FRANCE Warns Microsoft to stop collecting Windows 10 users Personal data

We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft ofcollecting too much data about users without their consent.

Now, the French data protection authority has ordered Microsoft to stop it.

France's National Data Protection Commission (CNIL) issued a formal notice on Wednesday, asking Microsoft to "stop collecting excessive data" as well as "tracking browsing by users without their consent."

The CNIL, Commission Nationale de l’Informatique et des Libertés, ordered Microsoft to comply with the French Data Protection Act within 3 months, and if fails, the commission will issue a sanction against the company.

Moreover, the CNIL notified Microsoft that the company must also take "satisfactory measures to ensure the security and confidentiality" of its users' personal data.

The notice comes after a series of investigations between April and June 2016 by French authorities, revealing that Microsoft was still transferring data to the United States under the "Safe Harbor" agreement that a European Court court invalidated in October last year.

Allegations on Windows 10

The CNIL's list of complaints about Windows 10 does not end there, as it goes on to read:

• Microsoft is collecting data on "Windows app and Windows Store usage data," along with monitoring apps its user's download and time spent on each app, which according to the CNIL, is irrelevant and "excessive" data collection.
• Microsoft is also criticized for its lack of security, since there is no limit set on the number of guesses for entering the four-digit PIN used to protect your Microsoft account.
• After Windows 10 installation, Microsoft also activates a user's advertising ID by default, which enables Windows apps as well as other third-party apps to monitor user browsing history and to offer targeted ads "without obtaining users' consent."
• Windows 10 does not give you any option to block cookies.
• And as I mentioned above, Microsoft is transferring its users' personal data to the United States under the "Safe Harbor" agreement.

 In a statement, the CNIL said: "It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory)."

Microsoft Response on the CNIL Notice

Microsoft has responded to the notice, saying the company is happy to work with the CNIL to"understand the agency's concerns fully and to work toward solutions that it will find acceptable." 

What's more interesting is that Microsoft does not deny the allegations set against it and does nothing to defend Windows 10 excessive data collection, as well as fails to address the privacy concerns the CNIL raises.

However, the tech giant does address concerns about the transfer of its users' personal data to the U.S. under the "Safe Harbor" agreement, saying that "the Safe Harbor framework is no longer valid for transferring data from European Union to the United States."

The company says it still complies with the Safe Harbor agreement up until the adoption of Privacy Shield.

"Microsoft has in fact continued to live up to all of its commitments under the Safe Harbor Framework, even as the European and US representatives worked toward the new Privacy Shield," says Microsoft. "We're working now toward meeting the requirements of the Privacy Shield."

Windows 10 Privacy concerns seem to be a never ending topic. Over the last year, Microsoft has annoyed users with a number of weird practices around Windows 10, including aggressive upgrades and transferring too much information about users back to Redmond.

Since there is the promise of a statement about privacy next week, let's see what happens next. You can read Microsoft's full statement, courtesy of David Heiner, vice president and deputy general counsel, on VentureBeat.

Edward Snowden Designed IPHONE case to Detect and Block Wireless Snooping

We just cannot imagine our lives without smartphones, even for a short while, and NSA whistleblowerEdward Snowden had not owned a smartphone since 2013 when he began leaking NSA documents that exposed the government's global surveillance program.

Snowden fears that cellular signals of the smartphone could be used to locate him, but now, to combat this, he has designed an iPhone case that would detect and fight against government snooping.

With help from renowned hardware hacker Andrew "Bunnie" Huang, Snowden has devised the design, which they refer to as an "Introspection Engine," that would keep journalists, activists, and human rights workers from being tracked by their own devices leaking their location details.

"This work aims to give journalists the tools to know when their smartphones are tracking or disclosing their location when the devices are supposed to be in airplane mode," Huang and Snowden wrote in a blog post published Thursday. "We propose to accomplish this via direct introspection of signals controlling the phone’s radio hardware."

For now, the design is aimed only at iPhone 6 models, but the duo hopes to create specifications for a large number of devices.

Snowden, together with Huang, presented on Thursday at the MIT Media Lab the design for a case-like add-on device that could modify an iPhone, allowing you to monitor various radio signals inside the phone to confirm they're not transmitting data when they’re meant to be off.

Here’s How the Introspection Engine Works:

Once built, the hardware case will be a separate minicomputer - work independent from your phone - made up entirely of open source hardware, containing its own battery and a small mono-color screen to provide a real-time status of your phone.

The case will have tiny probe wires to attach to a modified iPhone that physically wires into the phone’s antennas used by its radios, including cellular connectivity, GPS, Bluetooth, and Wi-Fi, through the SIM card slot.

The Introspection Engine will then be able to monitor radio transmissions and alert users to any unauthorized output signals it isn't supposed to.

In addition to alerting users, the case will even be able to shut down all radio signals on a phone to prevent governments as well as hackers from finding your location.

Since this case is designed to be independent of your phone, it would prevent your device from malware that activates radios without your knowledge.

"Malware packages, peddled by hackers at a price accessible to private individuals, can activate radios without any indication from the user interface," the duo wrote. "Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive."

