Blog

Do you own an Amazon Kindle?  If so, you're probably already aware of one of the major frustrations with the product.  Kindles are amazing but they don't support the epub file format. Of course, epub is  the format that just about everybody else on the planet other than Amazon sells e-books in.

The company has managed to avoid supporting the epub format for more than fifteen years.

If that has been a sticking point for you, there's good news - sort of.  Kindle will soon be "supporting" the epub format!

We say sort of, and use "supporting" in quotes because although it would be easy for the company to simply enable their ubiquitous readers to support epub, that's not actually what the company has planned.  Instead, Amazon will issue an update to Kindles that will allow them to convert epub files to a proprietary format that can be read by their readers.

Kindle users have gotten by for the past fifteen years by using a program called Calibre, which has a somewhat convoluted routine that converts epub files into the Kindle's native file format.  The results were sometimes not great, but it got the job done.  Even so, it has proved to be intensely frustrating for Kindle users who have complained loudly to Amazon, but to no avail.

Now, finally, Amazon is listening - again, sort of.

Early user reactions to Amazon's announcement have not been favorable, but the company continues to show absolutely zero interest in genuinely supporting the epub format.

In some respects, it's easy to understand Amazon's position. The truth is that at this point, they're likely alienating enough people with their hardline position against the epub format that they're not doing themselves any favors.

At any rate, if you own a Kindle you'll soon be able to convert epub files to something called KF8 and view them on your device.  It's not a great solution but it's an improvement over what exists today.

Used with permission from Article Aggregator

     

A small but important change is coming to your Android apps.  Soon you'll notice a new Data Safety section on the Google Play Store which will provide greater transparency about exactly what data the apps you install are collecting.

The change is meant to serve as a "privacy label" that will allow users to evaluate the data an app will collect on them before they install it, so they can make better and more informed decisions about what to install.

In addition to requiring developers to disclose exactly what data they 're collecting, they will also have to disclose what data they will share with third parties. That essentially forces development teams to disclose the purpose behind the collection.

The new feature will also give users access to more than just the high-level view.  For additional details, they'll be able to click on any given data category to find out the particulars involved.

That sounds amazing but believe it or not, there's more.  The third leg of the new Data Safety section will include details about the app's security practices, outlining what specific mechanisms the developers use to protect and safeguard collected data.  Here, users will also be able to see if they're given the option to ask for the deletion of their collected data at any time.

On top of that, the new Data Safety section will specify if the app in question adheres to the Google Play Families Policy which is aimed squarely at protecting children.

Google is taking a careful and measured approach to the rollout. So if you have an Android device, don't expect that you'll start seeing details in the Data Safety section right away. It will happen over the next few weeks. It will appear and then get increasingly fleshed out.

As of now, app Developers can begin declaring how collected data is used and they have until July 20^th of this year (2022) to complete their submissions.

These are fantastic changes.  Kudos to Google for this.  Great news indeed.

Used with permission from Article Aggregator

     

There's a new hacking campaign underway that you need to be aware of especially if you or anyone you know is interested in upgrading to Windows 11.

The campaign appears to be a legitimate offer from Microsoft and it gives users the opportunity to upgrade to Windows 11 for free.

Unlike many campaigns of this type, this one distinguishes itself in that it does not rely on emails that spoof the Microsoft brand.  Rather, it leverages "poisoned" search results that leads a surfer to a site controlled by the hackers.

This page is a convincing replica of the official Microsoft promo page for Windows 11. Of course, it's got malicious code embedded in it and when the site visitor enters their personal information in order to receive a code for their free upgrade, all they're doing is handing that information straight to the hackers.

What's really going on here is that the hackers are taking advantage of the fact that the average user isn't aware of many of the details surrounding Windows 11.

For example, most end users are unaware of the fact that Windows 11 must meet certain very specific (and demanding) specifications. These include the fact that all legitimate upgrade tools will check to see if the user's machine supports TPM or Trusted Platform Mode (version 2.0) which is built into machines no older than four years of age.

