Tail OS, an operating system optimized for privacy and anonymity, has released version 4.5 this week, the first version that supports a crucial security feature named UEFI Secure Boot. From a report: Secure Boot works by using cryptographic signatures to verify that firmware files loaded during a computer's boot-up process are authentic and have not been tampered. If any of the firmware checks fail, Secure Boot has the authority to stop the boot process, preventing the operating system from launching. The feature has been available as part of the UEFI specification for almost two decades but is rarely used. The reason is because not all firmware vendors cryptographically sign their files, leaving the door open to verification errors that -- when Secure Boot is enabled -- block many operation systems from launching.

Deep learning algorithms can diagnose, triage, and monitor coronavirus cases from lung images. Next, can they predict who will need a ventilator? From a report: AI-powered analysis of chest scans has the potential to alleviate the growing burden on radiologists, who must review and prioritize a rising number of patient chest scans each day, experts say. And in the future, the technology might help predict which patients are most likely to need a ventilator or medication, and which can be sent home. "That's the brass ring," says Matthew Lungren, a pediatric radiologist at Stanford University Medical Center and co-director of the Stanford Center for Artificial Intelligence in Medicine and Imaging. "That would be the killer app for this." Some companies are selling their tools, others have released free online versions, and various groups are organizing large crowdsourced repositories of medical images to generate new algorithms. "The system we designed can process huge amounts of CT scans per day," says Hayit Greenspan, a professor at Tel-Aviv University and chief scientist of RADLogics, a healthcare software company that recently announced one such AI-based system. "The capability for quickly covering a huge population is there."

An anonymous reader quotes a report from Wired: Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target's webcam and microphone on iOS and macOS devices. Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.

The bugs Pickren found all stem from seemingly minor oversights. For example, he discovered that Safari's list of the permissions a user has granted to websites treated all sorts of URL variations as being part of the same site, like https://www.example.com, http://example.com and fake://example.com. By "wiggling around," as Pickren puts it, he was able to generate specially crafted URLs that could work with scripts embedded in a malicious site to launch the bait-and-switch that would trick Safari. A hacker who tricked a victim into clicking their malicious link would be able to quietly launch the target's webcam and microphone to capture video, take photos, or record audio. And the attack would work on iPhones, iPads, and Macs alike. None of the flaws are in Apple's microphone and webcam protections themselves, or even in Safari's defenses that keep malicious sites from accessing the sensors. Instead, the attack surmounts all of these barriers just by generating a convincing disguise.

The U.S. Federal Aviation Administration has ordered Boeing 787 operators to switch their aircraft off and on every 51 days to prevent what it called "several potentially catastrophic failure scenarios" -- including the crashing of onboard network switches. The Register reports: The airworthiness directive, due to be enforced from later this month, orders airlines to power-cycle their B787s before the aircraft reaches the specified days of continuous power-on operation. The power cycling is needed to prevent stale data from populating the aircraft's systems, a problem that has occurred on different 787 systems in the past. According to the directive itself, if the aircraft is powered on for more than 51 days this can lead to "display of misleading data" to the pilots, with that data including airspeed, attitude, altitude and engine operating indications. On top of all that, the stall warning horn and overspeed horn also stop working.

This alarming-sounding situation comes about because, for reasons the directive did not go into, the 787's common core system (CCS) -- a Wind River VxWorks realtime OS product, at heart -- stops filtering out stale data from key flight control displays. That stale data-monitoring function going down in turn "could lead to undetected or unannunciated loss of common data network (CDN) message age validation, combined with a CDN switch failure." Solving the problem is simple: power the aircraft down completely before reaching 51 days. It is usual for commercial airliners to spend weeks or more continuously powered on as crews change at airports, or ground power is plugged in overnight while cleaners and maintainers do their thing.

