Firefox

Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com) 247

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."
Microsoft

Microsoft's 'Replacement' Surface Pro Charger Cable Is an Off-Brand, and Short (theinquirer.net) 74

Carly Page writes with a story from The Inquirer, where: As part of its Surface Pro charger recall, Microsoft has chosen to replace the sleek, shapely matt[e] plastic original with a cable approximately half the length and ordered from an off-brand manufacturer, in our case China's I-Sheng Electric Wire and Cable Company. Writer Peter Gothard points out a plausible reason for the length, though: "The extraordinarily short length of the cord is presumably to discourage behaviour that resulted in the "tightly wrapped" or "repeatedly bent" cables catching fire in at least 56 separate incidents."
Security

ZDNet Writer Downplays Windows 10's Phoning-Home Habits 258

jones_supa writes: Gordon F. Kelly of Forbes whipped up a frenzy over Windows 10 when a Voat user found out in a little experiment that the operating system phones home thousands of times a day. ZDNet's Ed Bott has written a follow-up where he points out how the experiment should not be taken too dramatically. 602 connection attempts were to 192.168.1.255 using UDP port 137, which means local NetBIOS broadcasts. Another 630 were DNS requests. Next up was 1,619 dropped connection attempts to address 94.245.121.253, which is a Microsoft Teredo server. The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps. He summarizes by saying that a lot of connections are not at all about telemetry. However, what kind of telemetry and data-mined information Windows specifically sends still remains largely a mystery; hopefully curious people will do analysis on the operating system and network traffic sent by it.
Government

Putin's Internet Czar Wants To Ban Windows On Government PCs 306

SmartAboutThings writes: The Russian government is allegedly looking to ban Microsoft's Windows operating system, increase taxes on foreign technology companies, develop its homegrown OS and encourage local tech companies to grow. All these proposals comes from German Klimenko, Vladimir Putin's new 'internet czar, as Bloomberg describes him. In a 90-minute interview, Klimenko said forcing Google and Apple to pay more taxes and banning Microsoft Windows from government computers are necessary measures, as he is trying to raise taxes on U.S. companies, thus helping local Russian competitors such as Yandex and Mail.ru.
Windows

Microsoft Launches Windows 10 Update History Site To Share Update Release Notes (betanews.com) 56

Mark Wilson writes: Keeping up to date with the latest updates for Windows 10 can be something of a full time job, particularly if you're signed up to get Insider builds. To make it easier to keep track of what changes each update brings, Microsoft has launched the Windows 10 update history site.The site is in response to feedback from Windows 10 users who have been looking for an accessible way of learning about updates. The site provides details of exactly what the updates delivered through Windows Update. It is something of a work in progress at the moment, but one of the recent updates featured fixes a bug that meant browsing sessions in Microsoft Edge's InPrivate mode were not necessarily completely private.
Security

Researcher Finds Tens of Software Products Vulnerable To Simple Bug (softpedia.com) 152

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.
Advertising

Adblock Plus Maker Seeks Deal With Ad Industry Players (yahoo.com) 356

An anonymous reader writes with Yahoo's report that the makers of Adblock Plus are "looking to reach out to advertisers and identify an 'acceptable' level and form of advertising on the net." That involves convincing advertisers to conform to the company's own guidelines for advertising, or an alternative path much disliked by some of the software's users — to pay the company to ignore ads that don't meet those guidelines. From the article: Big websites can pay a fee not to be blocked. And it is these proceeds that finance the Cologne-based company and its 49-strong workforce. While Google and Amazon have paid up, others refuse. Axel Springer, which publishers Germany's best-selling daily Bild, accuses [Adblock Plus maker] Eyeo of racketeering. "We believe Eyeo's business model is against the law," a spokesman for Springer told AFP. "Clearly, Eyeo's primary aim is to get its hands on a share of the advertising revenues." Ultimately, such practices posed a threat to the professional journalism on the web, he suggested, an argument Eyeo rejects.
AI

Microsoft's Cortana Doesn't Put Up With Sexual Harassment (hothardware.com) 513

MojoKid writes: Not long after Apple unveiled its Siri personal assistant to the world, it took very little time before people began asking her outrageous questions, sometimes inappropriate or just humorous, if for no other reason than they just could. When creating Cortana, Microsoft was well-aware of what its digital assistant was going to have to deal with, so, believe it or not, it was designed in such a way to handle abuse in a specific manner. According to Microsoft's Deborah Harrison, who is one of eight writers for Cortana, a chunk of the earliest queries were about Cortana's sex life. A specific goal was to make sure Cortana wasn't treated as a subservient. If she's insulted, she doesn't apologize or back down. She handles it with tact, so as to reduce the chance of further abuse.
Windows

Windows 10 Gets Core Console Host Enhancements (nivot.org) 246

x0n writes: As of Windows 10 TH2 (10.0.1058), the core console subsystem has support for a large number of ANSI and VT100 escape sequences. This is likely to prepare for full Open SSH server/client integration, which is already underway over on github. It looks like xterm is finally coming to Windows. OpenSSH was previously announced (last year) by the very forward-looking PowerShell team. The linked article provides some context, and explains that the console host isn't the same as either cmd.exe or powershell.exe, but there is a lot of overlap in functionality.
Microsoft

Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers (voat.co) 576

An esteemed reader writes: Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently.
Education

