Intel had a strong partnership with Apple since 2005 and although Apple now has Mac computers with its own chips, there are still some Macs being shipped with Intel processors. However, as the M1 chip has been praised for its performance and efficiency, Intel is now mocking Apple in a new campaign that highlights things users can’t do on a M1 Mac.
The new campaign has been running on Twitter and other websites claiming that there are some tasks that only Windows PCs can do. In one of the new ads, Intel says that “only a PC offers tablet mode, touch screen and stylus capabilities in a single device,” which is similar to what Microsoft does in Surface ads.
Another ad in the campaign is even more aggressive by claiming that Macs are not ideal for engineers and games, as Windows has a broader catalog of software and games than macOS. It even mentions that “if you can launch Rocket League, you’re not on a Mac” since the game was discontinued for macOS last year.
In addition to the web ads, the campaign also includes a paid video with YouTuber Jon Rettinger in which he points out advantages of having a regular laptop instead of a M1 MacBook, such as standard USB ports, touch screen, eGPU support, and working with two external displays.
Only a PC offers tablet mode, touch screen and stylus capabilities in a single device. #GoPC
— Intel (@intel) February 2, 2021
Last week, Intel shared a slideshow of benchmark results comparing its 11th generation “Tiger Lake” i7 processor against Apple’s M1 chip in an attempt to show that Intel processors are more powerful than a chip that Apple built for low-power, fanless computers.
In the meantime, Apple says that the transition from Intel processors to Apple Silicon Chips is expected to be completed by the end of 2022, when the company will no longer have any Mac computers running on Intel. With that said, it’s clear that Intel has nothing left to lose with this campaign against Apple — the company has already lost everything it could.
FTC: We use income earning auto affiliate links. More.
It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping off this month’s list are two zero-days under active exploit and critical networking flaws that allow attackers to remotely execute malicious code or shut down computers.
The most important patch fixes a code-execution flaw in Adobe Reader, which despite its long-in-the-tooth status remains widely used for viewing and working with PDF documents. CVE-2021-21017, as the critical vulnerability is tracked, stems from a heap-based buffer overflow. After being tipped off by an anonymous source, Adobe warned that the flaw has been actively exploited in limited attacks that target Reader users running Windows.
Adobe didn’t provide additional details about the vulnerability or the in-the-wild attacks exploiting it. Typically, hackers use specially crafted documents sent by email or published online to trigger the vulnerability and execute code that installs malware on the device running the application. Adobe’s use of the word “limited” likely means that the hackers are narrowly focusing their attacks on a small number of high-value targets.
Microsoft, meanwhile, has issued a fix for a vulnerability in Windows 10 and Windows Server 2019 that’s also under active attack. The flaw, indexed as CVE-2021-1732, allows attackers to run their malicious code with elevated system rights.
Chain of exploits?
Hackers typically use these so-called elevation-of-privilege exploits alongside attack code that targets a separate vulnerability. The former will allow code execution while the latter ensures the code runs with privileges that are high enough to access sensitive parts of the operating system. Microsoft credited JinQuan, MaDongZe, TuXiaoYi, and LiHao of DBAPPSecurity Co. Ltd. with discovering and reporting the vulnerability.
The simultaneous patching of CVE-2021-21017 and CVE-2021-1732 and their nexus to Windows raise the distinct possibility that in-the-wild attacks are combining exploits for the two vulnerabilities. Neither Microsoft nor Adobe has provided details that confirm this speculation, however.
Microsoft on Tuesday published a security bulletin strongly urging users to patch three vulnerabilities in the Windows TCP/IP component, which is responsible for sending and receiving Internet traffic. CVE-2021-24074 and CVE-2021-24094 are both rated as critical and allow attackers to send maliciously manipulated network packets that execute code. Both flaws also allow hackers to launch denial-of-service attacks—as does a third TCP/IP vulnerability tracked as CVE-2021-24086.