Dan Goodin writes via Ars Technica: For almost three years, OpenWRT -- the open source operating system that powers home routers and other types of embedded systems -- has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said. Security researcher Guido Vranken, however, recently found that updates and installation files were delivered over unencrypted HTTPs connections, which are open to attacks that allow adversaries to completely replace legitimate updates with malicious ones. The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.
[...]
The researcher said that OpenWRT maintainers have released a stopgap solution that partially mitigates the risk the bug poses. The mitigation requires new installations to be "set out from a well-formed list that would not sidestep the hash verification. However, this is not an adequate long-term solution because an attacker can simply provide an older package list that was signed by the OpenWRT maintainers." From there, attackers can use the same exploits they would use on devices that haven't received the mitigation. OpenWRT maintainers didn't immediately respond to questions asking why installation and update files are delivered over HTTP and when a longer-term fix might be available. In the meantime, OpenWRT users should install either version 18.06.7 or 19.07.1, both of which were released in February. These updates provide the stopgap mitigation.

An anonymous reader shares a report: Today, we learn some new details about the upcoming Linux Mint 20. While most of the newly revealed information is positive, there is one thing that is sure to upset many Linux Mint users. First things first, Linux Mint 20 will be based on the upcoming Ubuntu 20.04. This shouldn't come as a surprise, as Mint only uses Long Term Support versions of Ubuntu, and 20.04 will be an LTS. We also now know the name of Linux Mint 20. The Mint team always uses female names, and this time they chose "Ulyana." This is apparently a Russian name meaning "youthful." So far, all of the news is positive, so what exactly will upset some users? The Linux Mint developers are finally dropping 32-bit support and will only produce 64-bit ISOs.

An anonymous reader quotes a report from Bleeping Computer: A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses. While connections made after connecting to a VPN on your iOS device are not affected by this bug, all previously established connections will remain outside the VPN's secure tunnel as ProtonVPN disclosed.

The bug is due to Apple's iOS not terminating all existing Internet connections when the user connects to a VPN and having them automatically reconnect to the destination servers after the VPN tunnel is established. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own," ProtonVPN explains. "However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel." During the time the connections are outside of the VPN secure communication channels, this issue can lead to serious consequences. For instance, user data could be exposed to third parties if the connections are not encrypted themselves, and IP address leaks could potentially reveal the users' location or expose them and destination servers to attacks. Until Apple provides a fix, the company recommends using Always-on VPN to mitigate this problem. "However, since this workaround uses device management, it cannot be used to mitigate the vulnerability for third-party VPN apps such as ProtonVPN," the report adds.

An anonymous reader shares a report: Google paused Chrome updates last week when it canceled the Chrome 81 release in order to avoid causing severe disruptions to web developers, system administrators, and its own engineers, most working from home or having resources strained due to ever-worsening coronavirus (COVID-19) outbreak. In a blog post on the Chrome blog today, Google said it is now ready to resume work on Chrome. The company said that starting next week, the current Chrome 80 release will start receiving security updates once again. Chrome v81, initially scheduled to be released on March 17, was rescheduled for April 7, at which time, web developers and system administrators would have had the time to adapt to their new working conditions.

In response to high demand as a result of the COVID-19 coronavirus pandemic, Microsoft has started taking action to preserve overall performance by throttling some services. ZDNet reports: On March 16, Microsoft posted to Microsoft 365/Office 365 admin dashboardds a warning about "temporary feature adjustments" that it might take. That warning told customers that Microsoft was "making temporary adjustments to select non-essential capabilities." Officials said they did not expect these changes to have significan impact on users' experiences. Among the examples of the types of changes Microsoft might take would be things like how often its services check for presence; intervals in which other parties typing are displayed; and video resolution. Today, March 24, Microsoft started cautioning Microsoft 365/Office 365 commercial users of some other "temporary changes" they should expect. The list:

OneNote:
- OneNote in Teams will be read-only for commercial tenants, excluding EDU. Users can go to OneNote for the web for editing.
- Download size and sync frequency of file attachments has been changed.
- You can find details on these and other OneNote related updates at http://aka.ms/notesupdates.

