Kategorie

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android Newsroomhttp://www.blogger.com/profile/[email protected]

There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard,

There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, The Hacker Newshttp://www.blogger.com/profile/[email protected]

The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and innovation in open-source OSes. As security practitioners and Linux administrators, we always seek stable and innovative operating systems that can meet our needs while keeping our systems secure.

The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected several versions of Ubuntu and could potentially lead to server disruption and injection of malicious code.

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago Newsroomhttp://www.blogger.com/profile/[email protected]

No matter what type of Android phone you carry or how you usually use it, one thing is a near-universal constant:

You’re gonna spend a ton of time messing with messages.

The messages may be from clients, colleagues, or your cousin Crissy from Cleveland (damn it, Crissy!). But regardless of who sends ’em or what they’re about, they’re all popping up on your phone and cluttering your weary brainspace.

My fellow Android adorer, I’m here to tell you there’s a better way.

Google’s Android Messages app has gotten surprisingly good over the years. That’s no big secret. If you only rely on what you see on the surface, though, you’re missing out on some of Messages’ most powerful and underappreciated efficiency-enhancing options.

[Hey: Want even more advanced Android knowledge? Check out my free Android Shortcut Supercourse to learn tons of time-saving tricks for your phone!]

Today, we’ll explore the Android Messages app’s most effective out-of-sight superpowers. They may not be able to cut down on the number of messages you send and receive on your phone (DAMN IT, CRISSY!), but they will help you spend less time fussing with ’em. And they might just help you have a more pleasant experience, too.

Let’s dive in, shall we?

(Before you splash forward, take note: The tips on this page are all specific to the Google Messages app, which isn’t the same as the superfluous and wildly unnecessary Messages apps made by the likes of Samsung, OnePlus, and Verizon and baked into devices associated with those companies. If you’re using a phone where the Android Messages app wasn’t preinstalled or set as the default, you can download it from the Play Store and give it a whirl. You might be pleasantly surprised by what you find.)

Android Messages trick #1: Custom notifications for important people

We’ll start with what might be my favorite little-known trick within Google’s Android Messages app: With a couple quick adjustments, you can turn any of your contacts’ faces into a custom notification icon. That icon will then show up at the top of your phone whenever that person messages you for extra-easy visibility and access.

See?

A quick bit of simple setup, and bam: Anyone’s face can become their notification icon (for better or for worse!) on your phone.

JR Raphael, IDG

The only catch is that your phone needs to be running 2020’s Android 11 operating system or higher for the feature to be available. (And honestly, if your phone isn’t running Android 11 at this point, you’ve got bigger fish to fry, Francesco.) Also, Samsung has screwed around with this system for no apparent reason — a frustratingly common theme with Samsung’s heavily modified approach to Android, especially as of late — so you may or may not be able to take advantage of this on a Galaxy gadget, depending on how recently its software has been screwed up updated. (Exaggerated sigh. What more can I say?!)

On any reasonably recent Android device that sticks close to Google’s core Android interface, though, here’s how to make the magic happen:

• The next time you get a message from someone, press and hold your finger to the notification.
• That’ll pull up a screen that looks a little somethin’ like this:

Android’s Priority conversation setting is the key to creating custom notifications that really stand out.

JR Raphael, IDG

• Tap the “Priority” line, then tap “Apply” to save the changes.

And that’s it: The next time that person messages you, you’ll see their profile picture in place of the standard Messages icon in your status bar, and the notification will show up in a special section above any other alerts.

Hip, hip, hoorah!

Android Messages trick #2: Important contact prioritizing

Ever wish you could keep your most important messaging threads at the top of the list for easy ongoing access?

Poof: Wish granted. No matter what kind of Android phone you’re holding or how needlessly meddled with its software may be, just hold your finger onto the conversation in question on the main Messages app screen, then tap the pushpin-shaped icon in the app’s upper bar.

You can pin up to three conversations that way, and they’ll always appear above all other threads in that main inbox view.

Android Messages trick #3: Swift appointment scheduling

The next time you’re working to plan a meeting or event with a fellow Homo sapien in Messages, make yourself a mental note of this:

Anytime someone sends you a message that includes a specific date and time, the Messages app will underline that text. See it?

That underlined time is a covert link from an incoming message to your Android calendar agenda.

JR Raphael, IDG

You’d be forgiven for failing to realize, but you can actually tap that underlined text to reveal a shortcut for opening that very same day and time in your Android calendar app of choice. It’s a great way to get a quick ‘n’ easy glimpse at your availability for the time you’re discussing.

And if you then want to create a calendar event, just look for the “Create event” command that should appear right below that very same message. That’ll fire up a new calendar event for you on the spot, with the appropriate day and time already filled in.

That button to the left of the text suggestions is a spectacular time-saver for on-the-fly event creation.

JR Raphael, IDG

Don’tcha just love simple step-savers?

Android Messages trick #4: Seamless message scheduling

If you’re ready to hammer out a response to a message right now but don’t want your reply to be sent for a while, follow the advice shared by a reader in my Android Intelligence newsletter recently and simply schedule your message for some specific future time.

The Android Messages app’s scheduling system is spectacularly useful. You can rely on it for setting reminders to be sent to clients, business-related messages to be pushed out the next morning, or context-free middle-finger emojis to be delivered to your cousin in Cleveland at ungodly hours in the middle of the night.

To tap into this productivity-boosting power, just type out your message normally — but then, instead of tapping the triangle-shaped send icon at the right of the composing window, press and hold your finger onto that same button when you’re done.

No reasonably sane person would possibly realize it, but that’ll pull up a hidden menu for selecting precisely when your message should be sent.

Send any message, anytime — no matter when you actually write it.

