A selection of 9 links for you. They flip, they bend, they twirl away. I’m charlesarthur on Twitter. Observations and links welcome.
While analyzing the leaked data dump, researchers discovered at least three software exploits – two for Adobe Flash Player and one for Microsoft’s Windows kernel.
Out of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with CVE-2015-0349, has already been patched.
However, the Hacking Team described the other Flash Player exploit, which is a zero-day exploit with no CVE number yet, as “the most beautiful Flash bug for the last four years.”
Symantec has also confirmed the existence of the zero-day flaw in Adobe Flash that could allow hackers to remotely execute code on a targeted computer, actually allowing them to take full control of it.
Researchers found a Flash zero-day proof-of-concept (POC) exploit code that, after testing, successfully worked on the most latest, fully patched version of Adobe Flash (version 22.214.171.124) with Internet Explorer.
Successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing a hacker to take complete control of the affected computer.
Flash depresses me. I removed it from my machine some time ago; it’s basically a malware vector whose functions can almost always be replaced with HTML5 by normal users. See below.
Most web browsers load Flash and other plug-in content as soon as you open a web page. Enable “click-to-play” plug-ins and your browser will load a placeholder image instead — click it to actually download and view the content.
Click-to-play allows you to conserve download bandwidth, improve page load times, reduce CPU usage, and extend laptop battery life. This feature gained popularity with Flashblock for Firefox and is now built into modern browsers.
Do this, for the safety of your system.
Phones. Today, we announced a fundamental restructuring of our phone business. As a result, the company will take an impairment charge of approximately $7.6bn related to assets associated with the acquisition of the Nokia Devices and Services business in addition to a restructuring charge of approximately $750m to $850m.
This isn’t actual lost money, but lost value of the business – a “goodwill” writedown. The phones aren’t any more or less profitable as a result.
I am committed to our first-party devices including phones. However, we need to focus our phone efforts in the near term while driving reinvention. We are moving from a strategy to grow a standalone phone business to a strategy to grow and create a vibrant Windows ecosystem that includes our first-party device family.
Translation: phones that don’t run Windows are not needed. Say goodbye to those Nokia featurephones (24.7m in Q1, likely fewer in Q2, probably zero by Q4).
In the near term, we will run a more effective phone portfolio, with better products and speed to market given the recently formed Windows and Devices Group. We plan to narrow our focus to three customer segments where we can make unique contributions and where we can differentiate through the combination of our hardware and software. We’ll bring business customers the best management, security and productivity experiences they need; value phone buyers the communications services they want; and Windows fans the flagship devices they’ll love.
Translation: cheap Lumias continue; will do a flagship. Business customers will get support on whichever platform.
In the longer term, Microsoft devices will spark innovation, create new categories and generate opportunity for the Windows ecosystem more broadly. Our reinvention will be centered on creating mobility of experiences across the entire device family including phones.
Translation: phones aren’t so important, are they?
Ben Thompson, back in September 2013:
Early this morning Microsoft acquired Nokia for €3.79 billion (plus €1.65 billion for patents). It is a deal that makes no sense.
While industry observers love to pontificate about mergers and acquisitions, the reality is that most ideas are value-destroying. It is far better to form an alliance or partnership; most of the benefits, none of the costs.
A partnership similar, in fact, to the one formed just two years ago between Microsoft and Nokia.
From Microsoft’s perspective, that was a brilliant deal; Matt Drance characterized it as “Microsoft Buys Nokia for $0B,” and he wasn’t far off. The premier pre-iPhone phone maker, with what was even then one of the best supply chains, distribution networks, and brands in the world would be exclusively devoted to Windows Phone.
There is nothing further to be gained by an acquisition.
Actually, turned out to have negative value, financially speaking. (The whole post is very well worth re-reading in hindsight.)
Is going to be built in to iOS 9 and OSX 10.11 (aka “El Capitan”):
Whenever you sign in with your Apple ID on a new device or browser, you will verify your identity by entering your password plus a six-digit verification code. The verification code will be displayed automatically on any Apple devices you are already signed in to that are running iOS 9 or OS X El Capitan. Just enter the code to complete sign in. If you don’t have an Apple device handy, you can receive the code on your phone via a text message or phone call instead.
Once signed in, you won’t be prompted for a verification code again on that device unless you erase your device, remove it from your device list, or need to change your password for security reasons. When signing in on the web, you can choose to trust your browser so you won’t be prompted for a verification code the next time you sign in from that computer.
