New app set to streamline small business accounting

Many small business owners see accounting as a necessary evil. They know need to stay on top of their sales, cash flow and so on but the actual process of doing so is a chore.

Now a new mobile app called ONE UP is claiming to reduce the amount of time taken to handle accounts to just a few minutes per month. It automatically synchronizes with banks and provides suggested entries that can be validated with a single click. In addition the ONE UP suite includes automatic inventory, CRM and invoicing.

"It's as if you had a CPA on your shoulder. ONE UP is the killer app for small businesses, and with the accounting solution we literally provide hands-free bookkeeping," says Francois Nadal, CEO of ONE UP. "ONE UP gives you your free time back because you get what matters to run your business -- cash flow, profit, loss -- quickly and without the hard work. After just three months, most of your data entry is eliminated as the app learns about your business".

The app is designed to make routine tasks automatic for small businesses ranging from solo business owners up to those with 20 employees. With ONE UP Inventory, the app synchronizes with the point of sale, for example, so all that is left is to validate the suggested orders to vendors and stock can be replenished with one click.

Developed from the successful myERP product which has more than 300,000 users in 50 countries, ONE UP is in three parts. Inventory generates packing lists or delivery notes from sales orders so users can deliver to customers faster and update the status of orders. All inventory movements are posted into ONE UP Accounting, the second module, which allows an accountant to log in remotely to audit books or export financial records to their location. Finally ONE UP CRM tracks chats, calls and tasks, helps organize time with leads, creates personalized quotes with a custom template, and can turn quotes instantly into an invoice or sales order.

Pricing for ONE UP starts at $9 per month for a single user, more information and a 30-day free trial is available via the company's website.

Image Credit: EM Karuna / Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/hmFyjL4e_pw/
via IFTTT

Adobe Slate makes online document design quick, easy and effective

Adobe has unveiled Adobe Slate 1.0.2, a free iPad-only app that makes it possible to quickly generate online-hosted documents from a mixture of text and photos. These documents are designed to look good in any browser or device, including phones.

The app follows on from last year’s Adobe Voice, which allows users to create interactive slideshow-based presentations containing a mix of video and audio.

Fire up the app and you can immediately see what’s possible by tapping one of the examples provided: a tablet-friendly mixture of text, imagery and subtle animations to lead the reader through the piece in question.

Next, you need to log in using an Adobe ID or your Facebook account, whichever’s easier. Then tap "Create a New Story" and you’re off. First, supply a title, then import your first photo -- Adobe Voice users will know what to expect here, with options for finding and importing freely available photos from the web as well as your Dropbox folder among others.

Photos are automatically resized to fit the available space, you can then change the focal point, but you can’t zoom into or out of the image in question. Once done, you’re invited to scroll down, where you then build your story using a mixture of text, photos, photo grids and links (which are displayed as touch-friendly buttons). Tap an existing photo to replace or delete it.

It’s a shame there’s no option for importing text from another source; instead you’ll either have to manually type it in or pull in text from another app using copy and paste. You have a choice of heading styles, the ability to provide bulleted or numbered lists of information, plus include handy pull-quotes to spruce up large passages of text. Once you’ve reached the end of a section, insert a photo and select "fill screen", which makes it serve as a suitable break.

The app supports a number of themed templates, which you can easily switch between without having to rejig your entire document. Once you’re happy with your work, you can choose to upload and share it publicly, or via private link -- this link can be shared via social media or even embedded into a web page. One limitation is that the content is clearly marked at the bottom as having originated from Adobe Slate.

Adobe Slate suffers a little from a lack of fine-editing controls, but it does what it says on the tin -- in an age where attention spans are diminishing and people are more and more pressured for time, it does a brilliant job of circling the square of making eye-catching newsletters, journals and other documents without wasting hours in the process.

Adobe Slate 1.0.2 is available now as a free download for iPads running iOS 8.0 or later.

from BetaNews http://feeds.betanews.com/~r/bn/~3/qLa5FuV0EM4/
via IFTTT

Stream video torrents instantly(ish) with Ace Stream Media

Ace Stream Media is an easier way to play video and audio torrents. You don’t need a separate client, or have to wait for the file to be downloaded before it can be played -- the program’s various tools will stream .torrents directly, no other software or waiting around required.

The easiest way to do this is via the bundled Ace Player HD. It’s a fork of VLC Media Player 2.0.5, so a little out of date, but what you’re gaining is the ability to open a .torrent. We tried this, there was around a 30 second pause while the player made its connections, downloaded and buffered the first part of the video, then it started to play, just as though it was a local file.

We had no glitches in playback, but the results you’ll see will vary depending on the video size and resolution, your network connection, how many peers you can find, and more.

Even when it’s playing, if you click far ahead on the video timeline -- you jump from 5 minutes to 45, maybe -- then you’ll have to wait even longer as Ace Player HD ends its current transfers, finds the new files it needs, downloads and buffers the video again (this took up to a minute for us).

The suite also includes extensions for Firefox, Chrome and Opera, which allow you to stream torrents from within a browser. We’re less convinced by these (the Firefox offering is only a "test build", not available from the official add-ons site), but they did appear to work in our brief tests.

Although updated recently, Ace Stream Media doesn’t seem a very active project; its Twitter and Facebook pages haven’t been updated since 2013. The ability to stream media torrents can be useful in some situations, though, and the suite’s Ace Player HD is a quick and easy way to make that happen.

from BetaNews http://feeds.betanews.com/~r/bn/~3/njsNGHcTYHo/
via IFTTT

What if Apple buys Nokia's HERE?

It is no secret that Nokia is pondering the sale of its HERE division. The Finnish company wants to focus on the telecommunications market, and HERE, which offers location services, mapping and navigation software, seems to be nothing but extra weight to lug around. Seeing as a sale is inevitable, the question is, who is going to buy it?

