2021-12-17 09:41:00       Slashdot
An anonymous reader shares a report: Microsoft started shifting options from the Control Panel to the Settings app in Windows 8. The company has gradually moved settings away from the Control Panel since then. Quite a few options migrated over with the rollout of Windows 11, but a recent Insider build of Windows 11 moved a small handful of settings to the Settings app. Microsoft outlined the changes in the release notes of Windows 11 build 22509, which came out on December 1, 2021. The moves garnered attention from several outlets over the last week: 1. We have moved the advanced sharing settings (such as Network discovery, File and printer sharing, and public folder sharing) to a new page in Settings app under Advanced Network Settings. 2. We`ve made some updates to the device specific pages under Printers and amp; Scanners in Settings to show more information about your printer or scanner directly in Settings when available. 3. Some of the entry points for network and devices settings in Control Panel will now redirect to the corresponding pages in Settings.\n \n\n \n

2021-12-16 16:25:00       Slashdot
Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password. From a report: The issue was fixed in Firefox 94, released last month, but was detailed in more depth this week by Mozilla developers. At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 in September 2018 (v1809 release), a feature that allows users to sync their local clipboard history to their Microsoft accounts. The feature is disabled by default, but once enabled, it allows users to access the cloud clipboard section by pressing the Windows+V shortcut. This grants users access to clipboard data from all devices, but the feature is also used for its clipboard history capabilities, allowing users to go through past items they copied or cut and re-paste the same data in new contexts, making it extremely useful for most IT workers. In a blog post on Wednesday, Mozilla said that they have now modified the Firefox browser so that usernames and passwords copied from the browser`s password section (about:logins) won`t be stored in the Windows Cloud Clipboard feature, but instead will be stored only locally, in a separate clipboard section.\n \n\n \n

2021-12-15 11:02:00       Slashdot
Microsoft is planning to make its Windows Terminal the default command line experience in Windows 11 next year. From a report: While Windows 11 currently supports setting Windows Terminal as default, the default terminal emulator has always been the Windows Console Host. Microsoft hasn`t ever officially supported replacing this console host, meaning that command prompt and PowerShell always open in Windows Console Host. `Over the course of 2022, we are planning to make Windows Terminal the default experience on Windows 11 devices,` explains Kayla Cinnamon, a program manager for Windows Terminal at Microsoft. `We will start with the Windows Insider Program and start moving through rings until we reach everyone on Windows 11.`\n \n\n \n

2021-12-09 09:45:45       Security Week
\n Mozilla this week released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities, including several bugs rated high severity . \n \n read more \n

2021-12-03 10:21:00       Slashdot
Microsoft is backtracking on changes it made to Windows 11 that made it more difficult to switch default browsers. From a report: A new test build of Windows 11 now allows users of Chrome, Firefox, and other browsers to set a default browser with a single button, which is a far simpler process. Rafael Rivera, developer of the excellent EarTrumpet Windows app, discovered the new Windows 11 changes earlier this week. Instead of having to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, Windows 11 now offers a simple button that lets people switch default browsers in a similar way to Windows 10. Microsoft has confirmed the changes are intentional and are currently being tested. `In the Windows 11 Insider Preview Build 22509 released to the Dev Channel on Wednesday, we streamlined the ability for a Windows Insider to set the `default browser` to apps that register for HTTP:, HTTPS:, .HTM, and .HTML,` explains Aaron Woodman, vice president of Windows marketing, in a statement to The Verge. `Through the Windows Insider Program you will continue to see us try new things based on customer feedback and testing.`\n \n\n \n

2021-12-02 09:41:00       Slashdot
Microsoft has never been a fan of Windows users downloading Chrome instead of using Edge, but the company has now stepped up its campaign to keep people using its built-in browser. From a report: Windows 10 and Windows 11 have both started displaying new prompts when people navigate to the Chrome download page, in an effort to discourage people from installing Google`s rival browser. These new prompts, spotted by Neowin, include messages like: `Microsoft Edge runs on the same technology as Chrome, with the added trust of Microsoft.` `That browser is so 2008! Do you know what`s new? Microsoft Edge.` ``I hate saving money,` said no one ever. Microsoft Edge is the best browser for online shopping.`\n \n\n \n

2021-11-23 19:45:00       Slashdot
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. BleepingComputer reports: As part of the November 2021 Patch Tuesday, Microsoft fixed a `Windows Installer Elevation of Privilege Vulnerability` vulnerability tracked as CVE-2021-41379. This vulnerability was discovered by security researcher Abdelhamid Naceri, who found a bypass to the patch and a more powerful new zero-day privilege elevation vulnerability after examining Microsoft`s fix. Yesterday, Naceri published a working proof-of-concept exploit for the new zero-day on GitHub, explaining that it works on all supported versions of Windows. `This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass,` explains Naceri in his writeup. `I have chosen to actually drop this variant as it is more powerful than the original one.` Furthermore, Naceri explained that while it is possible to configure group policies to prevent `Standard` users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway. BleepingComputer tested Naceri`s `InstallerFileTakeOver` exploit, and it only took a few seconds to gain SYSTEM privileges from a test account with `Standard` privileges, as demonstrated in [this video]. When BleepingComputer asked Naceri why he publicly disclosed the zero-day vulnerability, we were told he did it out of frustration over Microsoft`s decreasing payouts in their bug bounty program. A Microsoft spokesperson said in a statement: `We are aware of the disclosure and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must already have access and the ability to run code on a target victim`s machine.` Naceri recommends users wait for Microsoft to release a security patch, as attempting to patch the binary will likely break the installer.\n \n\n \n

2021-11-17 15:05:00       Slashdot
Z00L00K writes: From Schneier on Security I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it`s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it? (Not that `user error` is a good justification. Any system where making a simple mistake means that you`ve forever lost your privacy isn`t a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click `okay` once.) EDITED TO ADD: It`s actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled. Also from one comment:Ted November 17, 2021 8:29 AM It looks like Microsoft released some documentation on `Microsoft Edge -- Policies` for Enterprise on 11-9-21. It is only a 472 minute read, but there is some info on Forced Synching, for example: ForceSync Force synchronization of browser data and do not show the sync consent prompt\n \n\n \n

2021-11-16 20:25:00       Slashdot
Along with the release of Windows 10`s November 2021 update, Microsoft announced that it will no longer provide Windows 10 updates twice per year. Instead, it`s switching to a once-per-year schedule. As Ars Technica notes, `This is meant to sync Windows 10`s update schedule with Windows 11`s, which is also going to receive major feature updates once per year.` From the report: Microsoft hasn`t committed to the number of yearly updates it will provide for Windows 10, but the company will support `at least one version` of the OS until update support ends in October of 2025. Microsoft is promising 18 months of support for Windows 10 21H2, so it seems safe to assume that we`ll at least see 22H2 and 23H2 releases for Windows 10. For businesses using Windows 10 Enterprise, version 21H2 is also a Long-Term Servicing Channel (LTSC) update and will receive update support for five years instead of 18 months. While more Windows 10 updates will be welcome news for anyone who isn`t ready to move to Windows 11 or whose hardware doesn`t support the new OS, it`s not clear what `feature updates` will entail for an operating system that has been replaced.\n \n\n \n

2021-11-13 23:34:00       Slashdot
Long-time Slashdot reader davidwr brings news of `an exploit in the FBI`s Law Enforcement Enterprise Portal web site that would let anyone send an email to any arbitrary recipient...` Security researcher Brian Krebs reports: Late in the evening of November 12 ET, tens of thousands of emails began flooding out from the FBI address, warning about fake cyberattacks. Around that time, KrebsOnSecurity received an email from the same email address. `Hi its pompompurin,` read the message. `Check headers of this email it`s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.` A review of the email`s message headers indicated it had indeed been sent by the FBI, and from the agency`s own Internet address. The domain in the `from:` portion of the email I received - - corresponds to the FBI`s Criminal Justice Information Services division (CJIS). According to the Department of Justice... `CJIS systems are available to the criminal justice community, including law enforcement, jails, prosecutors, courts, as well as probation and pretrial services...` In an interview with KrebsOnSecurity, Pompompurin said the hack was done to point out a glaring vulnerability in the FBI`s system. `I could`ve 1000% used this to send more legit looking emails, trick companies into handing over data etc.,` Pompompurin said. Instead Pompompurin apparently sent emails with the subject line, `Urgent: Threat actor in systems,` with the body (apparently from warning that `Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack....` The email then blames the real-world founder of two dark web intelligence companies (apparently the subject of a long standing feud with Pompompurin`s community), and ultimately closes with the words `Stay safe, U.S. Department of Homeland Security - Cyber Threat Detection and Analysis - Network Analysis Group.` The FBI issued a statement in response to the incident - saying `The impacted hardware was taken offline quickly upon discovery of the issue.`\n \n\n \n

2021-11-12 17:40:00       Slashdot
The creator of EdgeDeflector said this week that the latest Insider build of Windows 11 now blocks all default browser workarounds. Thurrott reports: If this functionality makes its way to the finished product, it will mark a new, dark chapter for Microsoft, which told the media at the Windows 11 launch that it was aware that it had made changing app defaults pointlessly difficult, but that it had not done so maliciously and would fix it. This is the opposite of that claim. `Something changed between Windows 11 builds 22483 and 22494 (both Windows Insider Preview builds),` EdgeDeflector creator Daniel Aleksandersen writes in a new blog entry. `The build changelog ... omitted the headline news: you can no longer bypass Microsoft Edge using apps like EdgeDeflector.` Basically, EdgeDeflector, as well as third-party browsers like Mozilla Firefox and Brave, intercept OS-level URL requests that force you to use Microsoft Edge even when you have gone through the incredibly ponderous steps to make a non-Edge browser the default in Windows 11. But in the latest Insider Preview build, Microsoft is changing how these URL requests work. And it`s no longer possible to intercept URL requests that force users to use Edge instead of their default browser. (In the Insider builds. This functionality will come to mainstream users in the coming months unless we can change Microsoft`s collective mind.) `You can`t change the default protocol association through registry changes, OEM partner customizations, modifications to the Microsoft Edge package, interference with OpenWith.exe, or any other hackish workarounds,` Aleksandersen explains. `Microsoft ... just silently ignores the UserChoice registry keys for the protocol in the registry and opens Microsoft Edge instead.` It`s even worse than that, really, he continues. `Windows will insist you use Microsoft Edge to a fault even if you brutalize your Windows installation and purge all traces of Microsoft Edge. Windows will open an empty UWP window and show an error message instead of letting you use your preferred web browser.`\n \n\n \n

2021-11-12 13:05:00       Slashdot
The creator of EdgeDeflector said this week that the latest Insider build of Windows 11 now blocks all default browser workarounds. If this functionality makes its way to the finished product, it will mark a new, dark chapter for Microsoft, which told the media at the Windows 11 launch that it was aware that it had made changing app defaults pointlessly difficult, but that it had not done so maliciously and would fix it. This is the opposite of that claim. From a report: `Something changed between Windows 11 builds 22483 and 22494 (both Windows Insider Preview builds),` EdgeDeflector creator Daniel Aleksandersen writes in a new blog entry. `The build changelog ... omitted the headline news: you can no longer bypass Microsoft Edge using apps like EdgeDeflector.` Microsoft not communicating effectively? I find that hard to believe. Cough. But Microsoft moving to make Windows 11 behave even more maliciously towards its users and browser rivals? That I have a hard time with. Basically, EdgeDeflector, as well as third-party browsers like Mozilla Firefox and Brave, intercept OS-level URL requests that force you to use Microsoft Edge even when you have gone through the incredibly ponderous steps to make a non-Edge browser the default in Windows 11. But in the latest Insider Preview build, Microsoft is changing how these URL requests work. And it`s no longer possible to intercept URL requests that force users to use Edge instead of their default browser. (In the Insider builds. This functionality will come to mainstream users in the coming months unless we can change Microsoft`s collective mind.)\n \n\n \n