JR Raphael, IDG

And the person on the other end will have no way of even knowing you wrote the thing in advance.

Android Messages trick #5: Important message saving

When you run into a message you know you’ll want to reference again, save yourself the trouble of trying to dig it back up later and instead star it on the spot to make it fast as can be to find in the future.

It couldn’t be much easier to do: Whilst viewing an individual message thread, just press and hold your finger onto the specific message you want to save, then tap the star-shaped icon that appears in the bar at the top of the screen.

Then, when you want to find the message again, tap the search icon at the top of the main Messages screen and select “Starred” from the menu that comes up. That’ll show you every message you’ve starred for exceptionally effortless resurfacing.

Android Messages trick #6: Advanced message searching

Speaking of that Messages search system: Starring is sublime, but sometimes, you need to dig up an old message that you didn’t go out of your way to save.

The Android Messages app makes that even easier than you might realize. Tap that same search icon at the top of the app’s main screen — and in addition to searching your entire history message for any specific string of text, take note:

• You can start typing out the name of anyone in your contacts, then select them from the suggestion that appears — and then type in some text to look for something specific only within messages from that one person.
• You can use the options within the main Messages search screen to look specifically at images, videos, locations, or links people have sent you.
• And you can combine any of those variables for even more granular finding — looking for links you sent to a particular client, for instance, or locations an out-of-town colleague sent to you.

The Android Messages app’s search system is chock-full of helpful info.

JR Raphael, IDG

How ’bout them apples?!

Android Messages trick #7: Easier-to-read text

File this next Android Messages feature under “accidental discoveries”: The next time you find yourself squinting at something in a messaging thread on your phone, try a good old-fashioned zoom gesture on the screen — placing your finger and thumb together and then spreading ’em slowly apart.

You’d never know it, but the Messages app supports that standard gesture for zooming into a conversation. The inverse applies, too: When you’re ready to zoom back out and make everything smaller, just bring your two fingers closer together.

And if those actions aren’t working for you, tap your profile picture in the upper-right corner of the main Messages screen and select “Messages settings,” then make sure the toggle next to “Pinch to zoom conversation text” is in the on position.

Android Messages trick #8: Custom conversation colors

While we’re thinking about easier reading, a brand spankin’ new Android Messages trick that’s trickling out as we speak can let you create a custom color palette for any conversations you’ve got goin’.

That way, you can always remember that texts with your significant other are in, say, purple, whereas messages with your most important client are in red. (Best not to get those two threads confused.)

This one works only with messages sent using the modern RCS messaging platform, which basically means messages involving other people on Android at this point (though that will allegedly expand to include iFolk soon — if Apple actually follows through on its years-late promise to stop deliberately dumbing down messages between iPhone users and people on other platforms).

With any currently supported conversation, though, open up the thread within Messages — then:

• Tap the three-dot menu icon in the screen’s upper-right corner.
• Select “Change colors” from the menu that appears. (And if you aren’t seeing it yet, even in an RCS-enabled conversation, give it a few days and check back again. This one’s actively rolling out right now, so it should reach you soon — if it hasn’t already!)
• Pick the color scheme you prefer, then tap the Confirm button at the bottom.

Every Android Messages conversation can have its own distinctive color, if you take the time to set it up.

JR Raphael, IDG

Repeat for any other compatible conversations, and you’ll always know exactly what you’re looking at even with a fast glance — and without having to give it an ounce of active thought.

Android Messages trick #9: Enriched inline media

You know a fantastic way to waste time? I’ll tell ya: moving from one app to another just to glance at something someone sent you (like those blasted Bangles video Crissy is always blasting your way).

Well, get this: Google’s Android Messages app can let you preview and even watch entire YouTube videos without ever leaving your current conversation — and it can give you helpful previews of web links right within the app, too.

The key is to make sure you’ve got the associated options enabled:

• Tap your profile picture in the upper-right corner of the main Messages screen.
• Select “Messages settings,” then tap “Automatic previews.”
• Make sure the toggle next to “Show all previews” is on and active.

Now, the next time someone sends you a video link, you’ll see the video’s thumbnail and description right then and there, within the Messages conversation:

Videos expanded in-line within Messages — easy peasy.

JR Raphael, IDG

With web pages, Messages will show you just enough of a preview to let you make an educated decision about whether you want to tap the link or not.

Web links gain useful extra context once you enable the right option within the Android Messages settings.

JR Raphael, IDG

Almost painfully sensible, wouldn’t ya say?

Android Messages trick #10: Smarter shortcuts

If I had to pick the simplest Android Messages trick for enhancing your efficiency, it’d be embracing the built-in shortcuts Google gives us for faster message actions.

From the main Messages screen, you can swipe left or right on any message to perform an instant action — archiving the conversation, permanently deleting it, or toggling it between read and unread status.

All you’ve gotta do is mosey your way back into the Messages app’s settings areas and tap on the “Swipe actions” item to set things up the way you want…

Step-saving swipes within Messages — now available for your customization.

JR Raphael, IDG

…and then, just remember to actually use those gestures moving forward. (That part’s on you.)

Android Messages trick #11: Automated cleanup

Certain services love to send confirmation codes via text messaging when you sign in or try to perform some action. It may not be the most advisable or effective form of extra security, but — well, it’s better than nothing. And for better or for worse, it’s a pretty common tactic.

Core security considerations aside, the most irksome part of these confirmation codes is having ’em clutter up your messages list at every Goog-forsaken moment. But the Google-made Android Messages app can actually take care of that for you, without any ongoing effort — if you take about 20 seconds to make the right tweak now.