Instead, Snowden and Huang suggest the beauty of using external hardware as a shield is that it would not be affected if malware has infected your phone. "The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on," they added.

The Introspection Engine’s mission is to warn users when malware or technical glitches are causing your phone to rat out your location.

However, the hardware case is still nothing more than a design for now.

Supported by the Freedom of the Press Foundation, Snowden and Huang are hoping to build a real-world prototype device over the next year in the hopes of making the case available to journalists as soon as possible.

Verizon set to Buy Yahoo. .! for $5 Billion

Finally, Someone has come forward to buy Yahoo! Guess Who?

The telecommunication giant Verizon.

Yes, Verizon Communications Inc. is reportedly closing in on a deal to acquire Yahoo’s core business for about $5 Billion, according to a report from Bloomberg.

Since the agreement between the companies has not been finalized, it is unclear at this moment that which Yahoo's assets the deal would include.

"In order to preserve the integrity of the process, we're not going to comment on the issue until we've finalized an agreement," a Yahoo spokeswoman said in a statement provided to CNNMoney.

You might be wondering Why Verizon is buying Yahoo! Well, I’ll come to it in the second half of my article, because before discussing this point, let’s first focus on why Yahoo! wants to get acquired.

Why Yahoo Was Up For Sale?

Founded in 1995, Yahoo! was once the brightest star of the Web. But when its rivals including Google, Facebook and even few-years-old companies like Snapchat and WhatsApp have won over users, Yahoo! has not been able to maintain that glory.

Yahoo! CEO Marissa Mayer - formerly a Google executive - has spent billions on acquisitions so far to improve Yahoo's mobile products, expanding its audience by acquiring Tumblr and doubling down on premium media content.

But Mayer struggled to slow the overall ad sales decline of Yahoo! and failed.

Last Monday, the company accepted that its revenue fell 15% in the second quarter, after excluding accounting adjustments, and its operating profit fell 64%.

So, after keeping investors at bay for years, Mayer said Yahoo! would explore strategic alternatives, including selling its core assets.

Verizon has long been considered a suitable buyer for Yahoo’s Internet assets, which the telecom giant wants to combine with AOL - the American global mass media corporation bought by Verizon last year for $4.4 Billion.

Now, the two companies are in one-on-one discussions, and Verizon will reportedly acquire Yahoo! for about $5 Billion.

Here's Why Verizon Wants to Buy Yahoo!

So, why does a mobile telecom provider want to acquire the core editorial business of a failed Internet portal?

The sure short answer is:

Advertising!

With the success in the wireless industry, Verizon has been buying up Internet and ad technology companies, like AOL, to compete in a mobile advertising market dominated by two big players, Google and Facebook.

And for this same reason, it is now buying Yahoo!’s ad and content businesses.

Yahoo! has millions of users, and a collection of websites like Flickr, Tumblr, Yahoo Finance, and Yahoo Sports, including some digital-ad technology like Flurry and BrightRoll.

Since the growth of Verizon’s traditional telecom business has been decreased, companies like Yahoo! and AOL would necessarily help Verizon make money from digital advertising on mobile devices.

The deal would not only give Verizon a powerful collection of content and revenue from ad related to that content but also give the telecom company a considerable amount of user data to provide target advertisements to users by the telecom as well as others.

So, this is the kind of deal Verizon was interested in when it acquired Yahoo!

Hacker Downloaded VINE entire Source Code

Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012.

Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed him to download a Docker image containing complete source code of Vine without any hassle

Launched in June 2014, Docker is a new open-source container technology that makes it possible to get more apps running on the same old servers and also very easy to package and ship programs. Nowadays, companies are adopting Docker at a remarkable rate.

However, the Docker images used by the Vine, which was supposed to be private, but actually was available publically online.

While searching for the vulnerabilities in Vine, Avinash used Censys.io – an all new Hacker’s Search Engine similar to Shodan – that daily scans the whole Internet for all the vulnerable devices.

Using Censys, Avinash found over 80 docker images, but he specifically downloaded 'vinewww', due to the fact that the naming convention of this image resembles www folder, which is generally used for the website on a web server.

After the download was complete, he ran the docker image vinewww, and Bingo!

The bug hunter was able to see the entire source code of Vine, its API keys as well as third-party keys and secrets. "Even running the image without any parameter, was letting me host a replica of VINE locally," He wrote.

The 23-year-old reported this blunder and demonstrated full exploitation to Twitter on 31 March and the company rewarded him with $10,080 Bounty award and fixed the issue within 5 minutes.

Avinash has been an active bug bounty hunter since 2015 and until now has reported 19 vulnerabilities to Twitter.

Google Imposed Strictly Enforced verified Boot in Android 7.0 Nougat

As far as security is concerned, Google is going very strict with the newest version of its mobile operating system.

Until now, Google has not done more than just alerting you of the potential threats when your Android device runs the check as part of the boot process.

Android Marshmallow 6.0 does nothing more than just warning you that your device has been compromised, though it continues to let your device boot up.