2021-11-04 14:02:00       Slashdot
Microsoft has started warning Windows 11 users that certain features in the operating system are failing to load due to an expired certificate. The certificate expired on October 31st, and Microsoft warns that some Windows 11 users aren`t able to open apps like the Snipping Tool, touch keyboard, or emoji panel. From a report: A patch is available to fix some of the issues, but it`s currently in preview, meaning you have to install it manually from Windows Update. The patch, KB4006746, will fix the touch keyboard, voice typing, emoji panel, and issues with the getting started and tips sections of Windows 11. You`ll be able to find this patch by checking for updates in the Windows Update section of Settings in Windows 11. Microsoft`s patch doesn`t address the problems with the Snipping Tool app, though. `To mitigate the issue with Snipping Tool, use the Print Screen key on your keyboard and paste the screenshot into your document,` recommends Microsoft. `You can also paste it into Paint to select and copy the section you want.`\n \n\n \n

2021-10-28 15:20:00       Slashdot
Microsoft is rolling out Windows 11 to more PCs this week. After an initial launch to mostly new PCs earlier this month, Microsoft is gradually making the free Windows 11 upgrade available to more existing and eligible devices. From a report: `The availability of Windows 11 has been increased and we are leveraging our latest generation machine learning model to offer the upgrade to an expanded set of eligible devices,` says Microsoft. `We will continue to train our machine learning model throughout the phased rollout to deliver a smooth upgrade experience.` If you`ve been waiting for the Windows 11 upgrade to appear in Windows Update, you might find the above prompt this week. Anecdotally, we`ve been offered the upgrade on a variety of devices today, including a custom gaming PC.\n \n\n \n

2021-10-26 18:20:00       Slashdot
Microsoft has begun force installing the PC Health Check application on Windows 10 devices using a new KB5005463 update. BleepingComputer reports: PC Health Check is a new diagnostics tool created by Microsoft and released in conjunction with Windows 11 that provides various troubleshooting and maintenance features. However, its primary use has been to analyze a device`s hardware to check if it`s compatible with Windows 11. Microsoft says that users who do not want PC Health Check on their system can simply uninstall it using the Settings app. However, readers have told BleepingComputer that they have had to uninstall the application numerous times as the applications keep being reinstalled on the next check for updates. To make matters worse, when attempting to uninstall KB5005463, Windows 10 states that the update is not installed, when that is clearly untrue [...]. BleepingComputer has found a way to block the update from installing PC Health Check on your computer for those who do not want the application installed.\n \n\n \n

2021-10-23 14:34:00       Slashdot
`Microsoft has been mainly telling consumers that Windows 11 is meant for newer PCs,` reports PC Magazine. `However, an internet user has uploaded a video that shows the OS can actually run on a 15-year-old Pentium 4 chip from Intel.` Last week, Twitter user `Carlos S.M.` posted screenshots of his Pentium 4-powered PC running Windows 11. He then followed that up with a video and benchmarks to verify that his machine was running the one-core Pentium chip with only 4GB of DDR2 RAM. To install the OS onto the system, Carlos S.M. said he used a Windows 10 PE Installer, which can be used to deploy or repair Windows via a USB drive. `Windows 11 is installed in MBR (Master Boot Record)/Legacy Boot mode, no EFI emulation involved,` he added. Of course, the OS runs a bit slow on the Pentium 4 chip. Nevertheless, it shows Windows 11 can easily run on decade-old hardware... Officially, Microsoft has said a PC must possess a newer security feature called TPM 2.0 in order to run Windows 11. To underscore the point, the company released a list of eligible CPUs, and the processors only go as far back as late 2017. However, the company has also quietly acknowledged that older PCs without TPM 2.0 can run Windows 11 - so long as the user decides to manually install the OS onto their machine... If you do install Windows 11 on an unsupported PC, Microsoft warns your machine may not be eligible to receive automatic updates. But apparently Carlos S.M. has had no problems receiving updates for his own Pentium-powered PC. `Windows update still works on this machine and even installed the Patch Tuesday,` Carlos S.M. said in a follow-up tweet. Thanks to tlhIngan (Slashdot reader #30,335) for the tip!\n \n\n \n

2021-10-12 15:35:41       Net-Security
\nOn October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and three were publicly known before the release of the patches. Vulnerabilities of note Let’s start with CVE-2021-40449, a Windows bug that may be used to escalate privileges on an already compromised system. Its exploitation was detected and flagged by Boris Larin, a zero-day exploits hunter with Kaspersky. According to … More → \n \nThe post Microsoft patches actively exploited Windows zero-day (CVE-2021-40449) appeared first on Help Net Security .\n

2021-10-09 10:34:00       Slashdot
`October 5 marks the official release of Windows 11, a new version of the operating system that doesn`t do anything at all to counteract Windows` long history of depriving users of freedom and digital autonomy,` writes Free Software Foundation campaigns manager Greg Farough. `While we might have been encouraged by Microsoft`s vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom.` Microsoft claims that `life`s better together` in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree softwarechoosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it`s really doing, what it`s collecting, and how often it`s snitching on users. `Snitching` may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one`s personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft... We expect Microsoft to use its tighter control on cryptography that happens in Windows as a way to impose more severe Digital Restrictions Management (DRM) onto media and applications, and as a way to ensure that no application can run in Windows without Microsoft`s approval. In cases like these, it`s no longer appropriate to call a machine running Windows a `personal` computer, as it obeys Microsoft more than it does its user. Indeed, it`s bitterly ironic that Microsoft is calling the program that verifies a system`s compatibility with Windows 11 a `PC Health Check.` We counter that a healthy PC is one that respects its user`s wishes, runs free software, and doesn`t purposefully restrict them through treacherous computing. It would also never send the user`s encryption keys back to its corporate overlords. Intrepid users will likely find a way around this requirement, yet it doesn`t change the fact that the majority of Windows users will be forced into a treacherous computing scheme... Sometimes, Microsoft realizes that it can`t be quite so overtly antisocial. We`ve commented many times before on the hypocrisy involved in saying that Microsoft `loves open source` and `loves Linux,` two ways of mentioning free software without reference to freedom. At the same time, Microsoft employees do make contributions to free software, contributions which benefit many others. Yet they do not extend this philosophy to their operating system, and in the last few years, they`ve made an attempt to impair the ways free software makes `life better together` further by making critical functions of Microsoft GitHub rely on nonfree JavaScript and directing users toward Service as a Software Substitute (SaaSS) platforms. By attacking user freedom through Windows, and the free software community directly by means of nonfree JavaScript, Microsoft proves that it has no plans to loosen its grip on users. No program that you`re forbidden to copy, modify, or share can truly bring people `together` in the way that Microsoft claims. Thankfully, and right outside the window, there`s a true community of users you and your loved ones can join... Let`s stop falling for the trap of chasing short-term, superficial improvements in proprietary software that may seem to make life better, and instead opt for free software, the only software that can support the best versions of ourselves. The post urges readers to sign (or renew!) their pledge not to use Windows and to help a friend install GNU/Linux, `sending Microsoft the strong message that software that subjugates its users has no place in Windows.... If you don`t feel ready to take the plunge and switch entirely, you can use our resources like the Free Software Directory to find programs you can use as starting points for your free software journey.` The post also has harsh words for TPM, warning that `when it`s deployed by a proprietary software company, its relationship to the user isn`t one based on trust, but based on treachery. When fully controlled by the user, TPM can be a useful way to strengthen encryption and user privacy, but when it`s in the hands of Microsoft, we`re not optimistic.` And when it comes to Microsoft teams, `it seems that no Windows user can avoid it any longer.... we hope Teams` unpopularity and its newfound, unwanted place in Windows will encourage users to seek out conferencing programs that they themselves can control.`\n \n\n \n

2021-10-07 14:45:00       Slashdot
waspleg writes: Mozilla is now showing ads in the form of sponsored Firefox contextual suggestions when U.S. users type in the URL address bar. Mozilla says the feature was introduced with Firefox 92 in September to fund development and optimization. Mozilla describes Firefox Suggest contextual suggestions as opt-in, in BleepingComputer`s tests and from what users have reported, the feature is on by default. Furthermore, Firefox doesn`t tag the ads displayed via Firefox Suggest. There is no clear way to identify what a sponsored suggestion and what a regular unsponsored suggestion should look like. The only way Firefox users will know whether a sponsored suggestion is an ad would be by looking at the URL, but, in many cases, the URL is not clearly visible.\n \n\n \n

2021-10-06 20:45:00       Slashdot
Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 and CPU checks (TPM 1.2 is still required) and have Windows 11 installed on unsupported systems. Bleeping Computer reports: t looks like Microsoft couldn`t ignore the fact that bypassing TPM checks is fairly simple, so to avoid having people breaking their systems by using non-standardized third-party scripts, they decided to just give users an official way to do it. Installing Windows 11 on unsupported hardware comes with some pitfalls that users must be aware of, and in some cases, agree to before the operating system will install. `Your device might malfunction due to these compatibility or other issues. Devices that do not meet these system requirement will no longer be guaranteed to receive updates, including but not limited to security updates,` Microsoft explains in a new support bulletin. [Y]ou will still require a TPM 1.2 security processor, which many will not likely have. If you are missing a TPM 1.2 processor, you can bypass all TPM checks by using this script that deletes appraiser.dll during setup. To use the new AllowUpgradesWithUnsupportedTPMOrCPU bypass to install Windows 11 on devices, Microsoft instructs you to perform the following steps: 1. Please read all of these instructions before continuing. 2. Visit the Windows 11 software download page, select `Create tool now,` and follow the installation instructions to create a bootable media or download an ISO. 3. On Windows, click `Start`, type `Registry Editor` and click on the icon to launch the tool. 4. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup Registry key and create a new `REG_DWORD` value named `AllowUpgradesWithUnsupportedTPMOrCPU` and set it to `1`. Alternatively, you can download a premade Registry file that you can double-click on and merge it to create the above value for you. 5. Reboot your system Having done all that, you may now upgrade to Windows 11 by double-clicking on the downloaded ISO file and running Setup.exe or by using the bootable Windows 11 media you created in Step 1. Microsoft states that standard installation options such as `Full Upgrade`, `Keep Data Only`, and `Clean Install`, will all be available as usual.\n \n\n \n

2021-10-02 21:34:00       Slashdot
`The expiration of a key digital encryption service on Thursday sent major tech companies nationwide scrambling to deal with internet outages that affected millions of online users,` reports the Washington Examiner. The expiring certificate was issued by Let`s Encrypt - though ZDNet notes there`s been lots of warnings about its pending expiration: Digital Shadows senior cyber threat analyst Sean Nikkel told ZDNet that Let`s Encrypt put everyone on notice back in May about the expiration of the Root CA Thursday and offered alternatives and workarounds to ensure that devices would not be affected during the changeover. They have also kept a running forum thread open on this issue with fairly quick responses, Nikkel added. Thursday night the Washington Examiner describes what happened when the big day arrived: Tech giants - such as Amazon, Google, Microsoft, and Cisco, as well as many smaller tech companies - were still battling with an endless array of issues by the end of the night... At least 2 million people have seen an error message on their phones, computers, or smart gadgets in the past 24 hours detailing some internet connectivity problems due to the certificate issue, according to Scott Helme, an internet security researcher and well-known cybersecurity expert. `So many people have been affected, even if it`s only the inconvenience of not being able to visit certain websites or some of their apps not working,` Helme said. `This issue has been going on for many hours, and some companies are only just getting around to fixing it, even big companies with a lot of resources. It`s clearly not going smoothly,` he added. There was an expectation before the certificate expired, Helme said, that the problem would be limited to gadgets and devices bought before 2017 that use the Let`s Encrypt digital certificate and haven`t updated their software. However, many users faced issues on Thursday despite having the most cutting-edge devices and software on hand. Dozens of major tech products and services have been significantly affected by the certificate expiration, such as cloud computing services for Amazon, Google, and Microsoft; IT and cloud security services for Cisco; sellers unable to log in on Shopify; games on RocketLeague; and workflows on Security researcher Scott Helme also told ZDNet he`d also confirmed issues at many other companies, including Guardian Firewall, Auth0, QuickBooks, and Heroku - but there might be many more beyond that: `For the affected companies, it`s not like everything is down, but they`re certainly having service issues and have incidents open with staff working to resolve. In many ways, I`ve been talking about this for over a year since it last happened, but it`s a difficult problem to identify. it`s like looking for something that could cause a fire: it`s really obvious when you can see the smoke...!` Digital certificates expert Tim Callan added that the popularity of DevOps-friendly architectures like containerization, virtualization and cloud has greatly increased the number of certificates the enterprise needs while radically decreasing their average lifespan. `That means many more expiration events, much more administration time required, and greatly increased risk of a failed renewal,` he said. \n \n\n \n

