ID: CVE-2010-1752), ImageIO (CVE-ID: CVE-2010-0041), LibSystem (CVE-ID: CVE-2009-0689), and libxml (CVE-ID: CVE-2009-2414, CVE-2009-2416).

mobilesecurityistock-668344476natalimis.jpg

Image: iStock/natalimis

Android 4

When Android 4 (Ice Cream Sandwich) was released (October 18, 2011), it was thought it introduced some rather interesting security holes. These “holes” came by way of new features, which included: Facial recognition unlock, Android Beam, capturing screenshots, and email copy/paste. Oddly enough, some reporters considered these features among those that would bring about eminent data theft. For example, there was concern that Facial Unlock would allow anyone with a similar facial structure or even a photo of the device’s owner could unlock a device. Android Beam was thought to be an easy way for unencrypted information to be exposed to theft.

It wasn’t until Android 4.2 (Jelly Bean) that serious security enhancements would make their way into Android by way of Security-Enhanced Linux (SELinux). SELinux (created by the NSA and Red Hat) is a kernel security module that provides a mechanism to support access control security policies. This addition brought an unrivaled level of security to the Android platform. It wasn’t until Android 4.4 (KitKat) that SELinux would be switched to Enforcing mode. KitKat introduced Verified boot, which provides transparent integrity checking of block devices.

iOS 5

Apple added in iOS 5 (released June 6, 2011) what it called Unsecured Call with little fanfare or explanation; this feature turned out to be a warning when a user was on an unencrypted cellular network. When Unsecured Calls arrived, the user could ignore a call or immediately end a call.

Also included with iOS 5 was a new feature called Find My Friends, which allowed users to share their location with friends. This was considered by many people to be a security issue.

iOS 5 fixed 96 security vulnerabilities, including CalDAV (CVE-2011-3253), Calendar (CVE-2011-3254), CFNetwork (CVE-2011-3255), CoreFoundation (CVE-2011-0259), and CoreGraphics (CVE-2011-3256).

Android 5

Android 5 (Lollipop, released November 12, 2014) was considered one of the platform’s biggest improvements to date. Replacing the default Dalvik compiler with Jit introduced serious performance increases. However, Lollipop would find itself under a brilliant spotlight, shining down on critical security concerns.

First and foremost was the Accessibility Clickjacking attack that exploited flaws in Android’s accessibility and draw-over-apps features. With this vulnerability, attackers could possibly hijack devices.

The Smart Locking feature allowed users to pair their smartphone with a compatible Bluetooth or NFC device, such that when the paired device was near, the phone would remain unlocked. Many people considered this yet another security vulnerability.

Lollipop shifted device encryption from being an option to the default, and made SELinux Enforcing Mode mandatory for all apps on the device.

In addition, Google added the “kill switch” option, which allowed users to perform a remote full factory reset.

iOS 6

Apple added in iOS 6 (released June 11, 2012) a new privacy section that gave users the ability to enable or disable access to contacts, calendars, reminders, photos, and social media accounts on a per-app basis. In the new privacy window, Apple included a Bluetooth Sharing option. Another security-minded feature was the ability to limit ad tracking on a device.

iOS 6 fixed a massive 197 security vulnerabilities, including CFNetwork (CVE-2012-3724), numerous patches to CoreGraphics, CoreMedia (CVE-2012-3722), DHCP (CVE-2012-3725), and ImageIO (CVE-2011-1167).

Android 6

Android 6 (Marshmallow, released October 5, 2015) wasn’t immune to the platform’s numerous security issues. In August 2016, it was discovered that nearly 80% of Android phones with Qualcomm chips suffered from what would be labeled as the Quadrooter vulnerabilities (CVE-2016-2503, 2504, 2059, 5340). These vulnerabilities required malicious apps to be downloaded to a device (most often from a third-party app store, and not the Google Play Store) and could commandeer the devices after tricking users to escalate permissions for the app in question. Qualcomm released the patches via handset manufacturers.

