Last time we mentioned that leaks indicated that Microsoft would be doubling their support fee for Windows 7 each after it’s Extended Support Period ends next January, we now have the official details: www.techspot.com/…
Extended Security Updates (ESUs) will only be available for business and education customers, and only for 3 years to January 2023
Extended Security Updates (ESUs) will be charged per-device-per-year, no bulk discounts or anything like that
Windows 7 Enterprise will be $25 → $50 → $100 per-device-per-year
Windows 7 Pro will be $50 → $100 → $200 per-device-per-year
More companies are found to be abusing Apple’s Enterprise Developer program
In probably related news, Apple are tightening security on developer accounts by forcing 2FA — nakedsecurity.sophos.com/…
The new WhatsApp biometric unlock feature released earlier this month has been found to have a bug — unless you set the timeout to ‘Immediately’, the iOS share sheet can be used to get around the lock. Facebook have promised to release a fix soon, and in the mean time are advising users to set the lock option to ‘Immediately’ — 9to5mac.com/…
FaceBook say they are shutting down their controversial Onavo VPN and accompanying ‘research’ app — techcrunch.com/…
Notable Security Updates
February’s Patch Tuesday has been and gone with the usual updates form Microsoft and Adobe. Of particular note is a patch for an IE Zero-day bug — krebsonsecurity.com/… & nakedsecurity.sophos.com/…
Adobe released and out-of-band emergency patch for Acrobat & Reader on the 21st of February — helpx.adobe.com/…
WinRAR has patched a nasty code execution bug that has existed for 14 years — arstechnica.com/…
Drupal have released a ‘Highly Critical’ update for their popular CMS — www.drupal.org/…
Notable News
Data from UK fraud prevention group Cifas shows that teens are being successfully scammed into being money mules (Editorial by Bart the Irish police were warning very strongly about this at a recent conference for Irish 3rd-level IT staff too. This is not just a UK problem, and it is resulting in young people getting prosecuted and ending up with criminal records – be careful!) — nakedsecurity.sophos.com/…
The O.MG Cable is a proof-of-concept USB cable that looks like a regular cable, but is actually a keyboard and mouse with a wifi receiver. It illustrates a much bigger point — never plug anything you don’t trust into any port on any of your computers! — nakedsecurity.sophos.com/…
New research has highlighted different ways in which the various popular password managers leave passwords in memory while the apps are running. The bottom line is that in order for these vulnerabilities to be attacked your computer must already be infected with malware, at which point all bets are off anyway. The advice from security experts like Sophos’s Naked Security Team remains the same: use a password manager — nakedsecurity.sophos.com/…
🇬🇧 A UK government report has found that FaceBook “intentionally and knowingly violated both data privacy and anti-competition laws” and at one point describes the company as behaving like ‘digital gangsters’ — nakedsecurity.sophos.com/…
🇺🇸 Court filings show that the US government has been lying about not sharing the Terror Watch List with private organisations, they actually share a sub-set of it with 1,400 private companies — www.stripes.com/…
Nest (owned by Google) has come under fire for not previously disclosing that their Nest Guard security systems have have built-in microphones that were not listed as existing on the packaging or in the documentation — www.businessinsider.com/… & nakedsecurity.sophos.com/…
YouTube have updated their ‘strikes’ rules to simplify and hopefully strengthen them — www.macobserver.com/…
While Android itself doesn’t support three-level location privacy settings like iOS does (iOS allows never, when using the app, and always, while Android only allows never and always), Facebook have updated their Android app to allow users limit the app’s use of location data to only when the app is in use — nakedsecurity.sophos.com/…
A heads up to remaining Windows 7 users, Microsoft will be pushing a mandatory security update to upgrade the hashing algorithm used to verify software updates, if you don’t install it you’ll stop receiving security updates this summer — arstechnica.com/…
⭐️ CA Governor Gavin Newsom used is first state of the state address to suggest that CA citizens should be paid for the use of their personal data through some form of data dividend — nakedsecurity.sophos.com/…
🇺🇸 A federal judge has ruled that the reason a US government attempt to compel Facebook to decrypt messenger voice conversations failed will remain secret — www.reuters.com/… & nakedsecurity.sophos.com/…
⭐️ 🇪🇺 Good analysis of the controversial articles in the EU’s nascent Digital Copyright Directive which came a step closer to passing when the EU Council voted in favour of it this week (www.macobserver.com/…), now the only place it can be blocked is in the European parliament, which is due to vote in March or April (if you’re in the EU, and if you have an informed opinion, contact your MEP (www.europarl.europa.eu/…) and let them know how you’d like them to vote!):
The key quote:“The big idea behind Solid is that, instead of a company storing all your personal data on their servers, you would keep it on your own personal data “pod”, located on a Solid server. You could run your own server or host it with a provider, much like a personal website. You could then give individual apps permission to read and write to your pod. When you want to stop using an app, you just revoke its access.”