A rumor that's floating around now suggests that Nokia has pitched the sale of HERE to Apple, among other companies. The Cupertino, Calif.-based corporation would certainly stand to benefit from acquiring the technology that powers HERE, as its own attempt at offering navigation software to iOS users has not gone particularly well. Such a purchase, while extremely interesting for Apple, would have deep implications for HERE's current clients, which will most certainly not be favored by it. Here's what it could entail.

Even though it is used by many companies across the globe, and touches a significant number of consumers, HERE is not hugely profitable. In the final quarter of 2014, net sales topped just $292 million, with an operating profit of a mere $20 million. For a company as hugely profitable as Apple, that is chump change. Let's put things into perspective.

During the same time last year, Apple posted record revenue and profit of $74.6 billion and $18 billion, respectively. The $20 million that HERE generated as profit is about $0.11 percent of Apple's profit for the quarter. The reason why I am mentioning this is this: Apple has (virtually) nothing to gain by running HERE in the same way as Nokia.

Unless Apple wants to conquer the location and mapping market -- which doesn't make sense, given the irrelevant financial gains and Apple's business model -- it will have no interest licensing HERE technology to all current HERE customers. And it will also have no interest keeping HERE available for those not using Apple products.

Currently, prominent HERE customers and partners include the likes of Amazon, Microsoft (Bing), SAP and Yahoo. Also, Nokia notes that in Q4 2014 alone it had sold licenses for 3.9 million new vehicles. Those contracts likely stipulate that HERE must provide map updates, something which Apple would have to take upon itself to provide.

Given that Apple is pushing CarPlay in the automotive market, what would make sense for the company is to bundle HERE with CarPlay, which could boost sales of iPhones in the process. This is a desired outcome. It would certainly make more sense than simply licensing HERE and earning just enough money to change the lightbulbs in its new campus when they break (I may be over-exaggerating).

But, let's go back to the customers and partners bit. Apple being Apple, it would want to eliminate any advantage that its rivals have from leveraging HERE. And that would mean cutting any ties with Microsoft, among others. Bing, Windows and Windows Phone (and the future Windows 10 for phones) make use of HERE technology to power core functionality, like mapping and navigation.

While Siri does use Bing to power search results, I do not see Apple allowing Microsoft to strengthen its dominance in the PC market and gain more market share in the mobile market with the help of HERE. It makes little sense for Apple to set itself up for shooting itself in the foot.

Someone might be tempted to bring Beats into discussion. While it is indeed true that Beats is an Apple-owned service that is also available on a rival platform, being integrated into a future iOS release and removed from Google Play afterwards is not out of the question.

Apple wants consumers to focus on the added value/benefits of its products, and one way it is doing that is by not launching products on rival platforms. iTunes is an exception, not the rule. How many fresh products has Apple launched on Android or Windows in recent years? Zero.

Moving back to HERE again, the way that I see Apple taking advantage of it is by integrating the new technology in its Maps apps on iOS and OS X, and providing better location services to developers to integrate into their iOS and OS X apps.

Instead of going with Google's Maps, and paying the search giant for this, they could have the solid, quite possibly free, option that is HERE technology. Apple would direct gain/lose little, financially speaking, from this, but it would certainly be a major benefit for developers, which could see their profits go up as a result.

Meanwhile, users would have more confidence in using Apple's own mapping and navigation software, which would certainly make them rely less on Google and its Maps. Come to think of it, if Apple would buy HERE, this might hurt Google more than Microsoft. It's certainly food for thought.

from BetaNews http://feeds.betanews.com/~r/bn/~3/NVdop2mFkbw/
via IFTTT

Conficker remains top of the threats as existing malware for Windows dominates

Though we're constantly being warned about the threat offered by new malware it seems that, for Windows systems at least, the old favorites continue to catch us out.

The latest threat report from security company F-Secure shows that Conficker continues to be the number one Windows threat, kept alive by the number of unpatched legacy systems still around.

Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.

Mikko Hypponen, F-Secure's Chief Research Officer says, "Criminals use ransomware to extort people by locking them out of their own devices unless they pay a ransom. Because of virtual currencies, it's becoming a lot easier for criminals to use ransomware, making it more profitable and more useful for them. For end users, ransomware is now the most prominent type of digital threat".

When it comes to spreading malware social networking sites are popular, using routes such as Kilim, a family of browser extensions that post unwanted content (messages, links, 'Likes,' etc) to the user’s Facebook account and alter browser settings. Kilim is ranked second in the top 10 threats.

Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.

The top 10 threats identified by F-Secure in the second half of 2014 are:

1 Conficker/Downadup -- a worm exploiting a vulnerability in Windows to spread via the web, network shares and removable media.

2 Kilim -- Browser extension that posts unwanted content to Facebook.

3 Sality -- A virus family that infects exe files and hides its presence to kill processes, steal data and perform other actions.

4 Ramnit -- Infects EXE, DLL and HTML files. Variants may also drop a file that tries to download more malware from a remote server.

5 Autorun -- A family of worms that spread mostly via infected removables and hard drives, and can perform harmful actions like stealing data and installing backdoors.

6 Majava -- A collection of exploits against Java vulnerabilities, a successful attack can, among other things, give the attacker total system control.

7 Rimecud -- A family of worms that spreads mostly via removable drives and instant messaging. Can install a backdoor that allows a remote attacker to access and control the system.

8 Anglerek -- A collection of exploits for multiple vulnerabilities. At worst can give the attacker total system control.

9 Wormlink -- Specifically-crafted shortcut icons used to exploit the critical CVE-2010-2568 vulnerability in Windows to gain system control.

10 Browlock -- A police-themed ransomware family that steals control of the users’ system, allegedly for possession of illegal materials then demands payment of a 'fine' to restore normal access.

Much more detail is available in the full report which can be downloaded from the F-Secure website.

Image Credit: underverse /Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/pMAXcoXN8Ek/
via IFTTT

Windows 10 Build 10061 -- buggy, but a huge leap in the right direction

I’ve been playing around with the latest build of Windows 10 Technical Preview that was released yesterday, and I have to say I’m liking what I’m see so far.