With the release of Android 6, Google published its first Android Security Bulletin to document the vulnerabilities and patches ascribed to the platform. Google introduced the Security Patch Level system, which would automatically update security patches on a device. Users could go to Settings | About Phone and see what Android security patch level was on their device.

SEE: How cybercriminals are using Android security bulletins to plan attacks (TechRepublic)

iOS 7

iOS 7 (released June 10, 2013) had a number of security improvements, though it wasn’t without issues. One of the biggest vulnerabilities on the iOS platform to date was the infamous “go to fail” SSL issue. It was suspected that Apple intentionally bypassed the SSL digital signature check, giving the US government a backdoor into the platform.

Soon after that discovery, it was found that email attachments were not being encrypted, even when a passcode was enabled for the device. The fix for this bug didn’t roll out until iOS 7.1.2.

A new feature called Activation Lock was added to Find My Phone. With this feature enabled, a device owner’s Apple ID credentials must be entered before anyone could disable Find My Phone, erase a device, or reactivate a device.

Touch ID was introduced to work in conjunction with the newly released fingerprint sensor. Unfortunately, a group going by Chaos Computer Club managed to circumvent Touch ID a mere day after its release.

iOS 7 fixed 80 security issues, including Certificate Trust Policy, CoreGraphics (CVE-2013-1025), CoreMedia (CVE-2013-1019), and Data Protection (CVE-2013-0957).

SEE: Video: GCS 2017 panel: Are we spending cybersecurity dollars in the right places? (TechRepublic)

Android 7

Android’s security issues have started to wane a bit with the 7th iteration of the platform (released August 22, 2016. One of the biggest improvements was that a growing number of users were actually applying updates on their devices. Unfortunately, it was discovered that less than 3% of Android phones were running the latest version of the platform.

It helped that Google introduced a number of important security features to Android in the 7th iteration, including: Direct boot, which splits data into two groups: Device Encrypted Storage and Credential Encrypted Storage; stronger, file-based encryption; great improvements on the MediaServer, which is the system that enabled the infamous Stagefright attack; fixed weak sharing permissions between apps; always-on VPN; and a work mode icon on Android for Work devices that allows users to disable all work-related apps once they are off the clock. The new seamless update feature goes a long way to help improve security, as users can download the most recent platform update and hold off applying it until the next boot.

iOS 8

iOS 8 (released June 2, 2014) came with an interesting new feature that uses a randomly spoofed MAC address instead of the device’s actual hardware address when scanning on a wireless network for nearby devices. This feature prevents retail stores from tracking a a customer as they shop without asking for user permission.

iOS 8 added DuckDuckGo as a legitimate search provider so users could reliably search the internet without being tracked.

This release fixed 56 security issues, including 802.1X (CVE-2014-4364), Accounts (CVE-2014-4423), Accessibility (CVE-2014-4368), and Accounts Framework (CVE-2014-4357).

iOS 9

In iOS 9 (released June 8, 2015), Apple added a rather controversial feature called Content Blockers (aka ad blockers), which can be used to hide or block web page components such as cookies, images, resources, and pop-ups.

The standard passcode to unlock a device was migrated from the default four characters to a more secure six characters. If a user works with OS X El Capitan, she can enable two-factor authentication for her Apple ID.

Apple introduced App Transport Security (ATS) to help encourage developers to opt for HTTPS over standard HTTP and TLS 1.2.

Another very important security feature is Kernel Patch Protection (KPP), a low-level function that periodically checks the integrity of the operating system kernel.

iOS 9 fixed 105 security issues, including Apple Pay (CVE-2015-5916), AppleKeyStore (CVE-2015-5850), Application Store (CVE-2015-5856), and Audio (CVE-2015-5862).

SEE: Learn iOS 10 Development with Swift 3 & Xcode 8: Build 14 Apps (TechRepublic Academy)

iOS 10

iOS 10 (released June 13, 2016) is considered by many people to be the most significant update to come to the platform in years. One of the most important improvements was to patch the KPP against known exploits. With this in place, the platform has become increasingly difficult to crack.

