Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'Google'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 957 results

  1. Earlier this week, Google unveiled a new version of Google Earth, an app that was considered amazing when it launched in 2001 but hadn’t really evolved in the same way that Google’s other technologies have. Now, thanks to this latest update, Google Earth is replete with 3D imagery, curated video content, and other features that will either make you want to book a trip to some far-flung part of the world or just appreciate the Earth right from your own latitude and longitude coordinates. Or maybe both. Here are five things to try with the new Google Earth, which runs in Chrome on desktop and on Android for mobile users: ENJOY 3D MAPS In earlier versions of Google Earth, certain buildings could be viewed in 3D, provided you checked off “3D Buildings” in the Layers portion of the app. But in the newest release of Google Earth, you can view, well, the whole world in 3D. When you search for a location, a clickable 2D/3D button appears on the lower right-hand corner of the screen, giving you a quick and easy way to look at your destination in another dimension. HAVE ANOTHER DOSE OF DAVID ATTENBOROUGH If Planet Earth II wasn’t enough to satisfy your love of nature, or you just can’t get enough of David Attenborough’s remarkably dignified narration of a lizard getting chased by hundreds of terrifying snakes, check out “Epic Hunts Caught on Camera.” Thanks to a partnership with BBC Earth, Google Earth now offers a series of short video clips narrated by Attenborough, which play in YouTube along the righthand side of the usual Earth view. If chimpanzees or underwater expeditions are more your thing, there’s also content from primatologist Jane Goodall and marine biologist Dr. Sylvia Earle. SEE HEMINGWAY’S HANGOUTS Ever want to see the places where Ernest Hemingway wrote his most important and influential works, ones that are second only to this blog post? Within the new “Voyage” tab in Google Earth, you can take a virtual tour of the Galapagos islands, the Samburu National Reserve in Kenya, and other UNESCO World Heritage sites; as well as cultural imprints like Hemingway’s hangouts, architecture by Zaha Hadid, and global perspectives on the different structures we call “home.” GET LOST Did you know that before Europeans came to North America, so-called Mississippians “had built a great city surrounded by huge earthen pyramids and a Stonehenge-like structure made of wood to track the movements of the stars”? And that it’s still visible in Illinois? Me neither, but the new Google Earth highlights this structure, along with eight other architectural feats, forgotten lands, or relics of an ancient world. Go to Google Earth -> Voyage -> History -> Lost Civilizations from Above to find them. FEEL LUCKY Google has ported its “I’m feeling lucky” button from its search engine to the new Google Earth, and it’s a glorious way to distract yourself at work or plan your next spontaneous trip. Source
  2. Google has removed a feature of the Android operating system that has been used in the past in ransomware attacks. Starting with Android O (8.0), set to be released in the fall of 2017, Google plans to deprecate the following window types: TYPE_SYSTEM_ALERT, TYPE_SYSTEM_ERROR, and TYPE_SYSTEM_OVERLAY. These are special "system" windows that are shown above any app on the user's screen. As you'd imagine, this is highly valued realty for ransomware developers, who often aim to obtain permissions to show content via these windows. Once they manage to obtain such permission, they use these windows to block the user's access to the rest of his phone and show ransom notes. Google's anti-ransomware efforts sabotaged by OEMs Starting with Android Marshmallow (6.0), Google reclassified the permissions of these system windows to the "Above dangerous" class. Previously, Android had only two permission classes: Normal and Dangerous. The difference between the two is that the Android OS itself can grant apps access to Normal permissions (adjusting timezone, access mundane sensors, etc.), while the user has to grant access to Dangerous permissions himself. For Above Dangerous permissions, requesting apps can provide instructions and the user has to go to an Android settings section, on his own, to grant access to the SYSTEM_ALERT_WINDOW permission, similar to how permissions are granted for Accessibility features and Device Administrators, also two other features often abused by ransomware. Dinesh Venkatesan, Principal Threat Analysis Engineer, says this didn't actually stop Android malware and ransomware authors, who just found various workarounds to get that permission. It also didn't help that certain Android phone manufacturers didn't move this permission in the Above Dangerous category in their modified Android distributions, nullifying Google's work. Google adds button to shut down abuse apps Now, with Android O, for which Google released a developer preview at the end of March, Google has taken this choice away from OEMs and has deprecated three types of system windows often used by ransomware authors. This means ransomware authors will need to find new ways of showing ransom notes and locking users' screens. And to make things even safer, Google is now allowing users to shut down apps that show other types of system windows. Starting with Android O, when ransomware or other malware attempts to lock users via a system window, the user can pull down the Notifications panel and shut down the app that's locking him out of his phone. New button to shut down apps with annoying system windows, at the bottom of the Notifications panel [via Symantec] "It should also be noted that while the new OS features should prove to be a good defense against ransomware variants that use system alert windows, they will not affect other ransomware threats such as those that constantly pop up the lock screen using user level windows," Venkatesan pointed out. Nonetheless, despite these improvements, Google's own Android Security Report showed that malware devs usually target older versions of the Android OS, where these improvements aren't supported. It also helps that there are more devices running Android 4.x and 5.x, less secure Android versions, compared with 6.x and 7.x, meaning malware devs don't have to go through all the trouble to bypass Google's new security features to make profits. So for the time being, ransomware is going to remain a problem on Android, but most likely for users of older OS versions. Last year, with the release of Android Nougat (7.0), Google also added anti-ransomware improvements, by restricting the ability of malware to "programmatically" change device PINs and passwords. Source