Here’s the secret:

• Tappity-tap that comely character in the upper-right corner of the main Messages screen (y’know, the one whose appearance has a striking resemblance to your oversized head).
• Tap “Messages settings” in the menu that comes up, then select “Messages organization.”
• Within that curiously created section, you’ll see only one option: “Auto-delete OTPs after 24 hrs.” OTP may not exactly be an everyday, universally known abbreviation, but fear not — for it isn’t an erroneous reference to an early 90s rap hit with equally ambiguous meaning. Nope: It stands for one-time password, which is the same thing we’re thinking about here.
• Flip that toggle into the on and active position, then flip a finger of your choice to all the confirmation codes in your messages list and rest easy knowing they’ll be auto-purged a day after their arrival from that point forward.

Who’s down with OTP? Every last homie. (I apologize.)

Android Messages trick #12: Instant reactions

Slack-style reactions may seem silly on the surface, but they serve an important communication purpose in allowing you to quickly acknowledge a message without having to carry the conversation on further. Whether it’s a thumbs-up, a clapping hands symbol, or even perhaps an occasional burrito emoji, it really can be a handy way to say “Yup, got it” (or “Yup, want beefy goodness”) without having to use a single word.

You probably know you can summon a reaction within the Android Messages app by pressing and holding a specific message within a conversation and then selecting from the list of available emoji options — right? But beyond that, Messages packs an even faster way to issue a reaction in the blink of an eye.

And here it is: Simply double-tap your finger onto any individual message within a conversation. That’ll apply the heart reaction to it without the need for any long-press or symbol selection.

It’d be nice if there were a way to customize which reaction is used for that action by default — so that, obviously, we could all change it to the burrito emoji, since that’s what any sane person uses most often — but if and when a heart will do the job, now you’ve got a super-easy way to bring it into any conversation with a fast finger tap.

Android Messages trick #13: Less annoying iPhone interactions

Last but not least in our list of magnificent Messages enhancements is something specific for your conversations with the Apple-adoring animals in your life. And it relates to those very same sorts of reactions we were just going over.

One obnoxious side effect of Apple’s “no one exists outside of iOS” mentality, y’see, is the way the iPhone’s equivalent of those reactions show up on Android. Plain and simple, they show up as — well, plain and simple text messages, instead of coming through as reactions.

Surely you’ve encountered this, right? Those pointless messages you get from iGoobers that say stuff like “Loved ‘Please stop texting me, Crissy'”?

Well, get this: Google’s Android Messages app is actually able to intercept those absurd platform-specific reactions and turn ’em into standard reactions instead of plain-text interruptions. And it’ll take you all of 12 seconds to enable the option:

• Head back into the Messages app’s settings.
• Tap “Advanced.”
• Look for the line labeled “Show iPhone reactions as emoji” and make sure the toggle next to it is in the on position.

All that’s left is to breathe a heavy sigh of relief — and to send Crissy a well-deserved burrito reaction.

Hey: Don’t let the learning stop here. Get six full days of advanced shortcut knowledge with my free Android Shortcut Supercourse. You’ll discover tons of time-saving tricks!

Android, Google, Messaging Apps, Mobile Apps, Smartphones

For all of the promise of LLMs (large language models) to handle a seemingly infinite number of enterprise tasks, IT executives are discovering that they can be extremely delicate, opting to ignore guardrails and other limitations with the slightest provocation. 

For example, if an end user innocuously — or an attacker maliciously — inputs too much data into an LLM query window, no error message is returned and the system won’t seemingly crash. But the LLM will often instantly override its programming and disable all guardrails. 

“The friction is that I can’t add a bazillion lines of code. One of the biggest threats around [LLMs] is an efficient jailbreak of overflow,” said Dane Sherrets, a senior solutions architect at HackerOne. “Give it so much information and it will overflow. It will forget its systems prompts, its training, its fine-tuning.” (AI research startup Anthropic, which makes the Claude family of LLMs, wrote a detailed look at this security hole.) 

Consider the case of a publicly held company that has to severely restrict access to not-yet-reported financials. Or a military contractor that needs to limit access to weapons blueprints to those with a specific clearance level. If an LLM becomes overloaded and ignores those restrictions, the consequences will be severe.

And that’s just one of the ways that LLM guardrails can fail. These systems are generally cloud-based, controlled by the vendor who owns the license to those particular LLM algorithms. A few enterprises (weapons manufacturers working for the government, for example) take the LLM code and solely run it on-premises in an air-gapped environment, but they are the rare exceptions.

IT leaders deploying LLMs have uncovered other subtle but serious flaws that put their systems and data at risk and/or fail to deliver useful results. Here are five major LLM issues to be aware of — and avoid — before it’s too late.

LLMs that see too much

One massive flaw in today’s LLM systems — which Microsoft acknowledged on March 6 when it introduced a new SharePoint feature for use with its Copilot LLM — is the ability to access a wide range of SharePoint files that are not intended to be shared. 

With Copilot, “when you enable access for a user, it replicates the access that they have. It can then access anything that they have access to, whether they know it or not,” said Nick Mullen, the IT governance manager for a Fortune 500 insurance company.

“The SharePoint repository runs in the background, but it also has access to anything that is public in your entire ecosystem. A lot of these sites are public by default,” said Mullen, who also runs his own security company called Sanguine Security.

Available in public preview, the new feature is called Restricted SharePoint Search. Microsoft says the feature “allows you to restrict both organization-wide search and Copilot experiences to a curated set of SharePoint sites of your choice.”

The current default option is for public access. According to Microsoft’s support documentation, “Before the organization uses Restricted SharePoint Search, Alex [a hypothetical user] can see not only his own personal contents, like his OneDrive files, chats, emails, contents that he owns or visited, but also content from some sites that haven’t undergone access permission review or Access Control Lists (ACL) hygiene, and doesn’t have data governance applied.” Because Alex has access to sensitive information (even if he’s not aware of it), so does Copilot.

