Microsoft

Microsoft Ports Edge Anti-Phishing Technology To Google Chrome (bleepingcomputer.com) 49

An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.

Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

Microsoft

Microsoft Drops OneNote From Office, Pushes Users To Windows 10 Version (venturebeat.com) 56

An anonymous reader writes: Microsoft is making big changes to OneNote for Windows: The desktop app will no longer be included in Microsoft Office. Instead, OneNote for Windows 10, the UWP app, will be the default OneNote experience for both Office 365 and Office 2019. OneNote for Mac, Android, iOS, and the web are unaffected. The move shouldn't be a huge surprise for those paying close attention to OneNote's development. Back in February 2015, Microsoft made OneNote for Windows completely free by removing all feature restrictions. This untethering of OneNote from Office meant users could download OneNote 2013 for Windows 7 and Windows 8 without having to pay for Office 2013.
Security

Windows 10 Update Will Support More Password-Free Logins (engadget.com) 66

An anonymous reader writes: It's not just web browsers that are moving beyond passwords. Microsoft has revealed that Windows 10's next update will support the new FIDO 2.0 standard, promising password-free logins on any Windows 10 device managed by your company or office. You could previously use Windows Hello to avoid typing in a password, of course, but this promises to be more extensive -- you could use a USB security key to sign into your Azure Active Directory.
Businesses

One Laptop Per Child's $100 Laptop Was Going To Change the World -- Then it All Went Wrong (theverge.com) 261

Adi Robertson, reporting for The Verge: In late 2005, tech visionary and MIT Media Lab founder Nicholas Negroponte pulled the cloth cover off a small green computer with a bright yellow crank. The device was the first working prototype for Negroponte's new nonprofit One Laptop Per Child (OLPC), dubbed "the green machine" or simply "the $100 laptop." And it was like nothing that Negroponte's audience -- at either his panel at a UN-sponsored tech summit in Tunis, or around the globe -- had ever seen. After UN Secretary-General Kofi Annan offered a glowing introduction, Negroponte explained exactly why. The $100 laptop would have all the features of an ordinary computer but require so little electricity that a child could power it with a hand crank.

[...] But OLPC's overwhelming focus on high-tech hardware worried some skeptics, including participants in the Tunis summit. One attendee said she'd rather have "clean water and real schools" than laptops, and another saw OLPC as an American marketing ploy. "Under the guise of non-profitability, hundreds of millions of these laptops will be flogged off to our governments," he complained. In the tech world, people were skeptical of the laptop's design, too. Intel chairman Craig Barrett scathingly dubbed OLPC's toy-like prototype "the $100 gadget," and Bill Gates hated the screen in particular. "Geez, get a decent computer where you can actually read the text," he told reporters.

[...] After announcing "the $100 Laptop," OLPC had one job to do: make a laptop that cost $100. As the team developed the XO-1, they slowly realized that this wasn't going to happen. According to Bender, OLPC pushed the laptop's cost to a low of $130, but only by cutting so many corners that the laptop barely worked. Its price rose to around $180, and even then, the design had major tradeoffs. [...]

Microsoft

Microsoft Delays Windows 10 Spring Creators Update Because of 'Higher Percentage of BSODs' (bleepingcomputer.com) 106

Microsoft has admitted that it had to postpone the release of Spring Creators Update, the upcoming major update to its Windows 10 desktop operating system due to technical issues. BleepingComputer notes: More precisely, Microsoft says it encountered a higher percentage of Blue Screen of Death (BSOD) errors on PCs, the company's Insiders Program managers said in a blog post yesterday. Microsoft says that instead of shipping the Springs Creators Update faulty as it was, and then delivering an update later to fix the issues, it decided to hold off on deploying the defective build altogether. The OS maker says it will create and test a new Windows 10 build that also includes the BSOD fixes, and ship that one instead of Windows 10 Insider Preview Build 17134, the build that was initially scheduled to be launched as the Spring Creators Update on April 10, last week.
Businesses

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 66

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
Cloud

Microsoft Built Its Own Custom Linux Kernel For Its New IoT Service (techcrunch.com) 195

At a small press event in San Francisco, Microsoft today announced the launch of a secure end-to-end IoT product that focuses on microcontroller-based devices -- the kind of devices that use tiny and relatively low-powered microcontrollers (MCUs) for basic control or connectivity features. TechCrunch reports: At the core of Azure Sphere is a new class of certified MCUs. As Microsoft president and chief legal officer Brad Smith stressed in today's announcement, Microsoft will license these new Azure Sphere chips for free, in hopes to jump-start the Azure Sphere ecosystem. Because it's hard to secure a device you can't update or get telemetry from, it's no surprise that these devices will feature built-in connectivity. And with that connectivity, these devices can also connect to the Azure Sphere Security Service in the cloud. For the first time ever, Microsoft is launching a custom Linux kernel and distribution: the Azure Sphere OS. It's an update to the kind of real-time operating systems that today's MCUs often use.