  3. Google Chrome may soon feature a built-in ad-blocker Rumor has it that Google is actually working on a built-in ad-blocker for Chrome and, to take things a step further, may even turn it on by default for everyone. This is a bit of a surprise, considering that Google's main source of money continues to be advertising. Wall Street Journal reports, however, that Google plans to offer its own ad-blocker in Chrome, in order to target a specific type of ads, namely the ones that are particularly annoying. The list includes pop-overs, autoplaying audio and video and more. For the most part, however, Google seems to seek to cater to that group of people that even if annoyed by ads, won't seek an ad-blocker, mostly because they don't have the technical know-how to get the job done or even know that such a thing exists. According to the report, Google isn't a big fan of the deals it has to make with third-party developers, like the people behind Adblock Plus, for instance, which require paying fees so they whitelist ads by companies such as Google. Basically, while Adblock Plus is one of the most popular of its type, it doesn't just whitelist "good" ads that don't bother you too much, it also takes money for allowing various ads to go around their filters. Potentially huge impact Implementing an ad-blocker directly into Chrome makes sense because the browser has almost half the market share. Taking this step would stop the growth of third-party options because users will stop looking for ways to block ads by installing additional extensions. Google wouldn't be killing ads altogether. After all, that's not its intention since the thick of its money comes from this side of business. It will, however, weed out the most annoying ones, which are the ones no one wants to encounter when visiting a web page. There is a problem, however, and it comes exactly from this particular combination - Google is an advertiser and giving the company control over what ads people can see might draw some criticism. After all, what's to stop Google from whitelisting all its ads and controlling who it blocks? Probably the company's moral compass, but that's another story. Source
  4. Reddit opens up about DMCAs In the past year, Reddit has received 3,294 DMCA takedown notices, most of which were thrown to the garbage can. According to Reddit's brand new transparency report regarding the number of piracy takedown notices, copyright holders asked the company to take down a lot of content. Out of the 3,294 requests it received, Reddit rejected 81% of them. Reddit is clearly one of the most visited websites in the world, and rightfully so. The community-oriented platform has subreddits dedicated to pretty much everything you can think of and more are posted every day. On occasion, however, some copyright infringing material will filter through and land on its pages, much like it happens on any platform that deals with this much traffic. The transparency report the company published shows just how much attention the site is getting from copyright holders. Most times, it seems, they're bothered over nothing. "For a request to be valid, it must comply with the statutory requirements outlined in the DMCA. Each DMCA takedown notice is reviewed carefully and, in circumstances where content is actually hosted on our servers, we assess whether the existence of the content on Reddit can fall under an exception, such as 'fair use' of the copyrighted material," Reddit explains. A different approach Given the number of rejected DMCA notices, it's clear that Reddit doesn't just blindly remove posts linking to copyrighted content. After all, the company has previously stated that it does not believe that links generally infringe copyright, something that certainly annoyed a lot of Hollywood execs. According to Reddit's report, out of the copyright removal requests it received, they were required to remove content from the site in 610 instances, making for a 19% approval rate. When compared to Google, that's nothing. In fact, Google is flooded with millions upon millions of requests every year and its automated process has reached a removal rate of 90%. Of course, comparing the two isn't much of a solution since there is such a big gap between the numbers, but it's still telling of the policy applied by each company. Source
  5. Google has acquired a significant piece of land in Nevada, near Reno and Tesla’s Gigafactory site, which will house a future data center, and could also prove host to a testing track for Waymo, the Alphabet-owned autonomous driving company. The purchase of the 1,210 acres in Nevada’s Tahoe Reno Industrial Center was reported by The Wall Street Journal on Monday, and follows the filing of documents detailing the transaction late last week. The purchase of land doesn’t mean Google is breaking ground on a new data center immediately; the report says there aren’t any plans in the books to start construction right away. But with increasing emphasis on its cloud-based business, it’s unlikely the company will sit idle on plans to build new data center infrastructure for long. More interesting might be the WSJ’s assertion that several people suggested Google might use the site as a future testing facility for Waymo’s autonomous vehicles. Nevada is in the process of passing legislation that could see it eventually allow self-driving tests with potentially fewer restrictions than are in place for testing in California, which might make it a good site for high-speed testing of vehicles, above the 35 MPH cap currently in place in Google’s home state. The theory that Google could use the land for testing of vehicles is based mostly on the regulatory conditions in Nevada, and its co-backing of the bill currently making its way through the legislative process, as well as the fact that the parcel of land is much larger than would be required for any single data center. Still, it’s an interesting possibility, and one that makes sense if Waymo wants to continue expanding its real-world testing capabilities. Source
  6. Burger King made waves today after it released a TV ad that purposely triggered the Google Assistant. The ad ends with a person saying "OK Google, what is the Whopper burger?"—a statement designed to trigger any Google Assistant devices like Android phones and Google Home to read aloud a description of the hamburger's ingredients. Google apparently wasn't happy with a third-party hijacking its voice command system to advertise fast food and has issued a server-side update to specifically disable Burger King's recording. Before the ad was disabled, the Google Assistant would verbally read a list of ingredients from Wikipedia. Of course the Internet immediately took to Wikipedia to vandalize the burger's entry page, with some edits claiming it contained "toenails" or "cyanide." Getting the Google Assistant to actually read one of these false edits was a tough task, since the Google Assistant gets its data from Google's search index, rather than a live query of Wikipedia. Still, according to The Verge, there was actually a brief period when the Google Assistant would read a false edit. Google's shutdown of the feature is interesting. The ad will still wake up a Google Home—the "Ok Google" phrase will light up the device, and the little lights on top will spin while it waits for the query to make a round trip to Google's servers. Google Home will no longer dutifully recite the burger's ingredient list, though. Apparently Google has made changes so that Burger King's specific recording of the phrase will no longer trigger a voice response. Instead, the Google Home just quietly goes back to sleep, without any response to the query. Having a live person ask "OK Google, what is the Whopper burger?"' will still trigger a voice response, though. Android phones are a little less susceptible to inadvertent hotword triggers thanks to a feature called "trusted voice," which aims to listen only to "Ok Google" triggers from the device owner. Android phones also don't have "Ok Google" enabled by default, giving Burger King a smaller target area. Google is working on a voice-based user authentication scheme for Google Home, which should shut down similar hotword hijacks in the future. Google Home would be the first Google voice product to detect and differentiate between multiple user voices on the fly—a task I think even some humans would have trouble with—so the feature is taking some time. The total time the ad triggered the Assistant was about three hours. Burger King is still on the hook to run the now-defanged ad on television, but we're sure the company already got its money's worth thanks to tech articles like this one. Burger King isn't the first brand to hijack a virtual assistant, though this may be the first intentional effort. Back in 2014, a commercial for the Xbox One featuring Breaking Bad alum Aaron Paul accidentally activated people's consoles. In the spot, Paul gave the "Xbox on" command to turn on his Xbox One. The only problem: that command turned on the consoles of everyone watching the commercial at home. Source 1 Source 2 (Xbox addendum)