I have been critical of previous Windows 10 releases, opining that the OS wasn’t going to be what I was hoping for, and calling the previous build, 10049, dull, boring and bland. Fortunately, with Build 10061 Microsoft addresses a lot of my concerns and you can now see the operating system’s true potential. Here’s what I like about the new build.

The Start menu

It is finally resizable once more. As well as being able to toggle between Start menu and Start screen modes, as you could in the last few releases, you can now properly resize the menu by clicking and dragging on an edge. Pull on the upper edge and the menu will stretch upwards. It doesn’t quite reach to the top, so you can can’t have it like a sidebar, but it works well.

Pull it out to the side and the tiled panels automatically arrange themselves to fit. The menu’s transparency effect makes it all look very classy. You can toggle transparency off if you're not a fan, and customize the menu’s color scheme to suit your tastes.

It’s a marked improvement all round, although I’ve experienced some weird bugs whereby the Start menu sometimes won’t appear when you click the Start button. Signing out and back in again seems to fix the issue.

Dark Theme

The light theme, which looked awful and boring in the last build, has been replaced by the dark theme which looks much, much classier. You’ll be able to switch between light and dark themes in the finished build but you can’t do so at the moment. Some of the apps included in this build (including Settings) still use the light theme, which looks odd, but Microsoft's "housekeeping" should fix that soon.

The Icons

The childlike recycle bin has been replaced with a square, familiar, and much better icon. It’s the sort of icon you could happily leave on your desktop now and not try and cover up with small windows, unlike the previous bin. You honestly have to wonder if Microsoft made some of the changes in earlier builds just to upset users. Make the OS look so bad that when it fixes the problems everyone’s much happier. But the company couldn’t be that devious, right?

New Apps

There are new Mail and Calendar apps in the latest build, both of which have a new UI that matches the new universal Office apps. The layout changes as you resize the apps, and they look great. There’s also a new People app which looks like it might be good, but as it only stays visible for a few seconds before crashing it’s hard to say for certain.

Task View

Virtual desktops is a feature I’m looking forward to in Windows 10, even though I have three screens attached to my main PC. It will be handy for keeping thing organized, and it will be really useful on my laptop. The new build allows for unlimited workspaces, and also makes some cosmetic improvements. You can customize its behavior in Settings -- choose whether the taskbar should show windows that are open in all desktops, or just the one you’re currently in and using.

There are of course other changes in the new build, including improvements to Tablet mode, but those are the standouts for me. I’m really liking the new version, and it does give me hope for the finished release, although given the vast amount of quite nasty bugs in this build (expected in a Fast ring release), it seems incredibly unlikely Microsoft will have got everything tidied up and ready for that rumored July launch.

What’s your view on the new build?

from BetaNews http://feeds.betanews.com/~r/bn/~3/nfpN_-lZXpE/
via IFTTT

Windows 10 Build 10061 -- a buggy, but huge leap in the right direction

I’ve been playing around with the latest build of Windows 10 Technical Preview that was released yesterday, and I have to say I’m liking what I’m see so far.

I have been critical of previous Windows 10 releases, opining that the OS wasn’t going to be what I was hoping for, and calling the previous build, 10049, dull, boring and bland. Fortunately, with Build 10061 Microsoft addresses a lot of my concerns and you can now see the operating system’s true potential. Here’s what I like about the new build.

The Start menu

It is finally resizable once more. As well as being able to toggle between Start menu and Start screen modes, as you could in the last few releases, you can now properly resize the menu by clicking and dragging on an edge. Pull on the upper edge and the menu will stretch upwards. It doesn’t quite reach to the top, so you can can’t have it like a sidebar, but it works well.

Pull it out to the side and the tiled panels automatically arrange themselves to fit. The menu’s transparency effect makes it all look very classy. You can toggle transparency off if you're not a fan, and customize the menu’s color scheme to suit your tastes.

It’s a marked improvement all round, although I’ve experienced some weird bugs whereby the Start menu sometimes won’t appear when you click the Start button. Signing out and back in again seems to fix the issue.

Dark Theme

The light theme, which looked awful and boring in the last build, has been replaced by the dark theme which looks much, much classier. You’ll be able to switch between light and dark themes in the finished build but you can’t do so at the moment. Some of the apps included in this build (including Settings) still use the light theme, which looks odd, but Microsoft's "housekeeping" should fix that soon.

The Icons

The childlike recycle bin has been replaced with a square, familiar, and much better icon. It’s the sort of icon you could happily leave on your desktop now and not try and cover up with small windows, unlike the previous bin. You honestly have to wonder if Microsoft made some of the changes in earlier builds just to upset users. Make the OS look so bad that when it fixes the problems everyone’s much happier. But the company couldn’t be that devious, right?

New Apps

There are new Mail and Calendar apps in the latest build, both of which have a new UI that matches the new universal Office apps. The layout changes as you resize the apps, and they look great. There’s also a new People app which looks like it might be good, but as it only stays visible for a few seconds before crashing it’s hard to say for certain.

Task View

Virtual desktops is a feature I’m looking forward to in Windows 10, even though I have three screens attached to my main PC. It will be handy for keeping thing organized, and it will be really useful on my laptop. The new build allows for unlimited workspaces, and also makes some cosmetic improvements. You can customize its behavior in Settings -- choose whether the taskbar should show windows that are open in all desktops, or just the one you’re currently in and using.

There are of course other changes in the new build, including improvements to Tablet mode, but those are the standouts for me. I’m really liking the new version, and it does give me hope for the finished release, although given the vast amount of quite nasty bugs in this build (expected in a Fast ring release), it seems incredibly unlikely Microsoft will have got everything tidied up and ready for that rumored July launch.