The same problem applies to any corporate data storage environment. IT must thoroughly audit users’ data access priveleges and lock down sensitive data before allowing them to run queries with an LLM.

LLMs with the keys to the kingdom

Part of the problem with LLMs today is that they are often unintentionally given broad or even unlimited access to all enterprise systems. Far worse, Mullen said, is that most of the current enterprise defensive systems will not detect and therefore not block the LLM, even if it goes rogue. 

This means that enterprises have “the most powerful and intuitive search engine that can search across everything,” he said. “Historically, that type of internal scanning would fire off an alert. But LLMs are different. This is an entirely new threat vector that is extremely difficult to detect. EDR [endpoint detection and response] is not going to pick it up because it’s behaving as expected. Right now, there is not a good way to secure that. Depending on who is compromised, an attacker could gain access to a treasure trove.”

Added Mullen: “LLMs are very temperamental, and people are getting a little bit ahead of themselves. The technology is so new that a lot of the risks are still unknown. It’s a scenario where it’s not going to be known until you see it. It’s the law of unintended consequences. [IT is] turning [LLMs] on and giving them access to an insane amount of resources, which should give every organization pause.”

Artur Kiulian, the founder of PolyAgent, a nonprofit research lab focused on AI issues, sees many enterprises embracing LLMs too quickly, before the proper controls can be put into place.

“Most enterprises that are implementing LLMs are at the stage of experimentation,” Kiulian said. “Most companies use the guardrails of prompt engineering. It’s not enough. You need permission-based controls. Most enterprises are simply not there yet.”

HackerOne’s Sherrets agreed with how risky LLMs are today: “It can interact with other applications. It’s terrifying because you are giving black box control over doing things in your internal infrastructure. What utilities is the LLM touching?”

David Guarrera, a principal with EY Americas Technology Consulting who leads GenerativeAI initiatives, is also concerned about the risks posed by early enterprise LLM deployments. “There are a lot of new emerging attacks where you can trick the LLMs into getting around the guardrails. Random strings that make the LLM go crazy. Organizations need to be aware of these risks,” Guarrera said.

He advises enterprises to create isolated independent protections for sensitive systems, such as payroll or supply chain. IT needs “permissions that are handled outside of the LLM’s [access]. We need to think deeply how we engineer access to these systems. You have to do it at the data layer, something that is invisible to the LLM. You also need to engineer a robust authentication layer,” he said.

LLMs with a civil service mentality

Another concern is trying to program LLMs to manage need-to-know rules, the idea that the system will restrict some data, sharing it only with people with certain roles in the company or who work in specific departments.

This runs into what some describe as the civil service mentality problem. That is where someone is trained on the rules and might even memorize the rules, but they are not trained on why the rules were initially created. Without that background, they can’t make an informed decision about when an exception is warranted, and they therefore tend to interpret the rules strictly and literally.

That is also true for LLMs. But much sensitive enterprise data is not nearly that binary.

Take the earlier example of the finances of a publicly held company. It is true that data about unannounced finances for this quarter have to be restricted to a handful of authorized people. But has the LLM been programmed to know that the data is instantly world-readable as soon as it is announced and filed with the SEC? And that only the data reported is now public, while unreported data is still proprietary?

A related issue: Let’s say that it is crunch time for the finances to be prepared for filing, and the CFO asks for — and is granted — permission for an additional 30 people from different company business units to temporarily help with the filings. Does someone think to reprogram the LLM to grant temporary data access to those 30 temporary resources? And does someone remember to go back and remove their access once they return to their regular roles?

Unrecognized glitches

Another LLM concern is more practical. Veteran IT managers have many years of experience working with all manner of software. Their experience teaches them how systems look when they crash, such as slowing down, halting, generating error messages, and throwing out screens of garbage characters. But when an LLM glitches — its version of crashing — it doesn’t act that way.

“When traditional software is broken, it’s obvious: screens don’t load, error messages are everywhere. When [LLM] software is broken, it’s much more opaque: you don’t get glaring errors, you just get a model with bad predictions,” said Kevin Walsh, head of artificial intelligence at HubSpot. “It may take weeks or months of having the LLM out in the real world before hearing from users that it’s not solving the problem it is supposed to.”

That could be significant, because if IT doesn’t recognize that there is a problem quickly, its attempts to fix and limit the system will be delayed, possibly making the response too late to stop the damage.

Because LLMs fail differently and in far more hidden ways than traditional software, IT needs to set up far more tracking, testing, and monitoring. It might be a routine assignment for someone to test the LLM each morning.

Unrealistic expectations

Allie Mellen, principal analyst for SecOps and AI security tools at Forrester says there is an inaccurate perception of LLMs, often because LLMs do such a persuasive job of impersonating human thought.

“We have this flawed perception of generative AI because it appears more human. It can’t have original thoughts. It just anticipates the next word. The expectation that it can write code is way overblown,” she said.

LLMs need to handled very carefully, she added. “There are many ways around the guardrails. An individual might come up with a slightly different prompt” to get around programmed restrictions, she said.

IT “must focus on what can realistically be implemented in realistic use cases,” Mellen said. “Don’t treat it as though LLMs are hammers and all of your problems are nails. The [LLM] capabilities are being oversold by most of the business world — investors and executives.”

Generative AI, IT Operations

Both Windows 11 and Windows 10 are full of advertisements and other Microsoft-provided messages that pop up seemingly everywhere and can get in the way of your day-to-day routines. And then there are things that aren’t exactly ads — noisy notifications about viral online articles on MSN, for instance, where Microsoft gets a cut of the advertising. 