  7. Net neutrality should remain unchanged Tech giants are teaming up to once more fight for net neutrality, which makes us believe we're back to 2014 or 2015. The Internet Association, which is a lobby group representing companies such as Google, Facebook, Microsoft, Amazon, Netflix, and many others, met with Ajit Pai, the new FCC chairman, to tell him net neutrality rules are great just the way they are. This meeting comes as rumors regarding FCC's plans for net neutrality intensified over the past few weeks, indicating that they're planning to roll back rules protecting net neutrality. Of course, that's not exactly a big surprise since Ajit Pai had expressed an opposition to net neutrality since he was only just a member of the FCC, back during the Obama administration. "The internet industry is uniform in its belief that net neutrality preserves the consumer experience, competition, and innovation online. In other words, existing net neutrality rules should be enforced and kept intact," the meeting summary reads, explaining the position the tech industry has on the matter. New rules are no good The latest news on FCC's plans for net neutrality indicate an intention to eliminate the Commission's control over ISPs in order to make neutrality voluntary. The base idea is that there's so much competition among ISPs that they'll just respect the rules on their own volition. In reality, that can't be farther from the truth in most areas across the United States where many citizens have only one option when it comes to choosing an ISP. What tech companies want is for things to stay the way they are. Namely, ISPs should not be able to throttle Internet speeds, to charge heavy users more or to try to block people from using services promoted by competitors, for instance. One of the big examples given back when the fight for net neutrality was on, in 2014, was that some ISPs would purposfully "strangle" the highways taking users to services like Netflix, in order to favor competitor streaming services as Hulu. Source
  8. Google takes war on fake news to the next level Google's war on fake news takes on a new direction as the company straight out marks search results as "true" or "false." Google is currently rolling out an update to its platform which adds a "fact check" label in search results next to articles containing claims that have been vetted. This fact-check tagging system is rolling out globally on Google Search and News and it's an expansion of the company's program introduced in October in the US and the UK via Google's Jigsaw group. "We’re making the Fact Check label in Google News available everywhere, and expanding it into Search globally in all languages. For the first time, when you conduct a search on Google that returns an authoritative result containing fact checks for one or more public claims, you will see that information clearly on the search results page. The snippet will display information on the claim, who made the claim, and the fact check of that particular claim," the company wrote in an announcement. Multiple opinions, multiple answers Unfortunately, this information won't be available for every search result, and there may even be search result pages where different publishers checked the same claim and reached different conclusions. It's important to know, however, that these fact checks are not Google's and they're presented so people can make more informed judgments. "Even though different conclusions may be presented, we think it's still helpful for people to understand the degree of consensus around a particular claim and have clear information on which sources agree," Google adds. Google's fact check community has now grown to 115 organizations, without which this effort would not be possible. It's a good idea for Google not to get involved in "personally" fact-checking all these stories even though it may very well find it easy to get the necessary people hired, because it could easily be accused of bias. Source
  9. Google to launch a new Google Earth tool The "new Google Earth" will be unveiled next week, Google says, refraining to share any more details regarding the upcoming event. Appropriately, according to the invites Google is sending out, the event will take place on April 18, four days before Earth Day, which is held internationally on April 22nd. Google Earth used to be one of the coolest things to play around with online, providing users with a way to move around the earth and explore new locations; but not before checking out the street their house is one. In the past few years, however, Earth has been largely swallowed up by Maps, which became an impressively powerful tool to have. It's unclear at this point what Google has planned for the day, but it wouldn't hold a dedicated event for Google Earth just to remind you that it exists. The most likely scenario involves a completely redesigned tool, perhaps speedier engines, so the images load faster or maybe even more updated imagery via the company's myriad of satellites. Cool features, maybe more VR Google Earth has always been a cool tool to have, allowing you to do a lot of things that Maps never could, like use a flight simulator, view the effects of global warming over time, go back in time and view historical pictures, or dive beneath the ocean waves. Another thing that Google may be announcing in its Earth event next week is the integration of more VR elements. Given the company's announcement a few months back regarding Google Earth VR, which allows people to put on a VR headset and fly to various destinations around the world like some kind of Superman, we might see more of this too. At the time, however, Google Earth VR only featured a few preset destinations, like the Amazon River, Manhattan or the Swiss Alps. Sadly, this is all just speculation at this point, no matter how good it sounds. Thankfully, however, the event is just days away, so we don't have to wait too long. Source