The problem with 2FA is always “what if I lose my phone?” Google gets around this by letting you have printed codes that act as verification numbers; it’s a good idea that Apple might do well to take up.
But this looks a lot better than the version used at present in iCloud.
Researchers from Carnegie Mellon University and the International Computer Science Institute built a tool called AdFisher to probe the targeting of ads served up by Google on third-party websites. They found that fake Web users believed by Google to be male job seekers were much more likely than equivalent female job seekers to be shown a pair of ads for high-paying executive jobs when they later visited a news website.
AdFisher also showed that a Google transparency tool called “ads settings,” which lets you view and edit the “interests” the company has inferred for you, does not always reflect potentially sensitive information being used to target you. Browsing sites aimed at people with substance abuse problems, for example, triggered a rash of ads for rehab programs, but there was no change to Google’s transparency page.
What exactly caused those specific patterns is unclear, because Google’s ad-serving system is very complex. Google uses its data to target ads, but ad buyers can make some decisions about demographics of interest and can also use their own data sources on people’s online activity to do additional targeting for certain kinds of ads. Nor do the examples breach any specific privacy rules—although Google policy forbids targeting on the basis of “health conditions.” Still, says Anupam Datta, an associate professor at Carnegie Mellon University who helped develop AdFisher, they show the need for tools that uncover how online ad companies differentiate between people.
Google didn’t respond to the researchers’ requests. But, oddly, it changed the language on that transparency page. This is the AdFisher study
Mark Mulligan on the maths of streaming v buying:
What quickly becomes apparent is that the most viable route to ensuring Apple Music streaming revenue offsets the impact of lost iTunes sales revenue is as big an installed base of streaming users as possible. The more Apple Music users there are, the more likely more of them will find and listen to your music. This is why the scale argument so is so important for streaming and also why small labels feel the effect less quickly. If you have a vast catalogue you don’t need to worry too much about the listener-to-buyer ratio because you have so many tracks that you are a much bigger target to hit. The laws of probability mean that most users are going to listen to some of your catalogue.
Let’s say you are a big major with 1 million tracks out of the 5 million tracks that get played to any meaningful degree in streaming services. That gives you a 20% market share. But if you are an independent with 50,000 tracks that gives you 1%, 20 times less than the major. Which means that you are 20 times less likely to have your music listened to. And that is without even considering the biases that work in favour of the majors such as dominating charts and playlists, and other key discovery points.
YouTube continues to be a profitable enterprise for its top tier stars, who earn money from advertisements placed around their videos.
The site’s terms and conditions forbid creators from disclosing how much they earn, but on Monday gamer Olajide Olatunji, known as KSI, told the newspaper Metro he had earned enough money to buy his parents a house.
Although some stars supplement their income with product placement deals, [Felix] Kjellberg [aka PewdiePie] says he does not do very many.
“I make more than I need from YouTube,” he wrote on Reddit. “With that freedom, but also to respect my fans for making that possible, I don’t end up doing many endorsements.”
[Ian] Maude [of Enders Analysis] has a word of caution for anybody eyeing up YouTube with dreams of becoming a millionaire.
“As with many things, a few people at the top do exceptionally well but there’s a long tail of people who don’t make any money at all,” he said.
Why can’t they disclose how much they earn?
two-thirds of the watches sold so far have been the lower-profit “Sport” version, whose price starts at $349, according to Slice, rather than the costlier and more advanced models that start at $549.
In an ambitious bid for the luxury market, Apple also unveiled a gold “Edition” model priced at $10,000 or more. So far, fewer than 2,000 of them have been sold in the U.S., Slice contends.
Slice bases its research on electronic receipts sent to millions of email addresses following purchases. The company conducts market research on behalf of consumer-goods companies, among others, many of them in the Fortune 500.
Wall Street has been desperately trying to work out how well the new watch has been selling, but Apple has been refusing to say. The company, which in the past has updated Wall Street on the sales of new products soon after the launch, has yet to release any numbers about the watch.
Those Edition watches will have made a ton of profit. But apparently the fall in sales is “ominous”. Seems like about 3m sold in the US in the quarter. That’s about four times the number of Android Wear devices sold in seven months or so from multiple manufacturers at lower prices worldwide last year. Ominous.