Why use Linux? "With Azure Sphere, Microsoft is addressing an entirely new class of IoT devices, the MCU," Rob Lefferts, Microsoft's partner director for Windows enterprise and security told me at the event. "Windows IoT runs on microprocessor units (MPUs) which have at least 100x the power of the MCU. The Microsoft-secured Linux kernel used in the Azure Sphere IoT OS is shared under an OSS license so that silicon partners can rapidly enable new silicon innovations." And those partners are also very comfortable with taking an open-source release and integrating that with their products. To get the process started, MediaTek is producing the first set of these new MCUs. These are low-powered, single-core ARM-A7 systems that run at 500MHz and include WiFi connectivity as well as a number of other I/O options.

Operating Systems

ReactOS 0.4.8 Released (osnews.com) 60

jeditobe shares a report from OSNews: With software specifically leaving NT5 behind, ReactOS is expanding its target to support NT6+ (Vista, Windows 8, Windows 10) software. Colin, Giannis and Mark are creating the needed logic in NTDLL and LDR for this purpose. Giannis has finished the side-by-side support and the implicit activation context, Colin has changed Kernel32 to accept software made for NT6+, and Mark keeps working on the shim compatibility layer. Although in a really greenish and experimental state, the new additions in 0.4.8 should start helping several software pieces created for Vista and upwards to start working in ReactOS. Microsoft coined the term backwards compatibility, ReactOS the forward compatibility one. Slashdot reader jeditobe adds: "A new tool similar to DrWatson32 has been created by Mark and added to 0.4.8, so now any application crashing will create a log file on the desktop. This crash dump details the list of modules and threads loaded, stack traces, hexdumps, and register state."

The announcement, general notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.8 is also available.
Windows

Microsoft Windows 10 Gains Linux/WSL Console Copy and Paste Functionality (betanews.com) 167

BrianFagioli writes: For better or worse, the Windows Subsystem for Linux (WSL) initiative seems to be moving full steam ahead. There are some very respectable distributions available in the Microsoft Store, such as Debian, Ubuntu, and Kali to name a few. Not to mention, Microsoft is trying to encourage even more maintainers to submit their distros with a new tool.

Apparently, some Windows 10 users have been clamoring for the ability to copy and paste both from and to WSL consoles -- a reasonable request. Well, as of Insider Build 17643, this is finally possible.

'As of Windows 10 Insider build #17643, you can copy/paste text from/to Linux/WSL Consoles!!! We know that this is a feature MANY of you have been waiting for -- our sincerest thanks for your patience and continued support while we untangled the Console's internals, allowing us to implement this feature. To ensure that we don't break any existing behaviors, you'll need to enable the 'Use Ctrl+Shift+C/V as Copy/Paste' option in the Console 'Options' properties page,' says Rich Turner, Microsoft.

Microsoft

Microsoft Engineer Charged In Reveton Ransomware Case (bleepingcomputer.com) 24

An anonymous reader writes: A Microsoft network engineer is facing federal charges in Florida for allegedly helping launder money obtained from victims of the Reventon ransomware. Florida investigators say that between October 2012 and March 2013, Uadiale worked with a UK citizen going online by the moniker K!NG. The latter would distribute and infect victims with the Reveton ransomware, while Uadiale would collect payments and send the money to K!NG, in the UK. Investigators tracked down Uadiale because this happened before Bitcoin became popular with ransomware authors and they used the now-defunct Liberty Reserve digital currency to move funds. Authorities from 18 countries seized and shut down Liberty Reserve servers in May 2013.
Red Hat Software

Red Hat Enterprise Linux Version 7.5 Released (redhat.com) 64

On Tuesday Red Hat announced the general availability of Red Hat Enterprise Linux version 7.5. An anonymous reader writes: Serving as a consistent foundation for hybrid cloud environments, Red Hat Enterprise Linux 7.5 provides enhanced security and compliance controls, tools to reduce storage costs, and improved usability, as well as further integration with Microsoft Windows infrastructure both on-premise and in Microsoft Azure.

New features include a large combination of Ansible Automation with OpenSCAP, and LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE. The Gnome shell has been re-based to version 3.26, the Kernel version is 3.10.0-862, and the kernel-alt packages include kernel version 4.14 with support for 64-bit ARM, IBM POWER9 (little endian), and IBM z Systems, while KVM virtualization is now supported on IBM POWER8/POWER9 systems.

