Mark Wilson writes: You can't help but have noticed that Microsoft has started the rollout of Windows 10 Creators Update. After testing with Windows Insiders, the third big update to Windows 10 is finally making its way to the masses. But while Creators Update brings some pretty major changes to Windows 10, Windows Subsystem for Linux is not automatically updated.
The arrival of Bash/Windows Subsystem for Linux (WSL) in Windows 10 Anniversary Update meant Ubuntu 14.04 support, but you can now manually update to gain Ubuntu 16.04 support in Creators Update. Microsoft says you need to perform one of two manual update methods: the recommended option of "Remove & Replace", or "Upgrade In-Place." Here's how to perform the update.
Mark Wilson writes: The CIA's range of hacking tools revealed as part of WikiLeaks' Vault 7 series of leaks have been used to conduct 40 cyberattacks in 16 countries, says Symantec. The security firm alleges that a group known as Longhorn has been using tools that appear to be the very same ones used by the CIA.
While it would be obvious to jump to the conclusion that the CIA was itself responsible for the attacks — and that Longhorn is just a branch of the CIA — Symantec opts for a rather more conservative evaluation of things: "there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."
In a post on the Symantec Security Response blog, the company provides what it says is the first evidence that the Vault 7 tools have actually been used in cyberattacks or cyberespionage.
Mark Wilson writes: The latest batch of documents published by WikiLeaks as part of its Vault 7 CIA series purportedly reveals the tools used by the agency to create malware for Windows. The Grasshopper framework is revealed in 27 documents, and they show how to create Windows installers with a malware payload.
Importantly, Grasshopper allows for the easy creation of custom malware delivery options, dependant on the operating system and virus protection detected on a target machine. The documents show that the CIA repurposed malware from Russian and Italian organized crime groups.
Mark Wilson writes: Microsoft has had something of a checkered history when it comes to privacy, particularly with Windows 10. Telemetry concerns have blighted the latest version of the company's operating system for many people, but now it has finally decided to come clean.
Ahead of the release of Windows 10 Creators Update, Microsoft reveals full details of the data it collects about users who opt into providing basic-level telemetry information. The company also provides some details — but not as much as many would like — about what is collected when the full level of telemetry is selected. This is Microsoft's attempt to come clean about privacy in Windows 10, but is it too little too late?
Microsoft's Terry Myerson says "one of our most important improvements in the Creators Update is a set of privacy enhancements that will be mostly behind the scenes." The company goes on to make three statements about the upcoming release.
Mark Wilson writes: Today, WikiLeaks publishes the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits.
Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US.
Mark Wilson writes: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive.
The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS — nothing is safe.
Mark Wilson writes: From the look of the changelog for Windows 10 build 15048 that was released a few days ago to Insiders, it looked to be little more than a bug fixing release. But in fact Microsoft has already started to include references to — and even a portal for — Windows Mixed Reality.
We have seen reference to Windows Holographic in Windows 10 before, but this is the first time there has been anything to play with. It coincides nicely with Microsoft revealing that Windows Mixed Reality is the new name for Windows Holographic, and it gives Insiders the chance to not only see if their computer meets the recommended specs, but also to try out a Windows Mixed reality simulation.
Mark Wilson writes: Microsoft is no stranger to pissing people off, particularly when it comes to Windows 10. There have been endless cries about forced updates, complaints about ads, moaning about privacy, and now the CEO of Vivaldi has lashed out at the company for its anti-competitive practices with Microsoft Edge.
Jon von Tetzchner says that Microsoft has forgotten about the "actual real-life people that use technology in their daily lives." He takes particular umbrage at Windows 10's continued insistence of resetting the default browser to Edge.
Indicating that his patience has now run out, von Tetzchner points to a 72-year-old friend who was confused by the change and unable to reverse things. He says that Microsoft is failing to respect the decisions made by users, and this is something that needs to stop.
Mark Wilson writes: A key obstacle that mobile users encounter is clicking a link only to be greeted by the offer to install an app. The relatively slow process of visiting Google Play to download and install an app means that many people simply don't bother — and this is something that Instant Apps should help with.