Want to get rid of all the annoying ads and pop-ups you can? After a few tweaks, Windows will quiet down and stop bothering you so much when you’re trying to get work done. (Alas, Microsoft doesn’t make it possible to turn off everything, so don’t be surprised if you still see a few surprises even after following this guide.) 

I’ve got so many more useful PC tips and tricks to share with you! Sign up for my free Windows Intelligence newsletter — three things to try every Friday. Plus, get free copies of Paul Thurrott’s Windows 11 and Windows 10 Field Guides (a $10 value) for signing up. 

Disable Start menu ads

Windows 11 is getting advertisements for apps in its Start menu — something Windows 10 PCs already have. To avoid seeing these: 

• In Windows 11, open the Settings app and head to Personalization > Start. Turn off “Show recommendations for tips, shortcuts, new apps, and more.” 
• In Windows 10, open the Settings app and head to Personalization > Start. Turn off “Show suggestions occasionally in Start.”  

Get rid of notification ads and full-screen prompts 

Windows might sometimes send you notification pop-ups with “tips and suggestions.” These tips can include recommendations to use Microsoft Edge and messages pushing the Microsoft Rewards points program. Additionally, Windows sometimes shows you “finish setting up your PC” prompts with messages about using OneDrive and Microsoft 365. To get rid of these: 

• In Windows 11, open the Settings app and head to System > Notifications. Scroll down to the bottom of the screen, expand the “Additional settings” section, and uncheck the three options here: “Get tips and suggestions when using Windows,” “Suggest ways to get the most out of Windows and finish setting up this device,” and “Show the Windows welcome experience after updates and when signed in to show what’s new and suggested.” 
• In Windows 10, open the Settings app and head to System > Notifications & actions. Turn off these three options: “Show me the Windows welcome experience after updates and occasionally when I sign in to highlight what’s new and suggested,” “Suggest ways I can finish setting up my device to get the most out of Windows,” and “Get tips, tricks, and suggestions as you use Windows” options. 

Stop seeing ads in Settings 

Windows shows you more “suggestions” for subscriptions like Microsoft 365, Copilot Pro, and Xbox Game Pass in the Settings app. To get rid of these: 

• In Windows 11, open the Settings app and head to Privacy & security > General. Turn off “Show me suggested content in the Settings app.” 

• In Windows 10, open the Settings app and head to Privacy > General. Turn off “Show me suggested content in the Settings app.” 

The Settings app now pushes Microsoft’s subscription services hard. 

Chris Hoffman, IDG

Hide ads in File Explorer 

Microsoft has used banners in File Explorer to show advertisements for OneDrive storage. To avoid seeing these: 

• In Windows 11, open File Explorer, click the “…” menu on the toolbar, and select “Options.” Click over to the “View” tab, scroll down to near the bottom of the list, and uncheck “Show sync provider notifications.” Click “OK.” 

• In Windows 10, open File Explorer, click the “View” tab on the ribbon, and click “Options.” Click over to the “View” tab, scroll down to near the bottom of the list, and uncheck “Show sync provider notifications.” Click “OK.” 

Avoid lock screen ads 

Windows PCs can use Microsoft’s Windows Spotlight feature to see regularly updated background images on their lock screen. It’s a nice feature, but Microsoft has also used it to push full-screen advertisements for PC games and advertising-type messages. To stop this from happening: 

• In Windows 11, open the Settings app and head to Personalization > Background. Set “Personalize your background” to something like “Picture” and choose whatever picture you like — anything but “Windows Spotlight.” 

• In Windows 10, open the Settings app, head to Personalization > Lock screen. Click the “Background” box and select “Picture” or “Slideshow” — anything but “Windows Spotlight.” Turn off the “Get fun facts, tips, and more from Windows and Cortana on your lock screen” switch here, too. (It won’t appear if Windows Spotlight is turned off.) 

Personally, I put up with this — I’d rather have the fresh lock-screen images, even if I see an advertisement every now and then. It’s up to you. 

Hide clutter in the search pane 

The search box on the taskbar and the pop-up search experience both have “highlights” that recommend all kinds of shopping content, games, and other viral things. To turn those off: 

• In Windows 11, open the Settings app and head to Privacy & security > Search permissions. Scroll down and turn off “Show search highlights” here. 

• Windows 10 does not have this feature, so there’s nothing to turn off. 

The search pane normally recommends shopping and games when you start a search. 

Chris Hoffman, IDG

Never see feedback popups 

Windows might sometimes ask for feedback about your PC experience: Would you recommend Windows to other people? To avoid these interruptions and stop Windows from asking for feedback: 

• In Windows 11, open the Settings app and head to Privacy & security > Diagnostics & feedback. Click the “Feedback frequency” box and set it to “Never.” 

• In Windows 10, open the Settings app and head to Privacy > Diagnostics & feedback. Scroll down and set the “Feedback frequency” box to “Never.” 

Turn off the viral firehose in Widgets 

Windows 11’s Widgets experience pushes viral news articles and shows stock price movements on your taskbar by default. Windows 10 has a similar feature that also recommends viral stories. To turn off Widgets completely: 

• In Windows 11, right-click an empty spot on the taskbar, select “Taskbar settings,” and turn off “Widgets.” 

• In Windows 10, right-click an empty spot on the taskbar, point to “News and interests,” and select “Turn off.” 

Or, you can just turn off those viral stories: 

• In Windows 11, click the Widgets icon at the left side of the taskbar, click the gear icon at the top-right corner of the Widgets pane, click “Show or hide feeds,” and turn off “My feed.” 

• Windows 10 doesn’t let you turn off the viral story feed while keeping the weather on the taskbar. 

