security implications Archives

Winsage

April 11, 2025

Windows 11’s controversial Recall feature could soon arrive for Copilot+ PCs – I just hope Microsoft’s tightening of its privacy is up to scratch

Microsoft is testing its Recall feature for Windows 11 in the Release Preview channel with build version 26100.3902. Recall is designed for Copilot+ PCs with powerful neural processing units (NPUs) and will initially support English, Chinese (Simplified), French, German, Japanese, and Spanish. The feature uses AI to analyze screenshots of user activity, allowing for natural language searches. Microsoft has implemented security measures like Windows Hello sign-in to address privacy concerns. Recall is expected to be available in early 2025 in most markets, but not in Europe during the initial rollout, due to data regulations.

AppWizard

March 26, 2025

How Signal can leave the door open for spies and hackers

Signal is a preferred messaging platform for journalists, whistleblowers, and privacy advocates due to its security features, but it has vulnerabilities. Recently, Jeffrey Goldberg, editor-in-chief of the Atlantic, was accidentally added to a Signal group chat about military operations against Houthi targets in Yemen that included high-ranking officials like Defense Secretary Pete Hegseth and Vice President JD Vance. This group chat lasted six days, during which the others were unaware of his presence. While Signal is known for its strong encryption, the incident highlighted that security measures cannot prevent human error. Military communications typically occur over secure systems like SIPRNet and JWICS, not general messaging apps like Signal.

Winsage

March 16, 2025

E-waste or Linux? Charities face tough choices as Windows 10 support ends

Microsoft will end free security updates for Windows 10 in October, affecting charities that refurbish older computers. Approximately 240 million PCs do not meet Windows 11's hardware requirements, which include a CPU of 1GHz or faster with at least two cores, 4GB of RAM, 64GB of storage, Secure Boot capability, and TPM 2.0 compatibility. Many recent computers are ineligible for the upgrade despite having sufficient RAM and storage. Chester Wisniewski from Sophos warns that using Windows 10 poses security risks, as vulnerabilities in both Windows 10 and 11 can be exploited. Charities using Windows 10 may face compliance issues with regulations like GDPR, risking fines and reputational damage. The U.S. recycles only 14 to 40 percent of electronic waste, leading to an estimated 1.06 billion pounds of e-waste, which contaminates soil and water. The UN estimates the annual economic cost of e-waste at billions, projected to rise significantly by 2030. Statcounter reports that Windows 10 still accounts for 58.7 percent of Windows installations. Organizations like PCs for People have shifted to Linux Mint for older systems, ceasing distribution of Windows 10 a year before the cutoff.

AppWizard

February 10, 2025

TikTok Offers Workaround for Android Users To Download the App

TikTok has created Android download kits for TikTok and TikTok Lite to allow users to access the platform despite its absence from US app stores. Users can download the app by visiting TikTok.com/Download, enabling sideloading, which is the installation of apps from outside official app stores. Certain features, like Live streaming and TikTok Shop, are not available. TikTok has not returned to Google Play or the Apple App Store since its removal on January 19 and is implementing security measures for its Android Package Kits. Political concerns about TikTok's ties to China have led to discussions about a potential ban and interest from various figures in acquiring the platform.

AppWizard

October 8, 2024

Google’s latest legal setback could open the door for more app stores on Android

A U.S. District Judge has ruled that Google must share its app catalog with competing app stores and promote these rival platforms on its Play Store for three years. Google is prohibited from undermining rival app stores and from requiring its app store to be preinstalled on new devices. The ruling also eliminates the requirement for developers to use Google Pay Billing, allowing alternative payment methods. A three-member committee will be established to monitor compliance with these regulations, which will take effect on November 1, 2024, although Google plans to appeal the ruling. The decision follows a previous case where the Play Store and Google Pay Billing were found to be illegal monopolies.

