Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Windows

Microsoft To Introduce a New Feature In Windows 10 Which Will Allow Users To Block Installation of Desktop Apps (mspoweruser.com) 249

Microsoft is planning to introduce a new feature to Windows 10 that will allow a user to prevent installation of desktop apps. The latest Windows Insider build comes with an option that allows users to enable app installations only from the Windows Store. From a report on MSPowerUser: Once enabled, users will see a warning whenever they try to install a Win32 app -- they will get a dialog saying apps from the Windows Store helps to keep their PC "safe and reliable." This feature is obviously disabled by default, but users can enable it really easily if they want.
Bug

Google Discloses Yet Another New Unpatched Microsoft Vulnerability In Edge/IE (bleepingcomputer.com) 71

An anonymous reader quotes BleepingComputer: Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they've published details about a bug in the Windows GDI (Graphics Device Interface) component... The bug, discovered by Google Project Zero researcher Ivan Fratric, is tracked by the CVE-2017-0037 identifier and is a type confusion, a kind of security flaw that can allow an attacker to execute code on the affected machine, and take over a device.

Details about CVE-2017-0037 are available in Google's bug report, along with proof-of-concept code. The PoC code causes a crash of the exploited browser, but depending on the attacker's skill level, more dangerous exploits could be built... Besides the Edge and IE bug, Microsoft products are also plagued by two other severe security flaws, one affecting the Windows GDI component and one the SMB file sharing protocol shipped with all Windows OS versions...

Google's team notified Microsoft of the bug 90 days ago, only disclosing it publicly on Friday.
Microsoft

94% of Microsoft Vulnerabilities Can Be Mitigated By Turning Off Admin Rights (computerworld.com) 228

An anonymous reader quotes Computerworld: If you want to shut out the overwhelming majority of vulnerabilities in Microsoft products, turn off admin rights on the PC. That's the conclusion from global endpoint security firm Avecto, which has issued its annual Microsoft Vulnerabilities report. It found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year. This is especially true with the browser, for those who still use Microsoft's browsers. 100% of vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported... Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46% more than Windows 8 and Windows 8.1 (265 each). Avecto found that 93% of Windows 10 vulnerabilities could be mitigated by removing admin rights.
Of course, the stats are based on vulnerabilities announced in Microsoft Security Bulletins, but there's an overwhelming pattern. Turning off admin rights mitigated the vast majority of vulnerabilities, whether it was Windows Server (90%) or older versions of Microsoft Office (99%). And turning off admin rights in Office 2016 mitigated 100% of its vulnerabilities.
United States

The Videogame Industry Is Fighting 'Right To Repair' Laws (vice.com) 257

An anonymous reader quotes Motherboard: The video game industry is lobbying against legislation that would make it easier for gamers to repair their consoles and for consumers to repair all electronics more generally. The Entertainment Software Association, a trade organization that includes Sony, Microsoft, Nintendo, as well as dozens of video game developers and publishers, is opposing a "right to repair" bill in Nebraska, which would give hardware manufacturers fewer rights to control the end-of-life of electronics that they have sold to their customers...

Bills making their way through the Nebraska, New York, Minnesota, Wyoming, Tennessee, Kansas, Massachusetts, and Illinois statehouses will require manufacturers to sell replacement parts and repair tools to independent repair companies and consumers at the same price they are sold to authorized repair centers. The bill also requires that manufacturers make diagnostic manuals public and requires them to offer software tools or firmware to revert an electronic device to its original functioning state in the case that software locks that prevent independent repair are built into a device. The bills are a huge threat to the repair monopolies these companies have enjoyed, and so just about every major manufacturer has brought lobbyists to Nebraska, where the legislation is currently furthest along... This setup has allowed companies like Apple to monopolize iPhone repair, John Deere to monopolize tractor repair, and Sony, Microsoft, and Nintendo to monopolize console repair...

Motherboard's reporter was unable to get a comment from Microsoft, Apple, and Sony, and adds that "In two years of covering this issue, no manufacturer has ever spoken to me about it either on or off the record."
Bug

Severe IE 11 Bug Allows 'Persistent JavaScript' Attacks (bleepingcomputer.com) 90

An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains. In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).

