The largest independent open source software company, SUSE made a commitment to help manufacturers of medical devices fighting COVID-19 by offering free services such as maintenance support for its container technologies in the medical devices.

SUSE solutions such as flagship SUSE Linux Enterprise Server (SLES) operating system and container technologies, which can be embedded in the medical devices, will be available immediately to help speed up time to market for the devices.

These programs and the support packages will to help to meet the urgent demand to get medical devices into the hands of users.

What SUSE is Offering Medical Device Manufacturers Fighting COVID-19?



The global pandemic, COVID-19 requires more than simply trying to survive as companies and individuals, So SUSE has determined to help as much as possible by doing what they do best. With cutting-edge open source technology and know-how which is capable of helping in the fight to save lives.

SUSE Linux Enterprise operating system can be built into, and help to run various kinds of devices, and hardware. And SUSE Embedded Linux features optimized system footprint for products, including medical devices.

While the container technologies include SUSE CaaS Platform, which allow companies to use Kubernetes to easily deploy and manage container-based applications and services, and Cloud Application Platform, that brings an advanced native developer experience to Kubernetes so organizations can get their applications on the cloud and to market faster.

SUSE commitments in Fight against COVID-19



SUSE customers cut across the pharmaceutical and research space, along with laboratories all over the world, which are all using supercomputers running on SUSE Linux Enterprise to find the solutions to health issues posed by COVID-19, including prevention, and treatment.

These technologies ensure the security and reliability of the devices they run on or manage, which is critical to arriving at a solution.

As open source is rooted in community, and through collaboration, unwavering compassion, and innovation, the global SUSE communities are stepping up to support all those who are involved in the fight against COVID-19.

SUSE Offers Free Container Technologies to fight COVID-19 Pandemic



The hackers behind the infamous banking Trojan, TrickBot have developed a new method of intercepting 2-factor authorization codes sent to online banking customers through SMS or push notifications, by using a rogue mobile app.

While the most common method that have been employed over the years to bypass 2FA is the SIM swap fraud, in which the hacker convinces a mobile network or through a compromised employee to port a target’s mobile phone number, allowing them temporary access to receive the 2FA security codes sent via SMS.

According to IBM X-Force researchers, the new Android app used by TrickBot authors is dubbed "TrickMo" and it's still under active development, but exclusively targeted at German companies whose desktops are previously infected with the TrickBot malware.

How the hackers abuse Android's Accessibility Features to Hijack OTP Codes?



TrickMo works by intercepting transaction authentication numbers (TANs), including the popular one-time password (OTP), pushTAN authentication codes and mobile TAN (mTAN) after the app is installed on victims' Android devices.

The malware employ man-in-the-browser (MitB) attacks to coax infected victims (mostly Windows computer users) into giving out their online banking mobile phone numbers and device types in order to prompt them to install the TrickMo fake security app.

The risks with SMS-based authentication is that messages can easily be hijacked by third-party apps and it is also vulnerable to SIM-swap fraud attacks; as such banks are now beginning to rely instead on push notifications to authenticate their users, with the transaction details and the TAN number.

TrickMo Malware app Mode of Operations



The malware app, TrickMo is capable of gaining persistence by restarting itself after the device becomes interactive or on receipt of a new SMS message. It features a mechanism that allow a remote attacker to issue commands to turn specific features on/off on the infected device, for instance recording and accessibility permissions, through a command-and-control (C&C) server.

And to avoid raising any suspicion, TrickMo activates the lock screen when stealing the TAN codes, thereby preventing users from knowing that their devices are been accessed. TrickMo also remove all traces of its presence from a device after successful operations, with self-destruct and removal functions, that allow the cybercriminals to stay undetected.

However, IBM researchers discovered a way to decrypt the encrypted SMS commands using hard-coded RSA private key embedded in the source code, which makes it possible to generate the public key and craft an SMS message that can turn on the self-destruct feature.

Hackers bypassing 2‐Factor Authentication using Rogue Mobile App



The ad fraud scheme is a practice that bad actors leverage by exploiting the system to deliver unsolicited ads, allowing the threat actors to effectively steal advertising funds from enterprises.

While the practice is increasingly finding its way into the mobile ecosystem, as over 50 apps on the Google Play Store, with about a million downloads have been caught using new tricks to secretly self-click ads without the knowledge of smartphone owners, according to security firm Check Point.

The ad fraud actors use a piece of malware called "Tekya" which runs in the apps to imitate users' actions by clicking ads from ads networks like Google’s AdMob, AppLovin’, Facebook, and Unity.

How the Mobile Ad Fraud actors evade Google Play Protect



The piece of malware, Tekya obfuscates the native code to avoid detection by Google Play Protect, which is part of an inbuilt Android defense system against malware, and utilizes the ‘MotionEvent’ mechanism in Android to imitate the user’s actions to generate ad clicks.

According to the researchers, the Tekya malware was undetected by even some known antivirus software such as VirusTotal and Google Play Protect, which ultimately made it available for download in over 50 applications on Google Play Store.

The ad fraud campaign seems to clone legitimate popular applications to gain more audience, mostly kid-friendly apps, with a larger chunk of the applications running Tekya malware serving as children’s games.

How to protect your Device from Tekya malware



This ad fraud highlights once again that Google Play Store can still be tricked into hosting malicious apps, with nearly 3 million apps available on the store; it is far more difficult to manually check that every app is safe.

Therefore, users should not rely on Google Play’s security measures alone to ensure that their devices are protected. If you suspect that your device have any of the infected apps, quickly uninstall the application from your device, and make sure your device operating system and apps are up to date.

Furthermore, enterprises should make sure that the devices used by their employees are free from malware by enforcing the use of antivirus software to secure them against sophisticated mobile attacks.

How Mobile Ad Fraud actors evade Google Play Protect with Tekya Clicker



The impact of technology on the world today is quite different from what it used to be many years back. Its benefits are numerous, but continuous changes can make it difficult to realize when something is unsafe.

The case seems even worse for seniors, who don't know much about the latest changes in technology. This makes them more vulnerable to online threats. However, seniors can use the following 7 tech tips compiled by WriteMyPaper123 tech experts to stay safe online.

7 Tech Tips for Seniors



These simple tips will help the older adults to stay a step ahead of bad actors by safeguarding their online accounts and mobile devices.

1. Use Strong Passwords



Whenever you are creating a password, never use common number patterns like 12345 or common phrases. Instead, you should use a combination of numbers with alphabets and symbols. And after creating a secure password, you should not keep it strictly to yourself. If perhaps you write it somewhere, just in case you forget the password, make sure you must hide it where no one can find it.

2. Guard Your Personal Information



Always think twice before you give out any personal information online. Some websites want to steal your personal information for fraudulent purposes. Beware of pop-up that seeks some data or e-mails from anonymous sources asking you to provide some information. If you must enter any data at all, make sure that the site is a trusted one and you must know exactly where the data is going.

3. Be Wary of Unrealistic Offers



While you are online, it's possible that you see a pop up that congratulates you and tell you that you won a lottery. It's a trap to steal information from you. Most times, the pop up will ask you to enter a few details before you claim your prize. It's best to ignore offers like this except if you have applied for a promo earlier.