  10. AutoDraw will turn your doodles into art Google is going to help you finally turn your doodles into something that actually resembles whatever you're trying to draw. It's all thanks to an AI bot, of course. I don't know about you, but my drawings are awful. My elephants are unrecognizable, and my horses may pass as dogs, my humans are more or less stick figures, and my houses look terrible. Thanks to Google's new AI, however, they may finally turn into something someone other than myself could recognize. The automated drawing bot works by analyzing your drawing in real time and suggesting a more... polished piece of clip art to replace it. AutoDraw is a new software that Google has created as it tries to expand its machine learning capabilities, experimenting left and right. The tool makes use of the same technology that Google uses for the experimental image recognition software which they're trying to train to identify potential objects, pairing them with a database of simplistic hand-drawn images. A tool for the masses Google considers AutoDraw is a "drawing tool for the rest of us," which means it's perfect for all of us who wouldn't have gotten a passing grade in art class without someone's help. "AutoDraw pairs the magic of machine learning with drawings from talented artists to help you draw stuff fast," the narrator of Google's teaser video for AutoDraw says. As more people will use AutoDraw, the system will only get better, as it happens with AIs. Its capabilities are already extraordinary since it managed to recognize something I drew by using my mouse - as if my regular drawings weren't horrendous enough. Of course, AutoDraw isn't perfect, as it often doesn't really grasp what you're trying to draw, offering options that really have nothing to do with what you had in mind. That's to be expected, however, and it will surely do better in time as it learns more and more. After all, you can't expect it to read your mind to know what you were hoping to achieve when you have zero talent at drawing Source
  11. Google's new search results indexing feature Google has introduced a new way to allow people to submit URLs to their index. If you're wondering where this new page is, then you're not alone. The answer, however, is a bit surprising. In fact, Google didn't create a brand new location where you can submit URLs to the index. Instead, when you're searching for "submit URL to Google," the engine will return a box where you can just type your URL directly without having to go to the trouble of skipping from page to page to reach Google's usual submission forms. The discovery was made by AndroWide founder Naman Dwivedi who tweeted about it. Search Engine Land picked it up and further shared it with the world. This new feature should make people's lives that much easier, and it's an extremely simple tool to have. It's a smart and interactive solution and, since this is Google we're talking about, makes total sense. After all, helping people out with the information displayed returned after running a search is what Google is all about and what they've been trying to accomplish for years through all the tweaks. No guarantees it will go through This tool will help you submit any URL you want, but it does not guarantee that you will actually get it through. Google still has to review the URL and see if they want to index it and show it in the search results. Therefore, simply submitting it, in the search results box or via the regular submission forms, does not mean your link will be included in the index or that it will be shown in the rankings. Of course, you'll also notice in the picture the "I'm not a robot" reCAPTCHA safety measure in its newest form where you don't even have to type in indecipherable words, chose pictures of traffic signs and so on, since the company's system will just figure out if you're a robot or not. Source
  12. Google denies allegations With as much as Google talks about equality, you'd think they'd be the ones leading the change, paying women as much as they pay men. The reality, however, is rather different. According to the US Department of Labor, there are systemic compensation disparities against women "pretty much across the entire workforce," the Guardian reports. Google denies allegations and says they hadn't even heard about this issue until Janette Wipper, Labor Department regional director, testified in front of a court in San Francisco. "Every year, we do a comprehensive and robust analysis of pay across genders, and we have found no gender pay gap," Google said in an official statement. The company, which is a subsidiary of Alphabet Inc. nowadays, has been one of the many tech companies in the Valley that have been trying to improve hiring practices by employing more women, paying more, and so on, in order to step away from the stereotype of tech workers being white and Asian men. Despite all their efforts, Google's own reports indicate that only 19% of Google's tech jobs are held by women, while overall, only one-third of Google's 70,000 workers are women. Widespread investigation The investigation from the Labor Department is a result of a lawsuit filed at the beginning of the year which seeks to bar Google from doing business with the federal government unless the company complies with an audit of its employee compensation records. The company has provided the Labor Department with some of the records it has, but withheld others that it believed would violate workers' privacy. Google, much like other companies in the tech community, have been struggling to bring more equality to the workforce, mostly unsuccessfully. This has brought them a lot of criticism, and rightfully so. The Labor Department has been looking into Silicon Valley companies and the way they pay employees, as well as how they discriminate people when hiring. Since it is in its powers to vet companies that bid on government contracts, it has every right to do so. Oracle Corp has already been sued by the Labor Department earlier this year under the claim that the software maker pays white male workers more than their female and non-white counterparts. Source
  13. LineageOS Picks Up Some New Features And Also Adds A Few New Devices To Its Roster It has only been a few months since its debut, but LineageOS has been making some excellent progress by providing consistent updates for a broad roster of phones that is now over 80 units strong. More recently, the team celebrated a million installations of the OS and, not one to rest on its laurels, has pumped out another update. Over the past couple of weeks, there hasn't been much added in terms of features, but anything new that improves the experience is always welcome. The team has added a new gallery app, making it easier to navigate between a user's timeline, albums, and videos, along with the ability to play videos in fullscreen. In order to prevent issues while updating, the LineageOS Updater has been made more reliable and should encounter fewer occurrences when downloads are broken or corrupted. There is also a new floating button in the screen recording app that will allow users to choose when to begin recording. Naturally, there have been devices added to the roster, with a couple also having been dropped, which you can find in detail down below: If you're interested in trying out LineageOS, be sure to check out the source link below. More Info: LineageOS Source