This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.

Microsoft

Microsoft Creates Skype Lite Especially For India (cnet.com) 45

There's a new Skype app in town, and it is made just for India. According to a report on CNET: Microsoft is the latest US tech giant to help keep Indians connected. Skype Lite is a new version of the company's popular video and voice-calling app that's "built in India." Skype Lite functions much like its big brother Skype, but it's designed to work well on low-speed, 2G networks, which are still prevalent in India and many developing nations. It uses less data and battery power than the fully fledged app, and at 13MB it's around a third of the download size. Skype Lite, available for Android, also uses India's controversial Aadhaar biometric authentication.
AI

Microsoft Research Developing An AI To Put Coders Out of a Job (mspoweruser.com) 337

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds," reports MSPoweruser. "Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." New Scientist describes program synthesis as "creating new programs by piecing together lines of code taken from existing software -- just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read here.
Microsoft

Microsoft Confirms Another 2017 Update After Windows 10 Creators Update (betanews.com) 74

Mark Wilson, writing for BetaNews: Windows 10 Creators Update is due to arrive in the spring, and at Microsoft Ignite in Australia, the company confirmed that a second major update is on the way later in the year. We don't know a great deal about this update, but it's likely to incorporate Project NEON design elements. While it is not a new revelation that a second big update is coming to Windows 10 in 2017, until now there has only been a passing reference to the second one from Microsoft.
Communications

Gemalto Launches eSIM Technology for Windows 10 Devices (business-standard.com) 47

An anonymous reader shares a report: Global digital security firm Gemalto on Tuesday announced it will make available its on-demand connectivity and eSIM technology for Microsoft's Windows 10 devices. The eSIM is designed to be remotely provisioned by mobile network operators with subscription information and is globally interoperable across all carriers, device makers and technology providers implementing the specification. Gemalto's On-Demand Connectivity solution gives service providers the capability to deliver a seamless customer experience for connecting consumer and industrial devices. "eSIM technology remains an important investment for Microsoft as we look to create even more mobile computing opportunities," said Roanne Sones, General Manager (Strategy and Ecosystem), Microsoft.
Windows

EU Privacy Watchdogs Say Windows 10 Settings Still Raise Concerns (reuters.com) 161

Julia Fioretti, reporting for Reuters: European Union data protection watchdogs said on Monday they were still concerned about the privacy settings of Microsoft's Windows 10 operating system despite the U.S. company announcing changes to the installation process. The watchdogs, a group made up of the EU's 28 authorities responsible for enforcing data protection law, wrote to Microsoft last year expressing concerns about the default installation settings of Windows 10 and users' apparent lack of control over the company's processing of their data. The group -- referred to as the Article 29 Working Party -- asked for more explanation of Microsoft's processing of personal data for various purposes, including advertising. "In light of the above, which are separate to the results of ongoing inquiries at a national level, even considering the proposed changes to Windows 10, the Working Party remains concerned about the level of protection of users' personal data," the group said in a statement which also acknowledged Microsoft's willingness to cooperate.
Microsoft

Microsoft Has Cancelled the Second-Gen HoloLens, Working on Third-Gen For 2019 Launch (thurrott.com) 113

Citing several unnamed sources, long-time blogger Brad Sams is reporting that Microsoft has canceled the second iteration of the HoloLens in an attempt to focus on even more advanced HoloLens. The company, he says, now plans to launch that third iteration of HoloLens in 2019. From the report: Back when the first version of HoloLens came out, Microsoft created a roadmap that highlighted several release points for the product. This isn't unusual, you start with the first device, second generation devices are typically smaller and more affordable and then with version three you introduce new technology that upgrades the experience; this is a standard process path in the technology sector. Microsoft, based on my sources, is sidelining what was going to be version two of HoloLens and is going straight to version three. By skipping what was version two on their roadmap, the company can accelerate version three which will be closer to a generational leap and help keep Microsoft ahead of the competition. My sources are telling me that this version of HoloLens will not arrive until 2019.
Piracy