Windows 11’s Widgets feed is still the most annoying part of the operating system. 

Chris Hoffman, IDG

Toss apps that come stuck to your Start menu 

Windows PCs come with a bunch of app shortcuts “pinned” to their Start menus. Most of these apps aren’t technically installed yet — they’ll just be installed if you click their shortcuts. For example, you might see apps like “Luminar Neo – AI Photo Editor” and “Grammarly” pinned to your Start menu. To get rid of them: 

• In Windows 11, open the Start menu. Look at the list of pinned apps. Right-click apps you don’t use and select either “Uninstall” or “Unpin from Start.” 

• In Windows 10, open the Start menu. Look at the list of pinned app tiles on the right side of the menu. Right-click apps you want to get out of there and select either “Uninstall” or “Unpin from Start.” 

If your Windows 10 PC is old enough, you might even see a tile for Candy Crush! (Amusingly enough, Microsoft now owns Candy Crush after its controversial acquisition of Activision-Blizzard.) 

You might also want to uninstall bundled apps you don’t want. For example, many new PCs come with a trial of McAfee antivirus — you can uninstall McAfee antivirus if you’re not going to use it. 

Clean up Microsoft Edge

The Microsoft Edge browser is stuffed full of viral news stories, AI features, links to MSN games, recommendations for coupons, and all kinds of other additional things. You can avoid them by switching to another web browser, but if you want to use Edge, here are a few steps you can take: 

• Clean up Edge’s Start page: Open a new tab in Microsoft Edge, click the gear icon at the top-right corner of the page, turn off “Content,” and turn off “Show sponsored background.” 

• Turn off the sidebar: Click the gear icon at the bottom of the sidebar on the right side of the Edge browser. Uncheck “Always show sidebar.” 

• Get rid of shopping notifications: Click the menu icon near the top-right corner of the Edge browser window and choose “Settings.” Select “Privacy, search, and services” at the left side of the Settings page, scroll down to the “Services” section, and turn off “Save time and money with Shopping in Microsoft Edge.” 

If you like some of these features — that’s fine! But there’s a lot going on in Edge, and just changing these few settings should quieten things down. 

Using Edge becomes a much more peaceful experience after you clean up its new tab page. 

Chris Hoffman, IDG

More PC annoyances you can end 

If you’d like to take control over your PC, be sure to check out my guide on how to sign in with a local account. There’s a secret handshake you can use while setting up your computer. 

Still find Windows annoying? Some of the biggest annoyances on Windows 11 and Windows 10 PCs aren’t ads at all! Here’s a list of 10 Windows annoyances — and how to fix them. For example, you can turn off Bing search in the Start menu completely — but Microsoft buries this option and makes it hard to find. 

Want something that’s not annoying? Get even more Windows insights, tips, and tricks with my free Windows Intelligence newsletter, which brings you three new things to try every Friday. Plus, get free Windows 10 and 11 Field Guides as soon as you sign up. 

Microsoft, Operating Systems, Windows, Windows 10, Windows 11, Windows PCs

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray. Newsroomhttp://www.blogger.com/profile/[email protected]

Amazon Web Services (AWS) on Tuesday said its generative AI-based assistant for business applications — Amazon Q Business — is now generally available.

Introduced at re:Invent last year, Amazon Q Business can be used to have conversations, solve problems, generate content, gain insights, and take action by connecting to a company’s information repositories, data, and enterprise systems, AWS  said. 

To use Q as an assistant for business apps, enterprises first need to configure the generative AI (genAI) assistant by connecting it to existing data sources, which can include AWS’ S3 storage service as well as applications from vendors including Salesforce, Microsoft, Google, and Slack. 

Q currently supports connectors for more than 40 tools and applications.

Additionally, AWS has added a new app-building capability to Amazon Q Business, which is a web-based application.

Named Amazon Q Apps and currently in preview, the feature will allow enterprise users, including business users, to develop applications based on their enterprise data using natural language.

“With Q Apps, employees simply describe the app they want, in natural language, or they can take an existing conversation where Amazon Q Business helped them solve a problem, and with one click, Q will instantly generate an app that accomplishes their desired task that can be easily shared across their enterprise,” said Mai-Lan Tomsen Bukovec, vice president of technology at AWS. 

Q Apps could include HR or marketing apps designed either to onboard employees or to automate tasks. They can be accessed via the Amazon Q Business application environment, the company said; Q Apps is enabled by default and can be switched off from the Amazon Q Business console.

Bukovec said a Q App is made up of a collection of cards, with each card serving as a  user interface element that can be combined with other cards to generate an application.

“Cards take in user input, support file uploads, connect to other cards, generate text output, and allow actions through Amazon Q Business plugins,” the company said in a blog post. 

Enterprise users can add to the Q app, edit it, or delete a card, AWS said. 

At a more basic level, text output and plugin cards contain prompt instructions that determine how Amazon Q Business is queried to generate a response. 

“When enterprise users use the Amazon Q Apps Creator, relevant cards are automatically generated with prefilled prompts. Users can further refine these prompts using simple, natural language,” the company said.

“When writing or editing a prompt for a card, your users can reference other cards using ‘@’ mention to select from the list of cards in the app. Users can also instruct in the prompt to reference your enterprise data already in Amazon Q Business,” AWS said.

Amazon Q Apps developed by one enterprise user can be shared with other users across the company via the Amazon Q Apps library.

Q Apps can also be copied and customized by other users to create a new version. 

Amazon Q Business is available in two subscription models — Lite and Pro — which are priced at $3 and $20 per user, per month, respectively. The Pro subscription offers Amazon Q Apps, extended capabilities via custom plugins, and the ability to gain insights via Q in QuickSight. These capabilities are not available in the Lite subscription pack.

