Microsoft had bundled its next generation antivirus software in the Windows 10 Fall Creators’ update, bringing more enhancement to the Windows Defender Advanced Threat Protection by moving it up from isolated defenses to a smart, interconnected, and coordinated defense grid that is intelligent, simple to manage, and ever evolving.

Now, Microsoft has extended the Windows Defender anti-malware system to Apple macOS, which expansion reflects its growing cross-platform nature; while the application suite has been renamed as Microsoft Defender ATP, with the designated labels "Defender for Mac" or "Defender for Windows" for individual clients.

The Defender for Mac will focus more on signature-based malware detection as a start, albeit the Defender ATP for Windows track various system behaviors and report to the ATP cloud service, which helps to detect threats even without any piece of malware detected.

While the macOS malware issue has become commonplace, with ransomware running rampage on the platform in 2016, and other malicious attacks for which Apple was forced to integrated some malware protection into macOS, but that has not guaranteed maximum protection for Mac users.

And this unfortunate situation has seriously impacted the corporate usage of the product; while Microsoft Windows has a good range of security tools that ensure the systems are secure and kept up-to-date, even alert administrators if there is any cause for alarm, but no such security system for the Apple ecosystem.

The new software suite is currently available as a preview for limited Mac devices running macOS High Sierra and above, with users needing to apply to the program to use it, whereby Microsoft will contact those users via email once their applications are approved.

Microsoft also promised to bring the unified security solutions to other “platforms” which perhaps, may suggest that the Defender Advanced Threat Protection (ATP) will soon be available for Linux devices as well.

Microsoft extends Defender Advanced Threat Protection (ATP) to Apple Mac



Tekton, is Google's new open-source project that offers a Kubernetes-native framework for building CI/CD systems that's fully capable of running anywhere Kubernetes can, and also work with any existing CI/CD servers.

While Kubernetes serves as a hedge against cloud lock-in, the new project features a shared building blocks for creating cloud-native CI/CD pipelines, whereby developers can easily build and deploy software across multi-clouds or for on-premise systems.

Tekton will enable developers to deploy immutable images, and have control on different infrastructure, with components provided to standardize CI/CD tools across different languages and environments. And the components are able to work with CI/CD tools like Knative, Skaffold, Jenkins and Jenkins X, while leveraging Kubernetes and the cloud for CI/CD, and providing automation pipeline.

It also work well with Google Cloud Platform with Kubernetes tools, which can be deployed to Google Kubernetes Engine and supporting artifact storage and Google Container Registry.

Additionally, Tekton can be deployed across different environments such as serverless platforms, VMs or Firebase. With key capabilities including: Pipelines running on the Kubernetes container orchestration platform, allowing developers to combine containers to form complex pipelines.

And also leveraging containers as building blocks, through Tekton Pipelines, with Kubernetes clusters as a first-class type with the Tekton Pipeline.

Tekton toolkit offers Kubernetes-native framework for building CI/CD systems



Google has announced the public availability of Sandboxed API, for easy sandboxing of C and C++ libraries and creating secure and reusable implementations of functionality residing within other popular libraries.

While it is pretty common for applications to be affected by different types of vulnerabilities that could be exploited for remote code execution, sandboxing is a technique that helps to mitigate those problems, by isolation the app processes employed by software developers.

Albeit, the tasks of sandboxing are often very demanding, therefore the open-sourcing of the Sandboxed API by Google will makes it relatively easier to create security policies for individual software libraries, and offer granular protection for reusable software infrastructure.

The API can also separate the library to be sandboxed from a high-level perspective, with callers into two separate processes: the sandboxee and the host binary. And actual library calls marshalled by an API object from the host side and forwarded via inter-process communication to the sandboxee whereby an RPC stub unmarshals and send calls to original library.

It is currently implemented for software libraries written in the C programming language (C bindings), though Google has promised adding support for more programming runtimes in the near future.

Additionally, Google is making publicly available the core sandboxing project, Sandbox2, which is now part of Sandboxed API as the underlying sandboxing primitives. But it can also be used as standalone to isolate arbitrary Linux processes, which is considered a lower-level API.

Google Open Sources Tool for Securing C and C++ Software Libraries, Sandboxed API



Slack, the popular collaboration software has made it possible for enterprise customers to have more control over their sensitive data, including: email messages, business files and team chats, with the release of enterprise key management (EKM).

The EKM feature is available for all customers of Enterprise Grid, which product is targeted at large organizations, to give those businesses more control over the keys used to encrypt/decrypt data in the collaboration application.

It will avail businesses the means to better secure their most sensitive data, and perhaps open up the door for new entrants like banking and financial services to embrace the team collaboration software.

Cisco is perhaps the only team collaboration software vendor to provide customers with encryption/decryption keys, but with Slack’s EKM, IT administrators now have the ability to revoke access to data within a Slack channel, instead of total disruption of access for all users on the platform.

While Slack do encrypt data in transit and at rest, the company does not yet have plans of bringing end-to-end encryption to its service, which rivals like Cisco Webex Teams and Symphony do provide.

Slack is hoping to appeal more to its Enterprise Grid customers, with about 150 businesses already using the service, including 21st Century Fox and Capital One.

Slack's Enterprise key Management to give businesses more control over sensitive data



The Windows Defender Application Guard was formerly released explicitly for the Microsoft Edge browser, and works by isolating the contents of a tab in the browser from the rest of the system.

Just like sandboxing, it blocks websites and downloaded files from accessing the system, thus prevents malware in the virtualized “container” access to the user’s confidential information, making it also impossible to access data or connect with other systems on a network.

And as the tab is closed on shutting down the browser, or on logging out of the PC, any malware that managed to get into the container is tossed away.

Microsoft extended the Windows Defender Application Guard functionality to Chrome and Firefox browsers via an extension, alongside the announcement of Windows 10 Insider Preview build 18358.

The extension works the same way as in Edge browser, by crosschecking entered URL against a list of trusted websites, which when found an untrusted site, will open in a sandboxed tab, from there then navigate to the website, so as to protect your system.

While the anti-malware technology had undergone some major testing under Windows Insiders running Windows 10 Enterprise, this is the first availability outside the Microsoft Edge browser.

Albeit, the extension is currently available to Windows Insiders, but will be publicly available to use on Windows 10 version 1803 or higher when it's official released, though it may require Windows 10 Pro or Enterprise edition.

Microsoft extends Windows Defender Application Guard to Chrome and Firefox browsers



The general-purpose C++ development environment, CIDLib is now open to the public, with the lighter use of C++/STL libraries templates as its advantage over what's been commonplace, making it easy to debug, been based on a virtual kernel.

While CDLib is currently available only for Window, based on a virtual kernel that abstracts from the operating system and a Linux implementation developed years ago still requiring some more update to be fully functional today.

CIDLib employ some third-party code, which includes the Scintilla engine as the CML language source editor and also parts of the standard JPEG libraries that provide support for the JPEG file format.

It served as a foundation for the Charmed Quark Controller (CQC), a supposedly proprietary home automation platform for years, and the environment has got a pretty matured code base.