1. Android Nougat 7.0 Getting Strictly Enforced 'Verified Boot'

In Android Nougat, Google has taken the security of its Android operating system to the next level by strictly enforcing verified boot on devices.

Among multiple layers of security protection, Android uses verified boot - since Android version 4.4 KitKat - that improves its device's security by using cryptographic integrity checking to detect if your device has been tampered with.

Now, Android Nougat will strictly enforce the boot check, giving you far more than just a warning.

2. Android 7.0 Verified Boot Protects Device from Rootkits and Malware

Enforcing verified boot on a device is a good idea.

If any Android malware or rootkit made its way onto your Android device and made deep system changes to critical kernel files, your device will either start in a limited-use mode (presumably similar to safe mode) or refuse to start at all, protecting your data.

In addition to strict verified boot, Android Nougat also features forward error correction that is capable of repairing some errors on devices without any user input.

And, of course, Nexus devices will be the first to get these features.

This will prevent your Android device from becoming a playground for malware and viruses, at least after you restart it.

That sounds really great. Right?

3. If Modified, Corrupt or Tampered, It won't let your phone Boot

For most users the strict verified boot would be helpful, however, for some, it's bad news.

According to Google, some non-malicious corruption of data could cause Android devices to fail to boot up because verified boot process runs into issues that it can not correct.

This data corruption could be the result of some software flaws or hardware issues.

Here's what the Android Developer blog explains: "This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent. Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more."

Since corrupted data may not always be malicious, even a single-byte error could prevent the device from booting.

However, Android Nougat brings additional code designed to protect against data corruption.

"In the changes we made to dm-verity for Android 7.0, we used a technique called interleaving to allow us to recover not only from a loss of an entire 4 KiB source block, reads the blog, "but several consecutive blocks, while significantly reducing the space overhead required to achieve usable error correction capabilities compared to the naive implementation."

4. Verified Boot Has Made It Harder to Root Android 7.0 Nougat

Like I said, data corruption could not always be due to malicious reasons.

Strictly enforcing verified boot could also make it tougher for you to tweak your Android Operating System (especially with locked bootloader) using custom ROMs, mods, and kernels.

Since this involves circumventing the locked bootloader, verified boot process will detect any changes, making it harder for users to play with their devices when Nougat rolls around.

The bottom line:

Enforcing strict verified boot in Android Nougat is a good idea, because most users root their devices with custom firmware but forget to take important security measures, which leaves their devices open to malicious software and rootkits.

What do you think of the additional security Google provides to the boot process in Android Nougat?

Let us know your views in the comments below!

Softbank buys ARM for $32 billion in cash

Japanese telecommunication giant SoftBank has confirmed that the company intends to acquire UK chip designer ARM Holdings for almost $32 Billion (£24.3 Billion) in an all-cash deal.

ARM has also agreed to this offer from SoftBank and said that its board would recommend the all-cash deal to shareholders.

SoftBank will pay nearly $22.5 per ARM share, which is 43 percent more than ARM's closing share price on Friday and 41 percent more than ARM's all-time high closing share price.

The deal is the largest-ever acquisition of a European technology business, first reported by The Financial Times.

Wondering Why is ARM really Worth $32 Billion?

Founded in 1990, Cambridge-based ARM Holdings designs microchips for a variety of smartphones and powers more than 95 percent of the smartphones in the market.

Whether it is Apple's iPhones or iPads, Samsung's Galaxy smartphones, Amazon's Kindle e-readers, the cheapest Nokia phones or Internet-connected devices like Nest's smart thermostats, Fitbit's fitness trackers, Canon's EOS cameras, Ford's cars, and DJI's drones, all are powered by ARM-based chips.

Here’s what ARM chairman Stuart Chambers said about the acquisition:

"This is a compelling offer for ARM shareholders, which secures the delivery of future value today and in cash. The board of ARM is reassured that ARM will remain a very significant UK business and will continue to play a key role in the development of new technology."

ARM does not actually manufacture chips, but rather it licenses its semiconductor technologies to a huge variety of device makers. ARM not only dominates the market for smartphones but also used in other consumer gadgets, industrial-like devices and "Internet of things."

So, SoftBank’s acquisition of ARM Holdings means the Japanese company is buying the most valuable company in the world of mobile processors.

SoftBank said that ARM Holdings, which currently has 4,064 employees worldwide, will remain headquartered in Cambridge, and that the company would retain ARM's senior management team, brand, as well as a lucrative partnership-based business model.

The Japanese firm has also promised to double the staff headcount in the United Kingdom over the next five years.

Here’s what SoftBank CEO Masayoshi Son said about the acquisition:

"We have long admired ARM as a world renowned and highly respected technology company that is by some distance the market-leader in its field. ARM will be an excellent strategic fit within the SoftBank group as we invest to capture the very significant opportunities provided by the Internet of Things."

Son described the ARM acquisition as "one of the most important" acquisitions in the history of its Japan-based business.

This is the latest major tech acquisition in last few months. At the beginning of this month, Antivirus firm Avast acquired AVG Technologies for $1.3 Billion in cash and last month; Microsoft made its biggest acquisition by buying LinkedIn for $26.2 Billion in cash.