2021-09-30 14:47:00       Slashdot
At the SAS 2021 security conference today, analysts from security firm Kaspersky Lab published details about a new Chinese cyber-espionage group that has been targeting high-profile entities across South East Asia since at least July 2020. From a report: Named GhostEmperor, Kaspersky said the group uses highly sophisticated tools and is often focused on gaining and keeping long-term access to its victims through the use of a powerful rootkit that can even work on the latest versions of Windows 10 operating systems. `We observed that the underlying actor managed to remain under the radar for months,` Kaspersky researchers explained today. The entry point for GhostEmperor`s hacks were public-facing servers. Kaspersky believes the group used exploits for Apache, Oracle, and Microsoft Exchange servers to breach a target`s perimeter network and then pivoted to more sensitive systems inside the victim`s network.\n \n\n \n

2021-09-28 23:30:00       Slashdot
An anonymous reader quotes a report from BleepingComputer: A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. This new script was released as part of the extremely useful Universal MediaCreationTool wrapper, a batch file that allows you to create an ISO for any version of Windows 10, with Windows 11 support added last week. While the main script of this open-source project is the `MediaCreationTool.bat` used to create Windows ISOs, it also includes a script named `Skip_TPM_Check_on_Dynamic_Update.cmd,` which configures the device to bypass compatible hardware checks. When Windows 11 was first announced, Microsoft released the operating system`s new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space. As Microsoft realized that many people, especially those in the enterprise, would be testing Windows 11 preview builds on virtual machines, they exempted them from the system requirements (PDF). However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.\n \n\n \n

2021-09-24 09:00:00       Slashdot
An anonymous reader quotes a report from Ars Technica: The Verge has spotted an apparently new warning message in the Windows 11 Setup app that explicitly warns users of the dangers of installing Windows 11 on unsupported hardware -- you may run into `compatibility issues,` your PC `won`t be entitled to receive updates,` and that `damages to your PC due to lack of compatibility aren`t covered under the manufacturer warranty.` This is all stuff that we`ve heard from Microsoft before, but it`s the first time that this policy has appeared during the Windows 11 setup process rather than in media reports. Once you click through this foreboding warning message, the Windows 11 installation is apparently allowed to proceed. I`ve tried and failed to recreate this screen on multiple unsupported Windows 10 systems of different vintages, both with builds downloaded through the Insider program and installs directly from a manually downloaded Windows 11 ISO file. I also haven`t seen any firsthand reports of it outside of the Verge report. This doesn`t mean it isn`t happening -- Microsoft is always rolling out different updates to different groups of people at different times -- just that I can only speculate as to when you will actually see this message and what it means. My guess is that it is eventually intended to replace another screen currently shown when you attempt a manual install of Windows on an unsupported system, one that totally blocks the upgrade if you don`t meet Windows 11`s processor, TPM, or Secure Boot requirements. The only way to get around that screen and proceed with installation for current builds of Windows 11 is to implement some registry edits that disable the system checks. This new screen would keep the checks in place while allowing people to perform the kind of manual, officially unsupported installs that the company has begrudgingly decided to allow.\n \n\n \n

2021-09-13 11:27:00       Slashdot
Mozilla has quietly made it easier to switch to Firefox on Windows recently. From a reporrt: While Microsoft offers a method to switch default browsers on Windows 10, it`s more cumbersome than the simple one-click process to switch to Edge. This one-click process isn`t officially available for anyone other than Microsoft, and Mozilla appears to have grown tired of the situation. In version 91 of Firefox, released on August 10th, Mozilla has reverse engineered the way Microsoft sets Edge as default in Windows 10, and enabled Firefox to quickly make itself the default. Before this change, Firefox users would be sent to the Settings part of Windows 10 to then have to select Firefox as a default browser and ignore Microsoft`s plea to keep Edge. Mozilla`s reverse engineering means you can now set Firefox as the default from within the browser, and it does all the work in the background with no additional prompts. This circumvents Microsoft`s anti-hijacking protections that the company built into Windows 10 to ensure malware couldn`t hijack default apps. Microsoft tells us this is not supported in Windows.\n \n\n \n

2021-09-08 11:03:45       Krebs on Security
Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

2021-09-03 18:40:00       Slashdot
Yesterday after releasing new Windows 11 builds in the Dev and Beta channels, Insiders reported that their Start Menu and taskbar were crashing. As it turned out, it was caused by Windows 11 delivering ads, as was reported by Daniel Aleksandersen, who dug into the issue. XDA Developers reports: First of all, Microsoft did publish a fix. [If your PC is in an unusable state and you`re reading this in an effort to get out of it, the article includes a step-by-step guide to fix the problem.] The ad itself is for Microsoft Teams, and how it`s integrated into Windows 11. As with most of the ads that are injected into Windows, this should still pop up as a notification even if you have all notifications turned off. While we know the cause, the bigger question that Aleksandersen dives into is how the Windows 11 shell can be so fragile that ads can crash it. Windows in 2021 has a ton of components in it that have to grab content from the cloud at any given time, from the Bing lockscreen wallpaper to Windows Update to advertisements that come from Microsoft. It`s pretty wild that when one of them isn`t functioning correctly, this could happen. There are clearly two issues here. One is that a cloud service can break Windows 11. The other is that Microsoft is injecting ads into the OS in the first place, a sure pain point for many. One thing is for sure; Microsoft isn`t going to scale back on its advertisements in Windows any time soon. Instead, it`s just going to fix the glitch, and if that makes you draw a parallel to Office Space, that`s fine too.\n \n\n \n

2021-09-01 19:20:00       Slashdot
Shortly after announcing Windows 11`s October 5 release date, Microsoft began booting Windows Insider preview PCs with unsupported hardware out of Windows 11 testing. PCWorld reports: [T]he day that Microsoft announced Windows 11`s release date, Windows Insiders on unsupported PCs began receiving a message telling them they`re no longer eligible for the Windows 11 Insider program, as seen in BetaWiki`s tweet above and confirmed by BleepingComputer. Unsupported Insider PCs need to go back to Windows 10 to continue participating in the program (and presumably continue to receive updates). While the move isn`t a surprise, the timing is, as Microsoft previously stated that Windows Insiders with non-compatible hardware would be able to continue to run Windows 11 until it was `generally available.` Most PCs released or built over the last three years will run Windows 11 without issue, however.\n \n\n \n

2021-08-31 11:26:00       Slashdot
Microsoft is announcing that Windows 11 will be released on October 5. The new operating system will be available as a free upgrade for eligible Windows 10 PCs, or on new hardware that ships with Windows 11 pre-loaded. From a report: The free upgrade to Windows 11 will start rolling out on October 5th, but like many Windows upgrades in the past, it will be available in phases. New eligible devices will be offered the upgrade first, and then Windows 11 will become available for more in-market devices in the weeks and months following October 5th. `Following the tremendous learnings from Windows 10, we want to make sure we`re providing you with the best possible experience,` explains Aaron Woodman, general manager of Windows marketing at Microsoft. `We expect all eligible devices to be offered the free upgrade to Windows 11 by mid-2022.`\n \n\n \n

2021-08-30 11:21:00       Slashdot
Last week, media reported how Microsoft`s Windows 11 won`t technically leave millions of PCs behind -- the company told the press that it won`t actually block you from installing Windows 11 on a PC with an older CPU, so long as you download and manually install an ISO file all by yourself. But it turns out even that technicality has a technicality. The Verge: Microsoft is now threatening to withhold Windows Updates from your copy of Windows 11 -- potentially even security updates -- if you take that route. We`re not sure why the company didn`t mention it in our original briefing, but Microsoft has since told The Verge that unsupported PCs won`t be entitled to receive Windows Updates, and that even security and driver updates may be withheld.\n \n\n \n

2021-08-27 14:10:00       Slashdot
Microsoft is announcing today that it won`t block people from installing Windows 11 on most older PCs. While the software maker has recommended hardware requirements for Windows 11 -- which it`s largely sticking to -- a restriction to install the OS will only be enforced when you try to upgrade from Windows 10 to Windows 11 through Windows Update. From a report: This means anyone with a PC with an older CPU that doesn`t officially pass the upgrade test can still go ahead and download an ISO file of Windows 11 and install the OS manually. Microsoft announced its Windows 11 minimum hardware requirements in June, and made it clear that only Intel 8th Gen and beyond CPUs were officially supported. Microsoft now tells us that this install workaround is designed primarily for businesses to evaluate Windows 11, and that people can upgrade at their own risk as the company can`t guarantee driver compatibility and overall system reliability. Microsoft won`t be recommending or advertising this method of installing Windows 11 to consumers.\n \n\n \n

2021-08-18 12:00:00       Slashdot
Microsoft`s upcoming release of Windows 11 will make it even harder to switch default browsers and ignores browser defaults in new areas of the operating system. While Microsoft is making many positive changes to the Windows 11 UI, the default apps experience is a step back and browser competitors like Mozilla, Opera, and Vivaldi are concerned. From a report: In Windows 11, Microsoft has changed the way you set default apps. Like Windows 10, there`s a prompt that appears when you install a new browser and open a web link for the first time. It`s the only opportunity to easily switch browsers, though. Unless you tick `always use this app,` the default will never be changed. It`s incredibly easy to forget to toggle the `always use this app` option, and simply launch the browser you want from this prompt and never see this default choice again when you click web links. If you do forget to set your default browser at first launch, the experience for switching defaults is now very confusing compared to Windows 10. Chrome and many other rival browsers will often prompt users to set them as default and will throw Windows users into the default apps part of settings to enable this. Microsoft has changed the way default apps are assigned in Windows 11, which means you now have to set defaults by file or link type instead of a single switch. In the case of Chrome, that means changing the default file type for HTM, HTML, PDF, SHTML, SVG, WEBP, XHT, XHTML, FTP, HTTP, and HTTPS. Firefox`s statement: We have been increasingly worried about the trend on Windows. Since Windows 10, users have had to take additional and unnecessary steps to set and retain their default browser settings. These barriers are confusing at best and seem designed to undermine a user`s choice for a non-Microsoft browser.\n \n\n \n

2021-08-13 05:15:07       Net-Security
\nA day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958). Its discovery has been attributed to Victor Mata of FusionX, Accenture Security, who says he reported it in December 2020, but the flaw was also publicly disclosed mid-July 2021 by researcher Benjamin Delpy, along with a PoC. About CVE-2021-36958 Microsoft says that CVE-2021-36958 is a remote code execution vulnerability exists … More → \n \nThe post Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958) appeared first on Help Net Security .\n

2021-08-10 16:06:00       Slashdot
Microsoft has released today a security update that will change the default behavior of the `Point and Print` feature to mitigate a severe security issue disclosed last month. From a report: First added in Windows 2000, the Point and Print feature works by connecting to a print server to download and install necessary print drivers every time a user creates a connection to a remote printer without providing installation media. Earlier this year, Jacob Baines, a reverse engineer for Dark Wolf Solutions, found that threat actors inside a company`s network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers. Since Point and Print ran with SYSTEM privileges, the feature effectively provided threat actors with an easy way to gain admin rights inside any large corporate or government network. Microsoft initially tried to patch the issue -- tracked as CVE-2021-34481 -- last month, but the patches were deemed incomplete. Today, the company took another approach. Since the vulnerability is exploiting a design flaw, Microsoft chose today to change the default behavior of the Point and Print feature.\n \n\n \n

2021-08-10 14:16:39       Security Week
\n The zero-day attacks against Microsofts software products continue to pile up with a new warning from Redmond about a zero-day attack hitting a security defect in the Windows Update Medic Service. \n \n The zero-day flaw, documented as CVE-2021-23948 , is rated important with a CVSS base score of 7.8. \n \n read more \n

2021-08-09 11:09:18       Slashdot

68-year-old technology writer Charles Petzold wrote about Windows programming for 25 years, including several books published by Microsoft Press. In 1994 he was one of seven `Windows Pioneers` honored in a special ceremony (with an award presented by Bill Gates), and the company has also recognized him with their `Most Valuable Professional` award.