Additionally, CIDLib has about 1,100 classes and functionality which includes: serving as build tools for project definition system, resource compiler, and loadable text system. It also provides an embeddable, virtual machine-based language called CML and IDE for CML editing and debugging, coupled with virtual kernel platform portability layer.

Some other planned features under consideration include support for 3D graphics, more efficient internet telephony, and custom public cryptography system.

The general-purpose C++ Development Environment, CIDLib is now open source



DuckDuckGo (DDG) is a search engine, but unlike Google, it strongly emphasizes on protecting the privacy of its users by avoiding the filter bubble of personalized results, and subsequently, targeted advertising.

While Google is notorious for profiling and tracking users behavior online, DDG distinguishes itself by not profiling its users and sticking to the same search results for every given keyword search, and most probably returning the best accurate results, rather than results generated from individual preferences.

The source code is open sourced and hosted at GitHub under the Apache 2.0 License, though the core is proprietary. It sources its results from over 400 sources, including Yahoo! Search BOSS, Bing, and its own Web crawler (the DuckDuckBot); also uses data from crowd-sourced sites, including Wikipedia, to populate "Zero-click Info" boxes, usually above the results that display topic summaries and related topics.

DuckDuckGo has been growing steadily since launched in 2008, and has taken outside investment to scale its efforts to capitalize on growing international reach for its pro-privacy products, which Google has recently recognized the importance of offering consumers a private search option, by adding DuckDuckGo in the Chrome 73 available search engines for over 59 countries.

Google had quietly updated the lists of default search engines available per region on Chrome browser, while expanding the choice of search product users can select from the different markets around the world.

Again, the area of privacy is the big feature that DuckDuckGo sells itself on: As it doesn't log what you're searching for, and will only put up occasional advertising, which isn't personalized at all, and you can easily disable it.

What's more, even the sites you visited know nothing about the search terms you used to find them, and that's something other search engines do, while piecing together different clues from your browsing behavior and the data that your computer broadcasts publicly to sell their ads.

Additionally, DuckDuckGo runs the encrypted versions of a site by default. If you're among those of us who are tired of the big tech companies hoovering up data on us, DuckDuckGo will surely appeal to you.

DuckDuckGo: Get to know the fast rising Privacy-focused Search Engine



Google has released Chrome 73 for Windows, Mac, and Linux, with the most noticeable feature coming in the form of dark mode for macOS, which change appears in the Omnibar, Chrome’s tabs, the three dots overflow menu and the bookmarks row.

While users previously can download dark mode themes through the Chrome store to implement a DIY dark mode, but with this latest update it will now work without the help of any third-party theme, as the new feature automatically turn Chrome browser to dark mode if you enable it in the Mac settings.

The dark mode is akin to Chrome’s incognito mode, but the only difference is that no incognito icon appears on the top right corner, coupled with the fact that no protection from tracking in any sense and logs are kept as per Chrome normal workings.

How to Enable Chrome Dark Mode on Mac



If you wish to enable dark mode on your Mac, simply go to System Preferences, then select General, from there select Dark at the Appearance option, and Chrome will turn into dark mode.



You can also choose to browse the internet in dark mode on Chrome while keeping the macOS Mojave’s own dark mode, by simply using Chrome themes to switch over.

Google Chrome by default doesn’t offer any settings to show on the night mode in the browser itself, before now. And as a consequence, many users had resorted to Google Chrome extension for turning on the dark mode in the browser. The dark mode is most often suitable for night browsing, and you could as well use night time mode in Chrome with the help of Hacker imaginative and prescient extensions.

You can follow the steps given below to add the extension for turning on the night mode. Step 1: From the Chrome store, search for “Hacker vision” extension. Step 2: Click on “Add to Chrome”. Step3: Enter the info when asked with the aid of the extension and provide the necessary permissions. That's it.

Google had promised that “Windows support is on the way”, so you can use the above methods if you wish to use dark mode on Windows.

How to Enable Dark Mode on Chrome browser For Apple Mac Computer



Quarkus is an open source framework developed by Red Hat that uses a unification of reactive and imperative model programming to solve the issue of distributed application architectures such as serverless and microservices. It is aimed at a container-first, cloud-native world, as Java development can be a challenge in such serverless environment.

The framework as Kubernetes Native is tailored for GraalVM and HotSpot, developed from the best-of-Java libraries and standards, with the goal of making Java a leading platform in Kubernetes and serverless environments and to offer developers a unified programming model for distributed application architectures.

While most Java developers are used to the imperative programming model, but developers are increasingly adopting to cloud native, event-driven, asynchronous, and reactive model to address business requirements in building highly concurrent and responsive applications.

Quarkus is built to seamlessly bring the two programming models together in a platform, resulting in strong leverage within an organization for significant runtime efficiencies.

It compiles to a native binary running on Oracle’s GraalVM virtual machine, with applications able to run with significantly less RAM and startup time quicker than traditional apps running on the JVM, which better fits serverless deployment. Albeit, Quarkus requires a Java IDE, JDK 8 or later, Apache Maven 3.5.3 or later, and GraalVM for native applications.

Red Hat, however claims that the code is streamlined for 80 percent common usages, with flexibility for the other 20 percent of cases; it employ libraries such as Eclipse MicroProfile and Vert.x, JAX_RS/RestEasy, JPA/Hibernate and Netty, with an extension for third-party frameworks.

Quarkus will serve as an effective solution for running Java in the world of Kubernetes, serverless, microservices, containers, FaaS, and the cloud, haven been designed for these environments from the ground up!

Red Hat’s Quarkus framework aims at Java optimization for distributed Application architectures



Alphabet, the parent company of Google through its cybersecurity outfit, Chronicle, has debuted a new threat analysis tool called Backstory with the aim of salvaging business threats in replication of Google’s own threat detection infrastructure.

Backstory is a cloud-based enterprise-grade threat analytics tool designed to help businesses to investigate cyber incidents quickly, and pinpoint the vulnerabilities for potential fixes.

According to Chronicle co-founder Mike Wiacek, Backstory will thwart the ability of attackers to hide behind the statute of technical limitations, as it offers the solution to store, index, and search unlimited security telemetry.

It tend to solve the telemetry problem by allowing organizations to upload and store their internal security telemetry on Google Cloud and also leverage its machine learning and analytics technologies to monitor and analyze any potential threat.

Due to the high cost of storing traffic data, most of Backstory’s competitors tend to retain but a few weeks of traffic, and most often, critical in detection and stopping of breaches.

Backstory, on the other hand is able to store and surface even years-old data, and akin to SIEM solutions, it converts logs such as: NetFlow, DNS traffic, endpoint logs, proxy logs, into searchable and actionable information to help businesses gain more insights into cyber threats and attacks on their networks.

Additionally, Backstory compares data against "threat intelligence" signals culled from a variety of other sources, including the Alphabet-owned VirusTotal, Proofpoint, Avast and Carbon Black.

Chronicle is currently working with clientele which includes Quanta Services, Siemens, Paccar, and Oscar Insurance, among others.