4. Report Cyber Abuse



It's not only children that get bullied online. Senior adults get bullied too. Make sure you don't condone any online act of threatening, blackmailing or any other form of abuse. If anyone attempts to make you a victim of abuse, you should report the situation to the hotline of state elder abuse or local law enforcement.

5. Use Privacy Settings on Social Media



You make yourself more vulnerable to internet attack when you allow everyone around the world to see your posts. You should limit the audience for your posts to the people you trust. To do this, change the privacy settings for all your social accounts to allow only your friends to view your posts.

6. Install Reputable Security Software



Security software helps you to protect your computer. It's reasonable to get reputable security software and not just any software that you come across first. Do some research on the software that you want to download. Read reviews from other users to confirm its usefulness. The moment you are able to get one, make sure that you update it regularly.

7. Monitor Your Online Banking Accounts



Check your bank statements periodically just to be sure that no strange transactions occur on your account. In case you notice any fraudulent attempt, contact your bank and take other steps to secure your money.

Conclusion



As a senior or older adult, you are not exempted from the usage of technology. That is why you must have knowledge of tech tips. The above tips will help you to stay safe while making use of the technology devices.

7 Tech Tips for Seniors to help them Stay Safe Online



The infamous banking Trojan, TrickBot that infected nearly 250 million Google accounts in 2019, is back again with newly discovered module (rdpScanDll) built for RDP bruteforce operations.

While the Trojan has been around since 2016, haven initially targeted e-banking as a credential-harvesting threat, and with its plugin-based design evolved into a more focused threat for stealing of financial data. Now, researchers from Bitdefender have discovered a new module based on the IP addresses it targets, with victims mostly US and Hong Kong-based, and predominantly in the telecom industry.

The module, dubbed "rdpScanDll" was first discovered on January 30 and is still in development, according to Bitdefender. And so far, it has targeted 6,013 RDP servers belonging to businesses within telecom, and financial sectors in both the US and Hong Kong.

How TrickBot RDP Brute-Force Attack is carried out?



TrickBot creates a folder with the encrypted malicious payloads and associated configuration files, including a list of command-and-control (C&C) servers with which the plugin needs to communicate to retrieve commands to be executed.

The rdpScanDll plugin then shares its configuration file with a module named "vncDll" which makes use of a standard URL format ( https://C&C/tag/computerID/controlEndpoint) to communicate with the new C&C servers.

Then the "check" mode looks for an RDP connection from the list of targets, with the "trybrute" mode making attempts of a brute force operation on the target using a predetermined list of login details obtained from endpoints "/rdp/names" and "/rdp/dict" respectively.

If the initial list of targeted IPs is exhausted, the plugin will try to retrieve another set of fresh IPs using a second "/rdp/over" endpoint.

TrickBot's Update Delivery Mechanism



TrickBot has been mostly distributed via spam campaigns, but it has also been seen in cahoots with other malware. Such as those distributed by the Emotet spam-sending botnet to deliver Ryuk ransomware, whereby the operators have extended its capabilities to a more advanced malware delivery vehicle.

The update delivery mechanism, according to Bitdefender findings is that plugins responsible for lateral movement across the network (WormDll, TabDll, ShareDll) got the most updates, and followed by modules responsible for carrying out 'system and network' reconnaissance (SystemInfo, NetworkDll), and data harvesting (ImportDll, Pwgrab, aDll) within the course of last six months.

The latest rdpScanDll module is perhaps only one in a long line of modules used by the Trojan, but it stands out because of its use of highly specific list of IP addresses, concluded the researchers.

TrickBot targets Telecoms in US and Hong Kong for RDP bruteforce operations



The annual hacking contest, Pwn2Own 2020 was a remote event owing to the Coronavirus (COVID-19) pandemic, where hackers as contestants try to exploit popular software and mobile operating systems.

The 3-day event ended on March 20, with the previous 2 days been rather phenomenal as a team from Georgia Institute of Technology Systems Software and Security Lab won the second biggest price of $70,000 on the first day by targeting Apple's browser, Safari. They exploited a bug chain to pop calc and escalate to root privilege.

Pwn2Own 2020 is perhaps the first time the hackers contest is being held remotely, with several ethical hackers from all over the world participating to demonstrate their hacking abilities.

Day 1 - Pwn2Own 2020



The RedRocket team member, Manfred Paul won $30,000 and 3 Master of Pwn points by successfully leveraging on an input validation bug to escalate privileges on Ubuntu Software.



And closely followed by last year’s champion, team Fluorescence who won $40,000 by leveraging a UAF in Windows to escalate to SYSTEM.

Day 2 - Pwn2Own 2020



The team from Synacktiv, comprising the due of Corentin Bayet and Bruno Pujos failed to successfully demonstrate their exploit targeted at the VMware Workstation in the virtualization category within the allotted time.

However, Phi Phạm Hồng from STAR labs who targeted Oracle Virtualbox using an OOB Read for an info leak won $40,000, by leveraging an uninitialized variable for code execution on the hypervisor.

Pwn2Own 2020 ended with the title of Master of Pwn going to the duo of Fluorescence team with their 9 points (amounting to $90K) which was ahead of the price for team from Georgia Institute of Technology. With just one official entry left to go, Team Fluoroacetate took the lead in the Master of Pwn standings by amassing 9 points, they targeted Adobe Reader along with a Windows LPE.

All it took them was one click of the mouse to exploit Adobe Reader and then take over the system through a local privilege escalation.

Pwn2Own 2020: Georgia Tech Team hit a $70,000 bounty by targeting Apple Safari



Snapchat Stories is perhaps the best feature of the renown social app, as it provides you with means of broadcasting no matter the type of post; but normally, you cannot view a Story or save it without the creator's knowledge.

And the Stories feature is so addictive that you can spend several hours browsing through the various stories without realizing you've been stuck to your smartphone for such a long time.

While the platform would notify the creators when other users’ view their stories, albeit, the stories need to be set as public for others to see them.

Once in a while you may want to view someone's story without been noticed, or perhaps, you're spying on someone and want to watch the stories on Snapchat. In this post, you'll get to learn how to view Snapchat Stories anonymously without using any Spy Apps.

Steps to View Snapchat Stories Without getting Noticed



The steps outlined below will enable you to view any Snapchat story without them noticing you.

Step 1. Launch the Snapchat app. And tap on the Stories icon at the bottom right corner of the screen if you're logged into Snapchat. Or if you are not logged in, you'll need to enter your email address and password to login to the platform before proceeding.

Step 2. Once on the Stories page, you'll need to refresh the screen and wait for the stories to load. It is necessary that you must not open the Stories or the creator would know. You should close the Snapchat app and switch off mobile data or Wi-Fi, in the case you're browsing on a Wi-Fi network.

Step 3. Now, proceed to re-launch the Snapchat app and click the Story icon. You should be able to still find all the previously loaded stories on your Snapchat.

Step 4. After viewing the Stories, exit the app before switching on the mobile data or Wi-Fi network.