Apple has made changes that affect the way developers interact with the App Store. As of iOS 10, Apple now requires all apps to be signed by certificates that are remotely checked by Apple’s own servers; this new system allows Apple to quickly revoke any certificate of known malicious apps.

iOS 10 does something very important for users: When a user logs into a wireless network that doesn’t require a password, they will be given a warning that the network in question offers no security and can expose a user’s data to network traffic.

What’s next?

It’s clear that Apple and Google must place security front and center in upcoming releases. Data integrity and security has become tantamount to a successful mobile experience, so both companies must continue the evolution of their platforms with security in mind.

Also see

Timeline of Facebook copying Snapchat in Instagram, Messenger, other apps

Screen Shot 2017 05 26 at 7.16.50 PMEvan Spiegel vs. Mark ZuckerbergGetty / AP

Facebook has tried to copy Snapchat for years.

But during the past year Facebook has gone into overdrive, blatantly, systematically and often successfully, cloning Snapchat’s core features.

The result is that Facebook’s family of standalone apps — Instagram, Messenger, core Facebook, and even WhatsApp — look much more like Snapchat than they did one year ago. And Zuckerberg now believes that the future of how people communicate on Facebook will be through the phone’s camera — a concept Snapchat pioneered.

Here are all of the ways that Facebook has copied Snapchat so far:


One of the first indications that Facebook was wading into Snapchat’s territory was in March 2016, when it acquired the app MSQRD. The app let you swap faces with goofy effects, similar to Snapchat’s “Lens” filters.

App Store

Source: Business Insider

Then, in April, Facebook added scannable Snapchat-like QR codes for profiles in Messenger.

Then, in April, Facebook added scannable Snapchat-like QR codes for profiles in Messenger.

Facebook

Source: Business Insider

Facebook’s attack on Snapchat culminated with a battle cry Mark Zuckerberg gave to employees during an all-hands meeting in the summer.

Facebook's attack on Snapchat culminated with a battle cry Mark Zuckerberg gave to employees during an all-hands meeting in the summer.

Justin Sullivan/Getty

Zuckerberg said “the camera is the composer” during an all-hands meeting with Facebook employees over the summer, according to someone familiar with the meeting.

The statement was an obvious nod to Snapchat, which recently rebranded itself as “Snap Inc., a camera company,” but since day one has prioritized photo and video messages in its app.

During Facebook’s quarterly earnings call in October, Zuckerberg explained that Facebook now sees the camera as the future of how people share and communicate.

“In most social apps today, a text box is still the default way we share,” he said. “Soon, we believe a camera will be the main way that we share.”

Facebook’s biggest attack on Snapchat came in August, when Instagram copied Snapchat’s iconic “Story” format.

Instagram

Instagram in August unveiled “Stories,” a near identical clone of Snapchat’s unique story format that lets you post photos and videos to your profile that disappear after 24 hours.

The feature was such a blatant clone of Snapchat that Instagram CEO Kevin Systrom even told TechCrunch that “they [Snapchat] deserve all the credit.”

“When you are an innovator, that’s awesome,” Systrom said. “Just like Instagram deserves all the credit for bringing filters to the forefront. This isn’t about who invented something. This is about a format, and how you take it to a network and put your own spin on it.”

Facebook also debuted a similar camera interface in WhatsApp.

Facebook also debuted a similar camera interface in WhatsApp.

WhatsApp

Source: Business Insider

Facebook is also copying Snapchat with its own geofilters and selfie masks for live video.

Facebook is also copying Snapchat with its own geofilters and selfie masks for live video.

Facebook

Facebook users in select countries can now make custom camera “frames” that others can overlay over photos and add to their profile pictures. They work almost exactly like Snapchat’s geofilters.

Facebook is also using MSQRD to power what it calls selfie “masks” for live video streams, which work like Snapchat’s goofy lenses.

Source: Business Insider (1, 2)

Facebook even introduced a Snapchat-like camera interface in Messenger.

