Tor Browser 8.0.8 & 8.5a9 released: fixing bugs found during the Pwn2Own contest

From meterpreter.org

Why do you use Tor?

Protect their privacy from unscrupulous marketers and identity thieves.

Internet Service Providers (ISPs) sell your Internet browsing records to marketers or anyone else willing to pay for it. ISPs typically say that they anonymize the data by not providing personally identifiable information, but this has proven incorrect. A full record of every site you visit, the text of every search you perform, and potentially userid and even password information can still be part of this data. In addition to your ISP, the websites (and search engines) you visit have their own logs, containing the same or more information.

Protect their communications from irresponsible corporations.

All over the Internet, Tor is being recommended to people newly concerned about their privacy in the face of increasing breaches and betrayals of private data. From lost backup tapes to giving away the data to researchers, your data is often not well protected by those you are supposed to trust to keep it safe.

Read more…

Researchers reveal high-risk vulnerabilities in Chrome for Android

From meterpreter.org

Google Chrome vulnerability

Google has fixed a high-risk security vulnerability in the Android WebView web browser component in the Android routine security update released earlier this year. However, no one knew at the time what the details of the vulnerability were and what were the dangers until the researchers who discovered the vulnerability disclosed the vulnerability. This vulnerability was immediately submitted to Google for confirmation at the beginning of the year. Based on the severity of the vulnerability, Google immediately made an update in the month to block the vulnerability.

Read more…

AT&T’s “5G E” is actually slower than Verizon and T-Mobile 4G, study finds

From arstechnica.com

Screenshot from an AT&T commercial showing text that reads,

AT&T’s “5G E” service is slightly slower than Verizon’s and T-Mobile’s advanced 4G LTE networks, a study by OpenSignal has found.

As Ars readers know, AT&T renamed a large portion of its 4G network, calling it “5G E,” for “5G Evolution.” If you see a 5G E indicator on an AT&T phone, that means you’re connected to a portion of AT&T’s 4G LTE network that supports standard LTE-Advanced features such as 256 QAM, 4×4 MIMO, and three-way carrier aggregation. All four major carriers have rolled out LTE-Advanced. But while Verizon, Sprint, and T-Mobile accurately call it 4G, AT&T calls it 5G E.

Sprint sued AT&T, alleging that AT&T is gaining an unfair advantage by making false and misleading claims to consumers.

AT&T’s network name change may well trick consumers into thinking they’re getting better service than a 4G operator, but they aren’t. We already knew that 5G E has no technological advantage over LTE-Advanced, because they are the same thing with different names. But actual speed tests could reinforce that point.

Read more…

Facebook allegedly knew of Cambridge Analytica activity months prior to public reports

From zdnet.com

Facebook allegedly knew about Cambridge Analytica’s data practices months before the media exposed the scandal, court filings suggest.

The scandal, first exposed by The Guardian in 2015, revealed that Cambridge Analytica had managed to obtain data on millions of Facebook users in the UK, US, and beyond, made possible through “improper sharing” practices conducted between an app developer and the company.

It is believed that up to 87 million users were impacted and had their data shared without consent for the purposes of voter profiling.

Facebook has since been fined £500,000 by the UK’s Information Commissioner’s Office (ICO), a penalty the social networking giant intends to appeal.

In a court filing by the attorney general for Washington DC, as reported by the publication, the allegation has now surfaced that Facebook knew of Cambridge Analytica’s data-scraping scheme months ahead of the public.

Read more…

Microsoft Windows 7 patch warns of coming patchocalypse

From nakedsecurity.sophos.com.com

Microsoft has issued a patch to remind Windows 7 users that they’ll soon have no patches.

The update tells users that they won’t be able to get support for Windows 7 after 14 January 2020, and it’s effectively a nudge to upgrade to a later operating system (Microsoft has been pressuring people for a long time to upgrade to Windows 10).

What does end of support really mean?

Each version of Windows goes through different support stages. In mainstream support, it gets all the updates and patches you’d expect, but this phrase eventually ends, at which point the operating system version switches to extended support. This still provides security updates, but non-security updates are no longer available for desktop consumer-products. Enterprises can only get them with extended hotfix support.

Mainstream support for Windows 7 without Microsoft’s Service Pack one (SP1) addition ended on 9 April 2013. Those users that had installed SP1 still found mainstream support ending on 13 January 2015. Since that time, Windows 7 SP1 users have been on extended support. The end of support that Microsoft is talking about on 14 January 2020 is the end of that extended support, which is a little like running off a cliff, security-wise.

Read more…