Alternative Way to Watch Snapchat Stories Anonymously



Alternatively, you can view someone’s Snapchat story without getting noticed by using Spy apps, and there’s a number of such apps that work excellently for Snapchat.

But the disadvantage of using a Spy app is that the app would keep a saved version of the story after you've seen it. And using the spy app, you would not be able to view all the videos and photos shared by people on Snapchat, with all the messages sent and much more.

If you plan to have only your friends to see your stories, make the appropriate changes in the privacy settings before posting your photos or videos on the platform.

How to View Snapchat Stories anonymously without using Spy Apps



The Coronavirus (COVID-19) pandemic has forced many companies to require their employees to work from home, which places remote networking technologies at an all-time-high demand, with bandwidth and security concerns at its peak.

Such companies like Google, Amazon, IBM, Cisco, Apple and others are scrambling to support an enormously rising number of teleworkers, with secure remote-access networks to facilitate and ensure the safety of the workers. But without some tools, working from home could be rather too challenging for several reasons.

Besides the few challenges, the fact that no manager or co-worker is hanging over your shoulder, and none to steal your lunch from the office fridge, add up to make remote work wonderful. In order to help you surmount some of the challenges, we've compiled a list of 5 best online tools to work from home.

5 Best Online Tools to Work from Home



As major businesses around the world are resorting to remove work by facilitating their employees to work from home, they'd find the following tools handy for effective collaborations.

1. Google Meet




Meet is a video conferencing software developed by Google which can be used for business purposes. The app is available on all major platforms such as iOS, Android, Mac, and Windows.

As part of Google's effort to help businesses and schools stay connected in response to Coronavirus, the company has rolled out free access to advanced Hangouts Meet video-conferencing capabilities to G Suite and G Suite for Education customers worldwide. The capabilities include support for larger meetings of up to 250 participants per call, live streaming for up to 100,000 viewers within a domain and the ability to record meetings and save them to Google Drive.

Additionally, the screen sharing feature will be handy if you want to share the screen with other participants in order to collaborate on work projects more efficiently.

2. Microsoft Teams




Microsoft Teams is a software that serves as a virtual workspace with features like team collaborations, meetings, and integration of various other useful applications.

It allow users to share and edit files on the go and also supports HD audio and video calls, with users capable of communicating with other participants personally or via dedicated channels.

Also, Microsoft Teams comes with customizable notification systems and an option for saving important and confidential conversations.

3. Slack




Slack is an online application that's popular for instant messaging in professional work environment, and it comes with an attractive interface with tools like analytics, calendar, and many others.

It offers the ability for a team to be subdivided within different channels as per the work requirement. And users can mention each other for effective collaboration in the app. There are also the availability of a number of emojis to make things a bit fun, just like on the social media platforms.

There are several other unique features like the generating of message threads for individual message so that no one will spam a channel with messages.

4. AnyDesk




AnyDesk is a remote desktop software that aids remote workers, with the free version offering an ample number of features to effectively coordinate a team.

It includes a built-in chat feature, remote screen casting and recording, remote printing and other nifty features that makes remote work easier.

Additionally, AnyDesk supports login credentials for unattended access, albeit some features are a bit complicated to use with remote access to a computer.

5. Zoom Meetings




Zoom Meetings offers a high-quality audio and video call capability and the ability to conduct business video conferences. It has a capacity of about 1000 participants in a single meeting and having 49 of them shown on PC screen at a time.

While the most unique feature on Zoom Meetings is perhaps the video conferencing which can be saved directly in the cloud.

And the saved meetings can be accessed and used from any device to study a particular point or recall the mentioned points.

5 Best Online Tools to Work from Home as A Remote Worker



Debian GNU/Linux is prepping a micro-blogging platform similar to mastodon, which will use Pleroma to host Peertube as a federated video sharing platform, with Pixelfed for image publishing, and Jitsi for web video conferencing.

While Debian already has the debian.social domain where they'll most likely deploy the new set of services to publish content and collaborate with Debian contributors in their own federated social platform.

According to the Debian lists, the launch of the new service is targeted to help contributors to collaborate more and be able to share their works directly on the social platform.

Why A Federated Social Platform?



The Debian Social team outlines the very early stage and plans to go further over the next quarter with Debian.Social domain, which is designed to host the social activities of Debian contributors.

All the social service is geared at creating, integrating and aggregating all Debian-related news, updates or contents in one single platform. And irrespective of whether anyone is a project member or not, they won’t have to go to a random platform to share Debian-related content anymore.

Moreover, every member is free to share their ideas, current projects, or work with other members on the platform and the official team can also post any current updates.

How to get Started with Debian Social



The Debian social platform is currently under development, with critical bug fixing at this stage. But, you can request for a test account to help with testing the service before the actual release of the beta version.

To get started, you have to create a salsa account which will serve as a form of authentication. After that, create a ticket from salsa.debian.org and wait for your account to get activated for the Debian social platform.

And Debian contributors can also log in to any of the service using the account of a particular platform, for instance, if you’re already on Pleroma service, you can browse or comment on Peertube using your Pleroma account.

Debian GNU/Linux pivots to a More Dedicated Social Platform for Contributors



Microsoft has announced a milestone of over one billion people across 200 countries haven activated Windows 10 devices, which number corresponds to 1 in every 7 people in the world using the platform.

While Windows 10 was launched in 2015, which has also followed different service model from its predecessors, with new features and security updates delivered faster than ever before. Microsoft has evolved from new version release every three years, to releasing multiple versions per year.

And the recent Windows 7 end of life might have contributed to more people switching to Windows 10, albeit perhaps, it is highly critical for driving transformation in the enterprise.

The Milestone of going from One to One Billion Devices



Microsoft launched Windows 10 as the first Windows-as-a-Service (WaaS) and provides two feature updates per year, which remains the major change to have happened to the platform. Though, there are several other additions that have made Windows 10 more versatile, such as the Windows Subsystem for Linux (WSL), Your Phone app and the last-minute switch of Edge to Chromium-based engine.

The decoupling to the new Chromium-based Edge browser for Windows 10 deliver new builds to users outside of the normal Windows 10 release cycle, with support for more versions of Windows.

And the Your Phone app has bridged the gap between Android and iOS devices by adding the much needed continuity features to Windows 10. With the company focusing more on putting the customer at the center, by listening to feedback, and having that feedback shape the development process.

Why Microsoft's aim goes Beyond Windows 10?



Microsoft pioneered seamless experiences, to biometric log-in with Windows Hello, and with such experiences as the Your Phone app, enabling Android users to connect to their PC, which are all aimed at meeting people's basic security and connectivity requirements.

Now, this innovation continues with the bringing of Windows to the cloud through Azure and virtual machines, making Windows 10 available on nearly every platform, from Mac to iOS or even Chromebooks.

The company is striving to make Windows the most accessible operating system on the planet regardless of where users are, or what device they are on. So, also is the big move for the Universal Windows Platform (UWP) which idea was to create universal apps that can run on virtually all Windows 10 platforms without needing the re-writting of code.

But sadly, the UWP didn’t get the popularization and appeal that Microsoft had intended for it.

