×
Desktops (Apple)

macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives (bleepingcomputer.com) 106

Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to macOS security experts Wojciech Regula and Patrick Wardle. From a report: The problem is that these cached thumbnails are stored on non-encrypted hard drives, in a known location and can be easily retrieved by malware or forensics tools, revealing some of the content stored on encrypted containers. On macOS, these thumbnails are created by Finder and QuickLook. Finder is the default macOS file explorer app, similar to Windows Explorer. Whenever a user navigates to a new folder, Finder automatically loads icons for the files located in those folders. For images, these icons are gradually replaced by thumbnails that show a preview of the image at a small scale.
Microsoft

Microsoft Program Manager Mistakenly Tweets Office 365 Will Be Rewritten in JavaScript (thurrott.com) 95

"A Microsoft employee claimed publicly that 'all of Office 365' was being 'completely rewritten' in JavaScript," writes Paul Thurrott, adding "And then all hell broke loose." First things first. It's not true. So if you were freaking out that Microsoft was somehow abandoning C# and C++ for its most mission-critical offerings, freak out no more. It's not happening. So what is happening? A Microsoft program manager named Sean Larkin perhaps got a little overly-exuberant on Monday... he tried to clarify things in follow-up tweets when his original missive exploded intro controversy. Which shouldn't have been a surprise. And yet, somehow, it was...

[H]e finally corrected himself on Reddit, blaming Twitter's character limitations for his many factual errors. "We are not abandoning C++, C#, or any of the other awesome languages, APIs, and toolings that we use across Microsoft," he clarifies. "Nothing [in Office 365] is converting to 'all/completely' JavaScript/TypeScript."

Thurrott, a long-time Windows blogger, concludes that "getting something this big this wrong is inexcusable."
Microsoft

Windows 10 is Adding SwiftKey, Laying the Groundwork For Dual-Screen Tablets (cnet.com) 41

Sean Hollister, writing for CNET: Microsoft-owned SwiftKey was one of the first virtual keyboards to offer intelligent, predictive swipe-typing on Android and iOS phones, and now Microsoft has announced that it will become the default keyboard for touchscreen-equipped Windows 10 computers as well. "SwiftKey will now power the typing experience on Windows when using the touch keyboard to write in English (United States), English (United Kingdom), French (France), German (Germany), Italian (Italy), Spanish (Spain), Portuguese (Brazil), or Russian," reads a portion of Microsoft's blog post. Which could be pretty handy if the rumors are true: Microsoft is reportedly planning to ship several new Surface tablets this year, including a new low-cost Surface slate and the dual-screen "Andromeda." Dual screens were a theme among laptop manufacturers at Computex last week, too.
Windows

Laptops With 128GB of RAM Are Here (theverge.com) 362

An anonymous reader quotes a report from The Verge: Brace yourself for laptops with 128GB of RAM because they're coming. Today, Lenovo announced its ThinkPad P52, which, along with that massive amount of memory, also features up to 6TB of storage, up to a 4K, 15.6-inch display, an eighth-gen Intel hexacore processor, and an Nvidia Quadro P3200 graphics card. The ThinkPad also includes two Thunderbolt three ports, HDMI 2.0, a mini DisplayPort, three USB Type-A ports, a headphone jack, and an Ethernet port. The company hasn't announced pricing yet, but it's likely going to try to compete with Dell's new 128GB-compatible workstation laptops. The Dell workstation laptops in question are the Precision 7730 and 7530, which are billed as "ready for VR" mobile workstations. According to TechRadar, "These again run with either 8th-gen Intel CPUs or Xeon processors, AMD Radeon WX or Nvidia Quadro graphics, and the potential to specify a whopping 128GB of 3200MHz system memory."
Windows

Hundreds of Thousands of Windows XP and Vista Users Won't Be Able To Use Steam Soon (vice.com) 484

