Hello,
Welcome to a Technology News Quickfire Recap for August 2016.
Get a full recap for the month of August with our monthly Technology News Edition. (Coming Soon)
Apple
Apple is hosting a Special Event on September 7th at 10am PDT or really the 8th at 3am AEST.
Check out our post for the Event
It’s expected that Apple will unveil its new iPhones and updated Apple Watches. Invitations to the event were already sent out, with Apple simply saying “See you on the 7th.”
This should be the fifth year straight that Apple has held an early September Event with the iPhone as its centre piece.
The new phone is believed to be extremely similar to last year’s model, with one suspected controversy… the removal of its headphone jack.
On the plus side, it is reported that a single model or even a second version may have a dual camera system for taking better photos. Apple may also quit the 16GB entry model and keep it to a 32GB model.
Only time will tell as rumors are always rumors.
Apple need to bring some “WOW!” factor since slowing down in sales this last quarter. Let’s see if they can.
Apple vs Microsoft
Yes, the battle continues between the two companies, attempting to outplay each other.
Apple used to go on the offensive with Microsoft going defence or ignoring.
This time though, Apple want to take little jabs but Microsoft wont have none of it.
As you may of seen on the tele, Apple released an ad asking “What is a Computer?”.
Indeed, you could call it a computer, but it was aimed at how much better of a computer it is compared to the Surface Pro 4.
Well, Microsoft thought this ad was a little silly. So they wanted Cortana to ask Siri about it during a “Celebration” Siri was having about this “Computer” change.
Well yes, Apple deserved this. The iPad Pro is just an attempt to be EXACTLY like a Surface, only the issue is, it really isn’t. To be fair, the Pencil and some of its features are interesting, mainly the angle you can draw in comparison, but computers are still investments that not everyone can just go and grab one of each. So if you want great value and performance in their style of computing, then the iPad would not be rank 1 on our list.
However, it can be also said for the Macbook and Surface. Microsoft not only responded to the Apple ad, but also went UFC style on them by hitting them while they are down.
In the end, you gotta be happy with your purchase and make informed decisions. But we must agree, Surface Pro 4 or even a Surface Book is a good choice over iPad and Macbook, and this is only because Microsoft hit pretty much every mark required to proclaim them as excellent products.
Google has dismissed a security researcher’s report that the online giant’s services login page is vulnerable and can be exploited for phishing attacks and malware.
Junior IT security analyst Aidan Woods at British retailer Sainsbury’s decided to go public with details on the vulnerability after Google’s security team brushed off his report and said it didn’t consider it a “security bug”.
Woods reported the issue multiple times to Google.
I couldn’t quite believe that Google had both understood this issue, and simply shrugged it off.
Woods wrote.
So I opened several reports to make sure understanding, or communicating the issue wasn’t the error here. In total, three reports were opened with Google; three reports were closed.
After some email correspondence with Google’s security team, Woods was told his report would be ignored.
This report will unfortunately not be accepted for our VRP [vulnerability reporting program]. Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users’ data are in scope, and we feel the issue you mentioned does not meet that bar.
Bummer, we know. Nevertheless, we’re looking forward to your next report! To maximise the chances of it being accepted, check out Bughunter University and learn some secrets of Google VRP.
Woods voiced his concern where he could, even making a Twitter post:
Not ideal to post about unresolved security issues, but Google’s current stance is “non-vuln”, so they won’t fix 🙁https://t.co/LEMW9UcnH4
— Aidan Woods (@aidantwoods) August 27, 2016
The vulnerability stems from a GET “continue” parameter at the login page.
While the parameter ensures that it must point to a google.com subdomain, Woods said the login page application doesn’t check which type of Google service has been specified.
This means open redirects to arbitrary domains are possible, which could be used for phishing attacks to steal user credentials.
Furthermore, Woods noted that attackers can plant malicious files on Google Drive with public sharing enabled and point to them through the URL for the login page.
Woods demonstrated this with a video:
Woods suggested users always check the URL for login pages before entering credentials to avoid falling prey to the vulnerability.
Users should also avoid clicking on links that don’t come directly from Google, and avoid running files that look like they have been sent at sign-in.
Safe surfing everyone.