Microsoft records a Milestone as Windows 10 Crosses 1 Billion Active Devices



A new Trojan, dubbed "Cookiethief", attempts to gain superuser rights on target devices, and if successfully gained, transfer the web cookies to a remote command-and-control (C&C) server operated by the attackers.

While the messages that servers pass to browser when a user visits Internet sites, which information is stored in a small file, is called cookie. These piece of information is often used by websites to differentiate a user from another, and serve personalized content for targeted advertisements.

The malware is capable of this maneuver, not owing to a vulnerability in the Facebook app or browser, but according to Kaspersky researchers, it could steal cookie files of website from any app in several other ways.

Ways the Cookiethief Hijack Accounts Without Passwords



As web cookies allow users to stay logged in to a web service without having to resign in repeatedly, the Cookiethief tries to exploit this technique to allow attackers gain unauthorized access to the target accounts without actually having their online accounts passwords.

There are a number of ways that a Trojan could infiltrate a device, such as planting of malware in a device firmware, or exploiting known vulnerabilities in the operating system to install the malicious software.

So, if a device is infected, the malware can easily connect to a backdoor installed on the same device to execute a "superuser" command that will facilitate the stealing of cookie.

How to protect Your Facebook Account from Cookiethief



Facebook has a number of security measures in place to safeguard users accounts against any suspicious login attempts from devices, IPs and browsers that they have never used to log in to the platform.

Albeit, an attacker could work around the safeguard by leveraging the piece of malware that creates a proxy server on the infected device in order to impersonate the actual account owner's location to make the access look legitimate.

But still, users can block third-party cookies on the browser, like Chrome or Firefox and clear the cookies on regular basis, and the use of private browsing mode to protect their accounts.

Android Cookie-Stealing Trojan, Cookiethief Target Facebook Users



File2HD is a free web service that enables anyone to download files, such as movies, documents, images and more, from sources like YouTube, MySpace or even an old-school style-sheet for use in presentation straight to your desktop.

It works with just about any file, including audio, videos, objects, images, style-sheets, and by simply embedding the link on the web page. And the File2HD service can surface every single file that it pulls from the link that you entered and can be conveniently downloaded to your computer.

Besides the free version, it also offers a premium service for those who want to download thousands of files, including MP3 audio files from Myspace, and videos from YouTube, and even if the files are not available to download, File2HD has a way to get it.

How to Use File2HD to Download Files



Simply visit File2HD.com and enter a URL in the search field, accept the terms of service by ticking the box and select the type of file that you want to download and click Get Files.



You can use the filter radio boxes to narrow down the list of files displayed based on the file types such as audio, movies, links, applications, etc. As File2HD displays most files for free and the hidden files are only available through the premium service.

And File2HD website is pretty straight-forward and way too simple, it doesn't need any guide for you to use, from the whole process of downloading MP3 from Myspace to YouTube video downloads.

Additionally, File2HD includes an FLV to MP3 file conversion utility “FLV2MP3” which can come handy when converting FLVs to a more easily playable MP3 format. There is an Online File Converter provided at converter2.file2hd.com which can also extract audio from video, and convert online videos to MP3, MP4 (iPhone Compatible) and WMV (Windows Compatible).

How to Download Files (Including Videos) from Any Website Using File2HD



KaiOS is an operating system based on Linux targeted at feature phones, developed by KaiOS Technologies, which is forked from the open source community-driven Firefox OS.

While Firefox OS was discontinued in 2016, the offshoot KaiOS aims to bring support for 4G LTE, VoLTE, and Wi-Fi with HTML5 apps and longer battery life to so-called feature phones, typically the non-touch devices with less memory and energy consumption.

Now, KaiOS Technologies is reportedly in collaboration with Mozilla to remedy KaiOS incompatibility with newer web standards such as WebGL, which has made some sites less and less functional on the ecosystem without specific customization, and increasingly vulnerable to update stagnation.

What the Collaboration between KaiOS and Mozilla brings to the table?



KaiOS was left out of the Quantum update, which made Gecko engine twice as fast, and the recently signed deal between KaiOS team with Mozilla, means there is going to be renewed support in the future for KaiOS updates. And the new version of KaiOS should be coming to devices as early as 2021.



This partnership may also represent a radical upgrade for KaiOS in regards to security, with Firefox extended security releases (ESRs) as part of kaiOS, not to mention the in-built browser support.

Mozilla's frequently-updated browser with enterprise-grade stability and security is what is promised with the ESRs. Therefore, it could bring a significant boost in the enormously important feature phone market.

Why the future looks bright for KaiOS?



KaiOS first made debut in 2017, and in a market share results announced in May 2018, KaiOS beat Apple's iOS for second place in India, with Android dominating at 71%, albeit it was down by 9%. KaiOS growth was largely attributed to popularity of the competitively-priced Jio Phone.

The operating system is also powering several new feature phones, among which are the Nokia 8110 4G, 2720 Flip, and 800 Tough. And KaiOS powered devices are considered smart feature phones since it supports many applications, like Google apps, though the OS is still not as powerful as Android.

Another aspect of this OS that has a theoretical advantage is the dedicated versions of Facebook, WhatsApp and Twitter apps, which are web-based, meaning developers just need things like HTML and JavaScript to build apps for it.

Upcoming KaiOS update for a Smarter and more Secure feature phones



The Cross-Origin Resource Policy (CORP) header is employed by developers to protect their website against cross-origin requests, or from outside the domain itself.

While CORP helps to safeguard against attacks like Spectre and Meltdown, which is a side-channel attack based on hardware vulnerabilities that held sway in early 2018 and resulted major efforts by browser vendors, and chip company such as Intel to provide patches.

Starting with Firefox 74, Mozilla has enabled support for CORP, an additional layer of protection beyond the default same-origin policy, which complements Cross-Origin Read Blocking (CORB), a mechanism that prevent cross-origin reading by default.

Security & Privacy focused features on Firefox 74


Along with CORP, Mozilla-baked Facebook Container, an add-on that locks a user's interactions on Facebook inside a separate container in the browser's memory, will get a boost with Firefox 74. So that anything within the container can't be tracked outside the container.

What this means is that even Facebook cannot track any of its users when browsing within the Facebook Container on Firefox 74, and also won't be able to follow them elsewhere on the web.

Albeit, Facebook Container isn't a new feature, as Mozilla launched it about two years ago. But Firefox 74 makes it possible for users to add custom sites to list that Facebook's credentials can be used to log on to, which on installment or upgrade, will be recommended as add-on by Mozilla.

Firefox 74 puts an End to Sideloading


Sideloading is a term that describes how third-party applications install associated add-on to Firefox browser. It has been an Achilles' heel to most browsers, that several makers have resorted to ban it outright, citing security concerns.

Mozilla had promised to also ban the practice, and Firefox 74 is the version that eventually drops support for sideloading. Going forward, Firefox users will need to take an explicit action in installing a sideloaded add-on on Firefox, and can also delete them from the Add-Ons Manager.

However, any add-on that was sideloaded previously would not be removed by Firefox, but it will not permit new sideload on Firefox 74. And Firefox 74 is available for download on Windows, macOS and Linux from Mozilla's official site.

