Security

Avast SafeZone Browser Lets Attackers Access Your Filesystem (softpedia.com) 14

An anonymous reader writes: Just two days after Comodo's Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, it's now Avast's turn to be publicly scorned for failing to provide a "secure" browser for its users. Called SafeZone, and also known as Avastium, Avast's custom browser is offered as a bundled download for all who purchase or upgrade to a paid version of Avast Antivirus 2016. This poor excuse of a browser was allowing attackers to access files on the user's filesystem just by clicking on malicious links. The browser wouldn't even have to be opened, and the malicious link could be clicked in "any" browser.
Bug

Ask Slashdot: Fixing UVC Camera Issues Under Windows? 147

Khyber writes: I bought some cheap Chinese camera glasses with built-in microphones. These are (supposedly) UVC cameras manufactured in 2015. Under Windows XP, these cameras are seen perfectly fine and work as web cameras; even the microphones work. Under Windows 7, the camera appears to install just fine, however I get the 'This device can perform faster if you connect to USB 2.0' (which it is connected to) and when I try to load it up with any camera viewer such as manycam or any chat program's built-in previewer, I cannot receive any video from the camera. I can get audio from the camera microphones under Windows 7, so I am wondering if the camera device is having problems enumerating as a USB 2.0 device due to some change in Windows 7 (which it doesn't seem to have issues doing under XP,) or if the UVC driver for Windows 7 is missing something in comparison to the one used for Windows XP. Anybody else had issues getting newer UVC cameras to work in newer operating systems?
Data Storage

Barracuda Copy Shutting Down (barracuda.com) 52

New submitter assaf07 writes: I received a notification [Monday] that Barracuda's excellent online storage option Copy will be shuttting down in May. A blog post by Rod Matthews, VP of Storage at Barracuda gives the usual business doublespeak excuse. Having used Google's Drive, Box, Dropbox, and Spideroak, I am very disappointed to lose Copy as its native Linux, Android, IOS, and Windows clients are/were wonderful.
Windows

Windows 10 Passes Windows XP In Market Share 311

An anonymous reader writes: Six months after its release, Windows 10 has finally passed 10 percent market share. Not only that, but the latest and greatest version from Microsoft has also overtaken Windows 8.1 and Windows XP, according to the latest figures from Net Applications. Windows 10 had 9.96 percent market share in December, and gained 1.89 percentage points to hit 11.85 percent in January. Maybe it will jump even faster soon, but not necessarily for the best of reasons.
Windows

Windows 10 Now a 'Recommended Update' For Windows 7 and 8.1 Users (betanews.com) 572

Mark Wilson writes: Microsoft has been accused of pushing Windows 10 rather aggressively, and the company's latest move is going to do nothing to silence these accusations. For Windows 7 and Windows 8.1 users, Windows 10 just became a 'recommended update' in Windows Update.

This is a change from the previous categorization of the upgrade as an 'optional update' and it means that there is renewed potential for unwanted installations. After the launch of Windows 10, there were numerous reports of not only the automatic download of OS installation files, but also unrequested upgrades. The changed status of the update means that, on some machines, the installation of Windows 10 could start automatically.

Communications

After More Than a Decade, MSN Chat Authentication Is Documented (goo.gl) 27

An anonymous reader writes: After MSN Chat closed in 2003, and then again in 2006, some guy has finally documented the authentication system used — over a decade later! Developer Joshua Davison writes by way of explanation: I think it's important to document the challenge we (users, scripters, hackers) faced connecting to MSN Chat, which is the only known 'proper' implementation of IRCX v8.1 at this time. MSN Chat introduced a GateKeeper SASL authentication protocol, which implemented 'GateKeeper' and 'GateKeeperPassport' (not dissimilar to the widely documented NTLM authentication protocol, which was also implemented as NTLM, and NTMLPassport) The GateKeeper Security Support Provider (GKSSP) functioned in two ways; allowing a user to login with a Microsoft Account (Previously known as Microsoft Passport, .NET Passport, Microsoft Passport Network, and Windows Live ID), and also allowed guest authentication for users without, or not willing to use a Microsoft Account. While most users didn't need or want to understand how the protocol worked, there were many of us who did, and many that just preferred to use MSN Chat outside of the browser.
Bug

