Microsoft

Microsoft and Canonical Make Custom Linux Kernel (neowin.net) 106

Billly Gates writes: Microsoft and Canonical's relationship is getting closer besides Ubuntu for Windows. Azure will soon be offering more customized Ubuntu containers with a MS optimized kernel. Uname -r will show 4.11.0-1011-azure for Ubuntu cloud based 16.04 LTS. If you want the non MS kernel you can still use it on Azure by typing:
$ sudo apt install linux-virtual linux-cloud-tools-virtual
$ sudo apt purge linux*azure
$ sudo reboot
The article mentions several benefits over the generic Linux kernel for Azure

Microsoft

Ford Is Using Microsoft's HoloLens To Design Cars In Augmented Reality (theverge.com) 31

Ford is using Microsoft's HoloLens headset to let designers quickly model out changes to cars, trucks, and SUVs in augmented reality. This allows designers to see the changes on top of an existing physical vehicle, instead of the traditional clay model approach to car design. The Verge reports: Ford is still using clay models, but the HoloLens can be used to augment additional 3D models without having to build every single design prototype with clay. It's one of the more interesting ways we've seen businesses use Microsoft's HoloLens, and it's something customers will never see. Microsoft is planning to hold a Windows Mixed Reality launch event on October 3rd in San Francisco. We're not expecting to hear about a HoloLens successor, but we should get a better idea of what apps and games we'll see coming for Microsoft's Windows Mixed Reality headsets.
Firefox

Firefox For iOS Gets Tracking Protection, Firefox Focus For Android Gets Tabs 28

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.
Security

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com) 147

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.
GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 98

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Privacy

Popular Steam Extension 'Inventory Helper' Spies On Users, Says Report (windowsreport.com) 66

SmartAboutThings shares a report from Windows Report: If you installed the "Steam Inventory Helper" on your computer, you may want to uninstall it as soon as possible. Recent reports suggest that this extension used to buy and sell digital goods on Steam is spying on its users. Redditor Wartab made a thorough analysis of the tool and reached the following conclusions: The spyware code tracks your every move starting from the moment you visit a website until you leave. It also tracks where you are coming from on the site; Steam Inventory Helper tracks your clicks, including when you are moving your mouse and when you are having focus in an input; When you click a link, it sends the link URL to a background script; Fortunately, the code does not monitor what you type. Apparently, the purpose of this spyware is to collect data about gamers for promotional purposes.
Security

Avast's CCleaner Free Windows Application Infected With Malware (bleepingcomputer.com) 156

Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.
Windows

'Bashware' Attacks Exploit Windows 10's Subsystem for Linux (betanews.com) 79

Mark Wilson quote BetaNews: While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software.

While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."

Microsoft

Will Linux Innovation Be Driven By Microsoft? (infoworld.com) 335

Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud. An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT. Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs? That's a really big deal...

Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors. As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems." In sum, the Linux Foundation's Jim Zemlin declares, "It is accurate to say they are a core contributor," with the likelihood that Hemminger's and others' contributions will move Microsoft out of the kernel contribution basement into the upper echelons.

The article concludes that "Pigs, in other words, do fly. Microsoft, while maintaining its commitment to Windows, has made the necessary steps to not merely run on Linux but to help shape the future of Linux."
Windows

HP Users Complain About 10-Minute Login Lag During 'Win 10 Update' (theregister.co.uk) 105

A number of HP device owners are complaining of seeing black screens for around five to 10 minutes after entering their Windows login information. From a report: They appear to be pointing the finger of blame at Windows 10 updates released September 12 for x64-based systems. One, a quality update called KB4038788, offered a whopping 27 bullet points for general quality improvements and patches, such as an "issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working." Another, KB4038806, was a "critical" patch for Adobe Flash Player that allowed remote code execution.
Microsoft

Windows 10 Will Soon Give Users More Control Over App Permissions (engadget.com) 76

An anonymous reader shares a report: The software giant has revealed that you'll get much more control over what apps are allowed to do with your device. Where you previously only had control over location sharing, the Fall Creators Update will ask you to grant permission before accessing all kinds of potentially sensitive hardware and software features. It'll ask to use your camera and microphone if you have a video recording app, for instance, or check before offering access to your calendar and contacts. You'll only get these prompts for apps installed after you move to the Fall Creators Update; you'll have to dive into your privacy settings to review permissions for apps you already have. Even so, it's an important boost to Windows' privacy security levels. Much as on phones, where fine-grained permissions are already fairly commonplace, you might not have to worry as much about malicious apps spamming your contacts or hijacking the camera.
Earth