Petzold just wrote a blog post titled `Screw you, Microsoft Edge` when the browser spontaneously decided to advise him of a discount at Walmart.

Recently while searching for a book on, I was interrupted by a popup apparently generated by Microsoft Edge advising me of an alternative... Excuse me?

The assumption that I need help buying a book is the biggest insult I`ve encountered on Windows since the days of Clippy.

A further insult is the implication that I make buying decisions based solely on price... I might prefer a retailer that focuses solely on books, or a retailer that is not a large chain. More generally, I might make a decision based on the company`s carbon footprint, or perhaps their reputation in paying fair wages, or what political candidates and movements they support, or whether the CEO uses his wealth to launch himself into space.

Of course, these concepts are entirely beyond the scope of Edge`s braindead algorithm that apparently knows only whether one number is larger than another.

In November Microsoft had described the upcoming popups announcing better prices as `a proactive price comparison experience that meets you where you shop. When you`re shopping, Microsoft Edge will check prices at competing retailers to let you know if a lower price is available elsewhere...`

Promising there`d be even more shopping experiences coming, they`d added, `we`d love to hear what you think of them so far!`

2021-07-25 10:22:58       Slashdot
A post on Mozilla`s security blog calls FTP `by now one of the oldest protocols still in use` - and it`s suffering from `a number of serious security issues.` The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user`s device using the FTP protocol. Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox`s HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP. The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol - Firefox 90 will no longer support the FTP protocol.

2021-07-25 10:22:46       Slashdot
Long-time Slashdot reader Ammalgam writes: If you`re planning to install Windows 11, you should make sure you download it from official sources. This is because, people who are using pirated or fake methods to get Windows 11 are also downloading malware along with it, according to Kaspersky. The particular file referenced is called 86307_windows 11 build 21996.1 x64 + activator.exe. While it sounds like it includes Windows 11 build 21996.1, and an installer that will automatically activate Windows for you there are some red flags. First, it`s only 1.75GB, so while people who want to install Windows 11 might think that`s a large file that could be Windows, a real Windows 11 ISO is about 4.87GB... `The 1.75 GB file looks legitimate. But most of this space consists of one DLL file that contains a lot of useless information,` explains Mint. And Kaspersky adds that `it even comes with a license agreement (which few people read) calling it a `download manager for 86307_windows 11 build 21996.1 x64 + activator` and noting that it would also install some sponsored software. If you accept the agreement, a variety of malicious programs will be installed on your machine.`

2021-06-29 20:02:00       Slashdot
An anonymous reader quotes a report from ZDNet, written by David Gewirtz: Windows 11 won`t run on many current Windows machines. We do know (we think) that only certain processors will be supported, only 64-bit machines will be supported, and only machines with a TPM chip will run Windows 11. What does that mean for you and me? It means that many machines will be left behind. They will become the walking dead, unable to upgrade, but still shambling along. My biggest concern, of course, is security. For those who pay, Windows 7 security updates will be available through January 2023. It`s not easy for smaller businesses and individuals to get that support, but it`s there. Mainstream support for Windows 8 and 8.1 is over, but extended support is available through January 2023. WIndows 10 support, especially for those abandoned by Windows 11`s restrictive update policy, will end in October 2025, but Ed tells me he thinks that will be extended. That`s good news because there are roughly 1.3 billion Windows 10 devices out there. How many won`t be able to upgrade? That`s not a question we know the answer to now, but [ZDNet`s guru of all things Windows, Ed Bott] tells me he`s working on constructing an estimate, so keep checking back into his column. Some machines will be left behind despite owners` preferences. Many others will remain behind because their owners either don`t know how, don`t care, or refuse to upgrade. Others can`t upgrade, because they`re reliant on legacy software that only runs on older machines. No matter the reason, expect millions of Windows 10 machines to be in the wild for a decade or more -- each an ever-increasing magnet for malware, each an ever-increasing danger to other machines they might encounter and infect. All that brings me back to my machines and yours. Even if you and I are stuck on Windows 10, we still have a good four years of support. That gives us four years to come up with a replacement plan, which is more than enough time. For those of you who will choose `hell no, I won`t go,` it gives you time to ascertain security risks of running unprotected, and find ways to protect those legacy machines.\n \n\n \n

2021-06-29 12:15:00       Slashdot
Microsoft has released a visually `refreshed` version of its Office desktop apps for both Windows 10 and 11. Microsoft officials said this new Office refresh will `shine` on Windows 11 but still work on Windows 10. Microsoft also is releasing its first publicly available test build of 64-bit Office for Windows on Arm today. From a report: The updated Office uses Fluent design across Word, Excel, PowerPoint, OneNote, Outlook, Access, Project, Publisher, and Visio. The updated apps are meant to look similar to the Windows 11 OS, design-wise. Via the updated Office interface, Office is set to match users` Windows themes, including black (Dark Mode), white, colorful, or dark gray. The Quick Access toolbar is hidden by default in the name of simplifying the interface. The refreshed Office is available to Office Insider testers running Beta Channel builds. Those who don`t want it can turn off the `Coming Soon` feature at the top right hand corner of the menu. Testers can toggle between the new and existing interface to move between the current and newly updated Office apps.\n \n\n \n

2021-06-28 15:20:00       Slashdot
Neowin: Microsoft today released the first-ever Windows 11 build to Insiders in the Dev channel, bringing build 22000.51. While most of the announced features made it to the build, there are a few missing ones such as support for Android apps. The firm also posted a few known issues for the release. In addition to the build, the company has also posted clarification about the confusion surrounding the minimum system requirements. The firm starts off by acknowledging that there has been confusion caused by the PC Health Check tool, something that was updated late last week after negative feedback from users about the lack of clarity on Windows 11 compatibility. It says that the tool was `not fully prepared to share the level of detail or accuracy you expected from us on why a Windows 10 PC doesn`t meet upgrade requirements,` which is why the company is taking down the tool to address the feedback, adding that the tool will be `back online` later in the fall, closer to the general availability of Windows 11. In a blog post, the company adds: [...] Using the principles above, we are confident that devices running on Intel 8th generation processors and AMD Zen 2 as well as Qualcomm 7 and 8 Series will meet our principles around security and reliability and minimum system requirements for Windows 11. As we release to Windows Insiders and partner with our OEMs, we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles.\n \n\n \n

2021-06-26 21:37:00       Slashdot
`When Red Hat killed off CentOS Linux in a highly controversial December 2020 announcement, Gregory Kurtzer immediately announced his intention to recreate CentOS with a new distribution named after his deceased mentor,` Ars Technica reported in February. And this week, `The Rocky Enterprise Software Foundation has announced general availability (GA) of Rocky Linux 8.4,` reports ZDNet. `It`s an important milestone because it`s the first Rocky Linux general availability release ever.` Huge companies, including Disney, GoDaddy, Rackspace, Toyota and Verizon, relied on CentOS, and they were reportedly not happy about RedHat`s decision... It turns out that Kurtzer`s decision has been a popular one. Besides quickly building up an army of hundreds of contributors for the project, Rocky Linux 8.4 - which follows the May 18 release of Red Hat`s RHEL 8.4 - was downloaded at least 10,000 times within half a day of its release... `If we extrapolate the count to include our other mirrors we are probably at least 3-4x that (if not even way more)!` boasts Kurtzer in a LinkedIn post. `Lots of reports coming in of people and organizations already replacing their CentOS systems (and even other Linux distributions) with Rocky. The media is flying off the hook and business analysts also validating to me personally that Rocky Linux might soon be the most utilized Linux operating system used in enterprise and cloud!` Rocky Linux 8.4 took seven months for the newly formed community to release, and is available for x86_64 and ARM64 (aarch64) architecture hardware in various ISOs. `Sufficient testing has been performed such that we have confidence in its stability for production systems,` explains a blog post at, adding that free community support is available through the forums as well as live chat avaiable through IRC and Rocky Linux Mattermost. `Paid commercial support is currently available through CIQ...` `Corporations come and go, their interests as transient as they are self-serving. But a community persists, and that`s who we dedicate Rocky Linux to: you.` Rocky is more than the next free and open, community enterprise operating system. It`s a community. A commitment to an ideal bigger than the sum of its parts, and a promise that our principles - embedded even within our repositories and ISOs - are immutable... This is just the beginning, and the Rocky Enterprise Software Foundation is more than just Rocky Linux - it`s a home for those that believe that open source isn`t just a switch that can be toggled at will, and that projects that many rely on not be subject to the whims of a few. To this point, you can easily find all of our sources, our build infrastructure, Git repositories, and everything else anyone would need to fork our work and ensure that it continues if need be... When we announced our release candidate, we asked you to come build the next free, open, community enterprise operating system with us. Now we`re asking you for more: join us as we build our community. They also thanked 11 sponsors and partners for contributing `resources, financial backing, software, and infrastructure.`\n \n\n \n

2021-06-26 17:34:00       Slashdot
Bleeping Computer reports: Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called `Netfilter,` is in fact a rootkit that was observed communicating with Chinese command-and-control IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec community in tracing and analyzing the malicious drivers bearing the seal of Microsoft... This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft`s code-signing process. G Data writes: We forwarded our findings to Microsoft who promptly added malware signatures to Windows Defender and are now conducting an internal investigation. At the time of writing it is still unknown how the driver could pass the signing process. In a Friday blog post, Microsoft said it was contacting other antivirus software vendors `so they can proactively deploy detections,` but also emphasized the attack`s limited scope: The actor`s activity is limited to the gaming sector specifically in China and does not appear to target enterprise environments. We are not attributing this to a nation-state actor at this time. The actor`s goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers. It`s important to understand that the techniques used in this attack occur post exploitation, meaning an attacker must either have already gained administrative privileges in order to be able to run the installer to update the registry and install the malicious driver the next time the system boots or convince the user to do it on their behalf. We will be sharing an update on how we are refining our partner access policies, validation and the signing process to further enhance our protections. There are no actions customers should take other than follow security best practices and deploy Antivirus software such as Windows Defender for Endpoint.\n \n\n \n

2021-06-26 14:34:00       Slashdot
Slashdot reader thegarbz writes: While a lot of focus has been on the TPM requirements for Windows 11, Microsoft has since updated its documentation to provide a complete list of supported processors. At present the list includes only Intel 8th Generation Core processors or newer, and AMD Ryzen Zen+ processors or newer, effectively limiting Windows 11 to PC less than 4-5 years old. Notably absent from the list is the Intel Core i7-7820HQ, the processor used in Microsoft`s current flagship $3500+ Surface Studio 2. This has prompted many threads on Reddit from users angry that their (in some cases very new) Surface PC is failing the Windows 11 upgrade check. The Verge confirms: Windows 11 will only support 8th Gen and newer Intel Core processors, alongside [Intel`s 2016-era] Apollo Lake and newer Pentium and Celeron processors. That immediately rules out millions of existing Windows 10 devices from upgrading to Windows 11... Windows 11 will also only support AMD Ryzen 2000 and newer processors, and 2nd Gen or newer [AMD] EPYC chips. You can find the full list of supported processors on Microsoft`s site... Originally, Microsoft noted that CPU generation requirements are a `soft floor` limit for the Windows 11 installer, which should have allowed some older CPUs to be able to install Windows 11 with a warning, but hours after we published this story, the company updated that page to explicitly require the list of chips above. Many Windows 10 users have been downloading Microsoft`s PC Health App (available here) to see whether Windows 11 works on their systems, only to find it fails the check... This is the first significant shift in Windows hardware requirements since the release of Windows 8 back in 2012, and the CPU changes are understandably catching people by surprise. Microsoft is also requiring a front-facing camera for all Windows 11 devices except desktop PCs from January 2023 onwards. `In order to run Windows 11, devices must meet the hardware specifications,` explains Microsoft`s official compatibility page for Windows 11. `Devices that do not meet the hardware requirements cannot be upgraded to Windows 11.`\n \n\n \n