SharePoint:
- We are rescheduling specific backend operations to regional evening and weekend business hours. Impacted capabilities include migration, DLP and delays in file management after uploading a new file, video or image.
- Reduced video resolution for playback videos

Stream:
- People timeline has been disabled for newly uploaded videos. Pre-existing videos will not be impacted.

Apple today officially released versions 13.4 of iOS, iPadOS, and tvOS to the public, alongside macOS 10.15.4 and watchOS 6.2. While many of their improvements are minor, there are a few standout features across the updates. From a report: One of the most noteworthy additions is a dramatic expansion of iPadOS 13's prior trackpad and mouse support, which was limited solely to an Accessibility option before evolving to full system-wide support across all iPad models capable of running iPadOS 13.4. Now, keyboard-trackpad hybrids (such as the upcoming Magic Keyboard for iPad), standalone trackpads, and standalone mice can create a cursor that highlights and selects on-screen text and objects, paving the way for more Mac-like apps on Apple's tablets. Another major improvement is cross-platform support for a new universal app purchase option, enabling a single app developed using Apple's shared Catalyst framework to be purchased and run across Macs, iPhones, iPads, and Apple TVs. This feature went live for developers yesterday, and it uses the iOS App Store as the base for universal apps. Standalone Mac App Store app listings will likely need to be abandoned for the transition to universal apps.

China's homegrown operating systems haven't made much of a dent on the global stage. Now there's a Linux-based system that's aimed at weaning the country off Windows. From a report: UOS, or Unified Operating System, hit a new milestone after its first stable release in January: Union Tech's OS can now boot in 30 seconds on China-made chips. It's an important step as Chinese tech companies look to reduce their dependence on US-made software and hardware. The struggles of ZTE and Huawei illustrate this clearly: The former was reliant on chips made in the US to produce smartphones, while the latter has the difficult task of selling Android handsets outside China without Google apps or services. The "current international climate" has made it imperative for China to have its own foundational software to avoid being cut off by the US, said the general manager of Union Tech, Liu Wenhan. While Chinese operating systems currently account for less than 1% of the market, Liu said he expects them to grow to 20% to 30% in the future. Integrating homegrown Chinese chips could be the biggest accomplishment of UOS if it pans out. Although Chinese computer chips still don't approach the sophistication of those created by US-based companies, Union Tech said that it is actively working with Chinese chipmakers like Loongson and Sunway to facilitate the gradual replacement of American technology in the Chinese government and pillar industries. In December, Beijing ordered all government offices and public institutions to remove foreign computer equipment and software within three years.

Microsoft has announced that it is pausing the rollout of Edge v81, citing the ongoing "global circumstances" surrounding the coronavirus outbreak. From a report: New Edge releases (or any other kind of software updates) usually entail security reviews and compatibility testing to ensure operating systems and internal web applications don't break. Due to the COVID-19 coronavirus outbreak, most system administrators are most likely busy handling the security of employees working from home and taking care of their families in these tough times. Microsoft said it does not want to put an extra strain on system administrators and other IT staff personnel by releasing a new Edge version at this particular time. Redmond's decision comes days after Google announced a similar measure for Chrome v81, postponing the v81 release indefinitely.

In celebration of Windows 10 hitting 1 billion users, Microsoft's chief product officer Panos Panay teased Windows 10's next UI refresh. Gizmodo reports: In the video posted to Instagram, Microsoft starts by showing the evolution of its OS throughout the years going as far back as Windows 1.01 all the way to Windows 10. However, where things start to get interesting is around 12 seconds in when Microsoft shows off a new set of updated icons followed by a redesigned look for Windows 10's Start Menu and Live Tiles. Instead of a bunch of brightly color rectangles, Microsoft is implementing a more unified color scheme that can adjust automatically to match your desktop background and potentially other UI elements.