Alphabet debuts Backstory, a new Threat analysis tool for Businesses



The Firefox Maker, Mozilla has been a staunch advocate of the browser-side protection that block websites from following users online activities, which tracking is especially beneficial for advertisers who are targeting specific users, despite the fact that it invades their privacy.

While the issue of privacy has overtaken the Web service providers lately, and has often been a great bane for most internet users; Mozilla is harping on its new approach taking a leaf off Tor browser’s Anti-Fingerprinting Technique, with the introduction of Letterboxing in Firefox 67 which is scheduled for release in May.

The Letterboxing feature protects against the so-called window-size related fingerprinting, which is often employed in the profiling and tracking of Web users, whereby their personal information are collected from computing devices for identification.

Fingerprints is used by ad networks to identify individual users on the various devices been tracked, and it works even when browser cookies are turned off by the user; but with Letterboxing, Mozilla looks to add gray spaces to the browserside for the web page whenever the browser window is resized and removes all logs after exiting the resize operation.

What this means is that the browser window’s dimensions are masked by the adding of spaces to width and height in the multiple of 200px and 100px on resizing, with the gray spaces added at the top, bottom, left or right of the web page, and as advertising codes follow the window resize events to gather information.

Firefox 67 provides a generic dimension for such tracking to bring back the window to its actual size in milliseconds, thus delays the loading of the page content on the resized window long enough to trick the tracking codes to read the incorrect window dimensions.

This technique has since been in use by Tor Browser, from which Mozilla obviously borrowed the Letterboxing feature and it is currently available in Firefox Nightly.

Mozilla tightens leash on Web tracking in Firefox 67 with Letterboxing



In the fast-paced world of online marketing, it is important to reach out to your target leads. While the challenges of lead generation stem from inaccurate and massive databases leading to low-quality leads and fewer chances of converting them into actual sales.

In order to not spend time in vain, you need a specific tool for lead generation. One of such tools is Snov.io platform which offers two amazing tools, email finder and email verifier. With the email finder tool, you can generate massive leads with ease and find emails of prospects for your outreach program. Besides lead generation, Snov.io email verifier tool ensures that you can remove every invalid email addresses from the email list.

Snov.io Email Finder & Verifier features



  • Automated lead searching: The tool easily scrapes emails from social media channels (including LinkedIn and Twitter) and in general any website. They can be saved for the future in one of the prospects’ lists.
  • Ability to send out emails right from the extension: If you’ve found people you want to reach out to right away, click the Send email button, compose the message, and send it.
  • Domain search: If you need to contact people from one company, take advantage of the domain search. Search for the emails, save them to the prospects list, and later reach out to them.
  • Check emails for validity: Not to increase the bounce rate, check all the email addresses with Snov.io Email Verifier. Delete the invalid emails when the verification if finished.
  • Verify emails right on the webpage with the extension: If you do not love web apps and prefer working with Chrome extensions, that’s not a problem. Activate the extension on the page you need, check the emails, add them to the necessary prospects list.
  • Bulk verification: Upload the list of email addresses to the platform and verify the whole file within a few minutes.
  • Single email verification: If you want to add an email address to the list, verify it with single email verification.


Creating Snov.io account & installing the Chrome extensions



This is the easiest part. Simply go to the Snov.io main page and click the Sign Up button. You can either type in the email address with a password or Sign In with your Google account.

After that, go the Chrome Web Store and search for Snovio Email Finder and Snovio Email Verifier. Add the extensions, then customize the settings, and get ready for successful lead generation.

Steps to creating & managing email lists



The lead generation process won’t take you much time. Surely, everything depends upon the number of people you are going to find: the more leads you need, the more time it will take you to find and verify email IDs.

Step 1. Set up the search criteria on LinkedIn. Activate the Finder by clicking the extension icon. At the bottom, choose the prospects list (note: you can create a new email list right there).



Step 2. Click the Find Emails and Save button. Set the search filters in the extension: the number of pages and the delay time (this will let you not look like parser).



Step 3. Click the Find Emails and Save button. Once the emails are found, go to the app and verify the emails.

Step 4. Go the Prospects tab, choose the necessary email list, and click the Verify current list button. When the process is over, each email can be labeled with one of three colors: red (the invalid email, you’d better delete it from the list), green (real active email address, you can send emails to that recipient), and yellow (uncertain ID, it’s up to you whether to send emails or not).



As it was mentioned already, you can use the Verifier extension as well. Go to any page and click the extension icon. Choose the emails, select the email list, click the Verify button.

You can also use the Campaigns tab on the top menu, to start a triggered campaign and send easily crafted cold outreach automated emails.

Final Thoughts



Snov.io offers a simple, yet effective and robust tool for finding and validating email lists. The easy-to-follow user interface makes navigation easy while it is intuitive and efficient. And the most awesome things are the browser extensions which make the workflow quicker.

Snov.io Review: Unmatched Email Finder & Verifier for Effective Outreach Program



GHIDRA, the powerful reverse engineering tool developed and used in-house by the National Security Agency (NSA) to fish out bugs in software and applications has been released to the public.

While reverse engineering a program means disassembling it, the breaking of binary instructions into assembly code, employed by software engineers to understand the functionality, design and implementation of the software.

The NSA is reported to have developed several hacking tools to break into all versions of software and even control computers, including those running on Windows, MacOS and Linux, of which GHIDRA is one, and tied to the NSA's Tailored Access Operations, it is capable of identifying computers that are vulnerable to malicious third-party software.

GHIDRA is especially useful in the unraveling of weak spots in software and application in order to exploit them by multiple users reverse engineering the same binary at a time.

It includes all the new and expanded functionality of NSA reverse engineering capabilities uniquely developed, and works with a variety of processor sets; instruction and executable format, also able to run in both user-interactive and automated modes.

GHIDRA has been warmly received by the infosec community, who have already started contributing to the project on its Github issue tracker. And the good news remains that the NSA has open sourced the tool with Apache 2.0 license, which it claims is a contribution to the cyber-security community.

GHIDRA, the NSA’s in-house Reverse Engineering tool now Open Source



WebRTC (Web Real-Time Communication) brings Skype-like functionalities to the web browser, allowing users to do voice or video chats without the need to install browser plug-ins. And most of the popular browsers have integrated the WebRTC component, including Mozilla Firefox.

While many users have come to like the WebRTC’s functions and convenience, but the technology is plagued with IP address leak issue. That’s the more reason many people who prioritize privacy to any convenience have resorted to disabling WebRTC in their browsers.



How to disable WebRTC in Firefox browser

If you’re a Firefox user, you can disable WebRTC either through the browser settings or via add-ons.

To disable WebRTC via browser settings, just follow these steps:

On the address bar, type about.config. Press Enter. Next appears a warning screen. Click “I accept the risk!” In the search box below the address bar, type media.peerconnection.enabled to select this specific preference.

Once this preference is selected, double-click it to change Status from “default” to “modified” and the Value from “true” to “false.” With these steps, you have now disabled WebRTC in your Firefox browser.