2021-06-25 23:30:00       Slashdot
An anonymous reader quotes a report from Reuters: Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft. Microsoft said it had warned the affected customers. `A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,` the warning reads in part. The U.S. government has publicly attributed the earlier attacks to the Russian government, which denies involvement. After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers. The agent could see billing contact information and what services the customers pay for, among other things. `The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,` Microsoft said. Microsoft warned affected customers to be careful about communications to their billing contacts and consider changing those usernames and email addresses, as well as barring old usernames from logging in. Microsoft said it was aware of three entities that had been compromised in the phishing campaign. It did not immediately clarify whether any had been among those whose data was viewed through the support agent, or if the agent had been tricked by the broader campaign. Microsoft did not say whether the agent was at a contractor or a direct employee.\n \n\n \n

2021-06-25 17:59:00       Slashdot
An anonymous reader quotes a report from Motherboard: Microsoft shareholders have filed a resolution demanding the company seriously consider making its products easier to repair. As You Sow, a non-profit that specializes in shareholder advocacy, delivered the shareholder resolution on Thursday. According to As You Sow, the right-to-repair is important to Microsoft`s shareholders because discarded electronics are destroying the world`s environment, and Microsoft has pledged to help it stop. `Microsoft is a corporate leader in pledging to take substantial action to reduce climate emissions; yet our Company actively restricts consumer access to device repairability, undermining our sustainability commitments by failing to recognize a fundamental principle of electronics sustainability: that overall device environmental impact is principally determined by the length of its useful lifetime,` the shareholders` resolution said. In a 2020 blog post, Microsoft said it will invest in climate innovation and eliminate single-use plastics, but it`s been quiet about repair. `Microsoft positions itself as a leader on climate and the environment, yet facilitates premature landfilling of its devices by restricting consumer access to device reparability,` Kelly McBee, waste program coordinator for As You Sow, said in a press release. `To take genuine action on sustainability and ease pressure on extraction of limited resources including precious metals, the company must extend the useful life of its devices by facilitating widespread access to repair.` The shareholder resolution is demanding that the Board `prepare a report, at reasonable cost and omitting proprietary information, on the environmental and social benefits of making Company devices more easily repairable by consumers and independent repair shops.` Shareholders want this report to assess the `benefits or harms of making instructions, parts, and/or tools for our products more readily available` and `the impact of potential state and federal legislation that requires all electronics companies to improve repair access and repairability.`\n \n\n \n

2021-06-24 21:30:00       Slashdot
Microsoft is shoving Skype out of sight in favor of Microsoft Teams, which gets a highlight spot in the new center-aligned taskbar and deep integration into Windows. The Verge reports: Today`s Windows 11 news is all about where Microsoft sees computing going over the next few years, but it`s just as much the story of how Skype has flourished and ebbed since its $8.5 billion acquisition a decade ago. Five years ago, Skype was the big name in internet calling and video, and Microsoft made it an `inbox app` for Windows 10 that was included at installation and launched at startup by default. Now, after a pandemic year that has had more people using their PCs for voice and video than ever before, Skype was nowhere to be seen in the Windows 11 presentation or materials. The future vision that Microsoft had for Skype everywhere has turned into a reality -- but that reality made competitors Zoom and FaceTime into household names instead. Back in June, when Microsoft made Teams available for personal accounts, the company still paid lip service to Skype, saying, `For folks that just want a very purpose-built app, Skype is a great solution, and we support it and encourage it.` But now, if you want to use Skype, you`re going to have to go find it in the Microsoft Store like any other app. A company spokesperson tells The Verge: `Skype is no longer an inbox app for new devices that run Windows 11. The Skype app is available to download through the Microsoft Store for free.`; Skype joins OneNote, Paint 3D, and 3D Viewer as the apps that will no longer come with the OS.\n \n\n \n

2021-06-24 19:30:00       Slashdot
Slashdot reader xack points out that Windows 11, Microsoft`s next version of its desktop operating system, will require a Microsoft account and internet connection for setup. They write: Based on Microsoft`s official requirements you need an internet connection to install Windows 11. This means people without internet access at home, especially in rural and poorer households, won`t be able to use Windows 11. I hope Microsoft fixes this problem before release. Previous versions of Windows `would let you opt out of Microsoft accounts by creating a local account instead,` notes The Verge. `It`s possible you`ll still be able to use a local account afterwards.` As for the internet requirement, The Verge says it `may make sense since Windows 11 will largely be delivered via a Windows Update, like many of the updates to Windows 10, so you`d need an internet connection to install it on your PC.` Microsoft is also changing the Windows 11 minimum requirements, though they are only slightly higher than what`s required to run Windows 10.\n \n\n \n

2021-06-24 17:30:00       Slashdot
The specs required to run Microsoft`s new Windows 11 OS are only slightly higher than Windows 10`s current requirements. All you`ll need is a 64-bit CPU (or SoC), 4GB of RAM, and 64GB of storage. The Verge reports: This marks the end of Windows support for older 32-bit hardware platforms, even though it will continue to run 32-bit software. The fastest way to find out if your system can handle Windows 11 is to download Microsoft`s PC Health App, which will automatically tell you if your specs and settings are ready for the new OS. The system requirements listed by Microsoft are [available here].\n \n\n \n

2021-06-24 12:58:00       Slashdot
Microsoft, which has unveiled a new version of Windows for the first time in six years, said it will integrate its Teams chat and videoconferencing software directly into the operating system. From a report: Teams has seen a huge surge in users during the pandemic, boosting Microsoft in a product category where it`s been trying to catch up with Slack and Zoom. The latest personal computer operating system, Windows 11, also features a new design and will offer changes to the app store.\n \n\n \n

2021-06-24 12:03:00       Slashdot
Microsoft has announced that Windows 11 will support Android apps via the Amazon App Store. From a report: These apps will be locally installed, meaning they will show up in the Taskbar and Start menu and not require your smartphone to function. Microsoft didn`t go into much detail, but it`s likely that Android apps on Windows 11 are powered by Microsoft`s Windows Subsystem for Linux 2. These apps will be discoverable in the Microsoft Store.\n \n\n \n

2021-06-24 11:27:00       Slashdot
After weeks of leaks and hype, Microsoft today officially announced Windows 11, the next version of its desktop operating system. From a report: While the company may have once said that Windows 10 was the last version of Windows, forgoing major point launches for a regular cadence of bi-annual upgrades, but it clearly believes that the changes -- and especially the redesigned user interface -- in this update warrant a new version number. Microsoft plans to release Windows 11 to the general public by the holidays, so we can probably expect it sometime around late November. Before that, we`ll likely see a slew of public betas. If you followed along with the development and eventual demise of Windows 10X, Microsoft`s operating system with a simplified user interface for dual- and (eventually) single-screen laptops, a lot of what you`re seeing here will feel familiar, down to the redesigned Start menu. Indeed, if somebody showed you screenshots of Windows 11 and early previews of Windows 10X, you`d have a hard time telling them apart. As Microsoft Chief Product Officer Panos Panay noted in today`s announcement, the overall idea behind the design is to make you feel `an incredible sense of calm,` but at the same time, the Windows team has also worked to make it a lot faster. Windows Updates, for example, are supposed to be 40 percent faster, but Panay also noted that starting up your machine and even browsing should feel much faster.\n \n\n \n

2021-06-21 10:42:00       Slashdot
Mark Wilson writes: Just a few days ago -- before it has even been officially announced -- Windows 11 leaked online and remains available to download from numerous sites. The Windows 11 ISO torrent spread like wildfire, and now Microsoft is fighting back. The company has issued a slew of DMCA takedown notices to various sites it says are distributing `a leaked copy of the unreleased Windows 11.` Unsurprisingly, an article entitled `How to Download and Install Windows 11 Right Now` caught the eyes of Microsoft lawyers. The company has issued a slew of DMCA takedown notices to various sites it says are distributing `a leaked copy of the unreleased Windows 11.` Unsurprisingly, an article entitled `How to Download and Install Windows 11 Right Now` caught the eyes of Microsoft lawyers.\n \n\n \n

2021-06-20 00:04:00       Slashdot
Earlier this year a new support page appeared at describing sponsored shortcuts (or sponsored tiles), `an experimental feature currently being tested by a small percentage of Firefox users in a limited number of markets.` Mozilla works with advertising partners to place sponsored tiles on the Firefox default home page (or New Tab page) that would be useful to Firefox users. Mozilla is paid when users click on sponsored tiles.... [W]e only work with advertising partners that meet our privacy standards for Firefox. When you click on a sponsored tile, Firefox sends anonymized technical data to our partner through a Mozilla-owned proxy service. The code for this proxy service is available on GitHub for interested technical audiences. This data does not include any personally identifying information and is only shared when you click on a Sponsored shortcut.... You can disable a specific Sponsored tile... You can also disable Sponsored shortcuts altogether. Describing the as-yet-experimental feature, Engadget wrote a story headlined `Don`t freak out: Firefox is testing advertisements in new tabs.` These are just the tests, still mainly aimed at fresh installs of the Firefox web browser and always to beta users, before the rollout of sponsored tiles. It does sound like adverts are in the pipe, but it depends on the reaction to Mozilla`s initial tests. Mozilla`s Jonathan Nightingale says that, last time around, the reaction wasn`t as positive as his company hoped. `It didn`t go over well,` he states. Further, he insists that Firefox won`t become `a mess of logos sold to the highest bidder; without user control, without user benefit.` Long-time Slashdot reader angryargus says they spotted the feature when they noticed an Ebay advertisement, but appreciated the ability to opt out, and suggested the feature is `an annoying tradeoff off using a browser that`s not as directly funded by a search engine.`\n \n\n \n

2021-06-17 16:06:00       Slashdot
A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet traffic, according to a new research paper. Motherboard: The paper has sent shockwaves through the encryption community because of what it implies: The researchers believe that the mathematical probability of the weakness being introduced on accident is extremely low. Thus, they speculate that a weakness was intentionally put into the algorithm. After the paper was published, the group that designed the algorithm confirmed this was the case. Researchers from several universities in Europe found that the encryption algorithm GEA-1, which was used in cellphones when the industry adopted GPRS standards in 2G networks, was intentionally designed to include a weakness that at least one cryptography expert sees as a backdoor. The researchers said they obtained two encryption algorithms, GEA-1 and GEA-2, which are proprietary and thus not public, `from a source.` They then analyzed them and realized they were vulnerable to attacks that allowed for decryption of all traffic. When trying to reverse-engineer the algorithm, the researchers wrote that (to simplify), they tried to design a similar encryption algorithm using a random number generator often used in cryptography and never came close to creating an encryption scheme as weak as the one actually used: `In a million tries we never even got close to such a weak instance,` they wrote. `This implies that the weakness in GEA-1 is unlikely to occur by chance, indicating that the security level of 40 bits is due to export regulations.` Researchers dubbed the attack `divide-and-conquer,` and said it was `rather straightforward.` In short, the attack allows someone who can intercept cellphone data traffic to recover the key used to encrypt the data and then decrypt all traffic. The weakness in GEA-1, the oldest algorithm developed in 1998, is that it provides only 40-bit security. That`s what allows an attacker to get the key and decrypt all traffic, according to the researchers.\n \n\n \n