What’s your view on the new build?

from BetaNews http://feeds.betanews.com/~r/bn/~3/QJUxZXPndnA/
via IFTTT

Confirmed: An Android 5.0 and Windows 10 dual-boot capable smartphone with 2K display to launch in June

Confirmed: An Android 5.0 and Windows 10 dual-boot capable smartphone with 2K display to launch in June

April 23, 2015 • By Manish Singh

Share Tweet + 1 Mail

Chinese smartphone manufacturer Elephone is working on a feature-rich flagship smartphone which will ship in two variants — one running on Android 5.0 Lollipop, and the other one offering dual-boot capability with Windows 10 for phones, the company confirms to BetaNews. The Android counterpart will launch next month while the dual-boot capable phone will launch in June.

Windows Phone enthusiasts will be pleased to know that the upcoming smartphone will carry high-end hardware modules. As reported by Chinese tech portal GizChina — and confirmed to us by the company — the smartphone will feature a 5.5-inch 2K display. As of now, there is no flagship smartphone with 2K display running Windows OS. Other features of the handset include a mammoth 4GB RAM, and the touch ID fingerprint security. On the camera front, the smartphone will carry a 21-megapixel Sony IMX 230 shooter at the rear end. The dual-boot version will have a 20.7-megapixel sensor.

As for the processor, the Android 5.0 Lollipop variant will be powered a 64-bit capable Mediatek chipset while the dual-OS capable version will pack in a quad-core Intel chipset. Both the variants will ship with more than 3,800mAh battery, according to slide shows obtained by Neowin.

The smartphone was recently demonstrated at a trade show event in Hong Kong. We’ve asked the company for more details and will update the post when we hear from them.

Are you excited about the dual-boot capable version of the phone? Do you think this will help Microsoft attract more users towards its mobile operating system?

from BetaNews http://feeds.betanews.com/~r/bn/~3/iBd4E7nsGiE/
via IFTTT

BlackBerry unveils CHACE, a new Internet of Things security initiative

BlackBerry has announced the launch of a new initiative called the BlackBerry Center for High Assurance Computing Excellence, or CHACE for short, which aims to further bolster security in the Internet of Things age.

The idea of CHACE is to reverse the current fail-then-patch approach to security, BlackBerry notes, with the development of security tools that offer a far better level of security protection than is now available -- a proactive approach to vulnerability prevention which is far more cost effective.

Bob Egan, CEO, Sepharim Research Group, commented: "As the number of connected devices multiplies, so do the threats to security and privacy. Organizations need to rethink the way they approach security and transition from a reactive posture to one that is proactive and promises the greatest defense against sophisticated cyber-attackers".

In a press statement, BlackBerry further commented that it has a "long history in high assurance techniques" in the security world, including deep vulnerability analysis and extremely thorough automated testing, all of which expertise will be applied when it comes to CHACE’s vulnerability prevention mission. CHACE promises a "nation-state level sophistication" in terms of vulnerability assessment, and the likes of ethical hacking.

David Kleidermacher, Chief Security Officer, BlackBerry, commented: "There’s a belief that the key to the world’s security issues is to patch faster, but this hamster wheel fails to address the root issue. Systems that require regular patching always contain vulnerabilities unknown to developers, and some of these vulnerabilities are in fact known by would-be attackers. It’s clear we must build systems that are provably devoid of security flaws. The software and security engineering required to meet this objective is sadly rare today and must become commonplace. CHACE is BlackBerry’s initiative towards this goal, and we welcome all who wish to join the fight".

A number of leading organizations are already supporting the CHACE initiative, BlackBerry contends, and key partners will include industry groups and academic institutions among others.

Those interested in joining up with CHACE should check out this web page.

Photo credit: Olivier Le Moal / Shutterstock

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

from BetaNews http://feeds.betanews.com/~r/bn/~3/HB6S_aGad8g/
via IFTTT

Google Project Fi is calling -- will you answer?

The waiting begins. This afternoon I asked the great Google god to bless me with an invite. If my homage is accepted, someday soon I can pay for the privilege of using the company's new piggyback cellular phone service. The thing is so exclusive, only one smartphone is supported. It's Nexus 6, or nothing, baby. I own one, so happens.

Project Fi switches between Sprint and T-Mobile cellular networks for core connectivity alongside wireless hotspots. That's why I call it a piggyback service; Google is not building out its own infrastructure. Fi is contextually conceived and consumed. Nexus 6 switches networks based on location and availability. Your phone number traverses devices, providing access on laptops and tablets, too. Context is what differentiates this service from every other.

The concept extends to data. Google charges for what you consume, no more. Initially, data is available in 1GB blocks for $10 each. You start by choosing an expected monthly amount. Use more, and Google gives you more. Use less, and the difference is credited. In other words, you don't pay for what you don't use.

Basic service costs $20 a month, for "unlimited  domestic talk and text", "unlimited international texts"; "low-cost international calls"; "WiFi tethering"; and "coverage in 120+ countries". So, if in a month you call within the United States and sign up for 2GB data, you pay $40 minus the credit for leftover data.

Data fees are consistent everywhere, but speed isn't. Stateside, subscribers can expect 4G and LTE speeds, without throttling. Internationally, they get 256kbps, but keep the same $10 per gigabyte fee. That's a bargain. For example, Verizon data roaming costs an additional $25 per month per line with 100MB limit. There is a pay-as-you-go option that works out to $20.48/MB.

International calling rates vary depending on method, location, and calling destination. The flat-rate for cellular roaming calls is 20 cents per minute. WiFi calling costs less, but varies depending from where to where.

Google doesn't charge extra to set up phones as WiFi hotspots, so, yes, you can tether. Data consumed over WiFi does not count against your allotment.

Contextual network roaming might make some people worry about security. Your phone will switch from cellular to "WiFi networks that do not require any action to get connected (such as, enter a password, watch an ad, or check-in). We use a network quality database to help determine which networks are high quality and reliable". Google uses VPN to protect data and calls over open hotspots.

There is no annual contract, but there could be obligation for the smartphone. Customers can bring there own Nexus 6 or buy own from Google. Either of two ways: Full price (32GB, $649; 64GB, $699) or 24 monthly payments (32GB, $27.04; 64GB, $29.12). Only the Midnight Blue color is available.