Running "rm -rf /" Is Now Bricking Linux Systems (phoronix.com) 697

An anonymous reader writes: For newer systems utilizing UEFI, running rm -rf / is enough to permanently brick your system. While it's a trivial command to run on Linux systems, Windows and other operating systems are also prone to this issue when using UEFI. The problem comes down to UEFI variables being mounted with read/write permissions and when recursively deleting everything, the UEFI variables get wiped too. Systemd developers have rejected mounting the EFI variables as read-only, since there are valid use-cases for writing to them. Mounting them read-only can also break other applications, so for now there is no good solution to avoid potentially bricking your system, but kernel developers are investigating the issue.
Bug

FTDI Driver Breaks Hardware Again (eevblog.com) 268

janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips [NOTE: that driver was later removed] has got a new update that injects garbage data ('NON GENUINE DEVICE FOUND!') into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.

Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.

Windows

Microsoft's Windows Phone Platform Is Dead (windows10update.com) 455

Ammalgam writes: Tom Warren at the Verge today gave voice to what a lot of other technology analysts and today definitively declared that Microsoft's Windows Phone platform is dead. This largely based on the abysmal adoption numbers released in Microsoft's most recent earnings report. Mr. Warren articulates the obvious by stating: "With Lumia sales on the decline and Microsoft's plan to not produce a large amount of handsets, it's clear we're witnessing the end of Windows Phone. Rumors suggest Microsoft is developing a Surface Phone, but it has to make it to the market first. Windows Phone has long been in decline and its app situation is only getting worse. With a lack of hardware, lack of sales, and less than 2 percent market share, it's time to call it: Windows Phone is dead. "

Now this news should not be surprising to anyone who has watched the slow decline of Windows Phone. Last December, in an article on Windows10update.com, Onuora Amobi also wrote off the platform. In this case, his analysis was based on the nonconformity of the Microsoft user interface to Apple and Android's widely adopted aesthetic appeal. He wrote "I believe Windows Phone is dead. Kaput. Finished. Over. Done. ... Windows 10 is successful in part because it's a return to Windows 7 in many ways and that's what made the consumers happy. One of the definitions of insanity is "doing the same thing over and over again but expecting a different result". This is exactly what Microsoft is doing and it's insane. Over 90% of Microsoft's desired audience like the look and feel of iPhones and Android devices. They do – it's not good or bad – it just is what it is. They spend their money on those two user interfaces."

Security

Attackers Use Microsoft Office To Push BlackEnergy Malware (csoonline.com) 51

itwbennett writes: Researchers at SentinelOne reverse engineered the latest variant of the BlackEnergy 3 rootkit (the same malware used in recent attacks against Ukraine's critical infrastructure) and found indicators that suggest it is being used by insiders and that it is the byproduct of a nation-sponsored campaign. 'BlackEnergy 3 exploits an Office 2013 vulnerability that was patched some time ago, so it only works if the target machine isn't patched or an employee (either deliberately or after being tricked into it) executes the malicious Excel document,' writes CSO's Steve Ragan.
Government

The US Government and Open Standards: a Tale of Personal Woe (thevarguy.com) 256

An anonymous reader writes: This article details a Linux user's struggles to submit a grant application when the process requires finicky, proprietary software. It also covers familiar ground made timely by the upcoming elections: the U.S. should prefer open source software and open standards over proprietary alternatives. The grant application required a PDF created by Adobe Acrobat — software Adobe no longer supports for Linux. Once the document was created, attempting to submit it while using Ubuntu fails silently. (On Windows 7, it worked immediately.) The reader argues, "By requiring Acrobat the government gives preference to a particular software vendor, assuring that thousands of people who otherwise would not choose to use Adobe software are forced to install it. Worse, endorsing a proprietary, narrowly supported technology for government data poses the risk that public information could become inaccessible if the vendor decides to stop supporting the software. Last but not least, there are privacy and fairness issues at stake. Acrobat is a totally closed-source program, which means we have to take Adobe's word for it that nothing sketchy is going on in its code. ... It would seem to be in the interest of the public for the government to prefer an open source solution, since it is much harder to hide nefarious features inside code that can be publicly inspected."
Firefox