  14. Google's recently launched video classification API is not as smart as people expected, according to new research published by a three-man team from the Univerisity of Washington. In a paper published last Friday, researchers presented a method that successfully fools Google's new Cloud Video Intelligence API, a machine learning system the company launched exactly a month ago. This new API, currently in beta testing, uses powerful deep-learning models, built using frameworks like TensorFlow, to analyze videos and classify them based on their content. The trick, according to researchers, was to insert an unrelated image inside the video at every two seconds. These photos were enough to fool Google's new API, which detected the images as dominant among the rest of the video frames and used them to classify the video in the wrong categories. Researchers used the following images during their tests. The results speak for themselves, as the Google video classification AI tagged the video primarily on the fake images secretly inserted in the video feed. Currently, even if in beta, this new AI-based video classification system is under testing with companies such as Disney (entertainment), Airbus (avionics), or Ocado (supermarket chain). Flaws have real world impact if left unfixed Researchers say they carried out this experiment because this flaw, if left inside the Google API, would allow an adversary to bypass the video classification system. For example, this flaw could be used to mask ISIS propaganda videos uploaded on YouTube. Misclassifying these videos would result in the videos reaching a wider audience when they're presented to users as related video suggestions. "Note that we could deceive the Google’s Cloud Video Intelligence API, without having any knowledge about the learning algorithms, video annotation algorithms or the cloud computing architecture used by the API," researchers said. "The success of the image insertion attack shows the importance of designing the system to work equally well in adversarial environments." Bleeping Computer readers interested in the researchers' work can read their paper in full here. The paper is entitled "Deceiving Google's Cloud Video Intelligence API Built for Summarizing Videos," and is authored by Hossein Hosseini, Baicen Xiao, and Radha Poovendran. Source
  15. The rule change is meant to weed out bad actors Five years ago, YouTube opened their partner program to everyone. This was a really big deal: it meant anyone could sign up for the service, start uploading videos, and immediately begin making money. This model helped YouTube grow into the web’s biggest video platform, but it has also led to some problems. People were creating accounts that uploaded content owned by other people, sometimes big record labels or movie studios, sometimes other popular YouTube creators. In an effort to combat these bad actors, YouTube has announced a change to its partner program today. From now on, creators won’t be able to turn on monetization until they hit 10,000 lifetime views on their channel. YouTube believes that this threshold will give them a chance to gather enough information on a channel to know if it’s legit. And it won’t be so high as to discourage new independent creators from signing up for the service. “In a few weeks, we’ll also be adding a review process for new creators who apply to be in the YouTube Partner Program. After a creator hits 10k lifetime views on their channel, we’ll review their activity against our policies,” wrote Ariel Bardin, YouTube’s VP of product management, in a blog post published today. “If everything looks good, we’ll bring this channel into YPP and begin serving ads against their content. Together these new thresholds will help ensure revenue only flows to creators who are playing by the rules.” Of course, along with protecting the creators on its service whose videos are being re-uploaded by scam artists, these new rules may help YouTube keep offensive videos away from the brands that spend money marketing on their platform. This has been a big problem for YouTube in recent weeks. “This new threshold gives us enough information to determine the validity of a channel,” wrote Bardin. “It also allows us to confirm if a channel is following our community guidelines and advertiser policies.” As it moves ever closer to parity with the world of prime-time television, YouTube is sensibly taking steps to police how business is done on its service. Time will tell how a rising generation of creators respond to these new limitations. Source
  16. Android is now the world's top OS Android is officially the world’s most popular operating system in terms of Internet usage, according to new data provided by StatCounter, as it managed to overtake Microsoft’s Windows. Figures concerning desktop, laptop, tablet, and mobile usage combined show that Android is now powering no less than 37.93 percent of the devices connected to the Internet, while Windows fell to the second place with 37.91 percent. Without a doubt, the huge growth experienced by Android in the last few years, which helped it secure a market share of more than 80 percent in the mobile industry, contributed to Google gaining the leading spot over Windows, and StatCounter describes this switch of places as “the end of an era.” “This is a milestone in technology history and the end of an era,” Aodhan Cullen, CEO, StatCounter, said today. “It marks the end of Microsoft’s leadership worldwide of the OS market which it has held since the 1980s. It also represents a major breakthrough for Android which held just 2.4% of global internet usage share only five years ago.” No investment in mobile Microsoft’s biggest problem is that its mobile platform barely exists, with Windows Phone/Windows 10 Mobile currently powering around 1 percent of the smartphones out there – some research firms put it at 1.3 percent, while others claim the platform is doing worse, with a share of around 0.5 percent. Despite the fact that it’s leading on the desktop, with Windows holding a share of around 84 percent, Microsoft loses ground due to the mobile platform that is constantly declining every month. With sales of smartphones skyrocketing in the last few years and PC shipments going down every quarter, it was just a matter of time until Android managed to overtake Windows, and it’s probably a change that Microsoft itself expected to happen. Redmond, however, isn’t very interested in investing in mobile, and although its mobile platform is collapsing, there’s little chance for Windows 10 Mobile to return to growth anytime soon. Source
  17. Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone's WiFi component. The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included with many Android and iOS smartphones, and for which both Google and Apple include custom firmware with their OS. Bugs allow remote hacking of Android and iOS devices According to Beniamini, a stack buffer overflow vulnerability in the Broadcom firmware code allows an attacker in the phone's WiFi range to send and execute code on the device. Depending on the attacker's skills, he can deploy code that takes over the user's device and installs applications without the user's knowledge, such as adware, banking trojans, or ransomware. The possible ways in which these bugs can be leveraged range from evil WiFi spots up to wardriving scenarios. Both companies addressed the issue with updates released on Monday, with Apple releasing iOS 10.3.1, and Google delivering updates via its Android Security Bulletin for April 2017. Beniamini described his findings, in the context of attacking a fully-patched Nexus 6P Android device, in a blog post published today. Broadcom needed four months to patch all issues The iOS and Android RCE attacks are two of ten flaws Beniamini discovered in Broadcom's WiFi SoC firmware. None of these flaws affected the Android and iOS operating systems per-se, but the source code of the Broadcom firmware. Both OS makers had to wait for over four months until the chip maker finally managed to fix all flaws. These security bugs were particularly difficult, both in numbers and complexity, as Broadcom asked Beniamini for an extension to Project Zero's 90-day public disclosure policy so they could finish the patching process. Source