Windows XP and Vista users have six months to upgrade their operating systems or get the hell off of Steam. From a report: "Steam will officially stop supporting the Windows XP and Windows Vista operating systems," Valve, the company that operates Steam, said in a post to its XP and Vista support community. "This means that after that date the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will need to update to a more recent version of Windows."
Microsoft

Microsoft To Give Office 365, Office.com Apps a Makeover (zdnet.com) 88

On the heels of recent redesigns by Google and Apple, Microsoft is giving its Office apps a facelift over the coming months. From a report: Over the coming months, Microsoft will begin rolling out changes to the interface of Outlook, Word, Excel and PowerPoint for Office 365 and Office Online (Office.com) users. Key to the Office app redesign are an updated Ribbon, icon refreshes and new ways to more easily see changes coming to the Office suite. There's a simplified version of the Office Ribbon, which allows users to collapse it so it takes up less space and hides many options, or keep it expanded into the current three-line view. Microsoft is starting to roll out this new Ribbon in the web version of Word to "select consumer users today in Office.com." In July, Microsoft will also make this new Ribbon design available in Outlook for Windows. "We've found that the same ten commands are used 95% of the time by everybody," said Jon Friedman, General Manager of Design Management and Operations. In Outlook such as "Reply," "Reply All" and "Forward" are basically universal. But that other five percent is different for every person, so Microsoft is adding an option to remove commands from the Ribbon, such as Archive, for example, and pin others to it, such as "Reply by IM."
Microsoft

A Vulnerability in Cortana, Now Patched, Allowed Attacker To Access a Locked Computer, Change Its Password (bleepingcomputer.com) 59

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety. The issue was discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee. Cochin privately reported the problems he discovered to Microsoft in April. The vulnerability is CVE-2018-8140, which Microsoft classified as an elevation of privilege, and patched yesterday during the company's monthly Patch Tuesday security updates. Further reading: Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update.
Microsoft

Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update (zdnet.com) 45

Microsoft has published a new draft document clarifying which security bugs will get a rapid fix and which it will let stew for a later release. From a report: The document outlines the criteria the Microsoft Security Response Center uses to decide whether a reported vulnerability gets fixed swiftly, usually in a Patch Tuesday security update, or left for a later version update. Microsoft said in a blogpost the document is intended to offer researchers "better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them." The criteria revolve around two key questions: "Does the vulnerability violate a promise made by a security boundary or a security feature that Microsoft has committed to defending?"; and, "Does the severity of the vulnerability meet the bar for servicing?" If the answer to both questions is 'yes', the bug will be patched in a security update, but if the answer to both is 'no', the vulnerability will be considered for the next version or release of the affected product or feature.
Microsoft

Microsoft To Stop Offering Support For Windows 7, Windows 8.1, Old Surface Devices in Forums (betanews.com) 156

An anonymous reader shares a report: Microsoft has announced that starting next month it will no longer be participating in the technical support forums for Windows 7, 8.1, 8.1 RT and numerous other products. On the software front, the company says that it will also no longer provide support for Microsoft Security Essentials, Internet Explorer 10, Office 2010 and 2013 as of July. It is not just software that is affected. Microsoft is also stopping support for Surface Pro, Surface Pro 2, Surface RT, Surface 2, Microsoft Band and Zune. Some forums will be locked, preventing users from helping each other as well.
Microsoft

How Microsoft's Windows Red Team Keeps PCs Safe (wired.com) 83

Wired has a story on Windows' red team, which consists of a group of hackers (one of whom jailbroke Nintendo handhelds in a former life, another has more than one zero-day exploit to his name, and a third signed on just prior to the devastating Shadow Brokers leak), who are tasked with finding holes in the world's most used desktop operating system. From the story: The Windows red team didn't exist four years ago. That's around the time that David Weston, who currently leads the crew as principal security group manager for Windows, made his pitch for Microsoft to rethink how it handled the security of its marquee product. "Most of our hardening of the Windows operating system in previous generations was: Wait for a big attack to happen, or wait for someone to tell us about a new technique, and then spend some time trying to fix that," Weston says. "Obviously that's not ideal when the stakes are very high."