Additionally, the Pro subscription allows enterprise users to receive responses in a conversational interface up to approximately seven pages compared to the Lite pack’s limit of one page.

Amazon Web Services, Enterprise Applications, Generative AI, Productivity Software

More than a year and a half after the CHIPS and Science Act was signed into law, the Biden Administration has begun divvying up $52.7 billion in funding and tax incentives meant to spur semiconductor production on US soil, though the actual funding has yet to be dispersed.

Over the past several months, the administration, which championed the legislation, has allocated about $29 billion in funding among chipmakers, including Samsung, TSMC and Intel. In return, various chip designers and makers have pledged about $300 billion in current and future projects in the US, according to the White House.

The most recent announcement last week was for $6.14 billion toward Micron’s plans to build new fabrication plants in upstate New York and perform upgrades elsewhere. To date, Intel has reaped the most in promised funds: $8.5 billion.

The Department of Commerce, which is administering the CHIPS Act, has spent months negotiating with semiconductor designers and fabricators to gain commitments from the companies and to achieve specific milestones in their projects before getting government payouts.

For example, negotiations between the federal government and TSMC resulted in the Taiwanese semiconductor designer and manufacturer being promised $6.6 billion in CHIPS Act funding; in return, the company bringing its most advanced 2nm process technology to US shores and adding plans for a third fabrication plant to its Arizona site.

An artist’s rendition of Micron’s proposed fabrication plant, to be located in Onondaga County, NY. The plant will be the size of 40 football fields and is expected to provide close to 50,000 jobs for the region.

Micron Technologies

At the beginning of 2023, TSMC, the world’s largest chip maker, began construction on its second chip fabrication plant near Phoenix, AZ. For Biden, TSMC’s three plants represented the flagship of the CHIPS Act incentive program. The TSMC project, however, stalled, and the company announced it had pushed back its completion date to 2025 due to problems finding skilled labor.

TSMC had promised to make a $40 billion investment in its US chip production plant. The investment represents the largest ever foreign investment in Arizona and one of the largest in US history.

Micron said it might spend up to $100 billion over the next 20 years to expand its US facilities, including a $15 billion memory chip plant in its home base of Boise, ID.

Industry analysts say the CHIPS Act is having its desired effect — the largest semiconductor designers and makers are investing in the US. By 2030, research firm IDC expects that 30% of the leading edge chip techology will be produced in the US, Western Europe, and Japan.

“Today, the semiconductor supply chain is concentrated in Asia,” said Mario Morales, a group vice president at IDC. “In fact, 100% of the global leading-edge chip capacity — 5nm and below — is only available in Taiwan and Korea. This will change dramatically by the end of the decade as leading-edge manufacturing is reestablished in the western hemisphere and in Japan.”

The latest round of CHIPS Act funding will support Micron’s construction of the first two fabs of a planned four-building “megafab” focused on leading-edge DRAM chip production. Each fab will have 600,000 square feet of cleanrooms, totaling 2.4 million square feet across the four facilities — the largest amount of cleanroom space ever announced in the US and the size of nearly 40 football fields.

The CHIPS Act’s purpose was to strengthen American supply chain resilience after the pandemic and counter China’s rising share of the market. The US share of global semiconductor fabrication capacity has fallen from about 36% in 1990 to about 10% in 2020, according to a Congressional Research Service report. Meanwhile, China’s share of chip manufacturing has grown nearly 50% over the past two years and now comprises about 18% of the world’s supply.

More CHIPS Acts to come?

The White House has argued that CHIPS Act spending will grow America’s share of the world’s leading-edge chip market to 20% by 2030. But experts say more government incentives will be needed to sustain and continue that growth domestically.

“The first CHIPS Act is just the start, there will be more funds needed to sustain and include other parts of the supply chain like materials, OSAT, design, and tools,” Morales said. “I expect that a second CHIPS Act will likely be higher in value than the first and will be approved sometime in the second half of this decade — in 2026 or 2027.”

Gaurav Gupta, a vice president analyst at Gartner Research, agreed with Morales that more funding is needed, and that while the current funding closes the capital cost gap, it does not do much for future operational costs. “Various factors will continue to make it expensive for fabs to be competitive here, like the regulatory and compliance framework that causes delays, labor compensation, higher utility rates, etc,” he said.

“So, if the US government really wants the needle to move and make this current CHIPS Act have a real impact, I expect version 2.0, 3.0 and onwards to come. When and what amounts they would be is hard to predict for now,” Morales said.

The current CHIPS Act includes $39 billion in subsidies for chip manufacturing on US soil along with 25% investment tax credits for costs of manufacturing equipment, and $13 billion for semiconductor research and workforce training.

In December, Computerworld contacted the Department of Commerce to discover why funds from the CHIPs Act had yet to be distributed. The Department said at the time it was still in “complex negotiations” with chip manufacturers to ensure the money is wisely spent.

In February, the Administration announced $1.5 billion for GlobalFoundries to support the development and expansion of facilities in Malta, NY, and Burlington, VT.

Last month, more multi-billion-dollar distributions were announced, including $8.5 billion for Intel to support investments across four states, (Chandler, AZ; Rio Rancho, NM; New Albany, OH; and Hillsboro, OR) to construct logic fabs, modernize advanced packaging facilities, and invest in R&D.

Along with Micron this month, $6.4 billion was allocated for Samsung to build an R&D facility, and advanced packaging fabs in Taylor, TX, and to expand a current-generation and mature-node facility in Austin, TX. And $6.6 billion was earmarked for TSMC to support the development of three greenfield leading-edge fabs in Phoenix, AZ.