Mozilla brings support for Cross-Origin Resource Policy (CORP) with Firefox 74



Amazon Web Services (AWS) has launched a new Linux-based operating system called Bottlerocket, for running containers on both bare metal and virtual machines.

The new open source OS is rather a stripped-down Linux distribution, built purposely to run containers and it comes with a single-step update mechanism and the essential software needed to run containers.

And most notable feature that makes Bottlerocket stand out is perhaps the fact that it does away with package-based update system, but instead, relies on an image-based model that allows for a complete rollback if necessary.

It will enable customers to use container orchestrators to manage OS updates with minimal disruptions, thus lower operational cost and enable better uptime for containerized applications.

What is a Container Orchestrator?


For those hearing it for the very first time, a container orchestrator is an utility that's designed to manage complex bundle of application deployments across multiple hosts and locations from one central hub.

It includes the containers, hosts, the networking, and storage, among others.

While Container-optimized operating systems give the development teams additional speed and efficiency to run high throughput workloads with better uptime and security.

Why AWS Bottlerocket?


As most containers are run on general-purpose OSes, which support the applications packaged in a variety of formats, including containers; the updates to these general-purpose OSes are applied on package-by-package basis.

The dependencies among the packages can result in complex errors, making the update process challenging to automate. Bottlerocket wants to take away the complexity, whereby it can be applied and rolled back in a single step, reducing overhead and improving uptime for containerized applications.

AWS Bottlerocket will enable customers to take advantage of the increased scale to monitor these ephemeral environments with more confidence. It currently supports only Amazon EKS, with support for Amazon ECS coming soon.

AWS Bottlerocket: A new Linux-based Operating System for Containers



The most popular Linux desktop environment with the latest release of GNOME 3.36, has brought several new features for improved performance.

GNOME 3.36 brings more elegant and simplicity to the desktop environment design of the core application icon, lock screen, and interfaces; with several other improvements within the last six months. The latest release, GNOME 3.36 has the codename, GRESIK, due to the fact that GNOME Asia organized the last conference in Gresik, Indonesia.

And the open source desktop environment boasts of a highly customizable options, with almost everything from multiple desktop environments to system configuration, users can set it to their own taste and feel.

What's New in GNOME 3.36 GRESIK?


The notification prompt which has been a distracting feature has a new control, now you can set “Do Not Disturb” by simply toggling the button to hide notifications, and it also applies to the login notifications. Other new features include:

  • Parental Controls
  • Metered Network Detection
  • PDF Loading and viewing on the web
  • Do Not Disturb
  • Revamped Login and Lock screen

Additionally, there are some visual improvements, making the design of the core application icon and interfaces more appealing, and also, the lock and login screen now merges together. So, instead of dragging, you only have to click the locked screen for swipe action.

How To Get Started with GNOME 3.36


GNOME 3.36 is currently available for select Linux distros, however the developers have promised to get it shipped to all distros soon.

For now, if you want to try it out, it will come bundled with the upcoming Fedora 32 beta or openSUSE nightly live images. And the upcoming Ubuntu 20.04 LTS scheduled for release on April 23.

You can also run the demo by downloading the test version ISO for GNOME 3.36 for all supported Linux distros here.

GNOME 3.36 introduces Metered Network Detection and Parental controls



Microsoft's embrace of HTML5 signaled the switching of Windows coding standards, which ultimately meant the weaning of developers off traditional Windows tools.

While Silverlight, Microsoft’s rich Internet application plug-in competed with Adobe Flash back in the days, before HTML5 overthrew them both. The support for Silverlight did continue for sometime, as the company made available the F12 HTML tools in Internet Explorer, until generally accepted a fully-featured tool for HTML5 on the platform, the traditional tools remained indispensable.

Albeit, Microsoft still supports Silverlight 5, however it's already slated for discontinuation in October 2021. And Silverlight support has been limited to Internet Explorer 10 and 11.

But, the recent introduction of OpenSilver by .NET software company Userware, will provide an open source re-implementation of the erstwhile Silverlight via the WebAssembly binary format.

How OpenSilver intends to resurrect Silverlight?



OpenSilver serves as a plug-in-free version of Silverlight, using the Mono software platform for WebAssembly and Microsoft Blazor. It fills the gap left by legacy Silverlight, and useful for building new applications or upgrading existing Silverlight apps.

Silverlight can also be recompiled with OpenSilver to run on all browsers supporting WebAssembly, including Chrome, Firefox, Safari, and Microsoft Edge. And it is supported on several operating systems, such as Windows, ChromeOS, iOS and Android platforms.

Though not all Silverlight features are currently supported, developers should therefore expect some compilation errors. But the limitations can be solved through such methods as importing of .NET Standard or JavaScript library.

How to Get started with OpenSilver



If you are a developer and want to build an application using OpenSilver, you can download a free extension for the Visual Studio 2019 IDE, which will install project templates to “New Project” dialog.

And developers using Visual Studio should simply select the Silverlight Universal Windows Platform (UWP) dialects.

Also, the extension can be used to recompile applications, and the current preview covers about 60 per cent of the Silverlight API, with almost all the commonly used features supported. Additional features expected include Open RIA Services and Telerik UI for Silverlight.

OpenSilver Project revives erstwhile Microsoft’s Silverlight via WebAssembly



Microsoft's secret wars against the bad actors continues, as the company announced a successful takedown of Necurs Botnet, which is perhaps the largest malware network, with over nine million computers infected worldwide.

The takedown follows after Microsoft and some industry partners decoded Necur's domain generation algorithm (DGA), which is responsible for generating their random domain names. It has helped the infamous botnet network to remain anonymous and resilient for quite a long time.

DGA is a technique to randomly generate domain names at regular intervals, which malware authors employ to continuously switch the location of command-and-control (C&C) servers and maintain uninterrupted digital communication with compromised systems.

What is A Botnet?



A network of computers that's infected with malicious software (malware) by a cybercriminal is known as botnet. The cybercriminals can control these computers remotely once infected and use them to carry out crimes undetected.

The Necurs botnet is among the largest networks in the malware threat ecosystem, with infected systems in nearly every country in the world; which according to research, Necurs-infected computer averages a total of 3.8 million spam mails to more than 40.6 million potential targets.

And it is believed to be operated by cybercriminals based in Russia, and has carried out a wide range of crimes including the fake pharmaceutical spam email, pump-and-dump stock scams, and “Russian dating” scams. Also, it has been used to attack several other computers on the internet, to steal people’s personal information and credentials of online accounts.

How Microsoft was able to disrupt the Botnet?



The disruption was made possible through an order by the U.S. District Court for the Eastern District of New York issued to take control of US-based infrastructure used by Necurs to distribute malware. This legal action and a collaborative effort by Microsoft with some public-private partnerships around the world, led to the prevention of the cybercriminals from registering new domains to execute further attacks.

Microsoft had reported the domains to their respective registrars to block and prevent them from becoming part of the Necurs infrastructure. And the taking control of the existing websites and inhibiting their ability to register new ones, will significantly disrupt the botnet.