[...] Together, the red teamers spend their days attacking Windows. Every year, they develop a zero-day exploit to test their defensive blue-team counterparts. And when emergencies like Spectre or EternalBlue happen, they're among the first to get the call. Again, red teams aren't novel; companies that can afford them -- and that are aware they could be targeted -- tend to use them. If anything, it may come as a surprise that Microsoft hadn't sicced one on Windows until so recently. Microsoft as a company already had several other red teams in place by the time Weston built one for Windows, though those focused more on operational issues like unpatched machines. "Windows is still the central repository of malware and exploits. Practically, there's so much business done around the world on Windows. The attacker mentality is to get the biggest return on investment in what you develop in terms of code and exploits," says Aaron Lint, who regularly works with red teams in his role as chief scientist at application protection provider Arxan. "Windows is the obvious target."

Desktops (Apple)

Clear Linux Beats MacOS in MacBook Pro Benchmark Tests (phoronix.com) 155

To celebrate its 14th birthday, Phoronix.com used a 15-inch MacBook Pro to run system benchmarking tests on the following operating systems:

- Windows 10 Pro

- The latest macOS 10.13 High Sierra

- Windows 10 Windows Subsystem for Linux (WSL) using Ubuntu 18.04

- Ubuntu 18.04 LTS with the Linux 4.15 kernel, GCC 7.3.0, and an EXT4 file-system.

- Clear Linux 22780 with the Linux 4.16 kernel, GCC 8.1.1, and EXT4.

- Fedora Workstation 28 with updates is the Linux 4.16 kernel, GCC 8.1.1, and EXT4.

- OpenSUSE Tumbleweed with the Linux 4.16 kernel, GCC 7.3.1, and default file-system configuration of Btrfs root file-system with XFS home partition.

The results? When it came to outright wins and losses, Clear Linux 22780 was the front-runner 59% of the time followed by macOS 10.13.4 finishing first 21% of the time and then Fedora Workstation 28 with winning 10% of the time.

For losses, to little surprise considering the I/O overhead, Windows 10 was in last place 38% of the time followed by Ubuntu 18.04 being surprisingly the slowest Linux distribution 30% of the time on this 2016 MacBook Pro.

The article also reminds readers that "For those looking for a Linux laptop, there are plenty of better options..."
Transportation

Tesla Short-Sellers Lose $1 Billion (cnbc.com) 458

An anonymous reader quotes CNBC: A bullish call from a Wall Street analyst capped off a rough week for Tesla short sellers, with Nomura Instinet advising clients that the electric car maker's shares could rally 42 percent over the next year. The stock rose 1.7 percent Friday and is now up 10 percent on the week. One of the most shorted stocks in the United States, Tesla shares cost investors betting against the company more than $1 billion in losses on Wednesday alone after the stock rallied 9.7 percent. Adding to the short woes, the stock is up 13.5 percent in June and up 21 percent since April. More than 30 percent of Tesla's floating stock is currently sold short, according to FactSet.
Last week long-time Open Source advocate Bruce Perens (Slashdot reader #3,872) argued this is fueling Musk's anger at the press: [A] great many investors are desperate to see Tesla's stock reach a much lower price soon, or they'll be forced to buy it at its present price in order to fulfill their short positions, potentially bankrupting many of them and sending some out of the windows of Wall Street skyscrapers. These investors are desperately seeding, feeding, and writing negative stories about Tesla in the hope of depressing the stock price. Musk recently taunted them by buying another 10 million dollars in stock, making it even more likely that there won't be enough stock in the market to cover short positions. If that's the case, short-sellers could end up in debt for thousands of dollars per shorted share -- as the price balloons until enough stockholders are persuaded to sell. Will short-sellers do anything to give Tesla bad press? You bet.... Musk is stuck with a press that feeds negative stories about Tesla seeded by short-sellers, business competitors and the petroleum industry, and even the U.S. Government...