Why Bats Crash Into Windows (nature.com) 117

According to a new report published in the journal Science, Bats slam into vertical structures such as steel and glass buildings because they appear invisible to bats' echolocation system. Nature reports: Bats rely on echolocation to navigate in the dark. They locate and identify objects by sending out shrill calls and listening to the echoes that bounce back. Greif and his colleagues tested the echolocation of 21 wild-caught greater mouse-eared bats (Myotis myotis) in the lab. The researchers placed a featureless metal plate on a side wall at the end of a flight tunnel. The bats interpreted the smooth surface -- but not the adjacent, felt-covered walls -- as a clear flight path. Over an an average of around 20 trials for each bat, 19 of them crashed into the panel at least once. The researchers also put up smooth, vertical plates near wild bat colonies, and saw similar results. The animals became confused owing to a property of smooth surfaces called "acoustic mirroring." Whereas rough objects bounce some echoes back towards the bat, says Greif, a smooth surface reflects all echolocation calls away from the source. This makes a smooth wall appear as empty space to the bats, until they are directly in front of it. Only once a bat is facing the surface are their perpendicular echoes reflected back, which alerts the bat to its mistake. This explains why some bats attempted to swerve out of harm's way at the last second -- but often too late.
Government

ShadowBrokers Releases NSA UNITEDRAKE Manual That Targets Windows Machines (schneier.com) 99

AmiMoJo shares a report from Schneier on Security: The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: "Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. UNITEDRAKE, described as a 'fully extensible remote collection system designed for Windows targets,' also gives operators the opportunity to take complete control of a device. The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed."
Cellphones

Ask Slashdot: What Can You Do With An Old Windows Phone? 169

Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for?
The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections.

Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there."

Leave your own best suggestions in the comments. What can you do with an old Windows Phone?
Bug

Bug In Windows Kernel Could Prevent Security Software From Identifying Malware (bleepingcomputer.com) 75

An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.
AI

Hackers Can Take Control of Siri and Alexa By Whispering To Them in Frequencies Humans Can't Hear (fastcodesign.com) 116

Chinese researchers have discovered a vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. It affects every iPhone and Macbook running Siri, any Galaxy phone, any PC running Windows 10, and even Amazon's Alexa assistant. From a report: Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear. The researchers didn't just activate basic commands like "Hey Siri" or "Okay Google," though. They could also tell an iPhone to "call 1234567890" or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to "open the backdoor." Even an Audi Q3 could have its navigation system redirected to a new location. "Inaudible voice commands question the common design assumption that adversaries may at most try to manipulate a [voice assistant] vocally and can be detected by an alert user," the research team writes in a paper just accepted to the ACM Conference on Computer and Communications Security.
Android

Android Oreo's Rollback Protection Will Block OS Downgrades (androidpolice.com) 119

jbernardo writes: Google is using the boiling frog method to exclude power users and custom ROMs from android. A new feature in Android 8.0 Oreo, called "Rollback Protection" and included in the "Verified Boot" changes, will prevent a device from booting should it be rolled back to an earlier firmware. The detailed information is here. As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage," any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias. It is explained in the recommended boot workflow and notes below, together with some other "smart" ideas.

Now, this might seem like a good idea at first, but let's just just imagine this on a PC. It would mean no easy rollback from windows 10 to 7 after a forced installation, and doing that or installing linux would mean a unreasonably complex bootloader unlocking, with all your data wiped. Add safetynet to the mix, and you would also be blocked from watching Netflix or accessing your banking sites if you dared to install linux or rollback windows. To add insult to injury, unlocked devices will stop booting for at least 10 seconds to show some paternalist message on how unlocking is bad for your health: "If the device has a screen and buttons (for example if it's a phone) the warning is to be shown for at least 10 seconds before the boot process continues." Now, and knowing that most if not all android bootloaders have vulnerabilities/backdoors, how can this be defended, even with the "security/think of the children" approach? This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.