See the detailed release notes here.
Windows

Microsoft Discovers Blocking Bug and Delays the Release of Windows 10 Spring Creators Update (betanews.com) 83

The next big update for Windows 10 has been delayed while Microsoft rushes to fix a newly-discovered bug. From a report: Known variously as Windows 10 version 1803, Cumulative Update for Windows 10 Version Next, Redstone 4 and Windows 10 Spring Creators Update, it was widely thought that the update had reached RTM and was on the verge of rolling out. However, this last-minute discovery means there will be a little longer to wait.
Security

You Think Discovering a Computer Virus Is Hard? Try Naming One (wsj.com) 49

Like astronomers who discover new stars, security experts who first identify computer bugs, viruses, worms, ransomware and other coding catastrophes often get to name their finds. Such discoveries now number in the thousands each year, so crafting a standout moniker can be a serious challenge. From a report: Two years ago, German security firm SerNet GmbH figured a punchy name for their bug discovery would give the company a publicity jolt. They called it Badlock, designed a fractured-lock logo and set up a website. The marketing push backfired when some security experts decided Badlock wasn't that bad. Cynical hackers called it Sadlock. "We would not do this again," says SerNet Chief Executive Johannes Loxen of the branding blitz, which he says was overkill because a relatively small number of people were affected by Badlock. Hackers are no fans of marketing. They brand things in their own way. Puns and historic references are the name of the game. "They see it as a kind of grass-roots initiative," says Gabriella Coleman, an anthropologist who teaches courses on hacker culture at McGill University in Montreal.

Some venerable names that have stood the test of time: The Love Bug, for the worm that attacked millions of Windows personal computers in 2000, and Y2K, a turn-of-the-century programming scare that didn't live up to its hype. Many names tend more toward geekspeak. The title of hacker magazine 2600 is a tip of the hat to 2600 hertz, the frequency old-school hackers reproduced to trick AT&T phone lines into giving them free calls. Computer worm Conficker is an amalgam of "configure" and a German expletive. Code Red is named after the Mountain Dew drink researchers guzzled while investigating the worm.

AMD

AMD Releases Spectre v2 Microcode Updates for CPUs Going Back To 2011 (bleepingcomputer.com) 54

Catalin Cimpanu, writing for BleepingComputer: AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates. Updates are available for products released as far as 2011, for the first processors of the Bulldozer line. Microsoft has released KB4093112, an update that also includes special OS-level patches for AMD users in regards to the Spectre v2 vulnerability. Similar OS-level updates have been released for Linux users earlier this year. Yesterday's microcode patches announcement is AMD keeping a promise it made to users in January, after the discovery of the Meltdown and Spectre (v1 and v2) vulnerabilities.
Microsoft

Microsoft Removes Antivirus Registry Key Check for All Windows Versions (bleepingcomputer.com) 49

Microsoft has decided to remove a mandatory "registry key requirement" it introduced in the aftermath of the Meltdown and Spectre vulnerability disclosure. BleepingComputer: Microsoft used this registry key to prevent Windows updates from being installed on computers running antivirus software incompatible with the Meltdown and Spectre patches. Antivirus vendors were supposed to create this registry key on users' computers to signal that they've updated their product and will not interfere with Microsoft's patches. This was a big issue because incompatible antivirus products would crash and BSOD Windows systems. [...] The OS maker removed the registry key check for Windows 10 computers last month, in March, and has announced yesterday that the key is no longer necessary for other Windows operating system versions -- 7, 8, 8.1, Server 2008, and Windows Server 2012.
Businesses

FTC Warns Manufacturers That 'Warranty Void If Removed' Stickers Break the Law (vice.com) 142

schwit1 writes: The Federal Trade Commission put six companies on notice today, telling them in a warning letter that their warranty practices violate federal law. If you buy a car with a warranty, take it a repair shop to fix it, then have to return the car to the manufacturer, the car company isn't legally allowed to deny the return because you took your car to another shop. The same is true of any consumer device that costs more than $15, though many manufacturers want you to think otherwise.

Companies such as Sony and Microsoft pepper the edges of their game consoles with warning labels telling customers that breaking the seal voids the warranty. That's illegal. Thanks to the 1975 Magnuson-Moss Warranty Act, no manufacturer is allowed to put repair restrictions on a device it offers a warranty on. Dozens of companies do it anyway, and the FTC has put them on notice. Apple, meanwhile, routinely tells customers not to use third party repair companies, and aftermarket parts regularly break iPhones due to software updates.