Musk is far from the only one who suffers from this abuse. I was personally involved while the Linux developers were hounded by bad press for years from Forbes and lesser entities, backed by a large software company we all know (and who is, surprisingly, funding more Open Source these days), based on SCO's unfounded lawsuit. Time proves them wrong, but don't expect them to admit it, nor should you hold your breath for an "I'm sorry".

And on Musk's plan to rate the credibility of news sites, Perens writes that "The world would be a better place if this was done honestly, with integrity, and well. Musk is one who has improved the world by going where conventional wisdom said he'd fail..."
United States

China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com) 112

Ellen Nakashima and Paul Sonne, reporting for The Washington Post: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare -- including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit's electronic warfare library. The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.
Software

Should Apple Let Competitors Use FaceTime? (cnet.com) 211

In 2010, Steve Jobs first introduced FaceTime and promised it would become an open industry standard that could be used by Apple's competitors -- not just Apple. Well, eight years later and that still hasn't happened. CNET's Sean Hollister provides a theory as to why that is: There's also an ongoing lawsuit to consider -- as Ars Technica documented in 2013, Apple was forced to majorly change how FaceTime works to avoid infringing on the patents of a company called VirnetX. Instead of letting phones communicate directly with each other, Apple added "relay servers" to help the phones connect. Presumably, someone would have to pay for those servers, and/or figure out a way for them to talk to Google or Microsoft or other third-party servers if FaceTime were going to be truly open. But that doesn't make a broken promise less frustrating. Particularly now that Apple could potentially fix annoying business video calls as well. A Skype-killing video chat service that worked on Mac, iOS *and* Windows, Android and the open web? That's something I bet companies would be happy to pay for, too.
Transportation

Emirates Planes Could Be Going Windowless (abc.net.au) 296

An anonymous reader shares a report: In the future, you could find yourself booking an Emirates flight without a real window seat. The airline has just unveiled a new first class suite on board its latest aircraft that features "virtual windows" instead of real ones. The President of Emirates, Tim Clarke, is hoping it will pave the way for removing all windows from future planes, which he says will make them lighter and faster. "What we may have [in the next 20 years] is aircraft that are, and I hate to say this to a number of passengers, windowless," he told the BBC. So there's no windows on the outside ... But Mr Clarke says on the inside there will be "a full display of windows," which will beam in the images from the outside. This will be done using fibre-optic camera technology. So, instead of being able to see directly outside, passengers will view images projected from outside the aircraft -- which is almost like the real thing.
Windows

Qualcomm Unveils Snapdragon 850 Platform Targeted For Windows 10 PCs (hothardware.com) 59

MojoKid writes: Qualcomm's Always-Connected Windows 10 PC initiative with Microsoft kicks into another gear this morning with the announcement of the Qualcomm Snapdragon 850 Mobile Platform for Windows 10 PCs. Based on what looks to be an optimized version of the Snapdragon 845 specifically tuned for laptops and 2-in-1 convertibles, the Snapdragon 850 promises a 30 percent boost in system-wide performance versus the previous generation Snapdragon 835 platform, while its integrated Snapdragon X20 LTE modem promises peak speeds of 1.2Gbps. When it comes to battery life, Qualcomm says that PCs running the Snapdragon 850 will be able to top 25 hours of runtime. Qualcomm also notes it will have many more OEM partners and a lot more device options to choose from (hopefully at lower price points) this time around. Couple that with Microsoft's new support for the ARM64 SDK in Windows 10, and things could get interesting for this new class of machine. No word on availability just yet, beyond the note that devices will be available in market later this year.
DRM

Flight-Sim Maker Threatens Legal Action Over Reddit Posts Discussing DRM (arstechnica.com) 175

An anonymous reader quotes a report from Ars Technica: Today's controversy begins with a Reddit thread that noted FlightSimLabs' A320 add-on installing "cmdhost.exe" files in the "system32" and "SysWOW64" folders inside the Windows directory. The strange filename and location -- which seems designed to closely match those of actual Windows system files -- made some Reddit users suspicious, especially given FlightSimLabs history of undisclosed installations. FlightSimLabs responded on Facebook last Thursday by saying that the files came from third-party e-commerce service eSellerate and were designed to "reduce the number of product activation issues people were having." This system has been acknowledged in the FlightSimLabs forums in the past, and it apparently passes all major antivirus checks.