Interestingly, the cybercriminals behind Necurs also sell or rent access for the infected computer to other criminals as part of botnet-for-hire service. And also distribute ransomware (financially targeted malware), cryptomining, and even possessing a DDoS (distributed denial of service) capability that's yet to be activated, but could at any moment.

How Microsoft coordinated A Takedown of the infamous Necurs Botnet?



Everyone knows how closely guarded the Apple garden is, and that sharing files between a Mac and Android device does not come easy.

While the transfer of files between Mac and iPhone work seamlessly, the same cannot be said of Android devices, so resorting to Android File Transfer App for Mac is mandatory.

If you're caught in-between the hassles of transferring data from your beloved Mac to Android device, we've got the steps that will make your task hassle-free.

MacDroid is a nifty Android File Transfer App that makes the task of transferring files between Mac and Android seamless and hassle-free. It justifies its name, Mac-Droid, as it serves as a bridge between your Mac and Android device, by providing a seamless connection.

Some Unique Features of MacDroid


  • USB Support
  • Support for all Android and MTP devices
  • Access to Both internal and external storage of Android
  • Ability to Edit Android files on Mac
  • Ability to Work with entire folders

Additionally, MacDroid offers connection on two modes, namely Multi-Operation Mode and Single-Operation Mode. The former, means multiple mode, which guarantees a faster file transfer and management. And the Single-Operation Mode offers an easy and comprehensive way to connect your Android, including other supported MTP devices.

MacDroid comes in two versions, namely the free and Pro version, with the free version offering almost all of the mentioned features but allows only a one-way traffic from Android to Mac.

The free version does not support transfer of files from Mac to Android. Also, it doesn't have provision for automatic updates and customer support.

Pricing for the Pro Version



The PRO version attracts a subscription fee of $19.99 per year. And you'll get a 7-day free trial to test out the features exclusively.

Steps to Transfer Files From Mac to Android using MacDroid



First, you’ll need to download MacDroid onto your Mac System, then you are all set to transfer your photos, music, videos, and other files between your Mac computer and Android device via USB.



Step 1. Connect your Android device to Mac via USB: After you have downloaded and installed MacDroid, open the app and go to “Devices” in the main menu and connect your Android device to Mac via USB.



Step 2. Grant Mac access to your Android device: You'll need to choose from either ADB (recommended) or MTP connection mode and follow the steps to allow Mac access to your Android data.



Step 3. Connect Your devices: Once your device is connected, you can now find it in "Finder" and easily transfer your data between Android device and Mac.



Our Verdict!



MacDroid is a powerful and compact Android file transfer application that works seamlessly across Mac OS X Yosemite and later versions. It provides the back-up power you need for a glitch-free file transfer between your Mac computer and Android device.

We recommend the PRO version if you are an enterprise user with lots of files to work on, as it offers a superior and much better experience. If perhaps, anything can be said to have revolutionized seamless connection between Mac and Android, it's definitely MacDroid!

MacDroid Review: Easily Transfer files between Your Mac and Android Device



The team behind the renown Zorin OS has released a new version, Zorin OS 15.2, with the latest release bringing improvements in the software to make it faster and more secure.

While Zorin OS is perhaps among the best Linux based distros, which since the release of Zorin OS 15 series, has recorded over 900,000 downloads, a huge leap from the 550,000 record at first release point.

Zorin OS 15.1, the previous release was mainly focused on improving the desktop experience, with such features as new Sans Forgetica font and auto theme.

What’s new in Zorin OS 15.2 Release?



The latest release, Zorin OS 15.2 is based on Ubuntu 18.04.4 LTS and Linux kernel 5.3 and claims to be the most secure version so far. It also features new hardware support for Intel, IBM, and AMD graphic chipsets.

As Ubuntu 18.04.4 comes with the latest hardware enablement stack, Zorin OS 15.2 will be able to support Intel 10th generation processors, AMD Navi GPUs, newer MacBooks, and MacBook Pro keyboards and touchpads.

The pre-installed packages will be updated to its newer versions such as LibreOffice and the GNU Image Manipulation Program.

How to Upgrade to Zorin OS 15.2?



For existing users of Zorin OS 15, they can update their system direct from the software updater. And if you haven't already downloaded Zorin OS, you will need to get it from the official Download page to proceed.

And boot your computer from the USB Install Drive. Ensure that the written USB Install Drive is plugged into your computer. Then switch the Windows PC on and immediately upon startup, press the indicated key repeatedly to open the Boot Menu. If you are not sure which key to press, it's usually either Esc, F12 or another function key. From the Boot Menu, select the option with "USB" in its title to boot from the Install Drive.

If on a Mac, upon startup, press and hold the Option key. Then select the USB Install Drive as the boot drive. Note that the Install Drive might be incorrectly identified as "Windows", which is normal.

Now, you should see the Zorin OS welcome menu. Use the ↑ ↓ keys to select "Check installation medium for defects" and press Enter to verify that the USB Install Drive is ready to use. After running the check, select the "Try or Install Zorin OS" option from the Zorin OS welcome menu. That's it!

What are the new features in Zorin OS 15.2 Linux Distro Release?



Google has removed all AnTuTu Benchmark apps from the Play Store, including AnTuTu Benchmark, AnTuTu 3D Bench, and the latter version for the evaluation of AI performance.

While the reason for removal is probably the policy violations tied to Cheetah Mobile, which happens to be a shareholder in AnTuTu Benchmark. According to Amelie Liu, the Global Marketing Manager of Antutu, Cheetah Mobile only invested in the company around 2014, whereas Antutu was founded in 2011, even before Cheetah Mobile.

Google took down the AnTuTu benchmark apps from the Play Store as part of its effort to kick out apps related to Cheetah Mobile that violates its policies.

How AnTuTu got into Google's trouble?



The Chinese company, Cheetah Mobile has a reputation for bad practices, as regards privacy and security of users on its apps. And recently, Google took action by removing all the Cheetah Mobile apps from the Play Store.

Google believes that the popular benchmarking apps are also the property of Cheetah Mobile, due to the fact that AnTuTu used the legal services from Cheetah Mobile, with their privacy policy linking to the address of cmcm.com, the Cheetah Mobile official website.

Albeit, Antutu’s ‘non-HTTPS’ website never mentioned Cheetah Mobile anywhere, but the Wikipedia page has Cheetah Mobile as the developer. And also, the CM page of Cheetah Mobile lists Antutu as one of its apps. Now that Antutu Benchmark apps have all been removed from Google Play Store, how do you download and install them on your Android device?

How to Download AnTuTu Benchmark APK for Android



The AnTutu Benchmark tools help users to find out the potential of their Android device, with the test factors including the device’s multitasking power, graphics performance, and CPU - using all to assign an overall score.

Now, the official Antutu website offers the APK file in place of the Google Play Store download button. And you can also find it on popular APK download websites, such as APKPure.com, APKMirror.com and AppsAPK.com, among others.

AnTutu, however released a statement that it is a misunderstanding on Google’s end, and hope that Google can examine the company's account carefully to resolve this misunderstanding as soon as possible.

AnTuTu Missing on Play Store? Download AnTuTu Benchmark APK for Android



Microsoft has discontinued support for .NET Core 3.0, which first made debut a year and half ago, with the open source development platform reaching its end of life on March 3, 2020.