Disabling WebRTC via add-ons

You can disable WebRTC in Firefox using add-on; which can be found in the Add-ons Manager. Below is a step-by-step process for installing a WebRTC-disabling add-on:

Open the menu at the top-right corner. Select “Add-ons.” The Add-ons Manager opens in a new tab. Find WebRTC-related add-ons by typing “WebRTC” in the search bar. Press Enter. Search results will appear in another tab.

For illustration, let’s select the WebRTC Control add-on. You will be directed to WebRTC Control’s page. Click “Add to Firefox.” At the pop-up window, click “Add” to begin installation.

Once you have installed the add-on with these simple steps, you’ll notice an icon that will appear on top of Firefox. If you wish to disable/enable WebRTC, simply click on the icon to toggle on/off.

However, the toggling mechanism may differ for some add-on. But in comparison to the manual process in the previous section, add-ons provide a quicker way to disable WebRTC.

Why it is necessary to disable WebRTC in Firefox

If you should leave WebRTC “on” at all times, you’re exposing yourself to hackers and trackers as WebRTC can expose your IP address through IP leaks. In some instances, not even a VPN or a proxy can protect you from it.

According to the security research firm, VoidSec, roughly 23% of tested VPNs are affected by the WebRTC leak. To make matters worse, WebRTC is “on” by default in most browsers.

Why a VPN can't protect you from WebRTC leaks?

Yes. For VPN users, it’s not the end of the world. Apparently, the flaw lies in the browsers, not on VPNs themselves. Those VPNs which were smart protected their users in advance, so only a few VPNs were part of the 23% that’s affected by WebRTC leaks.

If you don’t need WebRTC at the moment, why not disable it to preserve your online privacy? If you’re using Firefox now, then the two methods we described above should help you disable WebRTC in no time.

Lastly, go with a trusted VPN service that will constantly provide you with protection and security. If you’re looking for a reliable VPN—particularly one that’s unaffected by WebRTC leaks—then check out this Ultimate list of the best VPNs today.

How to Disable WebRTC in Firefox browser & Prevent IP Address Leaks



The Linux Foundation has launched new open source Project, called ELISA (Enabling Linux In Safety Applications), with the main aim of building Linux based applications for safety-critical systems.

While the term safety-critical system implies those setups in which any failure could lead to actual damage in property, environmental degradation or injury to the workforce; the ELISA project has the lofty idea of ensuring fail proof for such critical Linux-based systems.

It is founded on the fact that computers today are used in virtually every business establishments, with different kinds of applications, many of which have serious consequences in any case of failure.

For instance, imagine the consequences if there is a major system failure for medical devices in emergency situations, or failure in the systems on self-driving trains, autonomous vehicles, and factories where the most dangerous tasks are handled by machines.

Linux will be leveraging on its SIL2LinuxMP Project which is involved in the development of certification for the base components of embedded GNU/Linux RTOS running on a single-core or multi-core industrial COTS computer board.

Also, Linux Foundation will be able to build on the infrastructure and support of the broader Linux community to make this initiative successful, haven already garnered the support of well-established corporations like Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

Project ELISA: Linux Foundation working on Safety-Critical Linux Systems



OperatorHub.io is a centralized public registry for sharing Kubernetes-native services, whereby the Kubernetes community can find and share Operators, spearheaded by Red Hat in collaboration with other public cloud leaders.

While Operators is a method of packaging, deploying and managing Kubernetes apps, which before now, is pretty difficult to find. It is originally developed in 2016 by Red Hat’s CoreOS unit, but with the OperatorHub.io platform the company aims to address the problem of unavailability and to make it easier to find curated Operators of high standard.

And as the Kubernetes ecosystem continues to grow with the formation of the operators’ hub, Red Hat hopes to lower the barrier for bringing applications to Kubernetes, with the Operator-backed services playing a critical role in lowering this barrier by enabling application owners to use services that can provide the flexibility of cloud services across Kubernetes environments.

The key benefits been that everything that is listed in the public registry is checked for certain standards, and haven been listed means that the Operator shows cluster lifecycle features, with packaging that is maintained through the Framework’s Operator Lifecycle Management.

Aside the listing of trusted Kubernetes Operators, the registry will also be expanded as new operators are vetted and certified for inclusion. The list is currently made up of the AWS Operator and CoreOS Operator along with database tools from Crouchbase, CrunchyData, MongoDB, Percona and Redis.

The concept of integrating applications natively in Kubernetes from a lifecycle perspective has gotten tremendous adoption throughout the open source and Kubernetes community, as such, the common repository is hugely welcomed by many, including public cloud leaders like Amazon Web Services, Google Cloud and Microsoft.

OperatorHub.io: A Centralized public registry for sharing Kubernetes-native services



Google's push to ensure that Android OS is up-to-date led to Project Treble, the remodeling of the Android architectural framework establishing a modular base in which lower-level code created by vendors is separate from the main operating system.

The new framework model means that device manufacturers can easily update the code without relying on silicon vendors to refresh the lower-level codebase, thus allowing faster, easier, and cheaper software update for phone manufacturers.

While the biggest issue with Android is fragmentation, with numerous OEMs saddled with the churning out of devices; for every new Android version, the phone makers have to wait for the chipset vendors to provide the update to processors to update the areas of the code related to the hardware.

But with Project Treble, the hardware-specific elements are now a crust, which remains in place for device's lifespan. And whenever new Android version is released, the phone maker focuses only on its part of the process, that is the filling, without having to wait for any other vendor to provide a refresh to the architectural code.

The process actually started with the release of Android 8.0 Oreo, whereby the boundary between the operating system and the lower-level code was separated, and eventually, the new Android 9 Pie software will mark the first time the setup will be complete and operational.

All the major chipset vendors are fully in support of it, with a significant number of Treble-ready devices already out, so smartphones running Android 8 should be able to receive version 9 much quicker.

And perhaps, Google’s Project Treble could ramp up the number of phones running Android Pie, as it gives manufacturers a clear way to update from Oreo to next version without any fuss.

How Google's Project Treble will impact the upgrade of Android Operating System

Library Genesis (LibGen) is a specialized search engine for free eBooks, with categories covering numerous topics, and allows access to otherwise paywalled or non digitized content that may be unavailable elsewhere.

LibGen had lifted PDFs of content from Elsevier's ScienceDirect web-portal, with database containing more than 2.7 million books and 58 million science magazine files, and the academic publisher Elsevier filed a major complaint against the site accusing it of pirating its academic publications and offering them up for free.

While the original portal, LibGen.io has been blocked by most of the ISPs in the United Kingdom, but such blocks as DNS-based can do little to deter adventurous users from gaining access to the site.

The domain name libgen.org, was equally shut down following the directives of the District Court for the Southern District of New York in late October 2015, but still the site is accessible through other alternate domains.

How to Access LibGen for Free eBooks

At the moment, there are many alternative working domains for the Libgen project, albeit most are hosted and run in the Russian domains, making it more difficult for such negative legislation to apply.

But we'd recommend http://ten.lib.rus.ec as it has been up and running for quite sometime, and assures of continuity into the future.