Project Fi reveals alternative purpose behind Nexus 6's design. The smartphone is the first in the series that qualifies as a global phone, by supporting CDMA and GSM networks. For Americans using Sprint or Verizon that's a benefit. But the capability also enables the network-hoping Google uses for its own service.

I plan to sign up for the service's invite-only Early Access Program, assuming Google god blesses my request. I will port my number to the service, which at this stage is only available to individuals. There are no family plans. We are BetaNews, and what's more beta than this, eh?

from BetaNews http://feeds.betanews.com/~r/bn/~3/M8uFFjIme10/
via IFTTT

Microsoft releases Windows 10 Technical Preview Build 10061 -- get it now

While Windows 8 was a very polarizing operating system, Windows 10 is much less so. In fact, many users testing the operating system under the Technical Preview program find it to be wonderful. Quite frankly, I think when the dust settles, it will be the best version of Windows ever.

Today, Microsoft releases yet another Windows 10 build under the preview program -- 10061. While the foundation and style is very much the same, there are some new features and apps to be found. Unfortunately, this release also has some significant bugs. Still, if you are committed to the preview program, you should not hesitate to jump head-first into 10061.

"This build introduces the new black system theme across the Start menu, Taskbar, and Action Center. The Start menu and Taskbar now have transparency and you can also resize the Start menu. We’ve also enabled support for AutoColor which pulls the primary color from your desktop background. In the Settings app under Personalization, you can adjust the color of Start, Taskbar, and Action Center as well as transparency. Check these settings out and let us know what you think. And based on your feedback, we have moved the power button to the bottom left from the top right of the Start menu to make it more accessible", says Gabe Aul, General Manager OSG Data and Fundamentals team, Microsoft.

Aul gives details about the tablet experience by saying, "the Taskbar is now more optimized for tablets. Entering Tablet Mode causes the Start button, Cortana, and the Task View buttons to all grow in size and space out to be more touchable. Items in the Notification area also widen to improve touchability. Also, pinned and running apps are removed by default to reduce clutter and simplify the experience. Start and Task View remain available for launching and switching. If you still prefer to see apps on your taskbar, there is an option under Tablet Mode in Settings to turn them back on. We also now offer a setting to boot directly into Tablet Mode. For tablets under 10 inches, this is the default behavior".

For many owners people of small-screen devices -- including myself -- it has felt like Microsoft has been neglecting the tablet experience. To be honest, previous builds have been a disaster on my 8 inch Dell. Thankfully these tablet-focused enhancements should make things much better. Booting directly into tablet mode should have been a no-brainer. It is strange that it is only being implemented now, but I'll gladly take it.

If you are a fan of the native Mail and Calendar apps (I am), you are in for a treat. Both are getting significant updates with new features. Experienced email users will appreciate the three-pane interface, bringing the app more in line with a professional-grade client. Mail even learns some new swipe gestures, making organizing and sorting more intuitive. Unfortunately, Mail and Calendar also contain some nasty bugs, but more on that later.

One of the biggest additions to Windows 10 is virtual desktops, something you may also know as work spaces. Linus users have been enjoying this functionality for a long time, but Microsoft is better late than never, I suppose. This build removes the limitations on the number of virtual desktops a user can run at once. Yes, it is now unlimited; go nuts, y'all!

Microsoft has squashed some bugs too. The company shares the following fixes.

• We have fixed have fixed the issue where Indexing of new email in Outlook was not working.
• We have fixed the issue with Hyper-V preventing you from enabling it.
• Visual Studio will no longer crash when creating a new Universal app project.
• We fixed a few issues in Project Spartan. You can now double-click on the titlebar to maximize. We have also made some tweaks to the alignment of the Favorites Bar so that the text and icons no longer appear partially below the bottom of the Favorites Bar.

Unfortunately, the known issues outnumber the fixes -- d'oh!

• We know this one will be a bit painful but there is a bug with this build in which Win32 (desktop) apps won't launch from the Start menu. The workaround is to use search to find and launch these apps and pin them to your taskbar for quick access.
• The Windows Store Beta (grey tile) and Project Spartan get unpinned after upgrading. You can re-pin them to your Taskbar from All apps on your Start menu.
• The version of the Mail and Calendar apps included in this build (17.4008.42281.0) have a known issue that causes every typed letter to appear twice. Which might be funny if it weren't so irritating. We have fixed this issue with updated versions of the apps (17.4016.42291.0) available in the Windows Store Beta (grey tile). If you don’t open the Mail and Calendar apps within the first 15 minutes after logging in to your device for the first time after upgrading and your device is connected to the Internet, the apps should update automatically. You can also go into the Store Beta and check for updates manually at any time.
• Cortana will highlight things it will be able to help users with, but some of these features are not yet implemented and we are working to deliver them soon.
• There is a known issue where you might see a black screen with only your mouse cursor during login/logout. We have a fix for this coming via WU.
• Downloading music in the Xbox Music and Music Preview apps is currently broken. We also have a fix for this coming via WU.
• When you minimize an app playing audio, it may stop playing once its minimized.
• In Project Spartan, no selection highlight appears when selecting text in the address box. You can right click in the address box to cut/copy/paste and it will work as expected. We also have a fix for this coming via WU.
• Magnifier does not work when you put it into docked mode. We will also have a fix for this coming via WU.

Goodness gracious, Microsoft -- these are some very significant issues! Every letter typed in Mail will show twice in emails? That doesn't sound ready for release, even in a preview program. While the Win32 app issue is annoying, the workaround is reasonable. Gee whiz...

To upgrade to Build 10061, all you must do is be on the Fast Ring and check for updates. With that said, I can understand your hesitation in doing so with the above issues. Still, the point of the preview program is to both test the OS and find bugs. If you are scared of issues, you shouldn't be in the Technical Preview program -- true story.

Tell me how you like the new build in the comments.