Chrome

Chrome 61 Arrives With JavaScript Modules, WebUSB Support (venturebeat.com) 115

The latest version of Google Chrome has launched, bringing a host of new developer features like JavaScript modules and WebUSB support. An anonymous Slashdot reader shares a report from VentureBeat: Google has launched Chrome 61 for Windows, Mac, and Linux. Additions in this release include JavaScript modules and WebUSB support, among other developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Google also released Chrome 61 for Android today. In addition to performance and stability fixes, you can expect two new features: Translate pages with a more compact toolbar and pick images with an improved image picker.

Chrome now supports JavaScript modules natively via the new element, letting developers declare a script's dependencies. Modules are already popular in third-party build tools, which use them to bundle only the required scripts. Native support means the browser can fetch granular dependencies in parallel, taking advantage of caching, avoiding duplications across the page, and ensuring the script executes in the correct order, all without a build step. Google recommends these two blog posts for more information: ECMAScript modules in browsers and ES6 Modules in Depth. Speaking of JavaScript, Chrome 61 also upgrades the browser's V8 JavaScript engine to version 6.1. Developers can expect performance improvements and a binary size reduction. The WebUSB API meanwhile allows web apps to access user-permitted USB devices. This enables all the functionality provided by hardware peripherals such as keyboards, mice, printers, and gamepads, while still preserving the security guarantees of the web.

Microsoft

Microsoft Extends Free Windows 10 S-To-Pro Upgrade Deadline (betanews.com) 93

BrianFagioli shares a report from BetaNews: Windows 10 S is a really great idea in theory. By limiting the operating system to applications from the Windows Store, it could make users safer. After all, it should limit the potential of malware since users can't download and install questionable things from the web. Of course, this will only be successful if there is a good library of apps, and I am sorry to say, the Windows Store is a failure in that regard. The biggest selling point for Windows is legacy program compatibility. Once you take that away, there isn't much left. Thankfully, the company is giving complimentary upgrades from Windows 10 S to Windows 10 Pro until the end of 2017. This will allow a person or organization to easily recover from mistakenly buying into Windows 10 S if it doesn't meet their needs. Today, however, as a sign of weakness, Microsoft extends this deadline. Buried at the end of a blog post about Surface Laptop colors, Microsoft drops the following bombshell: "For those that find they need an application that isn't yet available in the Store and must be installed from another source, we're extending the ability to switch from Windows 10 S to Windows 10 Pro for free until March 31, 2018. We hope this provides increased flexibility for those people searching for the perfect back-to-school or holiday gift." Why do I say this is a sign of weakness? Well, if the Windows 10 S experiment was going well, Microsoft would have no need to extend the deadline. In other words, if users were truly buying into and enjoying the "S" experience, we wouldn't see such an announcement. The fact that the company seemingly tried to hide this news is quite telling too. Ultimately, it signals a lack of confidence in Windows 10 S.
Businesses

It's Official: Users Navigate Flat UI Designs 22 Percent Slower (theregister.co.uk) 408

Reader Zorro writes: The mania for "flat" user interfaces is costing publishers and e-commerce sites billions in lost revenue. A "flat" design removes the distinction between navigation controls and content. Historically, navigation controls such as buttons were shaded, or given 3D relief, to distinguish them from the application or web page's content. The mania is credited to Microsoft with its minimalistic Zune player, an iPod clone, which was developed into the Windows Phone Series UX, which in turn became the design for Windows from Windows 8 in 2012 onwards. But Steve Jobs is also to blame. The typography-besotted Apple founder was fascinated by WP's "magazine-style" Metro design, and it was posthumously incorporated into iOS7 in 2013. Once blessed by Apple, flat designs spread to electronic programme guides on telly, games consoles and even car interfaces. The consequence is that users find navigation harder, and so spend more time on a page. Now research by the Nielsen Norman Group has measured by how much. The company wired up 71 users, and gave them nine sites to use, tracking their eye movement and recording the time spent on content. On average participants spent 22 per cent more time (i.e. slower task performance) looking at the pages with weak signifiers," the firm notes. Why would that be? Users were looking for clues how to navigate. "The average number of fixations was significantly higher on the weak-signifier versions than the strong-signifier versions. On average, people had 25 per cent more fixations on the pages with weak signifiers."

Slashdot Top Deals