K-12 CS Framework Draft: Kids Taught To 'Protect Original Ideas' In Early Grades 132

theodp writes: Remember that Code.org and ACM-bankrolled K-12 Computer Science Education Framework that Microsoft, Google, Apple, and others were working on? Well, a draft of the framework was made available for review on Feb. 3rd, coincidentally just 3 business days after U.S. President Barack Obama and Microsoft President Brad Smith teamed up to announce the $4+ billion Computer Science for All initiative for the nation's K-12 students. "Computationally literate citizens have the responsibility to learn about, recognize, and address the personal, ethical, social, economic, and cultural contexts in which they operate," explains the section on Fostering an Inclusive Computing Culture, one of seven listed 'Core K-12 CS Practices'. "Participating in an inclusive computing culture encompasses the following: building and collaborating with diverse computational teams, involving diverse users in the design process, considering the implication of design choices on the widest set of end users, accounting for the safety and security of diverse end users, and fostering inclusive identities of computer scientists." Hey, do as they say, not as they do! Also included in the 10-page draft (pdf) is a section on Law and Ethics, which begins: "In early grades, students differentiate between responsible and irresponsible computing behaviors. Students learn that responsible behaviors can help individuals while irresponsible behaviors can hurt individuals. They examine legal and ethical considerations for obtaining and sharing information and apply those behaviors to protect original ideas."
Patents

Patent Troll VirnetX Awarded $626M In Damages From Apple (arstechnica.com) 134

Tackhead writes: Having won a $200M judgement against Microsoft in 2010, lost a $258M appeal against Cisco in 2013, and having beaten Apple for $368M in 2012, only to see the verdict overturned in 2014, patent troll VirnetX is back in the news, having been awarded $626M in damages arising from the 2012 Facetime patent infringement case against Apple.
Microsoft

Microsoft To Acquire SwiftKey Predictive Keyboard Technology Company For $250M (hothardware.com) 118

MojoKid writes: SwiftKey has been one of the more popular predictive keyboard offerings in the mobile space since it was first released in beta form on the Android market back in 2010. What made SwiftKey so appealing was its intelligent predictive texting technology. SwiftKey isn't a simple keyboard replacement. Rather, the software uses a combination of artificial intelligence technologies that give it the ability to learn usage patterns and predict the next word the user most likely intends to type. SwiftKey refines its predictions, learning over time by analyzing data from SMS, Facebook, and Twitter messages, then offering predictions based on the text being entered at the time. It is estimated that SwiftKey is installed on upwards of 500 million mobile devices. According to reports, Microsoft is apparently buying the UK-based company for a cool $250 Million. What Microsoft intends to do with SwiftKey is not clear just yet, but the company has been purchasing mobile apps at a good clip as of late.
Windows

Windows 10 Passes Windows XP In Market Share 315

An anonymous reader writes: Six months after its release, Windows 10 has finally passed 10 percent market share. Not only that, but the latest and greatest version from Microsoft has also overtaken Windows 8.1 and Windows XP, according to the latest figures from Net Applications. Windows 10 had 9.96 percent market share in December, and gained 1.89 percentage points to hit 11.85 percent in January. Maybe it will jump even faster soon, but not necessarily for the best of reasons.
Windows

Windows 10 Now a 'Recommended Update' For Windows 7 and 8.1 Users (betanews.com) 581

Mark Wilson writes: Microsoft has been accused of pushing Windows 10 rather aggressively, and the company's latest move is going to do nothing to silence these accusations. For Windows 7 and Windows 8.1 users, Windows 10 just became a 'recommended update' in Windows Update.

This is a change from the previous categorization of the upgrade as an 'optional update' and it means that there is renewed potential for unwanted installations. After the launch of Windows 10, there were numerous reports of not only the automatic download of OS installation files, but also unrequested upgrades. The changed status of the update means that, on some machines, the installation of Windows 10 could start automatically.

Communications

After More Than a Decade, MSN Chat Authentication Is Documented (goo.gl) 27

An anonymous reader writes: After MSN Chat closed in 2003, and then again in 2006, some guy has finally documented the authentication system used — over a decade later! Developer Joshua Davison writes by way of explanation: I think it's important to document the challenge we (users, scripters, hackers) faced connecting to MSN Chat, which is the only known 'proper' implementation of IRCX v8.1 at this time. MSN Chat introduced a GateKeeper SASL authentication protocol, which implemented 'GateKeeper' and 'GateKeeperPassport' (not dissimilar to the widely documented NTLM authentication protocol, which was also implemented as NTLM, and NTMLPassport) The GateKeeper Security Support Provider (GKSSP) functioned in two ways; allowing a user to login with a Microsoft Account (Previously known as Microsoft Passport, .NET Passport, Microsoft Passport Network, and Windows Live ID), and also allowed guest authentication for users without, or not willing to use a Microsoft Account. While most users didn't need or want to understand how the protocol worked, there were many of us who did, and many that just preferred to use MSN Chat outside of the browser.
Privacy

Ask Slashdot: How Do I Reduce Information Leakage From My Personal Devices? 261

Mattcelt writes: I find that using an ad-blocking hosts file has been one of the most effective way to secure my devices against malware for the past few years. But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own. And finding out today that Microsoft is, once again, bollocks at privacy (no surprise there) made me think I need to add a new strategic purpose to my hosts solution — specifically, preventing my devices from 'phoning home'. Knowing that my very Operating Systems are working against me in this regard incenses me, and I want more control over who collects my data and how. Does anyone here know of a place that maintains a list of the servers to block if I don't want Google/Apple/Microsoft to receive information about my usage and habits? It likely needs to be documented so certain services can be enabled or disabled on an as-needed basis, but as a starting point, I'll gladly take a raw list for now.

Slashdot Top Deals