Yahoo ! Disabled Email Forwarding - No way to go out

Yahoo! has disabled automatic email forwarding -- a feature that lets its users forward a copy of incoming emails from one account to another.

The company has faced lots of bad news regarding its email service in past few weeks. Last month, the company admitted a massive 2014 data breach that exposed account details of over 500 Million Yahoo users.

If this wasn't enough for users to quit the service, another shocking revelation came last week that the company scanned the emails of hundreds of millions of its users at the request of a U.S. intelligence service last year.

That's enough for making a loyal Yahoo Mail user to switch for other rival alternatives, like Google Gmail, or Microsoft's Outlook.

Yahoo Mail Disables Auto-Forwarding; Making It Hard to Leave

But as Yahoo Mail users are trying to leave the email service, the company is making it more difficult for them to transition to another email service.

That's because since the beginning of October, the company has disabled Yahoo Mail's automatic email forwarding feature that would allow users to automatically redirect incoming emails from their Yahoo account to another account, reported by the Associated Press.

All of a sudden it's under development? Here's what a post on the company's help page reads about the feature's status:

"This feature is under development. While we work to improve it, we've temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses. If you've already enabled Mail Forwarding in the past, your email will continue to forward to the address you previously configured."

In other words, only users who already had the feature turned ON in the past are out of this trouble, but users who are trying to turn ON automatic email forwarding now have no option.

Yahoo has shared the following statement about the recent move:

"We're working to get auto-forward back up and running as soon as possible because we know how useful it can be to our users. The feature was temporary disabled as part of previously planned maintenance to improve its functionality between a user’s various accounts. Users can expect an update to the auto-forward functionality soon. In the meantime, we continue to support multiple account management."

Yahoo is trying to save its Verizon Acquisition Deal

The move to turn off the email forwarding option could be an attempt to keep its customers’ accounts active because any damage to the company at this time is crucial when Yahoo seeks to sell itself to Verizon.

The Yahoo acquisition deal has not yet closed, and Verizon Communications has reportedly asked for a $1 Billion discount off of Yahoo's $4.83 Billion sales price.

As a workaround, you could switch on your vacation responder instead to automatically reply to emails with a note about your new email address.

Delete Your Yahoo Account Before It's Too Late

You can also forego the forwarding process and simply delete your Yahoo Mail account entirely, until and unless Yahoo disables that option, too.

As the Reg media reports that British Telecoms customers, whose email had been outsourced to Yahoo, have not been able to set up automatic email forwarding or even access the option to delete their accounts.

"Sorry, the delete feature is currently unavailable. This feature will become available by the end of September," the error message reads.

Hackers are spreading Malware through Fake Security Tools

Over the past few years, Internet users globally have grown increasingly aware of online privacy and security issues due to mass monitoring and surveillance by government agencies, making them adopt encryption software and services.

But it turns out that hackers are taking advantage of this opportunity by creating and distributing fake versions of encryption tools in order to infect as many victims as possible.

Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity, which has put a lot of efforts in targeting users of software designed for encrypting data and communications.

The StrongPity APT group has been using watering-hole attacks, infected installers, and malware for many years to target users of encryption software by compromising legitimate sites or setting up their own malicious copycat sites.

Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically house malicious files or redirect them to attacker-controlled downloads.

The StrongPity APT group has managed to infect users in Europe, Northern Africa, and the Middle East and targeted two free encryption utilities in different attacks: WinRAR and TrueCrypt.

WinRAR and TrueCrypt are long popular within security and privacy conscious users. WinRAR is best known for its archiving capabilities that encrypting files with AES-256 crypto, while TrueCrypt is a full-disk encryption utility that locks all files on a hard drive.

By setting up fake distribution sites that closely mimic legitimate download sites, StrongPity is able to trick users into downloading malicious versions of these encryption apps in hopes that users encrypt their data using a trojanized version of WinRAR or TrueCrypt apps, allowing attackers to spy on encrypted data before encryption occurred.

"The problem with people depending on tools like this isn’t the strength of the crypto, but more about how it's distributed," says Kurt Baumgartner, principal security researcher at Kaspersky Lab. "This is that problem that StrongPity is taking advantage of."

Booby-Trapped WinRAR and TrueCrypt Downloads:

The APT group previously set up TrueCrypt-themed watering holes in late 2015, but their malicious activity surged in end of summer 2016.

Between July and September, dozens of visitors have redirected from tamindir[.]com to true-crypt[.]com with unsurprisingly almost all of the focus on computer systems in Turkey, with some victims in the Netherlands.

However, in WinRAR case, instead of redirecting victims to a website controlled by StrongPity, the group hijacked the legitimate winrar.it website to host a malicious version of the file themselves.

The winrar.it website infected users mostly in Italy, with some victims in countries like Belgium, Algeria, Tunisia, France, Morocco and Cote D'Ivoire, while the attackers controlled site, winrar.be, infected users in Belgium, Algeria, Morocco, the Netherlands, and Canada.

Top Countries infected with StrongPity APT malware:

According to Kaspersky, more than 1,000 systems infected with StrongPity malware this year. The top five countries affected by the group are Italy, Turkey, Belgium, Algeria and France.