2021-06-16 16:47:00       TechDirt
\n Last month we highlighted what seemed like a fairly silly Wall Street Journal op-ed arguing that banning cryptocurrency was the best way to stop ransomware, in response (mainly) to the well publicized ransomware attack on Colonial Pipeline, which resulted in the company shutting down the flow of oil while it sorted things out. As we pointed out, not only was the idea of banning cryptocurrency unworkable, it was unlikely to do much to stop ransomware. Unfortunately, it appears that a number of other cryptocurrency haters jumped on this moment to push the idea even further , claiming that `society has a Bitcoin problem.` \n \n Of course, part of the key narrative in all of these pieces is that cryptocurrency and Bitcoin in particular, somehow make it easier for criminals to `get away` with these kinds of ransom demands, highlighting that it is somewhat easier to move around large values of Bitcoin than cash. However, as we noted in our original piece, the idea that cryptocurrency allows criminals to `get away` seemed extremely overblown, as we`ve seen plenty of cases where criminals using cryptocurrency were caught. And, as if to put an exclamation point on all of this, soon after the huge moral panic, the FBI announced that it had recovered over half of the money Colonial Pipeline had paid . \n \n And, as the FBI special agent`s affidavit showed , this was done in part by tracking how the money flowed across the public ledger. The NY Times ran an article noting that the FBI`s recovery of the money here `upends the idea that Bitcoin is untraceable.` A bunch of long time Bitcoin/cryptocurrency followers scoffed at the NY Times article, because they`ve long known that Bitcoin`s public ledger has always made it so that transactions are traceable. But it`s actually important for people not deeply in the Bitcoin space to understand this as well. And the problem with so many of the `ransomware is really a cryptocurrency problem` articles, was that they implied otherwise -- that cryptocurrency was somehow totally and completely untraceable. \n \n As the NY Times article explains, what`s important here is that it demonstrates that for all the hand wringing about cryptocurrencies and ransomware, the reality is that law enforcement is evolving with the times, and using the same kind of law enforcement detective work it`s supposed to use to solve crimes. \n \n Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry. \n \n Thats because the same properties that make cryptocurrencies attractive to cybercriminals the ability to transfer money instantaneously without a banks permission can be leveraged by law enforcement to track and seize criminals funds at the speed of the internet. \n \n That`s an important point and one that often gets lost in the FUD surrounding new technologies (such as encryption) that might make law enforcement`s job slightly more complex in the short run. But, at the same time, law enforcement needs to learn to adapt, not by undermining these technologies, but understanding how they work, and understanding how to do the actual legwork to trace those abusing the technology for criminal purposes. \n \n So rather than jumping to the conclusion that we need to ban this or that technology because it makes it slightly more challenging for law enforcement, this is actually an example showing how if law enforcement does their job properly, the technology is not the problem. \n

2021-06-15 13:00:00       Slashdot
Screenshots of Microsoft`s upcoming Windows 11 operating system have appeared online today. Originally published at Chinese site Baidu, the screenshots show off the new Windows 11 user interface and Start menu. The UI changes look very similar to what was originally found in Windows 10X before Microsoft canceled that project in favor of Windows 11. From a report: App icons are now centered on the taskbar, with a new Start button and menu. The Start menu is a simplified version of what currently exists in Windows 10, without Live Tiles. It includes pinned apps and the ability to quickly shut down or restart Windows 11 devices. The operating system is identified as Windows 11 Pro in screenshots, and we can confirm they are genuine. Microsoft has been dropping hints that it`s ready to launch Windows 11. The software giant is holding a special Windows event to reveal its next OS on June 24th. The event starts at 11AM ET, and the event invite includes a window that creates a shadow with an outline that looks like the number 11.\n \n\n \n

2021-06-15 07:42:12       BBC Technology News
From October 2025, there will be no new updates or security fixes for Windows 10.

2021-06-08 14:27:58       Security Week
\n Microsofts Patch Tuesday will take on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild. \n \n read more \n

2021-06-06 17:41:00       Slashdot
Today ZDNet`s `Technically Incorrect` columnist Chris Matyszczyk discussed a new pop-up message that`s now appearing in Windows 10`s notification center. It`s warning Windows users that `Microsoft recommends different browser settings. Want to change them?` The notification adds that you`ll get `Search that gives you back time and money.` And `fast and secure search results with Bing.` Oh, yes. Bing, the MySpace to Google`s Facebook, is still being pushed. I learned that this Bing-pushing is pushing Windows users` buttons. There`s a little Reddit thread where you`ll see laments such as: `You`re not the first to have this Microsoft Annoyance. Apparently, there are thousands in front of you.` The most poignant, perhaps, was this: `Miserably I get this despite using Edge AND having Bing set as my default search engine... (the latter of which for Microsoft Rewards). I think the `problem` is that not ALL of my browsers had Bing as the default search engine? Which is ridiculous because I never use Chrome or Firefox anyway. But after clicking the popup, it ludicrously opened up all my browsers....` What`s most distressing is the lack of any attempt at charm or humor in these notifications. Are they all written by engineers? Or robots, perhaps...? Perhaps Microsoft believes that irritation works. Perhaps it simply has no better ideas to persuade anyone to try Bing. And really, it`s not as if Redmond is alone in pursuing this sort of communication. Why, I`ve even had Apple notifying me of its angry feelings whenever I open, oh, Microsoft Edge.\n \n\n \n

2021-06-05 18:34:00       Slashdot
The New York Times` `On Tech` newsletter observes that Microsoft releasing a new version of Windows is now `basically a nonevent.` `This shows technology has evolved from a succession of Big Bang moments to something so meshed into our lives that we often don`t notice it.` The last version of Windows as we knew it was arguably released in 2012. I was a reporter at The Wall Street Journal at the time, and my professional life that year was dominated by the unveiling of Windows 8 - including the anticipation, the strategy around it, and its eventual reception. But that was basically the end of an era. New releases of Windows since then have become progressively less major. A significant reason is that personal computers are no longer the center of our digital lives. A new iPhone model gets a lot of attention - although it shouldn`t get so much - but a refresher to Windows doesn`t. Still, the supremacy of smartphones is an insufficient explanation. Windows beginning around 2015 began to get regularly tweaked under the hood - just like Netflix, Facebook, and every app on your smartphone as well as the software that runs the phone itself. In other words, Windows just changes in dribs and drabs all of the time without most people noticing. Instead of waiting years to get a fresh computer, we`re effectively getting a new PC with every tweak. The new edition of Windows will remodel the look of the software and improve features like reordering apps. But because Microsoft incrementally revises Windows, new versions of the software matter less to most people. This shift for Windows was part of a remarkable transformation at Microsoft. The company`s obsession with Windows threatened to relegate Microsoft to tech irrelevancy. Then Microsoft hired a new chief executive in 2014, and suddenly Windows wasn`t the beating heart of the company anymore. That shows just how much institutions can change. But more than that, a Windows launch morphing from a big thing to something a professional tech writer didn`t see coming reflects what technology has become. It`s no longer strictly the shiny new object that comes out of a box every once in a while. Technology is all around us all the time, and it`s perfectly normal.\n \n\n \n

2021-06-02 18:10:00       Slashdot
After teasing Windows 10`s next UI refresh last week, Microsoft confirmed Wednesday that `the next generation of Windows` will be announced on June 24. CNBC reports: Windows, the dominant operating system for personal computers, is the source of 14% of total revenue for Microsoft, one of the most valuable companies in the world. The company has pushed two updates each year to its Windows 10 operating system since it first became available in 2015. Nadella made the Windows remarks last week shortly after the company announced that it won`t ship Windows 10X. That operating system was initially designed for dual-screen devices such as the Surface Neo, which has been delayed. The company is working on an update to Windows with the code name Sun Valley, that includes a more modern look, with rounded corners coming to components such as the Start menu. Microsoft could ship a revamp of its Windows app store, which would allow developers to use third-party commerce systems, alongside the Sun Valley update. The event will be held online at 11 a.m. ET, according to an invitation the company sent to reporters. Nadella will be there, along with Panos Panay, Microsoft`s chief product officer, who has been the face of the company`s Surface devices, the invitation said.\n \n\n \n

2021-06-02 10:41:29       Slashdot

Mozilla`s Firefox 89 releases to the general public today complete with the new Proton interface which simplifies the browser`s menus and alters the tabs bar beyond anything we`ve seen from previous Firefox releases or other web browsers. From a report: This update also improves macOS integration and includes further privacy enhancements. The first thing that people will notice in this update is the Proton interface, the browser chrome and toolbar have been simplified so that redundant and less frequently used features have been removed, menus have been altered so that the most used features are prominent and visual noise has been reduced.

Proton also updates prompts so they have a cleaner appearance and unnecessary alerts and messages have been removed. The attached tabs have also been supplanted by floating tabs; Mozilla says the rounded design of the active tab `signals the ability to easily move the tab as needed.` While almost everyone will support cleaner menus, the new tabs are drawing the ire of some who are not pleased with the radical departure from the traditional look and feel of tabs.

2021-06-01 11:15:20       Slashdot
If you use Alexa, Echo, or any other Amazon device, you have just over a week to opt out of an experiment that leaves your personal privacy and security hanging in the balance. From a report: On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don`t have connectivity and help you to their bandwidth when you don`t have a connection. By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk `is currently only available in the US.` [...] Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

2021-05-30 11:34:00       Slashdot
`You can now use GUI app support on Windows Subsystem for Linux (WSL),` Microsoft announced this week, `so that all the tools and workflows of Linux run on your developer machine.` Bleeping Computer has already tested it running Gnome`s file manager Nautilus, the open-source application monitor/task manager Stacer, the backup software Timeshift, and even the game Hedgewars. Though it`s currently available only to the millions who`ve registered for Windows 10 `Insider Preview` builds, it`s already drawing positive reviews. `With the Windows Subsystem for Linux, developers no longer need to dual-boot a Windows and Linux system,` argues the Windows Central site, `as you can now install all the Linux stuff a developer would need right on top of Windows instead.` Finally formally announced at this week`s annual Microsoft Build conference, the new functionality runs graphical Linux apps `seamlessly,` according to Tech Radar, calling the feature `highly anticipated.` Arguably, one of the biggest, and surely the most exciting update to the Windows 10 WSL, Microsoft has been working on WSLg for quite a while and in fact first demoed it at last year`s conference, before releasing the preview in April... Microsoft recommends running WSLg after enabling support for virtual GPU (vGPU) for WSL, in order to take advantage of 3D acceleration within the Linux apps.... WSLg also supports audio and microphone devices, which means the graphical Linux apps will also be able to record and play audio. Keeping in line with its developer slant, Microsoft also announced that since WSLg can now help Linux apps leverage the graphics hardware on the Windows machine, the subsystem can be used to efficiently run Linux AI and ML workloads... If WSLg developers are to be believed, the update is expected to be generally available alongside the upcoming release of Windows. Bleeping Computer explains that WSLg launches a `companion system distro` with Wayland, X, and Pulse Audio servers, calling its bundling with Windows 10 `an exciting development as it blurs the lines between Linux and Windows 10, and fans get the benefits of both worlds.`\n \n\n \n

2021-05-20 11:26:59       Slashdot

Microsoft is finally retiring Internet Explorer next year, after more than 25 years. The aging web browser has largely been unused by most consumers for years, but Microsoft is putting the final nail in the Internet Explorer coffin on June 15th, 2022, by retiring it in favor of Microsoft Edge. From a report: `We are announcing that the future of Internet Explorer on Windows 10 is in Microsoft Edge,` says Sean Lyndersay, a Microsoft Edge program manager. `The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10.` While the Long-Term Servicing Channel (LTSC) of Windows 10 will still include Internet Explorer next year, all consumer versions will end support of the browser. Microsoft doesn`t make it clear (and we`re checking), but it`s likely that we`ll finally see the end of Internet Explorer being bundled in Windows either in June 2022 or soon after.

NOTE: This is significant news especially considering that IE is the only browser currently supporting the Java applet plugin.

2021-05-06 11:11:53       Slashdot
A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. BleepingComputer reports: The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:/ProgramData/Microsoft/Windows Defender/Scans/History/Store folder to be filled up with thousands of files with names that appear to be MD5 hashes. From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB. While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space. On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files. According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.

2021-05-05 10:22:02       Slashdot
Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate unsupported Adobe Flash Player from Windows PCs for good. ZDNet reports: The update KB4577586 called `Update for Removal of Adobe Flash Player` has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020 as per an announcement by Adobe and major browser makers in 2017. `Starting in June 2021, the KB4577586 `Update for Removal of Adobe Flash Player` will be included in the Preview Update for Windows 10, version 1809 and above platforms. It will also be included in every subsequent Latest Cumulative Update,` Microsoft said. `As of July 2021, the KB4577586 `Update for Removal of Adobe Flash Player` will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard,` it added.

