news.buyenne.com

Enlarge (credit: Apple)

Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates.

Today, Apple has released updates for Safari 9 and OS X El Capitan and Yosemite that collectively patch the three "Trident" bugs in its desktop operating system. It's not clear whether the bugs affect Mavericks or any older versions of OS X, but we've reached out to Apple for comment and will update the article if we receive a response.

We've also asked Apple why so many days elapsed between the release of iOS 9.3.5 and the release of the OS X versions of the same patches. iOS 9.3.5 was accompanied by disclosures from Citizen Lab and Lookout, the groups that discovered the bugs. In theory, patching iOS without also patching the equivalent bugs in OS X could leave Mac users more open to attack.

The original Project Ara concept render. (credit: Motorola)

It sounds like Project Ara, the ambitious modular smartphone concept birthed in Google's ATAP division, is finally dead. A report from Reuters says that Google has "suspended" Project Ara in an effort to "streamline the company's hardware efforts."

Project Ara never seemed like a particularly viable product, and after the announcement in 2013, progress didn't come quickly. The device was delayed past its 2015 commercialization deadline when plans for a Puerto Rican "food truck" pilot launch fell through. Earlier this year, the device was delayed again to 2017 and the Ara team announced that Ara would pivot from fully modular to having a fixed CPU, GPU, antennas, sensors, battery, and display. After that announcement, Ara was watered down so much it barely had a reason to exist.

If you were really hoping for a modular smartphone, not all hope is lost, Reuters says that while "Google will not be releasing the phone itself" licensing the technology to third parties is an option. Will anyone dare to pick up the modular smartphone torch when even Google has failed, though?

Android Police's mockup of the new Pixel Phones, based on inside information. (credit: Android Police)

A fresh report from Android Police claims that October 4th will be a Google extravaganza. The site says we're going to see the launch of Google's upcoming "Sailfish" and "Marlin" phones, along with Google Home, the company's answer to the Amazon Echo; Daydream VR, the company's answer to the Samsung Gear VR; and a Chromecast capable of 4K playback.

News about Sailfish and Marlin have been trickling out for months. We mostly know what they're going to look like (see above) and what specs they're going to have. The one thing we haven't known is what they're going to be called. Nexus phones? Google Phones? We've been referring to them as "Nexus Phones," since they're the followups to the Nexus 5X and 6P, but according to another Android Police report, the devices will actually be branded "Pixel" and "Pixel XL."

Assuming the new phones are branded "Pixel," so far we haven't seen much from them that lives up to the "Pixel" name. To date there have been three "Pixel" products: the Chromebook Pixel 1 and 2, which served as the flagship devices for Chrome OS, and the Android-powered Pixel C.

Enlarge

The official Android app for the NBA's Golden State Warriors continuously listens in on users' private conversations without permission, according to a federal lawsuit that alleges the practice is a violation of privacy statutes.

The 15-page complaint filed in San Francisco federal court said the monitoring was part of beaconing technology integrated into the Golden State Warriors app. The beaconing is used to track users' precise locations so the app can provide content that's tailored to that locale. The app "listens to and records all audio within range" of a user's microphone, and when the app detects a unique audio signal, it is able to determine the user is in close proximity to a specific location associated with the signal. The beaconing technology, the complaint alleged, is provided by a Signal360, a developer of proximity-related products.

The lawsuit names the Golden State Warriors, Signal360, and app developer Yinzcam as defendants. It was filed on behalf of New York state resident Latisha Satchell, and the lawsuit seeks class action status so that other smartphone users who installed apps with similar behavior may also seek damages. It was filed on Monday, and its docket currently shows no hearings are yet scheduled on the matter.

With suggestions that bluish lights disrupt our sleep, software that shifts screen white balance towards the red end of the spectrum in the evening—cutting back that potentially sleep-disrupting light—has gained quite a following. f.lux is the big name here with many people enjoying its gradual color temperature shifts.

"The users desired target color temperature (in Kelvin) for blue light reduction"
"automatically set based on sunrise and sunset"

— Core (@tfwboredom) August 31, 2016

Apple recently built a color shifting feature into iOS, under the name Night Shift, and there are now signs that Microsoft is doing the same in Windows 10. Twitter user tfwboredom has been poking around the latest Windows insider build and found hints that the operating system will soon have a "blue light reduction" mode. Similarly to f.lux, this will automatically reduce the color temperature in the evenings as the sun sets and increase it in the mornings when the sun rises.

Signs are that the feature will have a quick access button in the Action Center when it is eventually enabled.

Enlarge / Go ahead and click it. You know you want to.

Clickers gonna click. Despite mandatory corporate training, general security awareness, and constant harping about the risks of clicking on unverified links in e-mails and other documents, people have been, are now, and forever will click links where exploit kits and malware lurk. It's simply too easy with the slightest amount of targeted work to convince users to click.

Eric Rand and Nik Labele believe they have an answer to this problem—an answer that could potentially derail not just phishing attacks but other manner of malware as well. Instead of relying on the intelligence of users, Rand and Labele have been working on software that takes humans completely out of the loop in phishing defense by giving clicks on previously unseen domains a time out, "greylisting" them for 24 hours by default. The software, a project called Foghorn, does this by intercepting requests made to the Domain Name Service (DNS).

Greylisting has been used in spam filtering for e-mails, where it deliberately delays e-mails delivered from previously unseen sources and sends temporary errors back to the sender for a few minutes or hours. Spam greylisting operates under the assumption that a real mail server will re-attempt delivery, while spambots likely will not.