The "controversy" over these files might well have died down after that response. But then FlightSimLabs' Simon Kelsey sent a message to the moderators of the flightsim subreddit, gently reminding them of "Reddit's obligation as a publisher... to ensure that any libelous content is taken down as soon as you become aware of it." While ostensibly welcoming "robust fair comment and opinion," the message also warns that "ANY suggestion that our current or future products pose any threat to users is absolutely false and libelous." That warning extends to the company's previous password-extractor controversy, with Kelsey writing, "ANY suggestion that any user's data was compromised during the events of February is entirely false and therefore libelous." "I would hate for lawyers to have to get involved in this, and I trust that you will take appropriate steps to ensure that no such libel is posted," Kelsey concludes. A follow-up message from Kelsey reiterated the same points and noted that FlightSimLabs has reported specific comments and demanded they be removed as libelous.

XBox (Games)

Amazon Alexa and Google Assistant Are Coming To Xbox One (windowscentral.com) 29

According to Windows Central, the Xbox One will soon support Amazon Alexa and Google Assistant, which should provide a decent alternative to Kinect for controlling your console via voice commands. Microsoft stopped manufacturing the Kinect in October of last year. From the report: This picture comes to us from a reliable source who is familiar with Amazon and Microsoft's efforts to link Alexa and Cortana. In upcoming Xbox One builds, the Kinect & Devices menu should have a new "Digital Assistants" section, which lets you enable Alexa, Google Assistant, and Cortana, for use on your Xbox One. It then directs you to install the Xbox skills app for those respective platforms to get connected. The full range of features for those assistants remains unknown, but it could bring back many of the voice-assisted features abandoned Kinect users are yearning for.
Microsoft

Microsoft Sticks With Controversial 'GVFS' Name Despite Backlash (medium.com) 203

New submitter DuroSoft writes: It has been over a year since Microsoft unveiled its open source GVFS (Git Virtual File System) project, designed to make terabyte-scale repositories, like it's own 270GB Windows source code, manageable using Git. The problem is that the GNOME project already has a virtual file system by the name of GVfs that has been in use for years, with hundreds of threads on Stack Overflow, etc. Yet Microsoft's GVFS has already surpassed GVfs in Google and is causing confusion. To make matters worse, Microsoft has officially refused to change the name, despite a large public backlash on GitHub and social media, and despite pull requests providing scripts that can change the name to anything Microsoft wants. Is this mere arrogance on Microsoft's part, laziness to do a quick Google search before using a name, or is it something more sinister?
GNU is Not Unix

Emacs 26.1 Released With New Features (lwn.net) 116

There's a new version of the 42-year-old libre text editor with over 2,000 built-in commands, reports LWN.net: Highlights include a built-in Lisp threading mechanism that provides some concurrency, double buffering when running under X, a redesigned flymake mode, 24-bit color support in text mode, and a systemd [user] unit file.
The Free Software Foundation has released a 10,653-word description of all the new features in Emacs 26.1. Here's a couple more:
  • The Emacs server now has socket-launching support. This allows socket based activation, where an external process like systemd can invoke the Emacs server process upon a socket connection event and hand the socket over to Emacs... This new functionality can be disabled with the configure option '--disable-libsystemd'.
  • The new function 'call-shell-region' executes a command in an inferior shell with the buffer region as input.
  • Intercepting hotkeys on Windows 7 and later now works better.
  • The new user variable 'electric-quote-chars' provides a list of curved quotes for 'electric-quote-mode', allowing user to choose the types of quotes to be used.

Slashdot Top Deals