  18. Google and Lookout researchers published a report today revealing the activities of a new Android malware family, which they believe to be the Android counterpart of the Pegasus iOS spyware. After surfacing in 2016, the Pegasus spyware made headlines around the world after it was discovered that this wasn't your ordinary malware but a cyber-surveillance toolkit sold by an Israeli company called NSO Group. Similarly to Italian surveillance vendor HackingTeam, the NSO Group developed Pegasus and sold it to governments and law enforcement agencies across the world, even in countries with dictatorial regimes, where it was used to track down dissidents and journalists. At the time, Pegasus was the most advanced iOS malware ever discovered, using several iOS zero-days to infect and collect data from a victim's iPhone. Initial Pegasus investigation moved to Android ecosystem That investigation, spearheaded by security researchers from Lookout and Citizen Lab, continued after the publication of their Pegasus report. During the fall, as Apple was patching the zero-days used by Pegasus, Lookout researchers reached out to Google and sent over a list of suspicious apps, they thought to be connected with Pegasus and the NSO Group. An investigation from Google revealed a new Android malware family named Chrysaor, very similar to Pegasus. Chrysaor features included: Keylogging features Ability to silently answer phone calls and listen in on conversations (Users see a black screen and if they unlock the phone, the phone call is dropped immediately) Ability to take screenshots of the user's screen Ability to spy on users via the front and rear cameras Usage of the ContentObserver framework to gather any updates to apps such as SMS, Calendar, Contacts, Cell info, Email, WhatsApp, Facebook, Twitter, Kakao, Viber, and Skype Ability to collect data such as SMS settings, SMS messages, call logs, browser history, calendars, contacts, and emails Ability to steal messages from apps such as WhatsApp, Twitter, Facebook, Kakoa, Viber, and Skype Usage of alarm functionality to repeat malicious actions at certain intervals Ability to install itself in the /system folder to survive factory resets Ability to sabotage the phone's self-update features Ability to disable WAP push messages to hinder forensics operations Ability to delete itself when instructed or when the C&C server goes dormant Most of these features could be turned on by both an HTTP request from one of the attacker's C&C servers, but also via an SMS message. Chrysaor was by far the most sophisticated threat researchers encountered. In fact, researchers said Chrysaor was far more complex and full of features when compared to Pegasus. Chrysaor used in targeted attacks Just like Pegasus, Chrysaor was used in a small number of attacks, a clear sign this is an advanced tool deployed only by a few groups in targeted attacks, and not something me and you will ever come across. While the victims are unknown, Google said it identified at least three dozen users infected with Chrysaor. All of them got infected because they installed an app via a third-party app store. Using Android's Verify Apps feature, Google intervened and disabled the apps on the victims' phones. From the samples they found, Google and Lookout researchers say these apps appear to have been compiled in 2014, meaning there's likely more victims than the current headcount, most of which they'll never be able to identify. Most of these victims most likely switched or upgraded phones, and their trail was lost. Based on current data, the vast majority of Chrysaor victims were located in Israel, Georgia, Mexico, and Turkey. Security researchers always knew there was an Android version of Pegasus, based on NSO Group brochures, but until now, they were never able to discover a sample and study its behavior. The NSO Group, which is a licensed cyber-arms dealer, has remained quiet to all accusations of selling surveillance tools to oppressive regimes. The full technical report on Chrysaor is available here. Source
  19. The $200,000 bounty Google offered to hack its Android OS was not enough to tempt researchers Six months ago, Google offered to pay $200,000 to any researcher who could remotely hack into an Android device by knowing only the victim's phone number and email address. No one stepped up to the challenge. While that might sound like good news and a testament to the mobile operating system's strong security, that's likely not the reason why the company's Project Zero Prize contest attracted so little interest. From the start, people pointed out that $200,000 was too low a prize for a remote exploit chain that wouldn't rely on user interaction. "If one could do this, the exploit could be sold to other companies or entities for a much higher price," one user responded to the original contest announcement in September. "Many buyers out there could pay more than this price; 200k not worth for finding needle under haystack," said another. Google was forced to acknowledge this, noting in a blog post this week that "the prize amount might have been too low considering the type of bugs required to win this contest." Other reasons that might have led to the lack of interest, according to the company's security team, might be the high complexity of such exploits and the existence of competing contests where the rules were less strict. In order to gain root or kernel privileges on Android and fully compromise a device, an attacker would have to chain multiple vulnerabilities together. At the very least, they would need a flaw that would allow them to remotely execute code on the device, for example within the context of an application, and then a privilege escalation vulnerability to escape the application sandbox. Judging by Android's monthly security bulletins, there's no shortage of privilege escalation vulnerabilities. However, Google wanted for exploits submitted as part of this contest to not rely on any form of user interaction. This means the attacks should have worked without users clicking on malicious links, visiting rogue websites, receiving and opening files, and so on. This rule significantly restricted the entry points that researchers could use to attack a device. The first vulnerability in the chain would have had to be located in the operating system's built-in messaging functions like SMS or MMS, or in the baseband firmware -- the low-level software that controls the phone's modem and which can be attacked over the cellular network. One vulnerability that would have met these criteria was discovered in 2015 in a core Android media processing library called Stagefright, with researchers from mobile security firm Zimperium finding the vulnerability. The flaw, which triggered a large coordinated Android patching effort at the time, could have been exploited by simply placing a specially crafted media file anywhere on the device's storage. One way to do that involved sending a multimedia message (MMS) to targeted users and didn't require any interaction on their part. Merely receiving such a message was enough for successful exploitation. Many similar vulnerabilities have since been found in Stagefright and in other Android media processing components, but Google changed the default behavior of the built-in messaging apps to no longer retrieve MMS messages automatically, closing that avenue for future exploits. "Remote, unassisted, bugs are rare and require a lot of creativity and sophistication," said Zuk Avraham, founder and chairman of Zimperium, via email. They're worth much more than $200,000, he said. An exploit acquisition firm called Zerodium is also offering $200,000 for remote Android jailbreaks, but it doesn't put a restriction on user interaction. Zerodium sells the exploits it acquires to their customers, including to law enforcement and intelligence agencies. So why go to the trouble of finding rare vulnerabilities to build fully unassisted attack chains when you can get the same amount of money -- or even more on the black market -- for less sophisticated exploits? "Overall, this contest was a learning experience, and we hope to put what we’ve learned to use in Google’s rewards programs and future contests," Natalie Silvanovich, a member of Google's Project Zero team, said in the blog post. To that end, the team is expecting comments and suggestions from security researchers, she said. It's worth mentioning that despite this apparent failure, Google is a bug bounty pioneer and has run some of the most successful security reward programs over the years covering both its software and online services. There's little chance that vendors will ever be able to offer the same amount of money for exploits as criminal organizations, intelligence agencies, or exploit brokers. Ultimately, bug bounty programs and hacking contests are aimed at researchers who have an inclination toward responsible disclosure to begin with. Source