Facebook even introduced a Snapchat-like camera interface in Messenger.

Facebook

After testing the feature in a few countries, Messenger introduced a new camera interface in December that encourages people to send photo and video messages to each other like Snapchat.

Source: Business Insider

Instagram has been the most blatant copycat of Snapchat, and its Stories competitor has already reached 200 million daily users.

Instagram has been the most blatant copycat of Snapchat, and its Stories competitor has already reached 200 million daily users.

Instagram

The app recently added 3D face filters and location-based Stories, both of which Snapchat has had for years.

The app recently added 3D face filters and location-based Stories, both of which Snapchat has had for years.

Instagram

Instagram’s private messages also disappear after they’re viewed, like Snapchat.

Instagram's private messages also disappear after they're viewed, like Snapchat.

Instagram

Facebook even put the same Stories format in its main mobile app a few months ago. “We’ve seen this do well in other apps,” Facebook product manager Connor Hayes said at the time. “This is something that Snapchat has really pioneered, and our take on this is that Stories has become a format that people use to share and consume photo and video across all social apps.”

Facebook even put the same Stories format in its main mobile app a few months ago. “We’ve seen this do well in other apps,

Facebook

Source: Business Insider

But few people appear to be using Facebook Stories so far. Facebook even makes it look like more people are using it by showing greyed-out profile pictures.

But few people appear to be using Facebook Stories so far. Facebook even makes it look like more people are using it by showing greyed-out profile pictures.

Business Insider

In Many, Snapchat CEO Evan Spiegel finally addressed Facebook’s copying efforts during an earnings call with investors. “You have to get comfortable with and enjoy the fact that someone is going to copy you if you make great stuff,” he said.

Snap CEO Evan Spiegel.AP Photo/Jae C. Hong

“We believe that everyone is going to develop a camera strategy,” he continued. “I think we really help everyone understand how valuable the camera is.”

Spiegel went so far as to compare his company’s rivalry with Facebook to the early days of Yahoo and Google.

“At the end of the day, just because Yahoo has a search box, it doesn’t mean they’re Google,” he said.

Source: Business Insider

Still, Facebook’s copying of Snapchat appears to be hurting the company’s growth.

Still, Facebook's copying of Snapchat appears to be hurting the company's growth.

Snap

Snapchat’s user growth slowed to its lowest pace in years during its last earnings quarter. The app added 8 million new daily users in the first three months of 2017, representing year-on-year growth of 36%. During the same time in 2016, Snapchat was growing its DAUs by 52%.

Source: Business Insider

Samsung Galaxy Note 7 Recall Timeline, Advice, And Causes

In January 2017, after a monthslong independent investigation involving three quality-control and supply-chain analysis firms, Samsung completed its investigation into the cause of the Galaxy Note 7’s battery fire — and revealed the ultimate causes of the billion-dollar fiasco.

According to DJ Koh, the company’s chief mobile executive, there were problems with batteries from two different suppliers. Those sourced from Samsung’s own SDI division short-circuited as a result of damage to the separator, a component within lithium-ion batteries that prevents the negative and positive electrodes from coming into contact with each other and generating a dangerous amount of heat. Batteries from Hong Kong-based Amperex Technology, meanwhile, experienced failure as a result of protrusions in the battery and other quality issues that occurred when Samsung increased its order substantially.

The company is putting in place preventative measures going forward. It’s introducing an eight-point inspection process, adding staff dedicated to overseeing each battery feature’s safe implementation, and making intellectual property around battery safety and standards freely available.

“For customers, we have to develop innovation, but customer safety is the priority,” Koh said. “In the end, we can win the customers’ trust back.”

Here’s what you need to know.

samsung

The Galaxy Note 7 is coming back as a refurbished phone

The Galaxy Note 7 as we knew it is long dead and gone, but a new variant of the ill-fated phone is now on its way. There is, however, some speculation as to what the phone will be called. Latest reports indicate that the device will be launched under the name “Samsung Galaxy Note FE.” The news comes from Korean publication ETNews.