Winsage

October 2, 2024

Microsoft announces Recall for Windows Insiders, other AI tools in major new Windows 11 release

Microsoft has announced updates for its Copilot+ PCs and Windows 11, emphasizing the integration of AI tools into daily computing. AI will function as a personal assistant, enabling users to find files and images by describing content in their own words. Windows 11 will be available on devices from manufacturers like Acer, Asus, Dell, HP, Lenovo, Samsung, and Microsoft, powered by Qualcomm, Intel, and AMD processors. New features will be tested by the Windows Insider community before a phased general release in October and November 2024. One feature, Recall, will help users find previously viewed content by capturing screenshots and creating a searchable record, accessible only through Windows Hello for security. Microsoft has implemented measures to filter out sensitive information. Other features include ‘Click to do,’ which suggests task completions, and enhancements to the Photos app for improving image quality. The Windows Search functionality will also be upgraded to locate files based on user descriptions without needing internet connectivity. The Paint app will receive upgrades, including generative fill and erase functionalities, allowing users to create and modify images without a subscription. The upcoming Windows 11 feature upgrade, 24H2, will integrate these AI capabilities and introduce enhancements like Energy Saver mode, Hearing Aid support, Wi-Fi 7 compatibility, and interface upgrades.

Winsage

September 4, 2024

False alarm! Microsoft says that Windows 11 users will NOT be able to uninstall controversial Recall feature

The KB5041865 update for Windows 11 introduced an option to uninstall the Recall feature, which was later clarified by Microsoft to be a bug. Microsoft announced that Recall will be a permanent feature on all Windows 11 devices, although users will be able to disable it. Brandon LeBlanc, a senior product manager at Windows, confirmed that the uninstall option was incorrectly listed and will be fixed in a forthcoming update.

Winsage

August 31, 2024

If you’re worried about privacy and security, you’ll be able to uninstall Recall from Windows 11

The Recall feature of Windows 11 allows users to capture snapshots of their activities at regular intervals to revisit earlier tasks. Due to privacy and security concerns, Microsoft has made Recall opt-in rather than enabled by default and has made it an optional component of the operating system. Users can uninstall Recall entirely if they choose. A new option for Recall has been added in the Control Panel for those who installed the optional KB5041865 update.

AppWizard

August 29, 2024

Is Telegram, Ukraine’s most popular messenger app, a Russian Trojan horse?

Pavel Durov, the founder of Telegram, was recently arrested in Paris on accusations of facilitating terrorism through his app, raising security concerns in Ukraine where Telegram has become the most popular messenger since the Russian invasion in 2022. A poll shows that over half of Ukrainians now prefer Telegram for news updates, a significant rise from 20% in 2021. Telegram's anonymity has led to its misuse, with Russian forces exploiting the platform to create fake accounts and spread disinformation. The app has a history of being utilized in political campaigns, influencing public perception, and has been linked to harassment of journalists and anti-corruption activists. Despite concerns about accountability and misinformation, Ukrainian authorities are not considering a ban on Telegram but are exploring regulations for transparency and accountability.

Tech Optimizer

August 21, 2024

PostgreSQL databases under attack – Help Net Security

Poorly protected PostgreSQL databases on Linux systems are increasingly targeted by cryptojacking attackers. Researchers from Aqua Security observed that these attackers use a systematic approach, starting with brute-forcing access credentials. After breaching a system, they create a new user role with elevated privileges, revoke superuser access from the compromised role, gather intelligence on the system, and download two critical files. The first payload, PG_Core, is designed to eliminate cron jobs and terminate processes linked to other cryptomining malware. The attacker also deletes files to evade detection. The second payload, PG_Mem, installs the XMRIG cryptominer and creates a cron job to run it. PostgreSQL databases, commonly deployed across various environments, have become prime targets due to weak security measures, such as inadequate passwords and misconfigurations. Shodan reports over 830,000 exposed PostgreSQL databases. To protect against cryptojacking, it is essential to implement robust network security measures, ensure strong passwords, use audit logs and intrusion detection systems, and disable unnecessary features.