The StrongPity APT's dropper malware was signed with "unusual digital certificates," but the group didn't re-use its fake digital certificates. It downloaded components include a backdoor, keyloggers, data stealers and other crypto-related software programs, including the putty SSH client, the filezilla FTP client, the Winscp secure file transfer program and remote desktop clients.

The dropper malware not only provides the hackers control of the system, but also allows them to steal disk contents and download other malware that would steal communication and contact information.

Therefore, users visiting sites and downloading encryption-enabled software are advised to verify both the validity of the distribution website as well as the integrity of the downloaded file itself.

Download sites that not use PGP or any strong digital code signing certificate are required to re-examine the necessity of doing so for the benefits of them as well as their own customers, explained Baumgartner.

Play Store Now Lets You Stream Games Before Buying Them

We have been hearing about app trials in Google Play for a while now and it looks as if the feature is finally arriving to users in full force. The feature is pretty nifty, even though it wasn’t discussed at all in Google’s latest event

Various users have reported seeing a “Try Now” button appearing next to the “Buy Now” one. Tapping it takes you into a 10-minute free trial of the game where you can assess the quality and experience.

The way this works is quite similar to the cloud-based gaming we have seen on services like OnLive, where the game is actually run on the company’s servers with only the video and audio being transmitted. The controller feedback is sent back to the company servers.

Gameplay:

There is a floating menu to offer help or exit the stream. A countdown timer tells you how much your allotted time is remaining. The cloud services aren’t particularly known for the consistency of their experience but hopefully Google will fare better here.

This is a far less strenuous method than installing a free trial of an app and then assessing it, or worse, paying for an app before deciding you don’t like it and then scrambling for an uninstall. If done well, it can allow for even more action-packed titles on both newer and older devices, which could be an industry changer.

Future Expectations:

The games, reportedly, can be played as many times as possible though no saves will be available. The feature is not available everywhere, requires compatible hardware and supports only limited titles. If all goes well, Play Store could launch a complete streaming service for all apps and games, but that’s just wishful thinking for now. Let’s hope we hear some positives about this new feature in the coming few days.

Image Source : Android Authority

The Internet Has a New Controlling Authority & It’s Not the U.S

The Government of United States has handed over the control of the Internet Assigned Numbers Authority (the internet’s address book) to ICANN, an independent international body made up of a number of governments, corporations and individual users.

What is Internet Assigned Numbers Authority (IANA)?

The IANA manages the allotment of IP addresses all over the globe. It also delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities.

In simple terms, the IANA is a database that stores all the domain names on the internet. For example, if you type “propakistani.pk”, the IANA is responsible for directing you to our website.

Who owns the IANA now?

Initially, IANA was established as an informal way to reference to various technical functions for the ARPANET by Jon Postel and Joyce K. Reynolds. They alone were responsible for managing the IANA from 1988 to 1998.

In 1998, the Department of Commerce created ICANN, a nonprofit organization that is responsible for coordinating the maintenance and procedures of several databases. With participants from all over the globe, the organization’s purpose is to keep the Internet secure, stable and interoperable.

After Postel’s death in 1998, they granted ICANN a contract to manage the IANA. ICANN was to get the full ownership of IANA eventually, but the process was bogged down due to politics. Numerous political leaders from the Republican Party, including Ted Cruz, have opposed this move. However, ICANN finally approved a transition plan this year.

On the 1st of October, a judge ruled in favor of the plan, allowing it to move forward. As of this moment, the ICANN is now the official owner of the IANA.

Facebook Messenger Chats Now Offer End-to-End Encryption

Facebook is finally capitalizing on the promise it first made back in July, of making conversations on Messenger completely encrypted. The platform isn’t the first to offer such a feature but is definitely among the most used ones, even if it doesn’t offer it in full glory.

The feature, dubbed Secret Conversations, is now available to the billion or so active users of Messenger, as confirmed by Wired. It is turned off by default so it requires turning on manually. It also doesn’t make every conversation that has occurred in the past encrypted.

How to Activate:

In the latest version of Messenger, you’ll see a new secret icon in the top right corner of the app. Tap that and you can start an encrypted chat. Existing conversations can also be converted to secret ones, by tapping their name at the top, and toggling the Secret Conversations option.

Encryption Tech:

Messenger uses the renowned Signal encryption system, developed by the nonprofit Open Whisper Systems, which has already been implemented in the privacy-centered Signal Private Messenger. That app has the blessings of none other than Edward Snowden.

Of course, both the users need to update to the latest version of Messenger to use the updated security feature so first make sure that is done. The conversations can only be carried out on a single device at a time.

Room For Improvement:

The functionality of these conversations is a bit more limited in comparison to normal ones, with GIFs and videos not supported, yet.

The feature was first tested in beta in public back in July and only now is it arriving to the all users.

Messenger isn’t the first platform to offer such privacy, as Signal, Telegram and Whatsapp among others have had it for long. Though, it is certainly among the most used messaging apps. That will happen of course if you trust Facebook with your privacy in the first place.