Photo Credit: Matt Antonino/Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/AJlVI5oAcd8/
via IFTTT

Groupon refuses to pay security expert who found serious XSS site bugs

Bounty programs benefit everyone. Companies like Microsoft get help from security experts, customers gain improved security, and those who discover and report vulnerabilities reap the rewards financially. Or at least that's how things are supposed to work.

Having reported a series of security problems to discount and deal site Groupon, security researcher Brute Logic from XSSposed.org was expecting a pay-out -- but the site refuses to stump up the cash. In all, Brute Logic reported more than 30 security issues with Groupon's site, but the company cites its Responsible Disclosure policy as the reason for not handing over the cash.

The story starts a few days ago when Brute Logic discovered 32 XSS (cross-site scripting) issues affecting Groupon. He says they were particularly serious as they existed at the root of the site and could be easily exploited with a malicious URL. Brute Logic says that the security issue is all the more serious because Groupon stores credit card details, and it would be incredibly easy to craft a spoof Groupon-related URL to trick victims into visiting a fake site.

On April 17 he contacted Groupon to report the problems and heard back almost immediately with a note saying that the company would investigate and report back shortly. The security team then got back saying that it has managed to isolate the issue and would be back in touch once a patch has been produced.

Brute Logic enquired about the level of financial reward that might be offered, and Groupon responded by saying that the bounty was calculated on a case by case basis, promising to "circle back" with details of what could be offered in this instance.

As a contributor to XSSposed.org Brute Logic spoke with people at the site and a reference to one of the security issues ended up being published. This only appeared online for a few moments, and was removed after it was realized it has been published in error. But Groupon is using this as a reason for refusing to pay out.

Groupon's Bug Bounty Program terms say:

We value your input. When properly notified of a security issue we are committed to working with you to understand and remediate verified problems. If you believe you find an issue on our site, we encourage you to report it to us in a private and responsible way. In order to encourage this, we have established a reward program which will pay a bounty for verifiable security issues reported to us through the proper channel.

Brute Logic argues that that an additional 30 problems still existed and very scant details of the security flaw were published for only a very short time. In a further email, Groupon said:

Unfortunately we won't be able to offer you a bounty for this submission. In the future we ask that you respect our responsible disclosure policy and not publicly disclose the vulnerability without properly notification. We noticed that you submitted the vulnerability to xssposed.org.

Understandably Brute Logic is not happy, as his tweets make clear:

He also points out that another company, Sucuri Security, was happy to pay out even after a tweet revealed some details of a security flaw in their product.

Does Groupon's decision seem fair to you, or does it smack of wriggling out of making a payment on a technicality?

Photo credit: Ken Wolter / Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/zFd5dXUuArk/
via IFTTT

Bag yourself $15,000 as an Azure or Project Spartan bounty hunter

It's not unknown for technology companies to run bounty programs that reward bug hunters for unearthing problems with software. Discover a security vulnerability and you could be in line for a nice cash bonus. Microsoft just one latest firm to run such a program, and today the Microsoft Bounty Program is being expanded -- with a particular focus on Azure and Project Spartan.

Microsoft has already been asking for feedback about Windows 10 Technical Preview, but this is the first time a financial reward has been offered for pointing out security issues with any of its components. The maximum pay-out has been increased to $15,000 USD, so there's more incentive than ever to seek out problems and report them to Microsoft.

As well as Project Spartan and Azure, the bounty program is also opening up to Sway.com. While the online idea-sharing tool and the Azure cloud platform are sure to gain a good deal of attention, the fact that the Internet Explorer replacement is included is especially interesting. This is more than just looking for feedback in the usual sense of the Technical Preview for Windows 10, and it makes it clear just how important Microsoft views Project Spartan.

Announcing the bounty program expansion Microsoft refers to its newest browser as "the onramp to the internet for millions of users" and says that, this time around, security is a top priority. The Spartan bounty program is only running from April 22 to June 22, so you have two months to track down issues. The more severe the bug, the higher the pay-out, and Microsoft also says that the bounties "are tiered by the criticality of the issue reported, as well as the quality of the documentation and how reproducible the issue is".

Photo credit: NLshop / Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/Sz_SeMQ-dVA/
via IFTTT

Facebook Hello tells you who's calling before you pick up

It's easily forgotten with the number of apps available, but mobile phones are primarily designed for making calls on the move -- whodda thunk it? When you receive a call you'll usually see the number of the caller, but this may not be helpful in identifying them before you decide whether to pick up. Facebook's answer to this problem is Hello.

This new app comes from the Facebook Messenger team and aims to tell you more about the person getting in touch with you even if you don’t have their number saved in your address book. Currently available for Android, the dialer app also allows for the blocking of calls from individuals.

Facebook Hello brings free calling and messaging through Messenger, but it is the call management features that Facebook is really pushing. By pulling in information from Facebook users, the app is able to display the caller's number and there's even a built-in spam-filtering feature. If a particular number has been blocked by a lot of other users, it will be automatically blocked for you as well.

The app integrates with Facebook, so you can use it to search for people and businesses. To allay privacy fears, Facebook points out that Hello only has access to information which has been made publicly available on the social network -- perhaps serving as a timely reminder to check your privacy settings.

The video below shows Hello in action -- you can grab a copy of the app from Google Play.

from BetaNews http://feeds.betanews.com/~r/bn/~3/4KV5ThG3gcM/
via IFTTT

Ubuntu Linux 15.04 Vivid Vervet is here

Today is Wednesday, aka "Hump Day". The middle of the work week can be quite the miserable day. If you are stuck in a soul-sucking corporate job, it means you still have a long way to go before the weekend brings sweet release.

Don't worry, people, I have good news; this is a very special Wednesday. Why? One of the world's best Linux-based operating systems, Ubuntu, sees a stable and final release of 15.04, codenamed Vivid Vervet (it's a type of monkey). At the end of today's work day, you can hopefully go home and try out the latest version of the popular Linux distribution -- once the download links go live, that is.

