Microsoft offers better margins to lure Apple, Google devs
Microsoft will offer application developers a bigger share of sales on the Microsoft Store in an attempt to lure them away from Apple and Google’s rival platforms.
The vendor announced a new fee structure for the Microsoft Store which will give devs 95 percent of revenue from consumer applications sold on the online marketplace, excluding games.
a jump from the current pricing structure, which gives 70 percent of sales to developers.
It does not include applications sold on Xbox One.
Apple and Google both still offer 70 percent of sales to developers, or 85 percent if a customer has subscribed to the app for more than a year.
JASON
https://www.cnet.com/news/firefox-moves-browsers-into-the-post-password-future-with-webauthn/
With Mozilla’s release of Firefox 60 on Wednesday, web browsers will start letting you log into websites without a password — an important change in authentication technology that could help curtail costly phishing attacks.
Firefox 60 supports technology called Web Authentication, or WebAuthn for short, that can be used to grant you access to websites with a physical authentication device like a YubiKey dongle, biometric identity proof using an Android phone’s fingerprint reader or the iPhone’s Face ID, and some other alternatives to passwords.
One WebAuthn fan is data-sync service Dropbox.
“As a user, you’ll enjoy much stronger sign in security on more browsers,” Dropbox programmer Brad Girardeau said in a blog post Tuesday. “You can feel confident when signing in that it’s really us, and we can be confident it’s really you.”
Mozilla boasts that Firefox is the first browser out of the gate to support WebAuthn, but it’s coming to Google’s Chrome — the next version, due this month — and Microsoft’s Edge, too.
=============
For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report:
Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn’t provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability “critical” and urged websites to patch it as soon as possible.
============
Ticketmaster’s parent company, Live Nation, has announced that they have teamed up with and invested in a face recognition company called Blink Identity. The ticket sales giant may have plans to scan your face instead of a ticket to grant you access to a venue. Engadget reports:
In its first quarter financial report (PDF), Live Nation has explained that Blink has “cutting-edge facial recognition technology, enabling you to associate your digital ticket with your image, then just walk into the show.” According to Blink’s website, its system can register an image of your face as soon as you walk past a sensor. Blink’s technology can then match it against a large database in half a second — in a blink, so to speak. It’s also apparently powerful enough that you don’t even have to slow down for its system to recognize you: Just walk normally, and if the technology gets a match, it’ll automatically open doors or turnstiles to let you in.
=======
Nearly a half-million pacemakers are up for a firmware update to address potentially life-threatening vulnerabilities. Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices — a.k.a., pacemakers. About 465,000 patients are affected. The update will strengthen the devices’ protection against unauthorized access, as the provider said in a statement on its website: “It is intended to prevent anyone other than your doctor from changing your device settings.”
The update comes after 2016 claims by researchers that the then-St. Jude’s cardiac implant ecosystem was rife with cybersecurity flaws that could result in “catastrophic results.”
=====
Twitter is urging its more than 330 million users to change their passwords after a glitch exposed some in plain text on its internal computer network. Reuters is first to report the news:
The social network said an internal investigation had found no indication passwords were stolen or misused by insiders, but that it urged all users to consider changing their passwords “out of an abundance of caution.” The blog did not say how many passwords were affected.
Here’s what Twitter has to say about the bug: “We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard. Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
The social networking service is asking users to change their password “on all services where you’ve used this password.”
https://techcrunch.com/2018/05/08/ios-will-soon-disable-usb-connection-if-left-locked-for-a-week/