By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Apple iPhone owners could not be blamed for rushing to upgrade to Apple iOS 13.4. It brings a lorry load of new features but unfortunately, it is also full of problems. The bugs keep coming in iOS 13.4. 9to5Mac has spotted a new search bug for iPhone users where the plus sign (+) is automatically deleted. This is less troublesome than most of the bugs listed below, but it can have consequences, ranging from the irritating ('Disney+' only brings up 'Disney') to the potentially costly (searching for Galaxy S20+ prices will show you the 'Galaxy S20' which could see you jump at the lower price and accidentally purchase the wrong phone). Ironically, iPhone users interested in Apple's new Apple TV+ service will only be shown Apple TV hardware boxes. Curiously, 9to5Mac notes that MacOS 10.15.4 also suffers from this so Apple is spreading the bugs around with its latest updates. iOS has again hit the headlines, and not in a way Apple will like. Digging through leaked iOS 14 code, MacRumors has discovered an image buried inside the code of a controller for an AR/VR headset. In keeping with Apple's design aesthetic, the controller is typically minimalist: cylindrical tube with a matte black finish and single power button. This builds on an earlier MacRumors finding that iOS 14 contains a new AR app codenamed Gobi, which it believes Apple is using for internal testing. Curiously, the company has also set up an AR "bowling game [which] can only be triggered at an intersection near an Apple office known as 'Mathilda 3' at 555 N Mathilda Ave in Sunnyvale, California, which may be one of the locations that Apple is developing its AR/VR headset." A lot of mystery remains, but one thing is clear: following the arrival of the advanced LiDAR sensor in Apple's new iPad Pros, Apple will make a major push for AR/VR in 2020 and the iPhone 12 will be next. Discovered by popular VPN service Proton, Apple iOS 13.4 contains a security vulnerability that prevents your data from being secured when using a VPN on your iPhone. Proton explains that iOS 13.4 fails to close existing unsecured connections when your VPN is started and “some are long-lasting and can remain open for minutes to hours outside the VPN tunnel.” This is hugely significant for any iPhone owner who uses a VPN to protect their most sensitive data. And, most worryingly, Proton explains that it originally discovered the bug in iOS 13.3.1 and told Apple - who acknowledged it - but has since failed to provide any subsequent fix, despite iOS 13.4 coming out almost two months later. “Neither ProtonVPN nor any other VPN service can provide a workaround for this issue because iOS does not permit a VPN app to kill existing network connections,” Proton explains. It suggests starting your VPN, and turning AirPlane mode on and off as a way to kill active connections outside the VPN but this only works for Apple’s Always-on VPN since it requires device management, to which no third-party VPNs have access. Aside from its security vulnerabilities, iOS 13.4 and iPadOS 13.4 upgraders are reporting multiple issues, including broken third-party keyboards on iPads, unreliable Bluetooth connectivity with odd shortcut glitches and crashes and missing cellular networks for dual sim users. On top of this, there are bugs in Control Center, the virtual keyboard, Assistive Touch, opening and updating apps and more. This list also excludes the ongoing cellular data and hotspot problems Apple has privately recognized but, so far, failed to fix in iOS 13. We have more posted on OUR FORUM.

Earlier this year, Microsoft released its latest chromium-based Edge web browser, the same engine on which Google Chrome is running. This, however, leads to a browser war between the two tech giants. Google warned the user against downloading Chrome’s web extension on the new Edge browser, citing a reason that web extensions are less secured on Edge. Microsoft, on the other hand, asks its users to avoid using Chrome Extensions as they can reduce the Edge performance and functioning. People were waiting for neutral testing and review of both the browsers, which was finally done by Professor Douglas Leith, from the School of Computer Science and Statistics at Trinity College, Dublin. This will surely put a full stop on the arguments and debates which are going on between Chrome Vs Edge. Professor Douglas Leith’s research is based on how all the popular web browsers communicate with the backend servers. And the results were surprising. He categorized the browsers into three groups based on the privacy perspective. In the first group, which is considered to be the most private, there is only a single browser – Brave. The second group with moderate privacy contains Chrome, Firefox, and Safari. And the last group with the browser with the least privacy includes Edge and Yandex. Furthermore, Edge also has a feature of search autocomplete. This feature collects the details of web pages visited by the users and transfers web page information to the servers. Over time, this collected data can reveal the identity of the users following their browsing behavior. However, the good thing is the user can turn off the search autocomplete feature. It is worth mentioning that last year a security researcher reported a similar issue with the old Microsoft Edge. The researcher named Matt Weeks tweeted about the flaw in the Edge. He pointed out that the Edge sends the full URL of the pages you visit, to its backend servers. He also shared a screenshot of an Edge script that had his website and username on it. When Microsoft was confronted, one of their spokespersons provided an explanation. She said that Microsoft Edge collects the diagnostic data that includes the device identifier for the purpose of ‘product improvement.’ This diagnostic data may contain information about the websites you visit. They, however, do not track your browsing history. She further added that Edge asks permission from its users to collect this diagnostic data and also provides an option to turn it off later. Learn more by visiting OUR FORUM.