The bulletin said that developing reliable code-execution exploits will be hard but that DoS attacks are much easier and hence likely to be exploited in the wild.
“The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term,” Tuesday’s bulletin said. “We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.”
The three vulnerabilities stem from a flaw in Microsoft’s implementation of TCP/IP and affect all supported versions of Windows versions. Non-Microsoft implementations aren’t affected. Microsoft said it identified the vulnerabilities internally.
56 vulnerabilities
In all, Microsoft patched 56 vulnerabilities across multiple products including Windows, Office, and SharePoint. Microsoft rated 11 of the vulnerabilities as critical. As usual, affected users should install patches as soon as practical. Those who can’t patch immediately should refer to workarounds listed in the advisories.
A word, too, about Adobe Reader. Adobe has devoted significant resources over the past few years to improving the security of the product. That said, Reader includes a bevy of advanced features that casual users rarely, if ever, need. These advanced features create the kind of attack surface that hackers love. The vast majority of computer users may want to consider a default reader that has fewer bells and whistles. Edge, Chrome, or Firefox are all suitable replacements.
Google is weaning itself off user-tracking “cookies” which allow the web giant to deliver personalized ads but which also have raised the hackles of privacy defenders.
Last month, Google unveiled the results of tests showing an alternative to the longstanding tracking practice, claiming it could improve online privacy while still enabling advertisers to serve up relevant messages.
“This approach effectively hides individuals ‘in the crowd’ and uses on-device processing to keep a person’s web history private on the browser,” Google product manager Chetna Bindra explained in unveiling the system called Federated Learning of Cohorts (FLoC).
“Results indicate that when it comes to generating interest-based audiences, FLoC can provide an effective replacement signal for third-party cookies.”
Google plans to begin testing the FLoC approach with advertisers later this year with its Chrome browser.
“Advertising is essential to keeping the web open for everyone, but the web ecosystem is at risk if privacy practices do not keep up with changing expectations,” Bindra added.
Google has plenty of incentive for the change. The US internet giant has been hammered by critics over user privacy, and is keenly aware of trends for legislation protecting people’s data rights.
Growing fear of cookie-tracking has prompted support for internet rights legislation such as GDPR in Europe and has the internet giant devising a way to effectively target ads without knowing too much about any individual person.
– ‘Privacy nightmare’ –
Some kinds of cookies — which are text files stored when a user visits a website — are a convenience for logins and browsing at frequently visited sites.
Anyone who has pulled up a registration page online only to have their name and address automatically entered where required has cookies to thank. But other kinds of cookies are seen by some as nefarious.
“Third-party cookies are a privacy nightmare,” Electronic Frontier Foundation staff technologist Bennet Cyphers told AFP.
“You don’t need to know what everyone has ever done just to serve them an ad.”
He reasoned that advertising based on context can be effective; an example being someone looking at recipes at a cooking website being shown ads for cookware or grocery stores.
Safari and Firefox browsers have already done away with third-party cookies, but they are still used at the world’s most popular browser – Chrome.
Chrome accounted for 63 percent of the global browser market last year, according to StatCounter.
“It’s both a competitive and legal liability for Google to keep using third-party cookies, but they want their ad business to keep humming,” Cyphers said.
Cyphers and others have worries about Google using a secret formula to lump internet users into groups and give them “cohort” badges of sorts that will be used to target marketing messages without knowing exactly who they are.
“There is a chance that it just makes a lot of privacy problems worse,” Cyphers said, suggesting the new system could create “cohort” badges of people who may be targeted with little transparency..
“There is a machine learning black box that is going to take in every bit of everything you have even done in your browser and spit out a label that says you are this kind of person,” Cyphers said.
“Advertisers are going to decode what those labels mean.”
He expected advertisers to eventually deduce which labels include certain ages, genders or races, and which are people prone to extreme political views.
A Marketers for an Open Web business coalition is campaigning against Google’s cohort move, questioning its effectiveness and arguing it will force more advertisers into its “walled garden.”