The company recommends that users should move their applications and environments over to .NET Core 3.1. Upgrade, which instructions have been made available on the Microsoft Dev Blog with .NET Core 3.1 as a long-term supported (LTS) release.

While the open source .NET Core is highly optimized for building web applications for Windows, Linux, and MacOS.

What are the two .NET Core release types?


Microsoft published its support policy for .NET Core, which includes policies for two release types: LTS and Current. LTS releases are made up of features and components that are stable, requiring only few updates over a longer support release lifetime.

As such, the LTS releases are better choice for the hosting of applications that you don't intend to update often, with support for at least 3 years.

The Current releases, on the other hand, include features and components that may still undergo future change based on customers feedback. They are good for applications in active development, allowing you access to the latest features and improvements. But you'll need to upgrade to later .NET Core releases to remain within the support cycle.

Upgrading to .NET Core 3.1


Firstly, you'll need to move .NET Core 3.0 applications and environments to .NET Core 3.1. Then, it’ll offer an easy upgrade in most cases.

  • Start by opening the project file (*.csproj, *.vbproj, or *.fsproj file).
  • And change the target framework value from netcoreapp3.0 to netcoreapp3.1, which framework is defined by the or element.

It is pertinent to note that both LTS and Current releases will continue to receive critical security fixes throughout their respective lifecycle.

Microsoft .NET Core Updates no longer include Patches for version 3.0



The hugely popular Akinator game can be addictive, and if you must play it in the office or school, you'll need to have it unblocked. As most institutions often block this amazing game which makes it difficult for students or employees to access, denying them some fun moments playing it within their busy schedule.

While the Akinator games are also available for Android and iOS, it is mostly an online game that can be played direct on the browser via a PC, or even video game consoles and the demand is increasing by the day, with modern game enhancements through AR and VR.

In this post, we'll guide you on how to access the game and also what the Akinator game is it all about. So, let's start with what Akinator game brings to the table.

What is the Akinator Game all about?



Akinator is an AI game modeled on the concept of a genie by the same moniker, which game requires you to think of a fictional or real-world character and have the genie ask you series of questions to guess the exact character that you have in mind.

Take for instance, you think of a blockbuster movie actor, like Samuel L. Jackson. Then, Akinator will ask you such questions as which country is your character from, with suggestions like US, Canada and Asia and some other related questions, based on which it will be able to guess the correct answer.

It will keep on asking questions until it reaches to a right conclusion to provide the correct answer. However, it may guess wrong, and you'll continue to play the game for 3 more times until it accepts defeat. Then, you'll be allowed to disclose what exactly was the character that you have in mind. Now, you've got the idea?

How to Access the game when blocked at School & Workplace



Most offices and schools use content filtering software to restrict access to content passing through the network. Not just games but also certain sites like social networks, video streaming services and so forth.

And by simply adding a website address to the host file, or they can add the new URL in router settings to block them. But URL block using the host file is the more popular method. So, you can follow the below instructions to solve the blockade issue.

First, open host file located at C:\Windows\System32\drivers\etc\ as follows:



Then check for Akinator website address listed there. If the URL is listed, simply remove it and save the file.

Alternatively, you can unblock any website by using VPN, but it may not work in this situation because you'll not have the permissions to install software on the school or office systems. So the only option is to use web proxies. But sadly, some proxy sites don't work with Akinator; you have to search for a proxy that currently works for the Akinator game.

Akinator Game — How to Unblock the Game at School and Workplace



The fourth ALPHA release for PinePhone, which is an open-source Linux smartphone, has been announced by Manjaro ARM project, as well as the upcoming ‘PineTab’ tablet.

Manjaro ARM project team made significant progress with a new development build for their Arch Linux-based distro, which serves for both the PinePhone and PineTab devices. While Pine64 has already started shipping the pre-order units of PinePhone Braveheart Edition as at Jan 17, 2020.

Albeit, the PinePhone is compatible with several other Linux based operating systems like Ubuntu Touch, Sailfish OS and postmarketOS, which it can boot right from internal storage or using an SD card.

PinePhone Support for Manjaro Linux



According to the developers, the latest alpha build includes a brand-new Mobile interface, Manjaro ARM wallpaper, and a couple of new applications; also there is a new layout using extlinux.conf partition as a configuration file.

The latest build also introduces support for saving of contacts right in the Phonebook app, and allows for screen lock from the power button, a fix for brightness control, and changes to the default user password. But the best addition is that Manjaro ARM for PinePhone now supports direct phone calls.

And the new Manjaro ARM alpha images which are based on unstable branch of Manjaro Linux and runs the latest Linux 5.5 kernel from PINE64. So if you're a PinePhone user, you would definitely need to try the latest Manjaro ARM build.

How to install Manjaro ARM Alpha4 for PinePhone and PineTab



First, you need to download the image/xz file from the download location. And verify that the download has been completed successfully.

Kindly note the default login details as follows:

The premade users are:
User: manjaro
Password: 1234

User: root
password: root

Then, install Etcher (sudo pacman -S etcher if on Manjaro) and burn it to an SD card (of up to 8 GB or larger). The PinePhone or PineTab should be able to recognize the SD card as a bootable device and boot directly from it.

Manjaro Linux fourth ALPHA release for the Open Source smartphone, PinePhone



Do you crave for a dedicated web portal to find a wide range of high quality teas from China? Search no further, as Chinesetea4u.com, a premium online tea shop, is positioned to provide high quality services to customers around the world with regards to buying the best Chinese tea blends.

The online shop pride itself as the go-to destination for the choice blends of renown Chinese teas, where you'll find that premium tea you have always wanted.

And the best part, they can deliver anywhere in the world, simply place your order on Chinesetea4u.com and the ever friendly customer service will attend to your orders without delays.

A Brief History of Chinese Tea



China is without doubts the birth-place of tea. The history dates back to almost 5,000 years ago, which according to ancient China legend, Emperor Shen Nung discovered tea from a wild tree he blew into his pot of boiling water.



Interestingly, the pleasant scent of the resulting brew delighted him so much, that he decided to drink some. And legend has it that the Emperor experienced a warm feeling from the rather intriguing brew, as if it was investigating every part of his body.

Then, the brew was named "ch'a" by Shen Nung, which name is the Chinese character meaning to investigate. Around 200 B.C. an Emperor from Han Dynasty referenced tea with a special written character illustrating wooden branches, grass, and a man in-between the two.

This written character, ironically was also pronounced as "ch'a" symbolizing the way tea brought mankind into balance with nature.

What Chinesetea4u.com brings to the Table?



Now, all those history and balance with nature, which is infused with the Chinese culture is what Chinesetea4u.com wants to bring to the entire world to experience.

The tea blends include, herbal tea, green tea, white tea and black tea, among other traditional Chinese teas. As Chinese tea has had a long, extensive and profound history. The tea culture has also swept the world for many years.

But the uniqueness of Chinese tea is in the taste, with fresh blends of the choicest tea leaves that still retains the aroma and sweet smell, helps to regulate the healthy development of the body functions.