The Instant Apps feature was announced last year at Google I/O, and there was much excitement at the prospect of 'streaming' apps on demand. Now Google has started live tests of Instant Apps for Android so you can try out the feature with the likes of BuzzFeed, Wish, Periscope and Viki.
Instant Apps works by breaking down apps into small chunks so they can be downloaded and run on-the-fly — only those components that are needed have to be downloaded, meaning that with a reasonable connection speed the process should be all but seamless
Mark Wilson writes: Samsung has finally revealed the long-awaited results of its investigation into the problematic Galaxy Note7. Having issued an apology and pushed out OTA updates to disable phones which had been banned from flights because of the risk of them catching fire, the South Korean company says that two separate battery problems were to blame.
The first problem stemmed from the fact that the battery was physically too small for the Note7 leading to a short-circuit. Replacement batteries suffered from a combination of insulation problems and an issue that cause positive and negative electrodes to touch. Samsung also indicated that the Galaxy S8 would not be unveiled at Mobile World Congress (MWC) next month.
Mark Wilson writes: The Electronic Frontier Foundation has set out its plans for the first 100 days under Trump, during which time it says it will continue to fight for the rights of internet and technology users.
The digital rights group has already drawn up a wishlist for covering its privacy and security dreams for 2017, but the 100-day plan sees the EFF setting out its agenda for the first few months under Trump. Having claimed that "our civil liberties need an independent defense force" and that "free speech and the rights to privacy, transparency, and innovation won’t survive on their own", EFF is prepared to go to court — again — to hold the new administration to account when necessary.
The group plans to continue its fight against "wrongful surveillance and censorship orders", and says that it will make full use of Freedom of Information Act requests to "force transparency on our secretive government". This is something that will be happening right from the get-go: "we intend to wield this tool from the earliest days of Trump's presidency".
Mark Wilson writes: There was a craze that started a few years back for tracing one's family tree. Rather than fizzling out, the interest in genealogy continued, and there are still many websites out there that will help you to research your family history and build up a picture of the past.
While genealogists of the past may have scoured public records and libraries for information about their family, these days people want things handed to them on a plate. One website is taking full advantage of this — as well as the fact that the internet can act as a use data base of personal information — and there's a high chance it has vast amounts of data about you that can be accessed by anyone. The site is FamilyTreeNow.com, and you need to jump through a few hoops to get your details removed from the site.
Mark Wilson writes: Facebook has long-claimed that its WhatsApp messaging service is completely secure and messages cannot be intercepted thanks to its use of end-to-end encryption. But researchers have unearthed a serious security flaw that makes it possible to read encrypted messages.
Based on Open Whisper Systems' Signal Protocol, the unique security keys used to implement end-to-end encryption should keep messages secure. But WhatsApp can force offline users to generate new keys and this could allow Facebook — and third parties — to read messages.
The problem is a serious one, as WhatsApp's supposed security has earned it a good deal of respect, and it is a communication tool that those who wish to remain anonymous have come to rely upon. Tobias Boelter, a security researcher at the University of California, discovered the security problem. He says: "If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys".
Mark Wilson writes: With Donald Trump about to take over the reins from Barack Obama, privacy groups have expressed concern about what the incoming president will do with surveillance laws. But before that happens, President Obama is still a cause for concern. In the final days of his leadership, his administration has granted permission for the NSA to share the data it intercepts with no fewer than 16 other intelligence agencies.
While this will alarm many, what is particularly troubling is the fact that privacy protections are not applied until after this data has been shared between agencies. The changes in rules amount to a major relaxation of restrictions on NSA activities, meaning that a far greater number of officials will have access to unfiltered, uncensored data about innocent people around the world.
Mark Wilson writes: D-Link is facing a lawsuit brought against it by the US Federal Trade Commission for the poor security of its routers and connected cameras. The FTC says the company failed to take reasonable steps to protect users from hackers.
The FTC is seeking to improve the security of all IoT (internet of things) devices in the wake of compromised devices being used to launch high-profile DDoS attacks such as Marai and Leet Botnet. D-Link argues that the charges brought against it are "unwarranted and baseless" and plans to "vigorously defend itself".
The Taiwanese company says that the FTC "fails to allege, as it must, that actual consumers suffered or are likely to suffer actual substantial injuries".