“Google’s proposals are bad for independent media owners, bad for independent advertising technology and bad for marketers,” coalition director James Rosewell said in a release.
Public beta testing for SpaceX’s satellite-beamed internet service kicked off late last year for people in the US, Canada and the UK, and an FCC application (PDF) tells us a bit about how things are going so far. CNBC points out the filing, which seeks designation for Starlink as an eligible telecommunications carrier, and notes that SpaceX reports over 10,000 people are already using the service.
Starlink is seeking designation so it can access the millions of dollars it’s been granted from the Rural Digital Opportunity Fund to provide service across a number of states. The letter also notes that SpaceX already has more than 1,000 satellites in orbit (it just launched a few more last night), and that its network is showing it can provide more than 100/20 megabits per second connections, as well as less than 31ms of latency for 95 percent of round-trip measurements.
Enlarge / A SpaceX Starlink user terminal/satellite dish.
Lobby groups for small ISPs are urging the Federal Communications Commission to investigate whether SpaceX can deliver on its broadband promises and to consider blocking the satellite provider’s rural-broadband funding. Meanwhile, SpaceX says the Starlink beta is now serving high-speed broadband to 10,000 users.
SpaceX was one of the biggest winners in the FCC’s Rural Digital Opportunity Fund (RDOF), winning $885.51 million over 10 years to bring Starlink broadband to 642,925 homes and businesses in 35 states. Overall, the reverse auction awarded $9.2 billion ($920 million per year) in funding for 180 entities nationwide to expand networks to 5.2 million homes and businesses that currently don’t have access to modern broadband speeds.
But funding winners still had to submit “long-form applications” by January 29 to provide “additional information about qualifications, funding, and the network that they intend to use to meet their obligations.” The FCC will review those applications to determine whether any funding should be revoked.
Electric co-ops that provide broadband raised concerns about both SpaceX’s low Earth orbit (LEO) satellite technology and fixed-wireless services that deliver Internet access from towers on the ground to antennas on customers’ homes. The National Rural Electric Cooperative Association (NRECA) and National Rural Telecommunications Cooperative (NRTC) submitted a white paper to the FCC claiming that the RDOF awards put “rural America’s broadband hopes at risk.”
Starlink dismissed as “science experiment”
The CEO of NRECA was blunt in his opposition to SpaceX’s funding, as stated in a Bloomberg article today:
SpaceX’s broadband-from-orbit “is a completely unproven technology,” said Jim Matheson, chief executive officer of the National Rural Electric Cooperative Association, which has members that vied for the funding. “Why use that money for a science experiment?”
Electric co-ops that offer broadband won a combined $1.6 billion from the FCC auction to serve 900,000 locations in 31 states, according to the NRECA. That included 180 co-ops that “competed as part of five consortiums that garnered a total of about $1.5 billion” and “five individual electric co-ops [that] won a total of $59.4 million.”
All of those electric co-ops bid in the FCC’s gigabit tier, a search of the FCC system shows. NRECA said that “many” of the electric co-ops are using fiber technology to deliver those speeds and that they pushed for high standards in the FCC auction “to ensure co-ops with superior service could compete against other types of Internet providers with slower or spotty service in rural areas.”
Matheson told the FCC in a filing that many of the LEO satellite and fixed-wireless awards went to census blocks that “are in electric cooperative service territory.”
SpaceX has good early results and 10,000 users
SpaceX committed to provide service in the FCC’s “Above Baseline” tier, which requires 100Mbps download speeds, 20Mbps upload speeds, and a data cap of at least 2TB a month. Based on early reports from SpaceX Starlink beta testers, it appears that the service can provide broadband with high speeds and latency better than the FCC’s 100ms standard. SpaceX is continuing to launch satellites and has told beta testers to expect steady improvements in speed, latency, and uptime in the coming months. Before bidding for the funding, SpaceX first had to overcome the FCC’s “serious doubts” about whether it can deliver the required latencies.