"Today Ubuntu 15.04, codenamed Vivid Vervet, is released with a host of new features for clouds and servers. 15.04 comes a full year since the last Long Term Support (LTS) release and a year before the next LTS so represents a milestone in which we bring in and start to settle down features we want to have in 16.04. At Canonical, we see 15.04 as being all about containers. And OpenStack. And containers on OpenStack", says Canonical.

The company also says, "Ubuntu is the favorite environment for Linux developers, celebrated in products such as the Dell XPS 13 Developer Edition. This release introduces new tools for cloud and IoT development as well as making the desktop more productive with integrated menus and dashboard usability improvements".

I have been testing pre-release versions of Ubuntu 15.04 on the wonderful System76 Meerkat (review coming soon) with great results. The operating system is extremely stable and Unity is getting better all the time.

With that said, for workstation users, it is once again a boring release. Quit frankly, boring is a positive here, as Canonical does not need to reinvent the wheel with every update. Change for the sake of change can upset the core group of users. Hell, just look at Microsoft with Windows 8!

Ubuntu 15.04 ships with Linux Kernel 3.19, and not the fresh 4.0. While users can build and install 4.0 themselves, there really is no urgent need to do so. As you can see in the image below, I was successful in implementing 4.0 on Vivid Vervet, but it was not necessary.

If you are an existing Ubuntu user, there is no reason not to upgrade; the new version is wonderful, as long as you do not expect anything other than an evolutionary experience. If you are curious about Linux and want to try a distro for the first time, Vivid Vervet is a great place to start.

Download links are not yet live, but we will add them below once they are. Check back later this evening or early tomorrow morning.

Photo Credit: Pal Teravagimov/Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/GD8iSq9LXBI/
via IFTTT

Anonymous, LulzSec, Guardians of Peace... A guide to the most notorious hacking groups

In 2015, the number of cyber-attacks and data breaches being reported by companies and governments across the world does not appear to be decreasing. Many high profile attacks have taken place in the past year alone. As a result of government investigations into cyber-attacks, it was discovered that many of these attacks are not the work of a single criminal acting alone.

In fact, organized hacking groups are increasingly responsible for these incidents. As time goes on, the data breaches and attacks are becoming more devastating and authorities are looking to see who is behind these events in order to stop these groups from organizing further. As the world becomes more technologically integrated, cyber-attacks pose issues of national security that need to be addressed.

LulzSec

This group, also known as Lulz Security, was formed in May of 2011 and has since claimed responsible for several major cyber-attacks including a data breach at Sony Pictures in 2011. The group also claimed responsibility for taking down the CIA website of the US government. LulzSec gained notoriety because of the sarcastic messages often left by the group following an attack.

LulzSec was partially taken down in March of 2012 with the arrests of teenage members known as T-flow and Topiary. The group has emerged once again after launching Operation AntiSec, which is a joint-effort between LulzSec, Anonymous and other internet hackers.

Guardians of Peace

The group Guardians of Peace rose to the forefront after claiming responsibility for November 2014’s devastating cyber-attack on Sony Pictures. The data that was released by the breach included the personal information of the individuals in the company and a series of shocking emails that ultimately lead to employee turnovers in the company. In addition, the Guardians of Peace group then mocked the FBI’s investigation with an online message calling the FBI, "idiots".

The United States government denied that the group was responsible and officially blamed North Korea for the attacks. To date, North Korea has denied the claims and has offered to create a joint-force task with the United States government in order to determine the source of the attack.

Anonymous

Anonymous is a group is made of up a network of hacktivist entities. Originally organized on the site 4chan back in 2003, Anonymous became known for DDoS attacks and publicity stunts aimed at government, corporate and religious websites.

Initially, the group began its cyber-attack activities with a project known as Project Chanology that was designed to target the Church of Scientology. Later, the group moved on to attacking several companies in the United States, including as PayPal, Visa and Sony. The group has also gained notoriety from individuals wearing Guy Fawkes masks during public demonstrations in order to show allegiance to the group.

State-Sponsored Hackers

The rise of online hacking groups is not only limited to groups of individuals online. In fact, the number of state-sponsored hacker groups is on the rise with countries such as the United States, Russia and China all being accused of hacking other countries government systems.

Healthcare Data Breach

Most recently in February of 2015, investigators at Anthem Inc. obtained evidence that indicated that Chinese state-sponsored hackers were stealing personal information from health-care companies. The breach resulted in the exposition of Social Security numbers and other data related to the accounts of over 80 million customers. It has been named as one of the largest thefts of medical-related customer data in US history.

Cyber Security a Major Issue

While only a few of the most notorious groups have been featured in the national news, cyber-attacks by hacking groups has become an increasingly difficult issue to address with governments and companies around the world searching for solutions.

Photo credit: Vincent Diamante

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

from BetaNews http://feeds.betanews.com/~r/bn/~3/ZAr2htsNA40/
via IFTTT

Microsoft confirms Windows 10 universal apps will work on HoloLens

Microsoft has launched a question and answer section for Windows Holographic and the HoloLens headset, sent in an email to Windows 10 'Insiders' currently testing the new updates to the operating system.

The FAQ answers ten of the most popular questions on HoloLens, before Microsoft’s annual BUILD conference on April 29th to May 1st. Amongst the answers, Microsoft details that HoloLens will be able to run Windows 10 universal apps.

The universal apps will run on Windows 10 desktop, tablet and mobile. It is also suspected Xbox One will run universal apps, although that has not been confirmed by Microsoft.

This means universal apps may go beyond the current format of coding, allowing Microsoft to implement the app on an augmented display. The display will pop up in front of the user, like a floating object in real life, allowing a whole new user interface without any physical representation.

Microsoft will launch an entire API for developers that want to dig deeper into the world of AR. HoloLens will be the first headset, but we expect Microsoft will launch Windows Holographic to all manufacturers and OEM partners, similar to Windows 10 and Phone.

HoloLens is not the first AR headset, with Google Glass and several Kickstarter projects trying to implement AR in the real world. HoloLens does take a different look at AR, instead of being a social or navigational tool, it builds a home theater for users, allowing users to play games, watch videos and message people on Skype.