Chrome

Biometric and App Logins Will Soon Be Pushed Across the Web (vice.com) 161

Soon, it will be much easier to log into more websites using a hardware key plugged into your laptop, a dedicated app, or even the fingerprint scanner on your phone. Motherboard: On Tuesday, a spread of organizations and businesses, including top browser vendors such as Microsoft and Google, announced a new standards milestone that will streamline the process for web developers to add extra login methods to their sites, potentially keeping consumers' accounts and data more secure. "For users, this will be a natural transition. People everywhere are already using their fingers and faces to 'unlock' their mobile phones and PCs, so this will be natural to them -- and more convenient," Brett McDowell, executive director at the FIDO Alliance, one of the organizations involved in setting up the standard, told Motherboard in an email.

"What they use today to 'unlock' will soon allow them to 'login' to all their favorite websites and a growing number of native apps that already includes Bank of America, PayPal, eBay and Aetna," he added. Passwords continue to be one of the weaker points in online security. A hacker may phish a target's password and log into their account, or take passwords from one data breach and use them to break into accounts on another site. The login standard, called Web Authentication (WebAuthn), will let potentially any website or online service use apps, security keys, or biometrics as a login method instead of a password, or use those alternative approaches as a second method of verification. The key here is making it easy and open for developers to use, and for it to work across all different brands of browsers. The functionality is already available in Mozilla's Firefox, and will be rolled out to Microsoft's Edge and Google Chrome in the new few months. Opera has committed to supporting WebAuthn as well.

Open Source

Microsoft Open-Sources Original File Manager From the 1990s So It Can Run On Windows 10 (theverge.com) 173

An anonymous reader quotes a report from The Verge: Microsoft is releasing the source code for its original Windows File Manager from nearly 28 years ago. Originally released for Windows 3.0, the File Manager was a replacement for managing files through MS-DOS, and allowed Windows users to copy, move, delete, and search for files. While it's a relic from the past, you can still compile the source code Microsoft has released and run the app on Windows 10 today. The source code is available on GitHub, and is maintained by Microsoft veteran Craig Wittenberg under the MIT license. Wittenberg copied the File Manager code from Windows NT 4 back in 2007, and has been maintaining it before open sourcing it recently. It's a testament to the backward compatibility of Windows itself, especially that this was originally included in Windows more than 20 years ago.
Businesses

Amazon Spent Close To $23B on R&D in 2017, Outpacing Fellow Tech Giants (geekwire.com) 62

Amazon powered its prolific 2017, which saw the release of a cavalcade of new products and services, with $22.6 billion in spending on research and development, tops among U.S. companies. From a report: According to data from FactSet, Google parent Alphabet came in second in R&D spending in 2017 at $16.6 billion, followed by Intel at $13.1 billion, Microsoft at $12.3 billion and Apple at $11.6 billion. Facebook jumped into the top 10, spending $7.8 billion in 2017. One of Amazon's biggest R&D efforts in recent years has been the cashier-less grocery store concept Amazon Go. The company spent 2017 getting the technology, first announced in December 2016, ready for prime time before opening the first location in January. Amazon has invested heavily in its market-leading cloud computing arm, Amazon Web Services. AWS juiced Amazon.
Windows

Is Microsoft Trying To Make Windows 10 Mail Worse? (venturebeat.com) 232

Emil Protalinski via VentureBeat argues that "Windows Mail is unusable, and instead of improving it, Microsoft is looking to drive users away": Microsoft started forcing Mail to use Edge for email links in Windows 10 build 17623 last month. This week, the company started including Office 365 ads right at the bottom of the app. But even these poor decisions are just extra nails in the coffin. Windows Mail has difficulty sending and receiving email. No, I'm not exaggerating for effect. If you have an email open and Windows Mail detects that a new email has hit your inbox, you'll get a notification. Standard stuff. If, however, you then click on said notification, Windows Mail will take you to the open email message, rather than the one that you just clicked on. That's half of the time. The other half of the time this happens, Windows Mail will crash altogether. Apparently having one email open and trying to open another one that just came in is overwhelming for Windows Mail. But that's not the end of it.

Windows Mail is also notorious for not sending emails. Multiple times a week, I open an email, hit reply, type out a quick message, hit send, and alt-tab back to Chrome or Word. Any normal email client will send the message despite the app not being the active window. With Windows Mail, countless times I have wondered why I never got heard back to a specific reply, only to discover hours later, and completely by accident, that the message is still a draft. It's not even sitting in my outbox -- it's just a fucking draft. I end up debating whether to send the email hours late, or if it doesn't make sense to send it anymore. That's not a decision I should have to make. There are of course small features I would like to see added to Windows Mail, like being able to set formatted signatures (as opposed to just plain text), but that's hardly a priority. Windows Mail is unusable, which means Windows 10 doesn't come with an email client. That's incredibly sad.

Slashdot Top Deals