“Starlink’s performance is not theoretical or experimental,” SpaceX said in an unrelated FCC filing yesterday. “Over 10,000 users in the United States and abroad are using the service today. While its performance is rapidly accelerating in real time as part of its public beta program, the Starlink network has already successfully demonstrated it can surpass the Commission’s ‘Above Baseline’ and ‘Low Latency’ performance tiers.”
Starlink already provides 100Mbps download and 20Mbps upload speeds and is delivering latencies at or below 31ms on 95 percent “of network round-trip latency measurements,” the company said.
Starlink’s beta status raises questions
But groups that oppose SpaceX’s FCC funding said the technology hasn’t been proven because it isn’t widely available. “Any applications that appear unlikely to deliver promised speeds to all locations should be disqualified per FCC rules,” the NRECA/NRTC white paper said.
LEO-satellite service “is currently in beta testing and commercially available on a limited basis in extremely limited areas, and questions remain. At the current time, LEO-based broadband lacks the ‘demonstrated capabilities to perform at certain speed and latency combinations’ the Commission reasonably requires,” the groups wrote. “Awarding bids to experimental and unproven LEO satellite service is a direct contradiction” of FCC requirements, they also said. (SpaceX was the only LEO-satellite company to win funding.)
The white paper questioned whether LEO satellites can “consistently provide a high level of speed as thousands of subscribers sign up for the service.” Suggesting that the funding isn’t even needed by SpaceX, they also said that “satellite providers eventually plan to deliver service to areas regardless of whether they get subsidized to do it.”
We contacted SpaceX today about the groups’ filing and will update this article if we get a response.
Fixed-wireless challenges
As for fixed wireless, the groups argued that providing gigabit speeds is possible but only under the right conditions. NRTC said its experience working with rural utilities “shows that the conditions for this speed are largely unable to be met in rural America for a number of reasons.”
Fixed-wireless challenges “include the need for substantial spectral bandwidth at lower frequencies for propagation, availability of vertical assets for higher frequency spectrum, near or absolute line of sight from transmitter to antenna, and a substantial deployment of fiber optic cabling for backhaul purposes,” they said. “Many of the areas where support was assigned to fixed wireless bidders to provide Gigabit service would either fail to meet these conditions or be prohibitively expensive to achieve.”
The FCC rural-broadband funding is paid for by Americans through fees imposed on phone bills.
New FCC chair had doubts about auction
The ISP lobby groups aren’t the only ones raising concerns about SpaceX funding. Consumer-advocacy group Free Press researched the auction results and found that SpaceX won funding in surprising places such as “the Jersey City Target store”; census blocks “with luxury hotels” in Chicago; “empty parking lots, grassy fields and highway medians” near Washington, DC; a “parking garage in downtown Miami Beach, two blocks from the beach, surrounded on all sides by multiple companies offering gigabit service”; and a street in San Francisco “that borders the southern edge of Golden Gate Park.” SpaceX “appears to have played by the rules. But the FCC’s rules created a broken system,” the group said.
It’s not clear whether the FCC is likely to reverse any or all of the funding awarded to SpaceX or other companies. But FCC Acting Chairwoman Jessica Rosenworcel criticized then-Chairman Ajit Pai for completing the auction without waiting for the FCC to collect more accurate broadband data.
“We need maps before money and data before deployment,” Rosenworcel said in January 2020, when the decision was made. “With today’s decision we commit the vast majority of universal service funds—$16 billion!—for the next ten years without first doing anything to improve our maps, survey service accurately, or fix the data disaster we have about the state of service today. That means if your home is marked as served by the FCC’s maps today and it is not, then for the next decade you are on your own.” (The FCC ended up awarding $9.2 billion in the fund’s first phase instead of the maximum $16 billion. There may be $11.2 billion available in the as-yet-unplanned second phase.)