Steps to Downlaod Free eBooks from http://ten.lib.rus.ec

Go to: http://gen.lib.rus.ec/

Enter the title of any book that you want to download, and click on search, the results could come in the two rows, which means that there are two different versions uploaded to the site. The difference can be obvious and relevant, but not always the case as all contents are uploaded by user, not driven by the operators of the site.

For instance, if you see the results with one as an EPUB and another in a PDF, it simply means that PDF is a paper look-a-like format, with its upsides and downsides. But, for electronic use (computer, tablet, phone), you will want to go for EPUB.

It offers a meta-search engine that searches also other sites where the books are hosted, while the direct download links are distinct from the outside hosted contents, and the outside ones are usually slow so you should not use it if the eBook is really large.

The direct downloads are faster, but it doesn’t always have all the books you are searching for as they sort to comply with DMCA requests.

Additional tip: If you find that http://gen.lib.rus.ec/ is blocked in your region, you can use one of the many open proxies, such as hide.me to access the site.

Steps to download Free eBooks from Library Genesis (LibGen) safely



Web authentication (WebAuthn) makes it possible for browser users to access websites with an authentication device like biometric identity proof using a smartphone's fingerprint reader or Face ID, and some other alternatives, without resorting to a username and password.

While the major browsers have already enabled support for the Web authentication API, with Microsoft Edge, Google Chrome and Firefox (Starting from Firefox 60) allowing direct access to secure websites that are compatible with WebAuthn using physical security keys.

The Firefox maker, Mozilla has promised to extend support for Windows Hello with Firefox 66 to bring more ease to the password-less experience for the users of the browser; this means that if you sign in to Windows 10 PC using fingerprint sensor, facial recognition, FIDO2 security device or PIN via Windows Hello, it’ll be easier to sign in to Microsoft services with Firefox 66.

Windows Hello logs you into your devices 3x faster than a password using your camera to recognize your face or sensor to read your fingerprint, either way Windows Hello recognizes you instantly.

Mozilla had been battling with the Web authentication bug, which according to J.C. Jones, the web authenticator editor for Mozilla, “WebAuthn no longer works on Windows Insider builds, as compatible security keys are no longer available via the USB HID interface, basically, u2f-hid-rs will stop supporting Windows 10+.

But starting with Firefox 66 or 67 (and ESR 60) the Windows Hello API will be enabled to interact with Web Authentication.

The fact that Firefox is the first browser to support WebAuthn, with the technology now fully advanced, it is now significantly more capable than earlier attempts to support physical authentication keys.

Firefox 66 (and ESR 60) to support Windows Hello API for Web authentication



Mozilla has entered into a partnership with Scroll, a premium news service startup that charges monthly subscription for ad-free news from select publishers, in its bid to try and separate web contents from advertisements.

While Scroll's model is still in the works, which when officially launched will charge subscribers a flat monthly fee for access to ad-free news from a variety of notable publishers, with the promise of delivering better returns than what the publishers get from conventional on-page ads.

The collaboration with the Firefox browser maker is yet another revenue exploration model for Scroll, with the separation of online advertising from Web content giving more exposure to the nearly 30 media companies who have shown interest in the deal.

Scroll is currently funded by top media organizations which include, the New York Times and some venture capitalists, with the goal of building a web where users satisfaction is first priority without compromising on revenue.

It has proposed a $5 monthly subscription which give users access to premium ad-free content on anything not behind a publication-specific paywall.

Mozilla have from inception advocated for an internet that puts users first, and also leading the effort to better the users experience on the web, with issues such as tracking and data privacy on the front burner.

Mozilla partners with Scroll to help separate Web contents from advertisements



The emerging new cellular networking technology, 5G is already saddled with serious flaws that could transform it into a snooping risk, which can be used to intercept phone calls and track the location of mobile devices, according to reports by a group of academic researchers.

While the vulnerabilities mark the first time such flaws have been discovered to affect both 5G and the most widely used wireless cellular technology at the moment, 4G which hitherto has been hailed as a super-speed and more secure technology.

The three-pronged attacks scenario recorded by the researchers is described in details in the paper presented at the Network and Distributed System Security Symposium (NDSS 2019) which is holding in San Diego, starting from February 24-27, 2019. With the first attack, called Torpedo, which exploit is tied to weakness in the standards' paging protocol used in notifying phones of an incoming call or messages; while the researchers attempted multiple calls in a short duration which allowed them to pinpoint the device and send fake text messages.

They were also able to mount a denial-of-service attack, and Torpedo facilitated two other additional exploits, making it possible for any attacker to access a device's ISMI, that is, the unique identifying number for the GSM subscriber's device, using IMSI-Cracking brute-force attack.

And the third attack, called Piercer, tend to pair the ISMI with the target's phone number, allowing full location tracking, with all attacks haven been evaluated and validated using commodity hardware and software, as claimed by the researchers in their paper.

The 5G cellular protocol is even vulnerable to Stingrays, the surveillance tools used by the FBI to surreptitiously track the locations of targets' mobile devices.

The emerging cellular technology, 5G is supposed to enable supercharged speeds for mobile devices, with low latency, and perhaps opens door for more technological innovations such as self-driving cars, mixed and virtual realities, and also deliver a higher level of security.

How 5G Cellular Networks can intercept phone calls and track the location of mobile devices



Microsoft unveiled HoloLens 2 at the Mobile World Congress (MWC 2019) in Barcelona, with the company's head of AI and Mixed Reality pinpointing some significant changes to the first generation of the Mixed Reality device.

While the original Mixed Reality device was introduced in 2016, but the many shortcomings of the first generation HoloLens made it less suitable for business usage as it lacks support for modern graphic technologies, and so, saddled with low processing capabilities.

HoloLens 2 will work with Microsoft's Azure cloud, bringing the Remote Rendering technology from the power of Azure cloud to boost the headset’s image processing capabilities.

Microsoft has also redesigned the display system, now holographic objects look more real and sharp, with the promise of bringing the Unreal engine to HoloLens 2 in May. The company have equally added a time-of-flight depth sensor, and enabled direct manipulation of digital objects.

Alex Kipman, the inventor of the original HoloLens, announced what he calls Spatial Anchors, ways in which “Internet of holograms” could be developed to share three-dimensional images with ARCore by Google and Apple’s ARkit.

Some other key improvements in HoloLens 2, include: more than double field of view from the first-generation HoloLens, measuring approximating 2,000 pixels while still keeping the original’s pixel density.

And there's the capability of ten-point touch interaction for holograms, complete with hand sensing, and a new UI allowing users to interact with buttons and holograms.

Microsoft had only published very few specifications on the HoloLens 2, but some key known facts are that it will run on a Qualcomm Snapdragon 850, and will be lighter and more comfortable to wear than the former.

Additionally, HoloLens 2 will adapt to the movement of your hands or fingers, which will enable the manipulation of objects in the real world; and besides the gestures, it will also listen and react to vocal commands.

Is Microsoft's Hololens 2 the Future of Mixed Reality? #MWC2019



WinRAR, a file archival utility for Windows, which enable users to create and view archives in RAR or ZIP file formats, developed by Eugene Roshal of win.rar GmbH has a bug that has gone undetected since 2005.