Additionally, Microsoft also showed off a wide variety of accessibility options including a range of pointers in various sizes and colors, what looks like improved support for the Xbox Adaptive Controller, a tease for a new built-in snipping tool, and more. Then Microsoft capped everything off by showing light and dark themes for Windows 10 along with a bunch of windows resizing and snapping options, all designed to making multi-tasking just a bit faster and easier. Microsoft also made a point to mention support for both x86-based systems powered by chips from Intel and AMD and ARM-based systems like the Surface Pro X.

Google said today it is pausing upcoming Chrome and Chrome OS releases due to the ongoing coronavirus (COVID-19) outbreak. From a report: The company cited "adjusted work schedules" as the primary reason for the delay, as most of its engineers are now working from home. The company published an official statement today after ZDNet reached out for comment last night, when Google failed to release Chrome v81. YouTube videos, tweets, and blog posts announcing the new Chrome release were posted online yesterday -- most likely scheduled days or weeks in advance. However, the actual Chrome v81 release never made it to users' devices, and the same videos, tweets, and blog posts were removed shortly after Google's PR realized their mistake.

Today, we get another diminutive desktop option, but this one is designed for Linux and privacy. From a report: Yes, Purism is finally launching a tiny desktop, and it will come pre-installed with the Debian-based PureOS. Called "Librem Mini," the cute bugger has 4 USB-A ports on the front, along with a 3.5mm audio jack, and the power button. On the rear, there are two more USB-A ports, a single USB-C port, Ethernet, HDMI, DisplayPort, and the power port. "Announcing the Purism Librem Mini. Our small form-factor mini-PC that puts freedom, privacy and security first. We're really excited about the Librem Mini, it's a device our community have wanted and we've wanted to offer for some time. The Librem Mini is accessible, small, light and powerful featuring a new 8th gen quad core i7 processor, up to 64 GB of fast DDR4 memory and 4k 60 fps video playback. It's a desktop for your home or oïfce, a media center for your entertainment, or an expandable home server for your files and applications," says Purism.

ZDNet reports that there'll be some changes in Microsoft's second version of the Windows Subsystem for Linux, WSL2: Microsoft has decided to remove the Linux kernel from the Windows OS image with WSL2. Instead, the company will deliver it to users' machines using Windows Update. Users will be able to manually check for new kernel updates by clicking the "Check for Updates" button or by waiting for Windows to do this automatically. "Our end goal is for this change to be seamless, where your Linux kernel is kept up to date without you needing to think about it. By default this will be handled entirely by Windows, just like regular updates on your machine," said Microsoft Program Manager Craig Loewen in a blog post today outlining the coming change...

When Microsoft first introduced WSL in Windows 10 in 2016 WSL was more of an Linux interface at that point designed in partnership with Canonical. But Microsoft has been busy rearchitecting WSL with WSL 2 so that it actually will provide a Microsoft-written Linux kernel running in a lightweight virtual machine that's based on the subset of Hyper V. Users can put basically any Linux distribution of their choice on that kernel.
Engadget reports that the new version "should load and run faster, with reduced memory consumption to free up your RAM for other tasks." And they also speculate about Microsoft's motivations.

"Now that Microsoft is less dependent on Windows sales and more on services like Azure, it benefits when it treats Linux like a first-class citizen."

According to 9to5Google, Google is working on a native Chrome OS app for printing and scanning documents. From the report: While there are many ways to start printing on Chrome OS, there's no real way to see what you've currently got queued to print, when not using Cloud Print [which is shutting down at the end of the year]. This is particularly frustrating if you've accidentally printed a long document as there's no way to cancel. [...] Late last month, work began on a new "Print Management app," starting with a Chrome OS specific flag in chrome://flags. Print Management is still in the early stages of development but we know that, like many Chrome OS apps, it'll be a web-based System Web App (SWA), which you can launch from the printers section of the main Settings app. Inside, you'll see a list of your recent printing attempts, including useful information like the job's name, what time it started, whether it succeeded, and which printer it was sent to.