In fact, so many people all over the world can't do without Chinese tea. It's an indispensable part of their daily lives. Moreover, high-quality tea comes as a decent gift of first choice.

Chinesetea4u.com - Buy Premium Chinese Tea Online at Cheap & Affordable Price



The Point-to-Point Protocol Daemon (pppd) software comes installed on almost all Linux operating systems, and also powers the firmware of many networking devices.

While the pppd software enables data transfer between the nodes, which are primarily used to establish internet links, such as those used with dial-up modems, Virtual Private Networks (VPNs) and DSL broadband connections. But, security researcher Ilja Van Sprundel, reported a critical issue of stack buffer overflow vulnerability that exists in the Extensible Authentication Protocol (EAP) packet parser of the pppd software.

The vulnerability is marked as CVE-2020-8597 with the Common Vulnerability Scoring System (CVSS) 9.8 score; it is exploited by unauthenticated attackers to execute arbitrary code remotely on affected systems, and taking full control over them.

The Scope of the PPPD Vulnerability



As the pppd software is also adopted into lightweight IP (lwIP) project to provide pppd capabilities to small devices, the default packages of lwIP are not vulnerable to the flaw in buffer overflow. But if you use the lwIP source code, configured specifically to enable EAP at compile time, your software may likely be vulnerable to the buffer overflow.

And sending an unsolicited EAP packet to a vulnerable ppp client or server, could cause memory corruption in the pppd process, which could allow for arbitrary code execution.

Since pppd works in conjunction with kernel drivers with high privileges, the flaw could allow unauthenticated attackers to potentially execute malicious code with root-level privileges.

How to secure your Linux System



According to the security researcher, all the Point-to-Point Protocol Daemon versions 2.4.2 to 2.4.8 released in the last 17 years are vulnerable to the new remote code execution vulnerability.

It is recommended that you update your software with the latest available patches provided by the software vendor.

While assuming that pppd is not vulnerable if EAP is not enabled or has not been negotiated by a remote peer using a passphrase is incorrect. Due to the fact that an unauthenticated attacker may still be able to send unsolicited EAP packet to trigger the buffer overflow.

Linux Systems susceptible to Remote Attacks via A Critical PPPD Flaw



Tracker Radar is DuckDuckGo's best-in-class dataset about web trackers, which list is automatically generated and maintained with continuous crawling and analysis.

While DuckDuckGo is notable for its staunch stance on privacy, with the search engine emphasizing more on protecting web searchers' privacy by avoiding the filter bubble of personalized web search results. It distinguishes itself from other search engines like Google, as it does not profile its users and shows same results to all for a given search query.

Now, the company has made public its privacy tool comprising data set of web trackers from about 5,326 internet domains employed by 1,727 advertising companies.

How the Open Source Tracker Radar can be Useful



The Internet is rife with web trackers which follow users all over the Web, which tracking is against their privacy, and more often serves for ads targeting. These creepy ads powered by hidden trackers, are lurking behind most websites.

DuckDuckGo Tracker Radar exposes the existing lists of web trackers, as previously crowd-sourced lists are often untested, stale, and could break most websites. The new tool will enable developers to build seamless tracker protection into their mobile apps and also for desktop browser extensions for browsers like Chrome, Firefox and Safari.

The company has successfully employed it for seamless search and browsing privately across all of devices, with tracker blocking, private search, and upgraded website encryption available in one package.

What the open sourcing of Tracker Radar means for Marketers?



These Web trackers are responsible for showing targeted ads on a website; and the trackers also build digital profiles for every web user by analyzing their actions, and the information is sold to third-party advertising companies.

So if all web projects are built from the ground up to block all these web trackers, with Tracker Radar providing a reliable list of all the trackers, it will negatively impact on ads conversion.

As the impediment to adding tracker protection is that existing lists of trackers are often manually curated, which means they are not comprehensive. Or even worse, the lists may break websites, which hinders the mainstream adoption.

The search giant aims for every privacy-focused company to benefit from its knowledge on online data trackers collected over the years.

DuckDuckGo Open Sources its dataset for Analysis and Building of Tracker blacklist



Apple lovers are known for their particular taste for slick gadgets, hype technology, and great quality. Whatever your feelings may be regarding the bitten apple brand, we are sure that your better half, family member, or a close friend surely fits the aforementioned category.

If that's the case, you'll find a tremendous amount of Apple-related gadgets and other ideas that will surely please all types of fans. This is the best gift ideas for Apple lovers compiled by Tims Fox, co-founder of SMK Blog.

1. Apple Magic Keyboard




Looking at its minimalist design, you immediately realize you're looking at something special.

Apple fans will immediately fall for this incredible peripheral as a way to easily engage with their devices. Connect it to your iMac or your Apple TV and enjoy the beauty and flow of its wireless functionalities.

We are particularly impressed by the almost lack of any edges. The Magic Keyboard is lightweight makes it perfect for travel, along with a comfortable usage experience is sure to make the kind of gift that not only Apple fan will treasure but also gamers. Learn more at SMK blog.

2. Apple AirPods




The Apple AirPods are headphones reinvented and will redefine how music and calls are delivered unlike anything else before.

Again, Apple is known for breaking the mold and reinventing concepts, and the Apple AirPods easily fit that category with its minimalist look and wireless ability.

For those that are lucky enough to get these as a gift, they will be able to connect it to most Apple devices effortlessly and even call up Siri to taunt her about any issues.

3. Apple TV




The TV experience, reinvented by Apple. Apple TV is a powerful media center that will deliver endless hours of entertainment, exclusive contents and flawless image and sound quality.

Its setup is extremely simple, and it will add or improve on smart TV functionalities whatever system it encounters. Certainly, one of the best presents we can recommend for any Apple lover, Apple TV and its slick design always look great in any division.

In an age where streaming makes for most of our entertainment, you can combine your new device and other streaming platforms with Apple's very own streaming service.

4. Apple Watch




Watches don't come as great-looking and filled with functionalities as the Apple Watch.

Already packing GPS and an always-on Retina display, it not only impresses others, but it is also a great gadget to own that will deliver accurate data on sports activities.

The Apple Watch was one of the first smartwatches to become a game-changer in the market and is now regarded as an iconic must-have gadget.

Needless to say that this incredibly-looking watch will leave no one indifferent.

5. Apple iPod Touch




The original iPod changed the portable music panorama by delivering incredible style and extreme quality.

To this day, it's still regarded as one of the most sought-after vintage gadgets with values going through the roof for one in great condition.

The new iPod Touch may have people considering they're holding an iPhone and, truth be told, they're not very far. The new iPod delivers the same build quality as the legendary phone and is aimed to please music lovers that want a few tech features such as a camera and the ability to go online.

Apple lovers should be easy enough to please with any of our suggestions. The main reason for that is that Apple manufactures some of the most exciting and best-looking technological articles in the world. Their design sets the tone for other manufacturers, with each of their breakthroughs being copied over and over again through the years.

For users, it is not only about owning some of the best-looking gadgets but also ones that deliver true quality and ease of use.

5 Coolest Gifts That Apple Lovers Will Want To Use On The Reg