2021-04-21 09:57:51       Slashdot

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

The newest Chrome update -- 90.0.4430.85 -- is available for Windows, Mac and Linux users and is being rolled out via the browser`s automatic update mechanism. The vulnerability being exploited is identified as CVE-2021-21224 and simply described as a `type confusion` in the V8 Chrome rendering engine. Google credited the Jose Martinez (tr0y4) from VerSprite Inc. for reporting the vulnerability. `Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,` the company said, with no additional details.

2021-04-09 17:25:00       Slashdot
An anonymous reader quotes a report from ZDNet: A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not -- yet -- been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. Computest researchers Daan Keuper and Thijs Alkemade earned themselves $200,000 for this Zoom discovery, as it was part of the Pwn2Own contest. In a statement to Tom`s Guide, Zoom thanked the Computest researchers and said the company was `working to mitigate this issue with respect to Zoom Chat.` In-session Zoom Meetings and Zoom Video Webinars are not affected. `The attack must also originate from an accepted external contact or be a part of the target`s same organizational account,` Zoom added. `As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust.`\n \n\n \n

2021-04-08 21:25:00       Slashdot
Verizon is recalling 2.5 million hotspot devices after discovering that the lithium ion battery can overheat, creating a fire and burning hazard. CNBC reports: The recall impacts Ellipsis Jetpack mobile hotspots imported by Franklin Wireless Corp and sold between April 2017 and March 2021. The affected models are labeled: MHS900L, MHS900LS and MHS900LPP. Verizon disclosed the recall Thursday alongside a notice from the U.S. Consumer Product Safety Commission (CPSC). A Verizon spokesperson said just over 1 million of the recalled devices are currently in use, meaning currently or recently used by customers. According to the recall notice posted by the CPSC, Verizon had received 15 reports of the hotspots overheating. Six of those reports included incidents of fire damage to bedding or flooring and two involved minor burn injuries. Some of the hotspots were supplied to students by their schools to continue remote learning, according to the recall notice. Parents who received hotspots from their children`s schools are advised to contact the schools about receiving a replacement. Other customers can request a replacement by going to or calling 855-205-2627.\n \n\n \n

2021-03-14 14:16:17       Slashdot
Attacks that leverage Microsoft Exchange vulnerabilities `have escalated,` warns CNN. They cite a senior White House official saying the window for updating exposed servers is incredibly short -- `measured in hours, not days.` On Thursday, Microsoft and security researchers warned that the vulnerabilities are now being combined with another potent cybersecurity threat: ransomware, which locks up a computer or a network`s files and holds them hostage until the victim pays a fee. `We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,` Microsoft said in a tweet. Security experts at Palo Alto Networks estimated Thursday that at least 20,000 US-based Exchange servers remain unpatched and vulnerable to exploitation, and as many as 80,000 around the globe. Other security researchers say the pace of attacks against Exchange servers is rising as opportunistic hackers seek to take advantage of the opening found by Hafnium, the group Microsoft has said is responsible for the original breaches and is `assessed to be state-sponsored and operating out of China.` The number of attempted attacks against organizations has been doubling every two to three hours, according to Check Point Research, which monitors the internet for malicious activity.

2021-03-14 14:15:51       Slashdot
`Microsoft-owned GitHub has removed a proof-of-concept (PoC) exploit for critical ProxyLogon bugs in Microsoft Exchange, causing a backlash from security researchers,` reports`s Developer newsletter: The exploit has recently led to infections of as many as 100,000 servers. Microsoft rushed out patches last week for the vulnerabilities in response to a number of Chinese groups exploiting the bugs. `This is huge, removing a security researcher`s code from GitHub against their own product and which has already been patched. This is not good,` Dave Kennedy, founder of TrustedSec, tweeted. `It`s unfortunate that there`s no way to share research and tools with professionals without also sharing them with attackers, but many people (like me) believe the benefits outweigh the risks,` tweeted Tavis Ormandy, a member of Google`s Project Zero.

2021-03-11 10:32:31       Slashdot
Support for Microsoft`s original Edge browser is ending today. Legacy Edge, as it is now called, will no longer receive security updates, and anyone still using it should start the process of switching to something else. The Verge reports: Legacy Edge was originally codenamed `Spartan` and was included with Windows 10 as the operating system`s default web browser before it was officially named Edge. The Edge mantle is being taken up by Microsoft`s Chromium-based browser, which was in beta throughout 2019 and officially launched in January 2020. This means Edge (the old Edge, that is) survived just over a year alongside its replacement. Microsoft also says Legacy Edge will automatically be removed by the April Windows 10 update, with the new Edge being installed in its stead.

2021-03-04 10:29:57       Slashdot

An anonymous reader quotes a report from NBC News:

The U.S. has issued an emergency warning after Microsoft said it caught China hacking into its mail and calendar server program, called Exchange. The perpetrator, Microsoft said in a blog post, is a hacker group that the company has `high confidence` is working for the Chinese government and primarily spies on American targets. The latest software update for Exchange blocks the hackers, prompting the U.S. Cybersecurity and Infrastructure Security Agency to issue a rare emergency directive that requires all government networks do so.

CISA, the U.S.`s primary defensive cybersecurity agency, rarely exercises its authority to demand the entire U.S. government take protective steps to protect its cybersecurity. The move was necessary, the agency announced, because the Exchange hackers are able `to gain persistent system access.` All government agencies have until noon Friday to download the latest software update. In a separate blog post, Microsoft Vice President Tom Burt wrote that the hackers have recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors. There was no immediate indication that the hack led to significant exploitation of U.S. government computer networks. But the announcement marks the second instance in recent months that the U.S. scrambled to address a widespread hacking campaign believed be the work of foreign government spies.

2021-02-18 10:33:15       Slashdot
Microsoft has begun deploying this week KB4577586, a Windows update that permanently removes the Adobe Flash Player software from Windows devices.

From a report: The update was formally announced last year at the end of October when Microsoft and other browser makers were preparing for the impending Flash end-of-life, scheduled for the end of 2020. According to a support document published at the time, the update was initially supposed to be optional. System administrators who wanted to remove Flash before the EOL date could access the Microsoft Update Catalog, download the KB4577586 packages, and remove Flash to avoid any security-related issues. But this week, multiple Windows 10 users reported that Microsoft is now forcibly installing KB4577586 on their devices and removing Flash support from the OS.

While users might think this would cause issues for some enterprises, it actually does not. Last year, Adobe introduced a time bomb in the Flash Player code that prevents the Flash Player app from playing content after January 12.

2021-01-16 11:22:45       Slashdot

The US National Security Agency has published this week a guide on the benefits and risks of encrypted DNS protocols, such as DNS-over-HTTPS (DoH), which have become widely used over the past two years. From a report: The US cybersecurity agency warns that while technologies like DoH can encrypt and hide user DNS queries from network observers, they also have downsides when used inside corporate networks.

`DoH is not a panacea,` the NSA said in a security advisory [PDF] published today, claiming that the use of the protocol gives companies a false sense of security, echoing many of the arguments presented in a ZDNet feature on DoH in October 2019. The NSA said that DoH does not fully prevent threat actors from seeing a user`s traffic and that when deployed inside networks, it can be used to bypass many security tools that rely on sniffing classic (plaintext) DNS traffic to detect threats. Furthermore, the NSA argues that many of today`s DoH-capable DNS resolver servers are also externally hosted, outside of the company`s control and ability to audit.

2021-01-16 11:22:00       Security Week
Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability.

2021-01-13 11:33:27       Slashdot

When a user attempts to load a Flash game or content in a browser such as Chrome, the content now fails to load and instead displays a small banner that leads to the Flash end-of-life page on Adobe`s website. While this day has long been coming, with many browsers disabling Flash by default years ago, it is officially the end of a 25-year era for Flash, first introduced by Macromedia in 1996 and acquired by Adobe in 2005.

Mac Rumors reports: `Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems,` the page reads.

Adobe has instructions for uninstalling Flash on Mac, but note that Apple removed support for Flash outright in Safari 14 last year. Adobe first announced its plans to discontinue Flash in 2017. `Open standards such as HTML5, WebGL, and WebAssembly have continually matured over the years and serve as viable alternatives for Flash content,` the company explained.

Adobe does not intend to issue Flash Player updates or security patches any longer, so it is recommended that users uninstall the plugin.

2021-01-13 11:31:26       Slashdot
Mozilla developers plan to remove support for using the Backspace key as a Back button inside Firefox. From a report: The change is currently active in the Firefox Nightly version and is expected to go live in Firefox 86, scheduled to be released next month, in late February 2021. The removal of the Backspace key as a navigational element didn`t come out of the blue. It was first proposed back in July 2014, in a bug report opened on Mozilla`s bug tracker. At the time, Mozilla engineers argued that many users who press the Backspace key don`t always mean to navigate to the previous page (the equivalent of pressing the Back button).

2021-01-12 13:59:23       Security Week
\n Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a `critical` bug in the Defender security product that`s being actively exploited. \n \n read more \n

2021-01-05 10:57:30       Slashdot
With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. From a report: When Flash Player is installed, it creates a scheduled task named `Adobe Flash Player PPAPI Notifier` that executes the following command: `C:WindowsSysWOW64MacromedFlashFlashUtil32_32_0_0_465_pepper.exe` -update pepperplugin. When this command is executed, it is now displaying an alert thanking users for using Adobe Flash Player and then recommending that they uninstall the program due to its looming end of life. Further reading: Adobe Flash is about to die, but classic Flash games will live on.

2021-01-05 10:48:51       Slashdot
Adobe has released the final scheduled update to its Flash Player plugin, weeks before Flash`s official retirement. The Verge reports: As noted on Adobe`s site, yesterday marked the last update for Flash outside mainland China, which has a separate version of the software. Adobe will stop supporting Flash on December 31st, 2020, and it will block Flash content from running on January 12th, 2021. Adobe offered a brief farewell in its release notes. `We want to take a moment to thank all of our customers and developers who have used and created amazing Flash Player content over the last two decades,` the note says. `We are proud that Flash had a crucial role in evolving web content across animation, interactivity, audio, and video. We are excited to help lead the next era of digital experiences.`

2021-01-05 10:48:34       Slashdot
Microsoft has raised the alarm today about a new malware strain that infects users` devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. From a report: Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day. But in a report today, the Microsoft 365 Defender Research Team believes the number of infected users is much, much higher. Microsoft researchers said that between May and September 2020, they observed `hundreds of thousands` of Adrozek detections all over the globe. Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia. Microsoft says that, currently, the malware is distributed via classic drive-by download schemes. Users are typically redirected from legitimate sites to shady domains where they are tricked into installing malicious software. The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.

2021-01-05 10:48:19       Slashdot
Ammalgam shares a report from The Redmond Cloud: Starting this month, Microsoft will begin forcing some users to upgrade to Windows 10 version 1909 or version 2004 if they don`t update their PC manually. This is coming after Microsoft announced that it`s ending support for Windows 10 version 1903, including Windows 10 Home and Windows 10 Pro. If you`re on Windows 10 version 1903, you`ll be force upgraded to version 1909 later this month. If you`re on Windows 10 version 1909, you`ll be forcefully upgraded to Windows 10 version 2004 (May 2020 Update) by the spring of next year. If you`re still using last year`s Windows 10 versions, it`s better to attempt the upgrade manually. [...] The process is expected to start this week and expand over the course of the next month before Windows 10 version 21H1 update is ready for production channels.

2021-01-05 10:48:09       Slashdot
Microsoft is planning a `sweeping visual rejuvenation of Windows` that is designed to signal to users of the operating system that `Windows is BACK.` From a report: That`s according to a job listing posted by Microsoft recently, advertising for a software engineering role in the Windows Core User Experiences team: `On this team, you`ll work with our key platform, Surface, and OEM partners to orchestrate and deliver a sweeping visual rejuvenation of Windows experiences to signal to our customers that Windows is BACK and ensure that Windows is considered the best user OS experience for customers.` Microsoft quietly removed references to this `sweeping visual rejuvenation` this morning, after several Windows enthusiasts spotted the job listing over the weekend.