It is expected to launch late this year or early next year, although Microsoft has not set an exact date. We will likely hear more about the whole AR platform at BUILD, where Microsoft will also detail the price of Windows 10 and how it intends to integrate apps into mobile and tablet interfaces.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

from BetaNews http://feeds.betanews.com/~r/bn/~3/arRI2QmFTXo/
via IFTTT

Office 365 Video begins its worldwide rollout

Back in November we told you about Office 365 Video, although at the time it was only available for First Release customers. The service, if you recall, brings video sharing to the enterprise, allowing customers to manage and post, as well as making it available across all devices -- PC, tablet and phone. Microsoft also claims that it will be automatically optimized for each device.

Now the service is rolling out worldwide, so everyone can begin putting it to use for training videos, company messages and the like. Microsoft's Claire Tutill states that "Video is fast becoming one of the most powerful forms of communication, so this is a very exciting development for Office 365 users".

Both enterprises and schools are assured of a secure connection, or at least that's the claim. Tutill promises that it's "very easy to set the permissions for the home page leveraging the same Active Directory powering authentication in all areas of Office 365. This enables admins to manage permissions for each channel. Channels are easy to create and assign delegated owner(s) -- or channel managers -- who can then manage their own content and specific set of permissions".

The company also states that this is just the first of its "NextGen Portals" and that more will be on the way to help change how people collaborate and work.

Unsurprisingly, the service is being powered by Microsoft Azure and will also be leveraging Yammer, another company property. It makes uploading as simple as "drag-and-drop" and supports multiple file types.

To find out more you can watch the preview video posted below.

Photo credit: Monkey Business Images/Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/9mAl9KXPWu8/
via IFTTT

Cybercrime gets smarter and more complex

There are 85,000 new malicious IPs launched every day and the top phishing targets are technology companies and financial institutions.

These are among the findings of a new report from threat intelligence and security company Webroot. The Webroot 2015 Threat Brief provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners.

The report finds that the United States accounts for 31 percent of malicious IP addresses, followed by China with 23 percent and Russia with 10 percent. Overall, half of malicious IP addresses are based in Asia.

It shows a 30 percent chance of Internet users falling for a zero-day phishing attack in the course of a year, and indicate a more than 50 percent increase in phishing activity in December 2014, most likely due to the holiday season.

On average, there are nearly 900 phishing attempts detected per financial institution, but over 9,000 attempts detected per technology company. The top five technology companies impersonated by phishing sites are: Google, Apple, Yahoo, Facebook and Dropbox. Looked at by country, the US is by far the largest host of phishing sites, with over 75percent being within its borders.

Looking at mobile systems the report finds that, on average, only 28 percent of apps on the Android platform were trustworthy or benign, a drop from 52 percent in 2013. Almost half were rated were moderate or suspicious, and over 22 percent were unwanted or malicious. Trojans make up the vast majority of malicious threats, averaging 77 percent for 2014.

"Webroot has seen a continued rise in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm," says Hal Lonas, chief technology officer at Webroot. "With more breaches at major retailers, financial institutions and technology companies in the headlines and scores of other, smaller breaches in 2014, the trend shows no signs of slowing down. The Webroot 2015 Threat Brief highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks".

2014 has also seen more sophisticated techniques being used to attack PCs. These include the Poweliks registry exploit which doesn't require extra components to deliver infections like ransomware. Webroot also discovered five new families of potentially unwanted application, each demonstrating new social engineering techniques and complexity.

The full report is available as a PDF from the Webroot site and there's a summary of the findings in infographic form below.

Photo Credit: ra2studio / Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/NeEWa6Bf4M0/
via IFTTT

iOS 8 vulnerability can send iPhones, iPads into reboot loop

At the 2015 RSA Conference, security researchers from Skycure showcased a new iOS 8 vulnerability which, if properly exploited, can send iPhones and iPads connected to a malicious hotspot into a reboot loop. The vulnerability affects both the operating system as well as apps which use SSL to communicate.

All that an attacker has to do to exploit the vulnerability is to set up a router in a "specific configuration", and allow anyone to connect (basically make it an open hotspot). The iOS 8 devices that connect will be affected, without the attacker having to have access to them.

Based on the information provided by Skycure, this vulnerability seems to have been discovered by mistake. "One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app. After a few moments, other people started to notice crashes. Pretty quickly, we realized that only iOS users were suffering from crashes".

Skycure isn't saying exactly what an interested party has to do to exploit this vulnerability, as it is not yet confirmed as fixed by Apple. However, the security firm says that attackers would have to generate a custom SSL certificate and create a script, the latter of which likely has to be loaded on the router.

Skycure notes that this vulnerability is pretty serious, as using SSL is recommended practice, and employed by most iOS apps. Attackers could exploit this vulnerability to instrument a massive DoS (Denial of Service) attack, which can "lead to big losses". Just imagine what might happen if routers inside a major corporation are compromised and used for such an attack.

Apple has been notified, and is likely working to fix this vulnerability. Because it is not yet confirmed as fixed, as I said earlier, Skycure isn't telling us everything about the vulnerability. In case iOS 8 users see apps crashing, they should disconnect from the hotspot they are using (by hitting the Forget This Network button in the hotspot's settings, found in Settings -- Wi-Fi).

If the device is in the reboot loop, disconnecting from the hotspot might not be easy to do. In this case, simply going out of its range might allow users to have easy access to their device's Settings menu. They can also disable Wi-Fi, just to be sure their device won't reconnect.

Installing iOS 8.3 is also a good idea, as Skycure notes that it might have neutralized part of the threat. And, of course, users can (and should) also steer clear of public/free hotspots, which are generally insecure. Personally, I avoid them like the plague.

Photo credit: Bloomua / Shutterstock

from BetaNews http://feeds.betanews.com/~r/bn/~3/QJtKDDMvq-A/
via IFTTT