From time to time we may encounter vulnerabilities in third-party software, which in the future will be disclosed after 90 days in accordance with our responsible disclosure program. We are disclosing this “VPN bypass” vulnerability publicly because it’s important that our community and other VPN providers and their users are aware of this issue. Below we explain the nature of the security flaw, how we investigated it, and what users can do to mitigate their risk until Apple fixes the vulnerability. Typically, when you connect to a virtual private network (VPN), the operating system of your device closes all existing Internet connections and then re-establishes them through the VPN tunnel. A member of the Proton community discovered that in iOS version 13.3.1, the operating system does not close existing connections. (The issue also persists in the latest version, 13.4.) Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel. One prominent example is Apple’s push notification service, which maintains a long-running connection between the device and Apple’s servers. But the problem could impact any app or service, such as instant messaging applications or web beacons. The VPN bypass vulnerability could result in users’ data being exposed if the affected connections are not encrypted themselves (though this would be unusual nowadays). The more common problem is IP leaks. An attacker could see the users’ IP address and the IP address of the servers they’re connecting to. Additionally, the server you connect to would be able to see your true IP address rather than that of the VPN server. When you connect a device to VPN, you should only be able to see traffic between the device’s IP and the VPN server or local IP addresses (other devices on your local network). As the capture below shows, there is also direct traffic between the iOS device’s IP and an external IP address that is not the VPN server (in this case it’s an Apple server). For more and a workaround please visit OUR FORUM.

So there has been a lot of chatter about the next iteration of Windows and questions about where Microsoft is going with Windows. Will there be a Windows 11? Will Windows 10 stay the same way forever? What about Windows 10X? The future of Windows as an Operating System seems to be something called Windows Core OS. To understand what Windows Core OS is, you first have to understand a little bit about what Windows 10 is and is not. From the very beginning, Microsoft said that Windows 10 would be one Operating System that would simply work on multiple form factors. The reality though was significantly different. Windows 10 for desktops, Windows 10 for HoloLens, Windows 10 for IoT devices, Windows 10 for Surface Hub, Windows 10 for Xbox, etc are all Windows 10 but they are each unique and different Operating Systems. The truth is that Microsoft had to make substantial changes to each version of Windows to make them work on the specific hardware they were marketed for. Without those modifications, Windows 10 for desktops would be horrible or downright incompatible with an Xbox. While Windows 10 is different for each version, there are some common elements across all of its versions. OneCore and OneCoreUAP are some layers of Windows 10 that you can find across all versions of Windows 10 but unfortunately, most of the OSs are unique and built from scratch. It’s real simple here. If most of the Windows 10 Operating Systems for different devices are different code, it has to be tremendously inefficient to create, test, maintain and support each version. It’s an inefficient and expensive pain in the ass. Period. In addition, it’s a pain in the ass every time Microsoft wants to build a version of Windows 10 for a new device type, such as foldable, which seemed to come out of the blue in the last couple of years. Windows Core OS (WCOS for short) is a new, modern version of Windows and is a monumental step forward in making Windows a truly universal OS. In short, WCOS is a common denominator for Windows that works cross-platform, on any device type or architecture, that can be enhanced with modular extensions that give devices features and experiences where necessary. Basically, Microsoft is building a universal base for Windows that can be used across all these different devices. Windows Core OS strips Windows down to the bare minimum. It doesn’t include any legacy components or features and sticks to UWP as a core for the operating system as it’s lighter and already universal. From there, Microsoft can build out Windows Core OS with different components and features that it can then apply to devices where necessary. But this time, those components and features can be shared across the many different devices Windows Core OS will run on. Instead of having to develop a new version of Windows 10 for every new device type that comes along, Microsoft can simply begin with Windows Core OS and pull in common features and functions that are prebuilt. This would be infinitely more efficient for Microsoft with way fewer development dollars needed to make this happen. Learn more by visiting OUR FORUM.