Previously, however, reports indicated the phone would be branded the Galaxy Note 7R. The brave new handset (which is to say, its buyers will be brave) is a refurbished version of the spontaneously combustible smartphone. The battery will be smaller than the original at 3,200mAh (the original was 3,500mAh), but otherwise will look very similar to its namesake.

When it becomes publicly available, the 7R or FE will be priced around $600, though it won’t be for sale in the U.S. or Canada. But if rumors are to be believed, overseas carriers could be stocking the Galaxy Note 7R/FE as early as June. The phone has officially passed through the FCC, so while you may not be chomping at the bit to get one just yet, it seems as though all systems are go.

Samsung to remotely kill all unreturned Galaxy Note 7 units

Well folks, this is the end of the road. While Samsung and most carriers have all made various attempts at getting customers to return the Samsung Galaxy Note 7, there are still a few rogue units out there — so Samsung has to take a new approach.

To do this, the company will begin forcing software updates — which is different than previous attempts. Before, technically users could choose not to accept the software update, but now they won’t have a choice. The news comes from Korean publication The Korea Herald, in which Samsung confirms it will begin forcing updates in the next week.

The goal here is obvious — these new software updates will spell the end of the road for the Galaxy Note 7 once and for all.

Verizon takes a new approach to killing the Galaxy Note 7

Verizon is taking a new approach to ensuring customers stop using their Galaxy Note 7 — by forwarding all non-emergency calls to Verizon customers service. The new approach comes after an update that was supposed to render the phone completely useless, but some users seem to have evaded that update altogether.

“In spite of our best efforts, there are still customers using the recalled phones who have not returned or exchanged their Note 7 to the point of purchase,” said Verizon in an interview with Fortune. “The recalled Note 7s pose a safety risk to our customers and those around them.”

On top of the call forwarding, Verizon is also considering charging some users with the full retail cost of the phone — that’s because it seems as though Verizon issued refunds to some people even though they hadn’t returned the phone.

It’s important to note that the vast majority of people have indeed returned their device. However, it seems that Samsung and carriers won’t rest until all devices have been returned.

Airlines no longer need to notify passengers

The Federal Aviation Administration has issued a statement saying airlines no longer have to notify passengers about bringing the Samsung Galaxy Note 7 on board. The ban is still in place, but airlines are not required to make a pre-boarding notification. It’s still up to airlines if they want to keep repeating the message or not, though.

“The Department of Transportation removed the requirement for air carriers to specifically notify passengers about the Note 7 phone immediately prior to boarding due to the high degree of public awareness of the ban since issuance of the emergency restriction/prohibition order, as well as the extensive efforts by Samsung and U.S. wireless providers to make all Note 7 users aware the phone is recalled and banned from transport on U.S. aircraft,” according to the statement.

Samsung says it has “successfully recalled” more than 96 percent of Note 7 devices.

T-Mobile is shutting down the Galaxy Note 7

T-Mobile is officially putting an end to the Galaxy Note 7. As promised, the company has started rolling out an update to Galaxy Note 7 devices on the T-Mobile network that disables the battery on the phone, rendering it unusable.

The changelog for the update says that it will offer an on-screen reminder to bring the device in for exchange, and that once it’s installed the phone will not be able to charge.

Samsung is disabling the Galaxy Note 7 starting on December 19 — Verizon gets update on January 5

Samsung has confirmed that it will disable the Galaxy Note 7 in a software update set to begin rolling out December 19. “To further increase participation, a software update will be released starting on December 19 that will prevent U.S. Galaxy Note7 devices from charging and will eliminate their ability to work as mobile devices,” Samsung said in a statement. “If you have not yet returned your device, you should immediately power it down and contact your carrier to obtain a refund or exchange.”

The company said it’s working with carriers in the U.S. to notify customers at “multiple touchpoints” that they should return their Galaxy Note 7. And it reaffirmed that exchange incentives introduced earlier this year would remain in place.

