John Lister

Users of both Apple devices and the VLC media player should watch out for potentially serious security bugs. The former is a particular embarrassment for Apple. It turns out the company fixed a security bug in iOS 12.3 in April, then accidentally ... removed the fix in iOS 12.4, which it released last month. It now plans to fix it imminently in an emergency update to be titled iOS 12.4.1. The bug is very serious as it potentially allows a rogue app to "execute arbitrary code with system privileges." That effectively means malware could have complete control over an iOS device, something that's ... (view more)

Facebook is to show users what data it collects about their activity on other sites. It won't stop tracking, but will make the data anonymous if users ask. The changes will come in a new settings option called "Off-Facebook Activity." This will list ... all websites and apps that share data about user activity with Facebook. This most commonly happens through two methods. One is that the user has opted to log in to the third-party site through Facebook. In other words, as long as they haven't logged out of their Facebook account, they don't need to create or input user names and passwords for the ... (view more)

Researchers say there's a risk that microphones and motion sensors in smartphones could make it possible to figure out information being typed on nearby keyboards. But media headlines that "hackers can work out your password" are a significant ... stretch. The research comes from the Darwin Deason Institute for Cyber Security at Southern Methodist University, based in Texas. It stemmed from the thought that smartphones could pick up sound in two ways: not just the sound waves in the air through the microphone, but vibrations such as on a table collected through the motion sensors in the phone. ... (view more)

More than one million fingerprints were exposed online for at least a week, according to security researchers. The company responsible for the data says it will take immediate action if there's a security threat. The data is held by Suprema, which ... operates a biometric lock system called Biostar 2. It lets building owners restrict access by fingerprint or facial recognition, rather than relying on measures such as physical keys or pass codes. The Guardian newspaper reports that Biostar 2 is used in a wider system that has 5,700 customers accessing 1.5 million locations across 83 countries. ... (view more)

Chrome and Firefox will stop indicating when websites have received an "extra level of verification" to prove they are in fact genuine. The move is largely due to the fact that most users aren't aware of the Extended Validation SSL (EV SSL) system. ... The Extended Validation SSL (secure socket layer) security certificates go beyond the standard SSL certification scheme, which browsers use to show that data being sent to and from a website is in fact encrypted and secure. This means that communication is encrypted, and that no one can eavesdrop or steal data mid-stream. In other words, ... (view more)

Apple is offering a million dollar bounty to anyone who can successfully hack an iPhone and shares the details. But its limited to specific circumstances that will mean the payout is well worth it for the company. Like several tech giants, Apple ... already had a reward scheme for people who find and report bugs. To date the biggest bounty Apple has offered is $200,000 and only to people who have previously been approved to explore Apple bugs. The million dollar bounty is officially open to anyone. The new offer was made at the Black Hat convention in Las Vegas, the leading annual gathering of ... (view more)

Microsoft contractors listen to some Skype calls to check the accuracy of translations, a whistleblower has revealed. Although Microsoft says it meets privacy laws, critics say its terms and conditions don't clearly warn users about this. The human ... listening takes place on some calls that use Skype's "automatic" real-time translation service. Until now, most users have assumed that the translation is done entirely by a combination of speech recognition and artificial intelligence to work out the context of a sentence and find the correct translations. While that's largely the case, a ... (view more)

A proposed law would dramatically increase maximum fines that can be imposed on companies that break monopoly rules. Tech firms would be among the most likely to be affected in the admittedly unlikely event the law was enacted. The proposed bill ... would be known as the Monopolization Deterrence Act of 2019. It's designed to change the current system by which the maximum penalty for violating the main US antitrust law, the Sherman Act, is $10 million. That applies regardless of the size of the company or companies involved. Critics say such penalties are little deterrent to major companies, ... (view more)

Mozilla has designed a site that will open 100 tabs at once, quite likely crashing a web browser. It's meant as a creative way to show how web tracking works. The stunt is based around cookies: small text files put onto a computer via the browser to ... customize an online session to a website. Third-party tracking cookies are then generated, which keep a record of the sites a user visits. This information is then used by ad servers to deliver targeted ads based on website history. "Track THIS" works by opening 100 tabs selected to represent a particular type of web user. The idea is that there ... (view more)

Microsoft may be ending the need to have a physical disk to reinstall Windows 10. A 'Cloud Download' option could save time and hassle. At the moment, the main way to reinstall Windows is to use a recovery disk (or a copy of the relevant files kept ... on a hard drive or USB device.) That's got a few limitations, most notably that not everyone who gets a recovery disk with a new computer will be able to find it. Other problems are that recovery disks don't always have the drivers necessary to make sure Windows 10 works smoothly with a specific PC, and that the disks don't usually work well for ... (view more)