  20. Google plans to roll out a new unified design for its sign-in page soon that will have the same look and feel on all devices you use. Google changed the sign-in page several times throughout the years. The last change of the sign-in page dates back to 2015 which Google announced in pretty much the same way. Google changed the design of the page back then, and switched from a single sign-on page to a two-page sign in form. The company has asked for the username on the first page, and for the password on the second page ever since. The company mentions three benefits of the new page. Have a cleaner, simpler look. Make the sign-in process faster. Be consistent across computers, phones, and tablets. Google notes that the new design won't change the functionality of the sign in page at all. The steps remain the same to sign in to a Google account, and users will enter the same information to do so. Source: ghacks.net
  21. Attention, Ms. Pac-Man fans. If you don't already have Google Maps installed on your smartphone, you're going to want to do that today. You can now take a trip down memory lane and play the classic arcade game right inside Google Maps. There goes your weekend. "You can chomp fruit, avoid ghosts, and collect Pac-Dots along city streets in Google Maps worldwide—all as Ms. Pac-Maps," Product Manager David Hendon wrote in a blog post. The feature is available now through Tuesday, April 4, so you better get chomping before it's too late. Just tap on the Ms. Pac-Maps icon on iOS and Android to enter the maze and start chomping away. You can also try it out on your desktop by clicking the Ms. Pac-Maps button at the bottom left of Maps. Be sure to sign in so you can save your top score on the leaderboard and share it with friends. This isn't the first time Google has brought Pac-Man to the masses. One year ago today, the web giant made it possible to play Pac-Man inside Maps. Perhaps this is a new April Fool's Day Eve tradition? In 2010, meanwhile, Google celebrated Pac-Man's 30th anniversary with a homepage doodle that let people play the game right from Google.com. You can still test your skills on Google's doodle page. If you have an Xbox One, you can also play Ms. Pac-Man on your console, thanks to the Xbox 360 backwards-compatibility feature. Source
  22. Nokia To Smartphone Owners: Malware Infections Are Far Higher Than You Think Nokia warns that mobile malware infections grew dramatically in the second half of 2016. Overall, the monthly smartphone infection rate averaged 0.90 percent, an 83 percent increase over the first half of 2016. Nokia no longer makes mobile devices but it's carving out a new business in mobile and Internet of Things security. Now new research from the unit is reporting a 83 percent rise in monthly smartphone infections in the second half of 2016. Two years ago Verizon challenged assumptions about the spread of mobile malware, reporting that just 0.03 percent of smartphones on its network were infected with 'higher-grade' malware. It was much lower than the 0.68 percent infection rate estimated in Kindsight Security Labs' biannual report. But a new report from Nokia, based on data from mobile networks that have deployed its NetGuard Endpoint Security, suggests infections are actually far higher. According to Nokia, the monthly rate of infections in mobile networks peaked at 1.35 percent in October, and averaged 1.08 percent in the second half of 2016. The average infection rate in the first half was 0.66 percent, translating to a 63 percent rise between the periods. It also measured monthly infections on smartphones and says the average rate was 0.9 percent in the second half, up 83 percent from 0.49 percent in the first half. Over the entire year, it says smartphone infections rose a whopping 400 percent. Nokia's data included around 100 million devices across Europe, North America, Asia Pacific and the Middle East. It says that 81 percent of infections were on Android devices, 15 percent on Windows devices, and four percent on iPhones and other mobile devices. It notes that Windows share of infections it counted shrank from 22 percent in the first half of 2016. Although Nokia's report doesn't exclusively deal with Android, it offers a contrast to Google's assessment of malware infections in its Android Security 2016 Year in Review report, released earlier this month. Google reported Android device infections at 0.64 percent in the first quarter of 2016 growing to 0.77 percent in the second quarter, and then moving to 0.67 percent and 0.71 percent in the third and fourth quarters, respectively. Google's measure is based on the frequency it finds PHAs or potentially harmful applications during a "routine full-device scan" with its Verify Apps Android anti-malware service. Google said since 2014 infections on Android have been less than one percent. It also noted that users were 10 times more likely to download malware from outside Google Play than inside its store in 2016. While Nokia reports that infections on mobile networks are increasing, infections on fixed-line residential networks have been falling since the beginning of 2015, despite a bump in early 2016 due to a surge in adware. Source
  23. Security firm CrowdStrike is now officially a contributor to Google’s Virus Total malware database and not just a user of data shared by traditional antivirus (AV) rivals with the service. CrowdStrike announced Thursday that it has opened its Falcon Machine Learning engine to the VirusTotal malware scanning service. In doing so, it appears to have ended an impasse that emerged over concerns that it, and several other next generation security companies, was using the Google-owned service to improve its own products without giving back to the community. In May, VirusTotal threatened a number of next generation security firms with exclusion from the service for leveraging data supplied by traditional AV firms such as Symantec, McAfee, Kaspersky, and Trend Micro. VirusTotal allows anyone to upload a suspected malicious file, to find out if any AV firms have already detected it. Normally, when VirusTotal users seek to check whether a file is malicious, the service will display which firm’s antivirus engines recognise that file. For a new piece of malware, VirusTotal might show that five out of 30 products recognise the file; over time, a user could expect to see more products recognise the specific malware. VirusTotal’s reaction to those concerns was to require all virus scanning companies that want to access its database to integrate their own scanner into its interface. Contributing vendors would also need to pass a test by the