According to security research firm, Check Point, the WinRAR bug prompt users to buy the software, though there is an option to click on “next time” and continue the extraction of files, but it leaves over 500 Million Windows users at risk.

The researchers found several crashes in the extraction of archival file formats, including: RAR, LZH and ACE that resulted by a memory corruption vulnerability as Out-of-Bounds Write, while the vulnerabilities isn't trivial because the primitives offered limited control over the overwritten buffer.

WinRAR employs a dll (Dynamic Link Library) named unacev2.dll for parsing ACE archives, and this dll turned out to be a dated dll compiled in 2006 without any protection mechanism.

The WinRAR bug allow attackers to extract executable files from a Windows PC’s startup folder, which makes it to automatically run on every bootup, and the vulnerability is further exacerbated by the fact that any malicious ACE archive can rename to a RAR compression format without escaping the exploit.

The developers of the popular file archival tool WinRAR has already issued a patch for this vulnerability. However the software will need to be updated to version 5.70 beta 1, released last month, by the users to ensure security for their devices from this major flaw.

How WinRAR Flaw can allow Hackers to load Malware unto Windows PCs



WhatsApp launched a biometric authentication feature for its App on iOS in January, whereby users can choose to require Face ID or Touch ID authentication in order to unlock the application, as additional security measure.

But with recent findings, the new security feature isn't quite secure after all, as a bug is allowing iPhone users to bypass the security mechanism and able to launch the WhatsApp application without any verification either via Touch or Face ID through the iOS share sheet.

The security feature allowed users to set verification to be required immediately upon log-in, with the need to apply Touch ID or Face ID each time they wish to access WhatsApp, or at specific intervals which could be up to an hour.

Albeit, the security feature failed whenever a user select any interval option other than “immediately" and when users need to select WhatsApp on sharing media via the share sheet, resulting the users to be taken to the WhatsApp app, while the Touch ID or Face ID options fail to pop up for authentication.

The failure to authenticate happens if the user has set the time to enable Touch ID or Face ID for authentication to either “after one minute”, “after 15 minutes”, or “after one hour” which makes it possible for anyone to access WhatsApp without fingerprint or facial recognition.

It remains unclear if the bug is from WhatsApp end or if it is rooted in the iOS platform, however WhatsApp has responded by acknowledging the bug and promising that a fix will be available shortly. It is recommended that users should set the screen lock option to "immediately” to mitigate the flaw until a patch is made available.

WhatsApp Touch ID & Face ID Security Features on iOS beaten from the share sheet



WootCloud, an IoT security research firm disclosed its discovery of a botnet based on Mirai dubbed OMNI that infects business video conferencing systems from Polycom, with additional three known botnets targeting same systems, and also Linux-based embedded devices.

While the discovery was announced in August, 2018, almost all models of Polycom HDX series of enterprise audio/video conferencing devices were vulnerable, which vulnerability could allow an attacker to launch a brute-force attack, DDoS attack and also turn the compromised conferencing devices to a proxy for Command and Control (C&C) routing communications.

OMNI represents one of the most severe IoT security concerns in the enterprise conferencing systems, which is harnessing the power of open-source software packages like BusyBox and WGet that comes with the Polycom devices through bypassing the various authentication mechanisms.

According to the researchers, the attacks evades traditional security controls and procedures, while companies have developed blind spots for monitoring such devices, so can't see the attacks to thwart them, which reemphasized the fact that smart connected devices inside enterprises remain the new attack vectors in the IoT era.

And Mirai infected hundreds of thousands of IoT devices which were used to launch some of the largest distributed denial-of-service (DDoS) attacks in history. It primarily spread in a worm-like manner through Telnet connections by taking advantage of the fact that most users don't change their default administrative details on smart devices.

Albeit, the original Mirai botnet is now inactive, but the source code has been replicated as base for at least 13 new other botnets, bringing more sophistication and improved infection methodology.

WootCloud has since reported the botnets to Polycom, and the company had on February 20, 2019 issued security advisory warning customers that Polycom HDX endpoints running software versions older than 3.1.13 contain security vulnerabilities that have been previously listed on the Polycom Security Center which can render HDX endpoints vulnerable to takeover by a botnet.

Polycom also issued a security advisory back in January to warn customers about the persistent cyber threats that target unified communications devices deployed in a less secure manner for which the default credential haven't been changed.

Internet of Things (IoT) botnets exploiting Polycom video conferencing systems



Opera Software retired its free VPN app in April last year, which allowed users to avail the unlimited VPN to browse on smartphones and tablets, but little did users know that the company was cooking something new; Opera's free VPN is back.

Now, it’s available within the Opera browser for Android, and just as free, unlimited and easy to set up and use as the VPN app that was shutdown, basically its more like the VPN on the desktop version of the browser.

While VPN is required for privacy and security purposes, as it allows you to route your device's data via a secure connection on linking out into the open internet. Albeit, many free VPNs have come to serve ulterior motives, by retaining logs of users activities especially for targeted advertising. Opera, however has assured that its free VPN service will keep zero logs, and will not track your online activities.

Steps to set up Opera Browser for Free VPN service

Firstly, you’ll have to download Opera browser for Android, which is quite different from Opera mini browser. And install it on your Android phone, then tap the “O” icon from the bottom right corner, and tap on Settings to flip the VPN toggle to Enabled.

Within the VPN setting there are options for limiting to private tabs, virtual location and bypassing the VPN for search engines, and also a snapshot of data, mostly as it offers automatic protection without any fuss.

And you're not required to sign in to Opera account to start using the free VPN service, once enabled, it replaces IP address with virtual IP that makes it more difficult for sites to track you.

There are also options to choose a VPN server region or let the app decide, and it is recommended to use the VPN only for private tabs. But, you can use it always with the exception of when searching if you want to get local results.

How to set up Opera browser's free VPN on Android smartphone



The Debian-derived Linux distribution designed for penetration testing and digital forensics, Kali Linux has received its first update for 2019 with a bevy of new features, which includes: support for Metasploit version 5.0, Linux kernel 4.19.13 and several bug fixes.

Kali Linux is maintained and funded by Offensive Security Ltd, and serves as the go-to operating system for cyber security enthusiasts. While Kali Linux has satisfactorily served the cybersecurity world by providing bespoke packages for theHarvester, DBeaver and many more tools that help Penetration testers in various stages of the test to gather information such as emails, hosts, employee details, open ports and domains from different sources.

The updated Kali Linux comes with a number of improvements and new features including new json-rpc daemon, search engine, and integrated web services, and new evasion modules coupled with the support for writing shell-code in C.

And the support for Metasploit version 5.0, introduces multiple new features like the Metasploit’s new database and automation APIs, expanded language support, evasion modules and libraries, improved performance and more. Albeit, the update to Metasploit was released last month, coming after almost 8 years with the last version 4.0 haven been released in 2011.

Kali Linux 2019.1 also boasts of an upgraded kernel version 4.19.13 which supports the use of Banana Pi and Banana Pro single board computers, and Veyron has been moved to a 4.19 kernel.