Naturally, the poisoned installer makes no such distinction and will happily allow the user to install the malicious code on whatever machine they happen to be using.

The hackers behind this campaign are using a piece of malware dubbed "Inno Stealer" which does not have any code similarities to other strains of malware in the wild today. So apparently, it is custom work built either by or for the hackers currently using it.

The best and surest way to avoid being taken in by this campaign is to navigate to Microsoft's site direct by typing in the URL.  Don't rely on search result links to get you there and you should be fine.

Used with permission from Article Aggregator

     

Netflix has been talking about cracking down on password sharing for years.  So far, it's been just talk. Recently, the company suffered its first decrease in subscribers in recent memory. They lost more than 200,000 in the first quarter of 2022. That is a fact which sent their stock price reeling.

According to the company's estimates, some 100 million households are currently sharing their passwords. It's a safe bet that now the company is serious about it, so you can expect the crackdown to begin pretty much any time.

It was great while it lasted but Netflix is understandably eager to monetize those accounts and it's under increasing pressure to do so.  With industry giants like Amazon Prime, Apple TV, YouTube, Disney+, Hulu, and others nipping at their heels, the company almost has to take decisive action.

Here's what the company had to say on the matter:

"Our relatively high household penetration - when including the large number of households sharing accounts - combined with competition, is creating revenue growth headwinds. The big COVID boost to streaming obscured the picture until recently.

Account sharing as a percentage of our paying membership hasn't changed much over the years, but coupled with the first factor, means it's harder to grow membership in many markets - an issue that was obscured by our COVID growth.

While we work to reaccelerate our revenue growth - through improvements to our service and more effective monetization of multi-household sharing - we'll be holding our operating margin at around 20 percent."

Interestingly, the company's lax policy with regards to account sharing likely contributed to its earlier growth.  Now the equation has changed, and the company is studying a few different approaches to help them recapture revenue lost to account sharing.

The most popular idea to date was "Paid Account Sharing."  They charged a nominal fee that's still less than a full monthly membership, so that at least they're getting something from it.

That approach is likely so sufficiently light handed that the company's massive user base won't rebel, and it may prove to be an acceptable middle ground for everyone.  Time will tell.

Used with permission from Article Aggregator

     

If you rely on a Microsoft Exchange server to handle email for your company, there is something you should be aware of. Recent research by security and analytics company Varonis has discovered that an affiliate of Hive ransomware has begun targeting Exchange servers that are vulnerable to ProxyShell security issues.

If the group in question finds a vulnerable server, they'll install a variety of backdoors including Cobalt Strike beacon. That allows them to come back later and snoop around in your network for anything of value, steal administrator account credentials, make off with your company's proprietary data, or encrypt your files and demand payment from you to get them back.

The exploited flaws are being tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31297. All 3 range in severity from 7.2 (high) to 9.8 (critical).

This group is hardly unique in exploiting these flaws.  They've been used by other hacker groups including Cuba, Babuk, BlackByte, Conti, and others.  The fact that the exploits seem to be growing in popularity among the hacking community is the most troubling aspect of the recent discovery.

Hive has been around since at least June of last year (2021) and the group has evolved considerably since they first appeared. That prompted the FBI to release a report detailing their activities and tactics to better prepare IT professionals for attacks the group might make against their organizations.

In October 2021, the Hive gang added Linus and Free BSD variants to their growing bank of tricks and they became one of the most active ransomware operations as measured by the frequency of their attacks.

Just last month, researchers operating out of Sentinel Labs discovered that the group is utilizing a new obfuscation technique in a bid to better mask the malicious payloads they introduce to infected networks.

All of this points to the fact that the Hive group is actively working to improve the efficiency and effectiveness of their attacks.  Stay vigilant and be on the alert for this group.  They've got a well deserved reputation for being dangerous.

Used with permission from Article Aggregator