Firefox 44 Arrives With Push Notifications (mozilla.org) 182

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.
Security

Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions 127

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.
Displays

Intel Compute Stick Updated With Cherry Trail Atom, Tested (hothardware.com) 90

MojoKid writes: The original Intel Compute Stick wasn't without issues. Last year's model featured dated 802.11n wireless connectivity and had only a single USB port, which meant using a hub and/or dongles, should you want to connect multiple peripherals to the device or boost its wireless capabilities. The new updated Intel Compute Stick, however, features Intel's newer Cherry Trail Atom platform, with 802.11ac 2x2 WiFi, and USB 3.0. There's still just 2GB of RAM in the device, along with 32GB of storage, but Windows 10 Home also now comes pre-installed. The result is a fully functional PC that won't burn up any benchmarks but offers utility for mainstream computing tasks and is even capable of streaming up to 4K video content. The little device can essentially turn any HDMI-equipped display into a basic PC.
Microsoft

Microsoft Asks Node.js To Allow ChakraCore (Edge) Alongside Google's V8 Engine (softpedia.com) 146

campuscodi writes: Microsoft has submitted an official pull request to the Node.js project, through which it's asking the project's maintainers to enable support for ChakraCore, the JavaScript engine packed inside Microsoft's Edge browser, as an alternative to Node's built-in V8 engine, developed by Google. Earlier in December 2015, Microsoft open-sourced ChakraCore. Microsoft has also been one of the biggest companies to adopt Node.js early on, and is also part of the Node.js Foundation's Board o Directors. The main reason to add ChakraCore support in Node.js will help the IoT version of Windows 10 to run JS apps on IoT devices, just like Samsung is also thinking about.
Networking

Tracking Protection In Wi-Fi Networks Coming Soon To Linux 112

prisoninmate writes: Fedora contributor and NetworkManager developer Lubomir Rintel explains how your devices are being identified on a network by a unique number that most of us know by the name of MAC address. Same goes for mobile networking, as your laptop's or mobile phone's MAC address is, in most cases, broadcasted everywhere you go before you even attempt a connection to a wireless network. And that's a problem for your privacy. The solution? Randomization of the MAC address while scanning for Wi-Fi networks. Apple is already using this method on iOS 8 and later mobile operating systems, and so is Microsoft in Windows 10, so Linux users will ["likely"] get it in the upcoming NetworkManager 1.2 release.
Ubuntu

AT&T Chooses Ubuntu Linux Instead of Microsoft Windows (betanews.com) 167

An anonymous reader writes: one of the largest cellular providers is the venerable AT&T. While it sells many Linux-powered Android devices, it is now embracing the open source kernel in a new way. You see, the company has partnered with Canonical to utilize Ubuntu for cloud, network, and enterprise applications. That's right, AT&T did not choose Microsoft's Windows when exploring options. Canonical will provide continued engineering support too.
Windows

Microsoft: Only the Latest Version of Windows Will Support New CPU Generations (windows.com) 458

Joe_Dragon sends news from Microsoft about how the company will support Windows now and in the future. The company says PCs built with Intel's Skylake chip, and other new architectures in the future, will require the latest version of Windows for support. This doesn't take effect right away; Windows 7 and 8.1 will be supported on older chips until their planned end-of-life dates, in 2020 and 2023 respectively. They'll also be supported on a list of current Skylake devices for the next 18 months. After that, only the latest version of Windows will support integration between the operating system and new CPU features. "For example, Windows 10 will be the only supported Windows platform on Intel's upcoming 'Kaby Lake' silicon, Qualcomm's upcoming '8996' silicon, and AMD's upcoming 'Bristol Ridge' silicon." Microsoft also mentioned that for new supported systems, the company will "ensure all drivers will be on Windows Update with published BIOS/UEFI upgrading tools." The submitter adds, "Putting BIOS/UEFI updates in to the Windows 10 auto- / forced-update system may open Microsoft to paying $600-$1,000+ to replace broken laptops. If Windows tries to update BIOS/UEFI at a bad/risky time (like during power instability in a big storm), it could lead to an update loop or worse."

Slashdot Top Deals