Verizon has announced that Galaxy Note 7 devices on its network will start to receive the update a bit later, on January 5.

There’s no word yet on whether the company will extend the disabling of Galaxy Note 7s to additional countries, but it has employed other techniques. In Canada and Australia, for example, the phone is limited to a maximum battery capacity of 60 percent.

The following is a list of reported incidents so far, all involving Galaxy Note 7 phones that were replaced

  • A Kentucky resident suffered lung damage after his phone filled his bedroom with smoke on October 4
  • A Note 7 caught fire on a Southwest Airlines flight on October 5
  • A woman in Taiwan noticed that her phone was emitting smoke in her pocket on October 7
  • A 13-year-old girl in Minnesota suffered a burn on October 7 when her phone became extremely hot under her thumb
  • A Virginia man reported that his Note 7 caught fire on his nightstand and filled his room with smoke on October 9

Following this string of incidents, Samsung issued an official statement saying that it has asked all carriers to stop sales of the phone, and that all Galaxy Note 7 users should power down their phones and either get refunds or replace their device as soon as possible.

“Samsung has received 96 reports of batteries in Note 7 phones overheating in the U.S., including 23 new reports since the September 15 recall announcement,” according to the US Consumer Product Safety Commission (CPSC). “Samsung has received 13 reports of burns and 47 reports of property damage associated with Note 7 phones.”

Before that, an official at a supplier for Samsung told a Korean news agency that production had been temporarily halted. “This measure includes a Samsung plant in Vietnam that is responsible for global shipments,” the official said. The move follows the decision of U.S. carriers AT&T, Verizon, and T-Mobile to temporarily suspend the phone’s sales.

The crisis began in late August, but reached a head on September 15, when the CPSC, the federal agency charged with overseeing product reports and alerts, issued a formal recall of the more than 1 million Note 7 devices shipped to consumers in the U.S.

Since the recall, Samsung had begun issuing replacement phones. But even those have issues: A replacement phone caught fire aboard a Southwest airlines flight on Oct 5. And on October 7, a woman in Taiwan suffered a scare of her own while walking her dog in a local park when she heard a bang from her jeans pocket. She discovered that her Galaxy Note 7 was emitting smoke. She claims to have replaced her original Samsung device on September 27.

On Friday, 13-year-old Minnesota resident Abby Zuis discovered her replacement Note 7 was no safer than the original. She told local newscasters that she felt a “weird, burning sensation” in her thumb while holding the phone, ultimately suffering a minor burn as a result of the fiery Samsung device.

Most damning is the report that a replacement Galaxy Note 7 caught on fire, and that Samsung knew about it and withheld everything from customers. Kentucky resident Michael Klering told a local news station that he awoke at 4 a.m. on October 4 and realized his new phone had spontaneously combusted and filled his entire bedroom with smoke. Klerig wound up in the hospital with smoke-induced acute bronchitis.

“The phone is supposed to be the replacement, so you would have thought it would be safe,” he told WKYT. “It wasn’t plugged in. It wasn’t anything, it was just sitting there.”

When Klering reported the incident to Samsung, he accidentally received a horrifying text response from a company representative clearly not meant for him:”Just now got this. I can try and slow him down if we think it will matter, or we just let him do what he keeps threatening to do and see if he does it.”

Digital Trends reached out to Klering and we are waiting to hear back.

A fifth replacement Galaxy Note 7 in the U.S. reportedly caught fire over the weekend: Shawn Minter of Virginia reached out to The Verge when his replacement, just over two weeks old, caught fire on his nightstand in the wee hours of the morning.

“My Galaxy Note 7 replacement phone just burst into flames,” Minter said in his emailed statement. “It filled my bedroom with a smoke. The same as the Kentucky man. I woke up in complete panic.”

Under no circumstances should you buy a Galaxy Note 7, or continue using one that you already have.

There’s a new reaction on Facebook… here’s why you keep seeing purple flowers all over your timeline

flower to the people

The emoji offers users a chance to react to their friends’ posts by showing them how ‘thankful’ they are

THERE’S a new reaction popping up all over Facebook, but do you know what the cheery little flower is all about?