The virtual machine and ARM images have been updated to 2019.1 and Raspberry Pi images simplified, with no separate Raspberry Pi images available for users with TFT LCDs as Kali Linux 2019.1 comes with re4son’s kalipi-tft-config script. You can find more information from the changelog to know the details of the bug fixes.

Offensive Security releases Kali Linux 2019.1 with support for Metasploit version 5.0



While Windows 10 users had to resort to the “AppData” folder for the viewing or modifying of Linux files, Microsoft with the next Windows 10 update will be making it easier to access Linux files via WSL filesystem, as the former process is fraught with issues of data loss or corruption.

The upcoming Windows 10 Version 1903 changes the Windows Subsystem for Linux (WSL), bringing support for easy access to Linux files, and users will be able to view and modify items from the File Explorer, by simply using the Command Line.

According to Microsoft, Windows service and driver will act as client and communicate with the 9P server, whereby a 9P protocol file server facilitates file-related requests, which then, the server containing the protocols is also responsible for handling the Linux metadata which ensures that files remain intact even after the access.

The process is as simple as typing in “explorer.exe” within a Linux shell environment and following the command, you would find a File Explorer within the Linux Distro. Then type “\\wsl$\\” in the Explorer window to access the Linux files.

And you can perform several operations on the Linux files like dragging, copy & paste and more. Also, you can use the feature with Windows 10 Power Shell by simply typing “cd \\wsl$\Debian\” to change the root directory of the installed Debian system.

Microsoft created the feature based on its community feedback! It welcome users to file any issues that they may find on its Github page: https://github.com/Microsoft/WSL for faster actions.

Microsoft's next Windows 10 update to bring support for easy Linux files access



The second point release of Ubuntu 18.04 LTS (Bionic Beaver) is now live, which follows closely on the heels of Ubuntu 18.04.1 LTS released in July last year, and as the norm, it is released in three editions: Desktop, Server and Core (for IoT devices and robots).

While the popular operating system newest version is also available for Cloud platforms, along with the different flavors, such as Lubuntu, Kubuntu, Ubuntu Budgie, Ubuntu MATE, Ubuntu Kylin and Xubuntu.

Developed by Canonical, Ubuntu is an open-source Linux distribution based on Debian, and of course free, with the community under a meritocratic governance model. Canonical provide updates on security and support for all Ubuntu releases, from the release date until it reaches the designated end-of-life (EOL) date.

And the point releases ensure that every user downloading a fresh ISO from the official website get all updates and fixes in one bundle.

The new support for hardware enablement stack (HWE) and Linux 4.18 kernel will enable Ubuntu to run on more devices and to deliver better graphics performance, for instance, this new update brings support for Pi 3, with Pi 2 supported image target, which is a good news to Raspberry Pi enthusiasts.

Ubuntu update is released every six months, with long-term support (LTS) releases happening every two years. The newest release is 18.10 (Cosmic Cuttlefish), while the most recent long-term support release is 18.04 LTS (Bionic Beaver), with support till 2028.

Ubuntu new release supports Hardware Enablement Stack (HWE) and Linux 4.18 kernel



The JavaScript and React framework, Next.js 8 comes with support for serverless deployment, whereby applications are separated into smaller lambdas or parts, to allow code to run on demand and scale automatically, with each page in the directory serving as a serverless lambda.

While Next.js is for building server-rendered apps with the React UI library and JavaScript, now the version 8 has brought with it serverless capabilities, and low-level API for serverless deployment.

And the framework also help to reduce build-time memory usage and speeds up static export, with other improvements in Next.js Version 8 including: better static export, with faster static rendering through next export on multi-CPU machines. It is performed on output files which can be served directly without code execution on server.

It offers build-time memory usage reduction, through contributions to the Webpack module bundler and this resulted in 16 times better memory usage without degradation in performance.

And there are also improvements in prefetch performance, with Next.js router enabling the prefetching of pages for easier navigation, while a sample API authentication is included to show how to authenticate against external API in programming language.

Finally, the inline JavaScript tag has been changed to JSON for safe transfer to client. Though with previous Next.js versions, the enabling of the Content Security Policy security layer required enabling script-src unsafe-inline in their policy, the change means that no inline scripts are included by Next.js, as it creates an inline script tag.

The JavaScript and React framework, Next.js 8 support for serverless applications



Instagram, the Facebook owned company is testing direct messaging for the web that allow users to chat outside the app, while this means that users on PC or Mac will be able to chat on Instagram, and users can also access Instagram via a mobile web browser to privately message others on the platform.

The general adoption of the service has been hitherto hampered by the unavailability of web continuum, as full web support could mean Instagram will be a more full-fledged messaging system, with mobile and desktop clients to serve as alternatives rather than just a feature for sharing photo and video contents.



Even as messaging remains the fulcrum of engagement on Instagram, it also made people addicted to the app, but with the availability on the web users can be able to receive messages anywhere and could send from anywhere as well.

While Facebook’s chat feature started from the web before been extended to mobile, it has continued to record huge growth; it’s possibly the more reason for Instagram Direct to embrace the web. Albeit, there is another possibility that it could be paving the way for the upcoming unification of the back-end infrastructure for Facebook Messenger, Instagram Direct and WhatsApp to allow cross-platform chat support, as reported by The New York Times.

The Instagram Direct web version is available from the arrow icon in top right of the homepage, with some features using an Instagram.com/direct/…. URL structure. And perhaps, Facebook will adopt a Direct destination website similar to https://www.messenger.com, if the feature becomes hugely popular.

Instagram Direct Messaging coming to the Web to allow users to continue chats



Google is currently testing AR navigation feature for Maps, which will allow users to use their smartphone camera and arrows on the screen to find their way around a given location.

The feature, first teased at Google I/O developer conference in May, is now rolling out to a number of users under the Local Guides program, Google Maps community members who volunteers to contribute information about local businesses, and also engaged for the testing of new features on Maps.

While the blue dot on Maps calibrates a meter or so away from real position, making the navigation feature unreliable most times, Google hopes to deploy the Maps AR navigation to makeup for the short comings.

And once navigation is turned on, the “Start AR” button will appear on Google Maps, to avail the user a real-time view using their phone's camera.

It helps by orientating the users when they are following a walking map, and also solves the common problem in getting out of a subway which is a great annoyance in many big cities around the word.

And you'll have an idea of which way you're facing, so you won't have to wait for the little blue dot on Maps to point you in the correct direction.

Google is seriously building more capabilities to Maps to make the app more useful and appealing to users, with bevy of new features like the "for you" tab offering tailor-made recommendations and the "match score" to show you how much likeness you may have for a local restaurant or business.

Google Maps AR navigation undergoes testing with select Local Guides



While high-end Android devices have specialized hardware that handles encryption using the Advanced Encryption Standard (AES), but smartphones in the budget segments run on low processors on which the AES can not run efficiently, Google is looking to solve the security puzzle with Adiantum.

Adiantum is designed to make encryption more efficient for devices without cryptographic acceleration, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR/HCH using the ChaCha stream cipher in a length-preserving mode. For ARM Cortex-A7, the decryption on 4096-byte sectors is about 10.6 cycles per byte, around 5x faster than AES-256-XTS.