Given Rosenworcel’s view, it wouldn’t be surprising if the RDOF’s first phase undergoes some changes, whether that’s to SpaceX’s funding or someone else’s. The FCC recently heard from Sen. Shelley Moore Capito (R-WV), who objected to funding awarded to Frontier Communications given that company’s past failures to meet broadband-deployment requirements. And just before Pai left office in January, a bipartisan group of 157 members of Congress sent a letter urging the FCC to make sure that every funded ISP “has the technical, financial, managerial, operational skills, capabilities, and resources to deliver the services that they have pledged for every American they plan to serve regardless of the technology they use.”
Apple(AAPL) is set to introduce a new requirement for users to give explicit permission for apps to track them across the internet, a move that has roiled Facebook, which relies on data collection to target ads.
Now, Facebook plans to show a prompt “of our own, along with Apple’s” in an effort to show users how personalized ads “support small businesses and keep apps free,” the company said in an update Monday to an older blog post called “Speaking Up for Small Businesses.”
“As we shared in December, we disagree with Apple’s approach, but will be showing their prompt to ensure stability for the businesses and people who use our services,” Facebook said in the post.
For Facebook(FB), the stakes of Apple’s new privacy change couldn’t be higher. The social media company, which makes almost all of its revenue from advertising, has repeatedlywarned investors that Apple’s software changes could hurt its business if users reject tracking permissions.
In December, Facebook took out ads in The New York Times, Wall Street Journal and Washington Post, saying the requirement could be “devastating” to millions of small businesses that advertise on its platform. It alsoheld a press event to trot out small businesses opposed to the change and debuted a new hashtag to discuss it.
Mark Zuckerberg, Facebook’s CEO and cofounder, hammered a similar point on a conference call with analysts last month to discuss the company’s most recent earnings report.
“Apple has every incentive to use their dominant platform position to interfere with how our apps and other apps work, which they regularly do, to preference their own,” Zuckerberg said. “This impacts the growth of millions of businesses around the world, including with the upcoming iOS 14 changes. Many small businesses will no longer be able to reach their customers with targeted ads.”
While this latest move may seem like yet another shot fired atApple, Facebookis taking Apple up on its offer for any developer to explain why it wants certain permissions for tracking. “We feel that people deserve the additional context, and Apple has said that providing education is allowed,” Facebook said in the blog post.
On Apple’s privacy and data webpage, the company said developers are allowed to do this “so long as you are transparent to users about your use of the data in your explanation. … Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access.”
Facebook did not immediately respond to a request for comment. Apple declined to comment.
In a December tweet, Apple CEO Tim Cook shared an image of what Facebook’s app tracking transparency messaging could look like. Under the permissions prompt, the example language said: “Here, in addition to other screens, Facebook can explain why users should allow tracking.” Users can then “ask app not to track” or “allow.”
The Fitz-Gerald Group Principal Keith Fitz-Gerald argues Apple shares are still ‘ultimately underpriced’ given the company’s influence and importance in society.
Apple issued a new warning on Tuesday urging iPhone and iPad users to immediately update their device software to the newly released iOS and iPadOS 14.4.
APPLE WARNS MAGNETS IN IPHONE 12 MODELS ‘MIGHT INTERFERE’ WITH PACEMAKERS, DEFIBRILLATORS
The update comes in an effort to fix three security flaws that “may have been actively exploited”. Apple credited “an anonymous researcher” for finding the bugs, according to its support webpage.
One of the security vulnerabilities found is a malicious application which may be able to “elevate privileges” in Kernel, the framework for Apple’s operating system. Apple said the issue was addressed in the new update with “improved locking.”
The other two vulnerabiltiies were found in WebKit, a web browser engine used by Safari and other apps, which may allow a remote attacker to potentially cause “arbitrary code execution.” The logic issue has been addressed in the new update with “improved restrictions.”
GET FOX BUSINESS ON THE GO BY CLICKING HERE
The security flaws impact the iPhone 6s and later, the iPad Air 2 and later, the iPad mini 4 and later, and the iPod touch (7th generation).