Chip production, the supply-chain crisis, and the new law

In 2021, the decline in domestic chip production was exposed by a worldwide supply-chain crisis that led to calls for reshoring manufacturing to the US. After more than a year of work from the Administration to respond to acute semiconductor shortages, Congress in August 2022 passed the measure. With the CHIPS Act spurring them on, semiconductor makers including  Intel, Samsung, Micron, TSMC, and Texas Instruments unveiled plans for a number of new plants on US soil. (Qualcomm, in partnership with GlobalFoundries, also said it would invest $4.2 billion to double chip production in its Malta, NY facility.)

Companies became eligible In February 2023 to apply for the first round of CHIPS Act incentives totaling $39 billion for the construction of large-scale fabrication facilities. Last September, a second funding opportunity for small-scale fabrication projects opened.

The Commerce Department said the CHIPS ACT has moved extremely fast for a government program. For example, as part of the funding application process, the agency has received over 530 statements of interest from companies in 42 states. The department also received 120 pre-applications and full applications for funding.

CPUs and Processors, Government

** Britové zvýšili laťku, co je možné ve světě kybernetické bezpečnosti ** Evropa se na to také chystá a říká tomu Cyber Resilience Act ** Programy i hardware budou muset být odolné už od výroby

Not so long ago, I can remember how Apple’s “failures” in AI made critics smile. Those smiles now seem to have faded. Instead, Apple is accelerating at speed to make people happy for a while with American AI.

How do we know the company is moving fast? With more than 160,000 direct employees globally and hundreds of thousands more across partner firms, suppliers, and the currently beleaguered App economy, when the ship that is Apple moves in a direction the rumor mill usually indicates the destination. Along those lines, we’ve heard a lot of talk across the last week.

Apple’s top secret AI labs

Apple has created a top secret AI research lab in Zurich, Switzerland. The Financial Times also claims the company has hired hundreds of leading AI researchers during the last couple of years, many of them from Google. 

These teams are focused on developing highly advanced AI models. What kind of models? In essence, these seem to be super-lightweight, highly focused neural networks capable of delivering really useful tools that function on the device.

To get a sense of what these might do, Apple researchers recently released a wave of eight new AI models capable of running on the device. The company calls them “Open-source Efficient Language Models”. 

Model behavior

These are small models trained on public data that work on the device to solve focused tasks. The aim is to make it possible to run generative AI (genAI) tools on the device itself, rather than using servers, which preserves privacy, improves efficiency, and safeguards information. These solutions promise truly mobile AI devices that will work offline, with the code is being made available to researchers on GitHub. 

These aren’t the first AI models to slip out of Apple’s research labs. Earlier this year, the company published AI models that can edit photos through written prompts, and another to help people optimize their use of an iPhone. Interestingly, six of the researchers named as authors of a paper describing the latter technology were former Google employees hired in the last two years. 

Making friends

Apple also seems to be exploring potential partnerships. In recent months, we’ve heard it has spoken with both Google and Baidu to make their AI models available to iPhones; last week, we heard it has recommenced discussions with OpenAI. 

This has led both to speculation of an AI-dedicated App Store from which users can access bespoke selections of third-party AI solutions and rumors Apple seeks to license third-party models to enable its devices.

Apple also seems focused on augmenting its existing apps with AI. AppleInsider claims the company is testing a version of Safari with a built in AI-powered intelligent search agent capable of providing summaries of websites.

Think ethically

Throughout all of this, Apple has maintained a tight silence about the totality of its AI strategy. Critically, however, it’s important to understand that the company is not interested in building solutions that provide incorrect or inappropriate responses and would rather be cautious than to introduce an AI that is flawed. It seeks to develop ethical, useful AI that provides real benefits to users while retaining privacy. 

This also extends to how it trains its AI models; if you look at its published research papers, you’ll find many of those it has revealed have been trained using publicly available data, rather than breaching copyright.

Apple is also investing in AI infrastructure

Apple will announce its financial results on Thursday. These aren’t expected to impress, but it seems likely much of the disappointment is already baked in. But for those of us curious about the extent to which Apple is preparing the ground for AI, it will be interesting to track how much the company is investing in capital expenditure. 

We know such spending is taking place:

• Just over a week ago, the company announced an expansion to its Singapore campus to provide space for “new roles in AI and other key functions”, and is making similar investments in Indonesia.
• Apple also recently acquired French AI firm Datakalab. That company specializes in on-device processing, algorithm compression, and embedded AI.
• Hints that Apple will have some reliance on AI in the cloud are also visible on news the company has appointed former Google Sumit Gupta as director of products, Apple Cloud. Gupta has years of experience in AI infrastructure, including a previous six-year stint as chief AI Strategy officer and CTO of AI at IBM.

All of these suggest that sizable investments in the infrastructure required to power AI on two billion actively used Apple devices is already taking place.

Securing the servers with Apple Silicon

Investment extends to R&D for infrastructure. After all, it means something that Apple is allegedly considering building servers powered by Apple Silicon chips. Those servers could go some way toward providing the kind of computational power required to drive AI services in the cloud, while also mitigating the enormous energy consumption such services require.

These data points should provide some color as we accelerate toward introduction of new M4(?)-powered, AI-capable iPads at an online Apple keynote next week, followed by a little more insight at WWDC 2024 in June — and culminating with the big AI iPhone 16 reveal in fall.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, Artificial Intelligence

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository Newsroomhttp://www.blogger.com/profile/[email protected]

A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential risks to systems worldwide. The vulnerability, CVE-2024-26925 , arises from improperly releasing a mutex within the garbage collection (GC) sequence of nf_tables. It could potentially lead to race conditions and compromise the stability and security of the Linux kernel.