2020-11-07 15:52:50       Slashdot
`BIDEN WINS` declares the all-caps headline at


NBC News reports: Joe Biden became president-elect Saturday after winning the pivotal state of Pennsylvania, NBC News projected.

The former vice president amassed 273 Electoral College votes after winning Pennsylvania`s 20 electors, according to NBC News, surpassing the 270 needed to win the White House and defeat President Donald Trump.

Biden`s victory capped one of the longest and most tumultuous campaigns in modern history, in which he maintained an aggressive focus on Trump`s widely criticized handling of the Covid-19 pandemic. A majority of voters said rising coronavirus cases were a significant factor in their vote, according to early results from the NBC News Exit Poll of early and Election Day voters.

Biden regularly criticized Trump as unfit for office and positioned his campaign as a `battle for the soul of America.` He promised from the outset of his run to heal and unite the country if he won, and made central to his closing message a pledge to represent both those who voted for him as well as those who didn`t when he got to the White House.

As president, Biden will immediately be confronted with a bitterly divided nation in the throes of a pandemic that has already killed 236,000 Americans.

2020-10-31 10:57:22       Slashdot

This issue will not be addressed for at least 10 days. If you are running Chrome on Windows, consider switching to Firefox for the next couple of weeks at least.


Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. From a report:

The zero-day is expected to be patched on November 10, which is the date of Microsoft`s next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google`s elite vulnerability research team. On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week. The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome`s secure container and run code on the underlying operating system -- in what security experts call a sandbox escape.

2020-10-29 14:55:00       Slashdot

Microsoft has released a Windows update that removes Adobe`s Flash Player before it reaches end of support on December 31, 2020. ZDNet reports:

Update KB4577586 is part of Microsoft`s effort to follow through with plans it announced along with Adobe, Apple, Facebook, Google, and Mozilla in 2017 to end support for Flash by December 2020. The Flash-removing update is available for all supported versions of Windows 10 and Windows Server, as well as Windows 8.1.

This new update removes Flash Player from Windows devices and cannot be uninstalled, Microsoft says in a new support note. However, it isn`t rolling out via Windows Server Update Service (WSUS) just yet, and the update needs to be downloaded and installed from the Microsoft Update Catalog. It will become available to WSUS in early 2021, but admins can import it to WSUS manually today. Microsoft is releasing the Flash-removing update ahead of the end of support so that enterprise customers can test the impact on business applications when Flash is removed from a Windows PC or server. But the company says it will continue to deliver Flash security updates until support ends.

Microsoft has also detailed two methods that users and admins can follow to continue using Flash Player after the update is installed. Users can reset a device to an earlier system restore point. However, users need to explicitly enable this feature and a system restore point must have been created on the Windows device before the update is applied. The other option is to reinstall Windows without applying the update.

2020-10-26 10:43:00       Slashdot
Big changes are coming to Internet Explorer. Starting next month, users trying to access certain websites will see IE refuse to load the URL and automatically open the site in Edge instead. From a report: This forced IE-to-Edge behavior is part of Microsoft`s Internet Explorer deprecation plans. Microsoft has been gradually rolling out the feature for testing purposes for some Windows users since the release of Edge 84 this summer. However, with the release of Edge 87, scheduled for next month, Microsoft plans to enable the forced IE-to-Edge action for all IE users.\n \n\n \n

2020-10-25 01:34:00       Slashdot
`Google released an update to its Chrome browser that patches a zero-day vulnerability in the software`s FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week: Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday. Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities. By Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac and amp; Linux - among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk. `Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,` Prudhvikumar Bommana of the Google Chrome team wrote in a blog post announcing the update Tuesday... `The fix is also in today`s stable release of FreeType 2.10.4,` Ben Hawkes, technical lead for the Project Zero team, tweeted. Meanwhile, security researchers took to Twitter to encourage people to update their Chrome browsers immediately to avoid falling victim to attackers aiming to exploit the flaw... In addition to the FreeType zero day, Google patched four other bugs - three of high risk and one of medium risk - in the Chrome update released this week... So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.\n \n\n \n

2020-10-24 23:34:00       Slashdot
This week the Verge reported: If you ask Chrome to delete all cookies and site data whenever you quit the browser, it`s reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn`t being removed for two sites in particular: Google and YouTube. This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, `local storage` data for and stuck around even after restarting the browser. We`ve been able to replicate similar behavior... The Register notes that Chrome`s behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they`re being careful by deleting their cookie and site data every time they close the browser. In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube`s local storage data seems to successfully purge after a restart, although the data from still sticks around.\n \n\n \n

2020-10-22 14:07:00       Slashdot
An anonymous reader shares a report: Site Isolation is a modern browser security feature that works by separating each web page and web iframes in their own operating system process in order to prevent sites from tampering or stealing with each other`s data. The feature was first deployed with Google Chrome in mid-2018, with the release of Chrome 67. Although initially, Site Isolation was meant to be deployed as a general improvement to Chrome`s security posture, the feature came just in time to serve as a protective measure against the Spectre vulnerability impacting modern CPUs. Seeing the feature`s success, Mozilla also announced plans to support it with the Firefox browser in February 2019, as part of an internal project codenamed Fission. For both Google and Mozilla, implementing Site Isolation was a time-consuming operation, requiring engineers to re-write large chunks of their browsers` internal architecture. The process took about two years for both Google and Mozilla. While Site Isolation is now a stable feature inside Chrome, this work is now nearing its completion inside Firefox. According to an update to the Project Fission wiki page, Site Isolation can now be enabled inside versions of Firefox Nightly, the Firefox version where new features are tested.\n \n\n \n

2020-10-19 03:34:00       Slashdot
The Verge`s senior news editor complains that without permission, Windows 10 restarted to install `unsolicited, unwanted web app versions of Word, PowerPoint, Excel and Outlook onto my computer.` OK, it`s not as bad as when my entire computer screen got taken over by an unwanted copy of Microsoft Edge. That was truly egregious. No, this time Microsoft is merely sneaking unwanted web apps onto my PC - and using my Windows 10 Start Menu as free advertising space. Did I mention that icons for Microsoft Office apps have magically appeared in my Start Menu, even though I`ve never once installed Office on this computer? These aren`t full free copies of Office, by the way. They`re just shortcuts to the web version you could already access in any web browser of your choice, which double as advertisements to pay for a more fully featured copy... They`re the latest proof that Microsoft doesn`t respect your ownership of your own PC, the latest example of Microsoft installing anything it likes in a Windows update up to and including bloatware, and the latest example of Microsoft caring more about the bottom line than whether a few people might lose their work when Windows suddenly shuts down their PC. Luckily, I didn`t lose any work today, but a friend of mine recently did... Microsoft seems to think our computers are free advertising space, a place where it can selfishly promote its other products - even though they were told roundly in the `90s that even bundling a web browser was not OK. Now, they`re bundling a browser you can`t uninstall, and a set of PWA web apps that launch in that same browser. (Yes, they fire up Edge even if you`ve set a different browser as default.)\n \n\n \n

2020-09-14 15:04:20       Security Week
Virginia`s Fairfax County School System has been hacked and the attackers are seeking a ransom payment to keep them from disclosing stolen personal information.

2020-08-27 11:36:56       Slashdot

The BBC reports: U.S. Secretary of State Mike Pompeo says he wants a `clean` internet. What he means by that is he wants to remove Chinese influence, and Chinese companies, from the internet in the U.S. But critics believe this will bolster a worrying movement towards the breaking up of the global internet. The so called `splinternet` is generally used when talking about China, and more recently Russia. The idea is that there`s nothing inherent or pre-ordained about the internet being global.

For governments that want to control what people see on the internet, it makes sense to take ownership of it. The Great Firewall of China is the best example of a nation putting up the internet equivalent of a wall around itself. You won`t find a Google search engine or Facebook in China. What people didn`t expect was that the U.S. might follow China`s lead. They`re reacting to U.S. president Trump`s executive order to block all transactions with TikTok`s parent company (starting September 20) to `address the national emergency with respect to the information and communication technology supply chain.`

An opinion piece in the New York Times calls the move a `foolish and dangerous edict` that`s `deeply misguided and unproductive` which suggests that `the United States, like China, no longer believes in a global internet.`

In the BBC`s article Alan Woodward, a security expert at the University of Surrey, calls the U.S. decision `shocking.` `The U.S. government has for a long time criticised other countries for controlling access to the internet and now we see the Americans doing the same thing.

2020-08-27 11:34:14       Slashdot

`Researchers have found that Qualcomm`s Snapdragon chip, one of the most widely used in Android phones, has hundreds of bits of vulnerable code that leaves millions of Android users at risk,` reports Gizmodo: To back up a bit, Qualcomm is a major chip supplier to several well-known tech companies.

In 2019, its Snapdragon series of processors could be found on nearly 40% of all Android smartphones, including high-profile flagship phones from Google, Samsung, Xiaomi, LG, and OnePlus.

Researchers from Check Point, a cybersecurity firm, found the digital signal processor (DSP) in Qualcomm Snapdragon chips had over 400 pieces of vulnerable code. The vulnerabilities, altogether dubbed `Achilles,` can impact phones in three major ways. Attackers would only have to convince someone to install a seemingly benign app that bypasses usual security measures. Once that`s done, an attacker could turn the affected phone into a spying tool. They`d be able to access a phone`s photos, videos, GPS, and location data. Hackers could potentially also record calls and turn on the phone`s microphones without the owner ever knowing.

Alternatively, an attacker could choose to render the smartphone completely unusable by locking all the data stored on it in what researchers described as a `targeted denial-of-service attack.` Lastly, bad actors could also exploit the vulnerabilities to hide malware in a way that would be unknown to the victim, and unremovable.

Part of why so many vulnerabilities were found is that the DSP is a sort of `black box.` It`s difficult for anyone other than the manufacturer of the DSP to review what makes them work...

The article notes that Qualcomm has no evidence of the vulnerability being exploited in the wild, adding that the company has `reportedly since fixed the issue.` But they also note that it`s still up to individual phone makers to push out the relavant security paches, `which could take some time.

2020-08-18 10:14:24       Slashdot

Microsoft will end support for Internet Explorer 11 across its Microsoft 365 apps and services next year.

The Verge reports: In exactly a year, on August 17th, 2021, Internet Explorer 11 will no longer be supported for Microsoft`s online services like Office 365, OneDrive, Outlook, and more. Microsoft is also ending support for Internet Explorer 11 with the Microsoft Teams web app later this year, with support ending on November 30th. While it`s still going to take some time to pry enterprise users of Internet Explorer 11 away, Microsoft is hoping that the new Internet Explorer legacy mode in the Chromium-based Microsoft Edge browser will help. It will continue to let businesses access old sites that were specifically built for Internet Explorer, until Microsoft fully drops support for Internet Explorer 11 within Windows 10. Microsoft`s move to stop supporting Internet Explorer 11 with its main web properties is a good first step, though.

Alongside the support changes, Microsoft is also planning to drop support for its existing legacy version of Microsoft Edge on March 9th, 2021. After the end of support date, the legacy version of Edge will no longer receive security updates. Microsoft has been moving existing Windows 10 users over to new its Chromium-based Edge browser, and the company says new devices and future Windows feature updates will all include the new Edge browser.

2020-08-04 10:03:00       Slashdot
AmiMoJo writes: Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a `Severe` security risk. Windows 10 users are reporting that Windows Defender had started detectingmodified HOSTS files as a `SettingsModifier:Win32/HostsFileHijack` threat. So it seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file. Users who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection. Users who intentionally modify their HOSTS file can allow this `threat,` but it may enable all HOSTS modifications, even malicious ones, going forward.\n \n\n \n

2020-07-31 11:20:00       Slashdot
PAjamian writes: A recently released Red Hat update for the BootHole Vulnerability (firehose link) is causing systems to become unbootable. It is widely reported that updates to the shim, grub2 and kernel packages in RHEL and CentOS 7 and 8 are leaving various systems that use secure boot unbootable. Current recommendations are to avoid updating your system until the issue is resolved, or at least avoid updating the shim, grub2 and kernel packages. Update, shared by PAjamian: Red Hat is now recommending that users do not apply grub2, fwupd, fwupdate or shim updates until new packages are available.\n \n\n \n