And then, of course, on the flip side of working with paper documents is scanning, which is by no means easy to do on Chrome OS. Thankfully, Print Management will also include a UI for scanning documents and photos. The Chromium team is already working on this behind yet another flag.

A vulnerability in version 3.1.1 of the Server Message Block (SMB) -- the service that's used to share files, printers, and other resources on local networks and over the internet -- can allow attacks to execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in an advisory. Ars Technica reports: The flaw, which is tracked as CVE-2020-0796, affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren't available, and Tuesday's advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said, "Beyond the advisory you linked, nothing else to share from Microsoft at this time."

In the meantime, Microsoft said vulnerable servers can be protected by disabling compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server. Users can use the following PowerShell command to turn off compression without needing to reboot the machine: "Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force." That fix won't protect vulnerable client computers or servers if they connect to a malicious SMB service, but in that scenario, the attacks aren't wormable. Microsoft also recommended users block port 445, which is used to send SMB traffic between machines.

"Motherboard built and analyzed a database of over 500 iPhones seized by law enforcement," writes Slashdot reader em1ly. "It's a deep dive into the ongoing "Going Dark" conversation." Here's an excerpt from the report: Most of all, the records compiled by Motherboard show that the capability to unlock iPhones is a fluid issue, with an ebb and flow of law enforcement sometimes being able to access devices and others not. The data solidifies that some law enforcement officials do have trouble accessing data stored on iPhones. But ultimately, our findings lead experts to circle back to the fundamental policy question: should law enforcement have guaranteed access to iPhones, with the trade-offs in iPhone security that come with that?

Out of 516 analyzed cases, 295 were marked as executed. Officials from the FBI, DEA, DHS, Homeland Security and Investigations, the Bureau of Alcohol, Tobacco, Firearms and Explosives were able to extract data from iPhones in investigations ranging from arson, to child exploitation, to drug trafficking. And investigators executed warrants against modern iPhones, not just older models. In some cases, investigators obtained photos, text messages, call records, browsing data, cookies, and location data from seized iPhones. Some executed search warrants explicitly mention the type of extraction performed, such as so-called "Logical" or "Advanced Logical" extraction. The latter is a term with a meaning that varies between different phone data extraction companies, but generally it relates to creating a device backup as iTunes does normally and obtaining some more data on top of that, Vladimir Katalov, the CEO of iOS forensics firm Elcomsoft, told Motherboard. Katalov said those backups can contain the sorts of pieces of data that investigators obtained, and is available to all models of iPhone.

Amazon has sold millions of Fire TV streaming devices in recent years, but its efforts to expand the Fire TV platform to smart TVs and cable set-top boxes have been slow-going. That's not by accident, according to industry insiders: They say Google has long prevented consumer electronics manufacturers from doing business with Amazon, reports news outlet Protocol. From the report: At the center of Google's efforts to block Amazon's smart TV ambitions is the Android Compatibility Commitment -- a confidential set of policies formerly known as the Anti-Fragmentation Agreement -- that manufacturers of Android devices have to agree to in order to get access to Google's Play Store. Google has been developing Android as an open-source operating system, while at the same time keeping much tighter control of what device manufacturers can do if they want access to the Play Store as well as the company's suite of apps. For Android TV, Google's apps include a highly customized launcher, or home screen, optimized for big-screen environments, as well as a TV version of its Play Store.

Google policies are meant to set a baseline for compatible Android devices and guarantee that apps developed for one Android device also work on another. The company also gives developers some latitude, allowing them to build their own versions of Android based on the operating system's open source code, as long as they follow Google's compatibility requirements. However, the Android Compatibility Commitment blocks manufacturers from building devices based on forked versions of Android, such as Fire TV OS, that are not compatible with the Google-sanctioned version of Android. This even applies across device categories, according to two sources: Manufacturers that have signed on to the Android Compatibility Commitment for their mobile phone business are effectively not allowed to build Fire TV devices.