However, other details, such as who is actively exploiting the vulnerabilities, who might have fallen victim, or whether the attack was targeted against a specific set of users or widespread were unclear. Apple noted it would provide an update as soon as more details could be made available.
A spokesperson for Apple did not immediately return FOX Business’ request for comment.
Ticker
Security
Last
Change
Change %
AAPL
APPLE INC.
142.06
-1.10
-0.77%
In order to install the latest update, simply open up the Settings app, choose General, and then choose Software Update.
Someone has gotten their hands on a database full of Facebook users’ phone numbers, and is now selling that data using a Telegram bot, according to a report by Motherboard. The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2019.
With many databases, some amount of technical skill is required to find any useful data. And there often has to be an interaction between the person with the database and the person trying to get information out of it, as the database’s “owner” isn’t going to just give someone else all that valuable data. Making a Telegram bot, however, solves both of these issues.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
The bot allows someone to do two things: if they have a person’s Facebook user ID, they can find that person’s phone number, and if they have a person’s phone number they can find their Facebook user ID. Though, of course, actually getting access to the information you’re looking for costs money — unlocking a piece of information, like a phone number or Facebook ID, costs one credit, which the person behind the bot is selling for $20. There’s also bulk pricing available, with 10,000 credits selling for $5,000, according to the Motherboard report.
The bot has been running since at least January 12, 2021, according to screenshots posted by Gal, but the data it provides access to is from 2019. That’s relatively old, but people don’t change phone numbers that often. It’s especially embarrassing for Facebook as it historically collected phone numbers from people including users who were turning on two-factor authentication.
At the moment it’s unknown if Motherboard or security researchers have contacted Telegram to try to get the bot taken down, but hopefully it’s something that can be clamped down on soon. That’s not to paint too rosy a picture, though — the data is still out there on the web, and it’s resurfaced a couple of times since it was initially scraped in 2019. I’m just hoping that the easy access will be cut off.
Millions of users of the dating site MeetMindful got some unpleasant news on Sunday. ZDNet reported that the hacker group ShinyHunters, the same group who leaked millions of user records for the company that listed the “Camp Auschwitz” shirts, has dumped what appears to be data from the dating site’s user database. The leak purportedly contains the sensitive information of more than 2.28 million of the site’s registered users.
According to ZDNet, the 1.2 gigabyte file was shared as a free download “on a publicly accessible hacking forum known for its trade in hacked databases.” It included troves of sensitive and identifiable user information, including real names, email addresses, city, state, and ZIP code details, birth dates, IP addresses, Facebook user IDs, and Facebook authentication tokens, among others. Messages, however, were not exposed.
The outlet, which included screenshots of the file posted to the hacker forum as well as a small sample of the data exposed, highlights that not all the leaked accounts include the user’s full details. Nonetheless, it stated that the information leaked could be used to link individuals’ dating profiles to their real-world identities. The hacking forum where the data was posted has been viewed more than 1,500 times. Per the outlet, it is still available for download.
ZDNet said it was informed of the leak by a security researcher, who it did not name, earlier this week. It added that it had contacted MeetMindful on Thursday to ask for a comment on the matter but had not received a response for days.
G/O Media may get a commission
Gizmodo has also gotten in touch with MeetMindful to ask it about the reported hack. We’ll make sure to update this blog if we hear back.
According to its Crunchbase profile, MeetMindful is a dating site platform for “people who are into health, well-being, and mindfulness.” It was founded in 2013, is based in Denver, Colorado, and is still active.
Here’s where it starts to get a little strange, though. The site’s listedsocialmedia channels have been inactive for months, which is interesting considering that major dating apps have been growing during the pandemic. I mean, don’t they want to encourage their users to date (safely)? From the outside, the service seems like dead zone. Who knows though, it could be all the rage inside the site itself.
It is unclear whether MeetMindful has notified its users of the incident. If it’s true, users need to know so that they can be on the lookout for suspicious activity and change logins and passwords if necessary. Bottom line: Get moving.