The emoji, a flower with purple petals, offers users a chance to react to their friends’ posts by showing them how “thankful” they are.

The flower is a temporary addition to Facebook’s reaction options

Facebook

The flower is a temporary addition to Facebook’s reaction options

The reaction, which started to crop up on Facebook last week, may look familiar, with the same flower having appeared around this time last year.

That’s because the emoji has been added to celebrate Mother’s Day in America, and around 80 other countries, which falls on today’s date.

The “thankful” reaction has duly returned as an option to allow our friends across the Atlantic to show thanks for their mums on the big day.

Facebook users in selected areas can use the reaction to show their gratitude on Mother’s Day

Getty Images

Facebook users in selected areas can use the reaction to show their gratitude on Mother’s Day

Facebook said: “In honour of Mother’s Day, we are testing the ability for people in a few markets to leave a flower reaction.”

British users will have noticed that we don’t get the option to react to posts with the flower, although other people’s thankful reactions are still visible to Facebook users in the UK.

The flower is only available in a few countries

Facebook

The flower is only available in a few countries

The reaction has proved popular in the countries where it is available, with US users excitedly flooding posts with the little flower.

Thankful joins the six existing reaction options – like, love, haha, wow, sad and angry – as a way to express your response to your friends’ updates.

However, it’s not clear how long the flower will be available for.

Recently, Facebook has been experimenting with reactions by rolling out the ability for users to react to comments as well as posts.

The news comes after we revealed how the web giant plans to start streaming original TV shows this summer.

How to stop Facebook tracking your location

Latest Call of Duty: Black Ops 3 Zombies Chronicles Trailer Retells the Zombies Timeline

There’s only a few times ahead of the release of Zombies Chronicles for Phone of Obligation: Black Ops 3 and developer Treyarch has introduced a new trailer for the DLC which retells the timeline of the Zombies sequence.

The trailer reveals quite a few parts of textual content from a map of textual content that convey to areas of the series’ storyline together with dates, names, and gatherings.

For those people who would like to dig further into the Zombies timeline, Treyarch has also introduced a new web page on the Zombies Chronicles web-site that allows gamers explore the Zombies timeline in its entirety.

Phone of Obligation: Black Ops 3 Zombies Chronicles brings back again 8 remastered Zombies maps from former Phone of Obligation game titles together with Globe at War, Black Ops, and Black Ops 2.

Here’s the whole list of maps integrated in Zombies Chronicles:

Phone of Obligation: Globe at War

  • Nacht der Untoten – Where it all began: an deserted airfield suspended in space and plagued by infinite hordes of the undead.
  • Verruckt – Welcome to Wittenau Sanitorium, a German asylum with dark corridors, terrifying undead enemies, and even darker tricks.
  • Shi No Numa – A “swamp of death” found in Japanese territory, surrounded by a sweltering jungle, hellhounds, and countless armies of the undead.

Phone of Obligation: Black Ops

  • Kino der Untoten – An deserted cinema packed with swarms of Crawler Zombies and fiery traps.
  • Ascension – An deserted Soviet Cosmodrome wherever unholy creations lurk in the shadows, and dark undead experiments run unfastened.
  • Shangri-la – A famous shrine missing in an unique jungle wherever the undead arise from in a treacherous labyrinth of underground caverns, deadly traps, and dark tricks.
  • Moon – Travel to the Moon wherever forgotten undead creatures plague a horrifying, cratered landscape.

Phone of Obligation: Black Ops 2

  • Origins – An excavation web-site still left behind immediately after the Germans unearthed the mysterious new “Element a hundred and fifteen,” and unleashed the best evil the earth has ever found.

As earlier mentioned, Phone of Obligation: Black Ops 3 Zombies Chronicles will be introduced on May sixteen, 2017, for the PlayStation 4.

[Resource: Phone of Obligation (YouTube), Phone of Obligation: Zombies Chronicles Timeline]