Encryption has become hugely essential for security and privacy with the proliferation of public Wifi and the need to secure the data on our smartphones, albeit it comes as a trade-off for speed as it can take quite a while to resolve traffic through the system.

And this issue of slowness is the more reason it can not be supported on low processor powered devices, as AES would result in a very poor user experience and apps would take much longer to launch; since storage encryption has been required for most devices running Android 6.0, those devices with poor AES performance (50 MiB/s and below) remains exempted.

But Google seeks to change that because encryption is now necessary for everyone, even so much so that a device becomes practically unusable.

The ChaCha20 stream cipher offers faster encryption than AES when hardware acceleration is unavailable, because it relies on operations that all CPUs natively support: additions, rotations, and XORs. So, Google selected ChaCha20 along with the Poly1305 authenticator, which is also fast in software, for a new TLS cipher suite to secure HTTPS internet connections.

With ChaCha20-Poly1305 standardized as RFC7539, it greatly improves HTTPS performance on devices that lack AES instructions. And the end result is Adiantum, which is named after the genus of the maidenhair fern, and in the Victorian language of flowers (floriography) represents sincerity and discretion.

Going forward, device manufacturers are required to enable Adiantum for either full-disk or file-based encryption on devices with AES performance <= 50 MiB/sec and launching with Android Pie. For Android Q, Adiantum will be a part of the platform, and the Android Compatibility Definition Document (CDD) will be updated to require that all new Android devices be encrypted using any of the allowed encryption algorithms.

Google to bring Encryption to low-processor powered Android devices with Adiantum



Google launched a new Chrome plugin dubbed Password Checkup, that will alert users when their login details have been compromised, whose information is found in their recent “Collections” leak, and will prompt a warning message to update their information.

While the “Collections” leak is Google's Archive of about 4 billion usernames and passwords, and all credentials that it feels have been compromised in recent times.

On installation, all your login details entered across various sites will be checked against the database of breached usernames and passwords and a warning will be issued if your details matches any compromised record.

The Password Checkup extension automatically identify when a login details is compromised in any third-party data breach, with the passwords stored in an encrypted form, and the warnings against it stored locally on your machine.

Google maintains that users personal information are safe, as such sensitive data are encrypted, there is no way anyone can intercept or access the data.

As Chrome already offers password generator tool, if it detects that your credentials has been stolen, the Password Checkup will ask you to change the login details, and Chrome will store the new password automatically in a password credential file, that is if you choose the option, and use it to log you into a site automatically in any future visits.

Google also rolled out a related security feature called Cross Account Protection, to help in availing another line of defense to users using third-party apps, that is if you use your Google account to log into other sites.

The company will be working with the Internet Engineering Task Force (IETF) and OpenID Foundation, with other major technology companies to secure users accounts using the Cross Account Protection tool behind the scene.

And any event your account is compromised, Google will notify all the apps and websites that you’ve logged into with your Google account to make sure your other accounts are protected.

How Chrome's Password Checkup plugin can help in securing against data breaches



ClusterFuzz, which offers scalable fuzzing infrastructure that finds security and stability issues in software, used by Google for the fuzzing of Chrome Browser, and serves as the backend for OSS-Fuzz is now open source.

It has helped to unravel over 16,000 bugs in Chrome and more than 11,000 bugs in other 160 open source projects integrated into OSS-Fuzz.

While the term fuzzing implies the method for detecting bugs in software by feeding unexpected inputs to target program, which is very effective at finding memory corruption issues that's often the cause of some serious security problems.

Especially applicable in software projects written in C or C++, fuzzing is crucial in ensuring their security and stability as these languages are mostly unsafe.

Albeit, these issues can be manually sorted out, but it's difficult and rather time consuming, as bugs can often slip through even a rigorous code review, ClusterFuzz offers effective, continuous debugging at scale and fully integrated into the development process of a software project.

ClusterFuzz is able to detect bugs in software within hours after they are live and verify a fix within days.

Google had earlier offered ClusterFuzz as a free service to the open source projects via OSS-Fuzz. Now, the company has fully open sourced ClusterFuzz, making it available for anyone to use via GitHub, with instructions provided for guidance.

Google open sources ClusterFuzz, the fuzzing infrastructure for detecting bugs



If you've been following recent happening in the torrent ecosystem, then you must have known about the growing onslaught against torrent sites, with almost every major torrent sites like the Pirate Bay (TPB) and KickAsss Torrents haven been shutdown by the government authorities at one time or the other.

But no matter how hard the government kicks, they just can’t stop users from visiting torrent sites. Still, there are quite a lot of working Piratebay proxy sites available now, and many serving as torrent search engine which does not host torrent files, but provide ways for users to find good torrents on different active torrent sites.

While the Pirate Bay remains the largest and most popular torrent site, offering numerous torrent files via magnet links for the latest movies, games, software and much more; but sadly, TPB has had many ups and downs over the recent years.

Albeit, the Pirate Bay has notorious reputation for copyrighted files, the more reason its various domains have been taken down by different countries, but torrenting is not all about illegalities, as many users do share bits of larger files via torrents as it enable potentially fast download speeds.

And the rise in torrenting also meant a rise in the popularity of VPNs, which ensure you are safe and your connections secure as you sort out the different torrents. Similarly, with many ISPs in different countries constantly blocking the Pirate Bay, you can use a VPN to bypass the blockade.

3 Best VPN for TPB torrenting in 2019

1. ExpressVPN: With availability and support in over 90 countries, ExpressVPN is arguably the top notch VPN to consider for safe torrenting given the extensive support it offers. Moreover, it also allows access to the Pirate Bay from virtually anywhere in the world securely and anonymously.

ExpressVPN is equally super-fast, and offers tons of great features which makes performing tasks like torrenting an absolute pleasure.

2. NordVPN: NordVPN pride itself as one of the first service with ultra-secure connection, supporting OpenVPN and protocols like: IKEv2/IPsec, PPTP and L2TP, armed with ‘Double VPN’ servers which passes your data through two separate servers for extra security.

Additionally, NordVPN supports Onion over VPN for extra privacy, making it the number one for security and privacy conscious users.

3. CyberGhost VPN: CyberGhost VPN offers tons of robust features for privacy and rock-solid grade encryption to keep your data secure while torrenting, and possess highly optimized servers in several locations for a seamless experience.

And when it comes to pricing, CyberGhost has the cheapest prices combined with awesome features that makes it one of the most favorite VPN for the Pirate Bay any day.

If you wish to know more about these listed VPN services, do check out their respective websites for comprehensive pricing and free options available.

And always remember, using the Pirate Bay or any other torrent site without VPN can be pretty dangerous, you just don't want to experience any nasty surprises, as these sites are infamous for hosting pirated contents, and the authorities are always in the lookout for offenders.

But with VPN you are amply covered, and VPNs have made the torrenting experience so much better with their network encryption and IP masking features.

The Ultimate List of Best VPN (Both Paid & Free) for the Pirate Bay Torrents in 2019