Anti-Malware Testing Standards Organisation (AMSTO). CrowdStrike has now fulfilled both these requirements and claims its offering goes over and above the norm, following validation from a third-party certifier. Since CrowdStrike’s Falcon engine doesn’t rely on signatures -- and it scored perfect results under a third-party audit -- the company claims VirusTotal users will be now able to see whether a file is dangerous even when other AV vendors don’t have a match for the file in their databases. “The full machine learning engine is unique as it is also the first engine in VirusTotal to provide a confidence level as a result of its analysis. This aids VirusTotal users by providing an additional level of insight into the level of maliciousness of the malware sample, rather than just a pass or fail detection result currently provided by existing engines,” CrowdStrike said in a statement. According to Reuters, which first reported CrowdStrike’s inclusion in VirusTotal, two other next generation security companies will integrate with the service by the end of September. Reuters named Palo Alto Networks and Cylance as firms that would be affected by VirusTotal’s new policy. SentinelOne was also cut off from VirusTotal for its failure to contribute. VirusTotal issued a brief statement on Thursday welcoming CrowdStrike to the fold. “We welcome CrowdStrike Falcon (ML) scanner to VirusTotal. This is a machine learning engine from USA,” a representative from the Google subsidiary said. CrowdStrike said its contribution to VirusTotal will be visible to end-users as a confidence score rather than the existing method of displaying whether or not a virus scanner recognises a particular malware variant. This could add value to the VirusTotal service by judging new threats before detections for a specific threat is widely recognised. “Windows PE executables and DLL files submitted to VirusTotal will be processed by CrowdStrike Falcon (ML) and the results will be displayed with a confidence score that indicates the degree of certainty the engine has in a file’s maliciousness. Scoring at this level of detail allows users to make more granular and effective policy decisions," FireEye said. Article source
  24. YouTube is working on bringing new features to users of its Android application and a future update could provide pop-up windows for video comments. The feature is currently experimental and is live for only a limited number of people. The new YouTube feature appears to have been included in the latest YouTube app update on the Google Play Store, and it seems to be a server-side update, since only a few users can access it. Still, it means that Google intends to bring the feature to all YouTube users in the near future. The change eliminates YouTube’s old comments section, which was accessible underneath the “Up next” area that displayed related videos. Users could check out and tap on the videos that they wanted to see after the current one ended. Now, there are few videos to scroll through on each page and comments must first be activated to show up. In addition, YouTube placed the icon for displaying comments underneath each video in the app, between the dislike and share button. When users tap on the icon, comments appear above the “Up next” section, while another tap hides them completely. Faster method of reading comments The new method of reading comments is certainly faster and it only displays comments to users who actually want to read them. In addition, the icon for enabling comments has a counter on top, stating how many comments were posted for that specific video. At this point, there’s no word as to when the new feature will arrive to YouTube’s Android app, but since it already rolled out to some users, not much time will pass until it will see a global launch. Perhaps the next YouTube update would also include the new animations for video loading that were spotted earlier this month. Aside from this, YouTube came to the aid of content creators recently and announced a new feature that would allow them to crowdsource translations for titles and descriptions. Source
  25. US tech giants react to UK Home Secretary Rudd Big Tech has told the UK government it will do more to remove extremist content from their networks, but has refused to offer concessions on encryption. Following a meeting between Britain's Home Secretary Amber Rudd and communication service providers, called in the aftermath of the murders in Westminster, senior executives from Facebook, Google, Microsoft and Twitter put out a joint statement. "Our companies are committed to making our platforms a hostile space for those who seek to do harm and we have been working on this issue for several years," the statement reads, adding: "We share the Government's commitment to ensuring terrorists do not have a voice online." In order to do that, the companies said they would "look at all options for structuring a forum to accelerate and strengthen this work." The letter outlines three ways to do that: Improve automatic tools to remove extremist content. Help other companies to do the same. Support efforts from "civil society organizations" to "promote alternative and counter-narratives." The statement is more notable for its omissions than its promises, however. There is no mention of timelines either on taking down such content, or on taking action. There is no promise to remove such content. There is no offer of firm resources. And the only actual project referred to is the "innovative video hash sharing database that is currently operational in a small number of companies." Crucially, there is no mention at all of the other pressing issue – encryption. Reading material Two days after the attack, Amber Rudd made headlines by arguing that the authorities must have access to the communications of the attacker – Khalid Masood/Adrian Ajao – and specifically highlighted Facebook-owned chat app WhatsApp that she said Masood had used on the day of the attacks. The Home Office put out its own short statement following the meeting in which it also glossed over the encryption issue, noting that the meeting "focused on the issue of access to terrorist propaganda online." Rudd said she "welcomes the commitment from the key players to set up a cross-industry forum," but pointedly notes that she would "like to see the industry go further and faster in not only removing online terrorist content but stopping it going up in the first place." Another recent critic of tech companies on this topic, chair of the Home Affairs Select Committee Yvette Cooper, called the outcome "a bit lame." "All the Government and social media companies appear to have agreed is to discuss options for a possible forum in order to have more discussions," Cooper complained. "Having meetings about meetings just isn't good enough." Social media companies in particular are under fire in Europe over the ready availability of extremist material and the apparent ease with which extremists communicate among themselves and with others on systems run by large Western corporations. The issue is complicated by the fact that most of those corporations are based in the United States and so have a strong belief that removing or even blocking content is tantamount to censorship and breaks the First Amendment. Europe takes a different approach to what constitutes fair or free speech and has threatened to introduce legislation obliging social media companies to remove extremist content or face large fines and lawsuits. By Kieren McCarthy https://www.theregister.co.uk/2017/03/31/tech_giants_uk_home_sec_encryption/