   

Propelled by average enthusiasts in their shared quest to defeat COVID-19, the Folding@Home network is now pushing out 470 PetaFLOPS of raw compute power. To put that in perspective, that's twice as fast as Summit, the world's fastest supercomputer, making the network faster than any known supercomputer. It's also faster than the top seven supercomputers in the world, combined.  It's impressive that the Folding @Home network is now more than twice as powerful as Summit's 149 PetaFLOPS of sustained output: ORNL announced two weeks ago that Summit had also joined the coronavirus fight and has already found 77 different small-molecule drug compounds that might be useful to fight the virus. Summit employs 220,800 CPU cores, 188,416,000 CUDA cores, 9.2PB of memory, and 250PB of mixed NVRAM/storage for the task. But Summit is far faster than the other supercomputers further down the Top500 list. That means the Folding @Home network is also now faster than the world's top seven supercomputers, combined. That's equivalent to the horsepower of 27,433,824 CPU/GPU cores that are being used in the most powerful systems in the world. These leading supercomputers are typically only used by nation-states for decidedly more nefarious purposes, such as nuclear research, so seeing this type of compute power unleashed for the common goal of defeating the coronavirus is certainly encouraging. Here is a view of the enemy, stunning in its complexity, and deadly in its intentions. This virus may be sweeping the globe, pushing large portions of the world into isolation at both the national and personal level, but the global community is coming together through the Folding @Home network to fight back by furthering research into possible cures or vaccines. This consists of using your computer to complete small chunks of much larger problems, thus giving researchers access to an unprecedented amount of computing horsepower. Distributed computing has always been a great hobby because of the detailed stats compilation and the dizzying number of teams involved, but Folding @Home's addition of coronavirus research to its normal pursuits, like cancer, Alzheimer's, and Parkinson's research, has led to an overwhelming amount of new users. Folding @Home reports that it has seen a 1,200% increase in contributors, with Bitcoin miners also joining the fight, and over 400,000 new volunteers have joined over the last two weeks. Unfortunately, that massive surge in demand has led to a shortage of work units (the small chunks of larger workloads sent to each user), but Folding@Home has expanded its capacity to serve units to speed production. Work units are still being issued and many more are in the pipeline. You can help, too, by simply installing the Folding@Home application and turning over some of your spare CPU or GPU horsepower to help defeat the virus. It only takes a few minutes to set up the program, and then it's effortless as the program runs in the background. Follow this thread on OUR FORUM.

FBI's Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. "Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government," IC3's alert says. "While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money." The FBI issued another warning about a phishing scam impersonating the Internal Revenue Service (IRS) in 2008 and trying to steal taxpayers' personal information using economic stimulus checks as bait. Similar campaigns might also ask potential victims for donations to various charities, promise general financial relief and airline carrier refunds, as well as try to push fake COVID-19 cures, vaccines, and testing kits. Other active phishing attacks are also taking advantage of the COVID-19 pandemic to infect victims with malware and harvest their personal info via spam impersonating the Centers for Disease Control and Prevention (CDC) and other similar organizations like the World Health Organization (WHO). The FBI also says that scammers are also trying to sell products claiming to prevent, treat, diagnose, or cure the COVID-19 disease, as well counterfeit sanitizing products and personal protective equipment (PPE), including but not limited to N95 respirator masks, gloves, protective gowns, goggles, and full-face shields. To avoid getting scammed by fraudsters, infected with malware, or have your personal information stolen, IC3 recommends not clicking on links or open attachments sent by people you don't know and to always make sure that the websites you visit are legitimate by typing their address in the browser instead of clicking hyperlinks. You should also never provide sensitive information like user credentials, social security numbers, or financial data when asked over email or as part of a robocall. To make it easier to spot phishing and scam attempts, you can also check the domain of websites you visit for misspellings or for the wrong top-level domain (TLD) at the end of the site's URL — .com or .net instead of .gov, the sponsored top-level domain (sTLD) used by US government sites. You can read the full FBI Warning on OUR FORUM.