Google and Microsoft To Crackdown On Piracy Sites In Search Results (telegraph.co.uk) 104

Google and Microsoft pledged on Monday to crack down on sites hosting pirated content that show up on their search engines. In what is being called a first of its kind agreement, Google and Microsoft's Bing will demote U.K. search results of copyright infringing websites. From a report on The Telegraph: The search engine operators have signed up to a clampdown that will see the UK's copyright watchdog monitor the search results they provide for unlawful websites. The agreement follows years of campaigning by record labels and film studios, which have accused Google and Microsoft of turning a blind eye to piracy and dragging their feet over measures to protect copyright online. Under a new voluntary code, the tech giants have committed to demote websites that have repeatedly been served with copyright infringement notices, so that they do not appear on the first page for common searches.
Android

ZDNet: Linux 'Takes The World' While Windows Dominates The Desktop (zdnet.com) 224

ZDNet editor-in-chief Steve Ranger writes that desktop dominance is less important with today's cloud-based apps running independent of operating system, arguing that the desktop is now "just one computing platform among many." An anonymous reader quotes his report: Linux on the desktop has about a 2% market share today and is viewed by many as complicated and obscure. Meanwhile, Windows sails on serenely, currently running on 90% of PCs in use... That's probably OK because Linux won the smartphone war and is doing pretty well on the cloud and Internet of Things battlefields too.

There's a four-in-five chance that there's a Linux-powered smartphone in your pocket (Android is based on the Linux kernel) and plenty of IoT devices are Linux-powered too, even if you don't necessarily notice it. Devices like the Raspberry Pi, running a vast array of different flavours of Linux, are creating an enthusiastic community of makers and giving startups a low-cost way to power new types of devices. Much of the public cloud is running on Linux in one form or another, too; even Microsoft has warmed up to open-source software.

Bug

Google Discloses An Unpatched Windows Bug (Again) (bleepingcomputer.com) 121

An anonymous reader writes: "For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement," reports BleepingComputer. "The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)..." According to Google, the issue allows an attacker to read the content of the user's memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many.

"According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable." He later resubmitted the bugs in November 2016. The 90-days deadline for fixing the bugs expired last week, and the Google researcher disclosed the bug to the public after Microsoft delayed February's security updates to next month's Patch Tuesday, for March 15.

Microsoft has described Google's announcements of unpatched Windows bugs as "disappointing".
It's funny.  Laugh.

Web Comic 'Pokey The Penguin' Celebrates Its 19th Anniversary (twitter.com) 67

It's one of the longest-running comics on the internet. (Slashdot is approaching its 20th anniversary, and in its first year ran two stories about Pokey.) Open source developer Steve Havelka of Portland, Oregon created the truly bizarre strip back in 1998 -- one legend says it was originally a parody of another comic drawn with Microsoft Paint -- and he's since sporadically cranked out 637 strips.

Since 2010 he's also been publishing the cartoons in printed books, and this year launched an equally surreal page on Patreon identifying himself as "Steve Havelka, THE AUTHORS of Pokey the Penguin," offering supporters a "mystery item in the mail". Pokey has lots of fans -- he earned a shout-out in the videogame Hitman: Blood Money -- and very-long-time Slashdot reader 198348726583297634 informs us that on this 19th anniversary Pokey "is celebrating on Twitter!" where he's apparently accosting other web cartoonists and touting a new birthday strip. (Not to be confused with that truly horrible Pokey-goes-to-a-party movie created in Adobe Flash.)

I'd like to hear from any Slashdot readers who remember Pokey the Penguin -- but I'm also curious to hear from Slashdot readers who have never read the strip. ComixTalk called it "one of those webcomics that really only exist because of the Internet -- it would be hard to see something like this in any other medium... there's just something about Pokey the Penguin that fits online."
Android

99.6 Percent of New Smartphones Run Android or iOS (theverge.com) 91

The latest smartphone figures from Gartner show how much iOS and Android are dominating the smartphone market. According to the report, Android and iOS accounted for 99.6 percent of all smartphone sales in the fourth quarter of 2016. For comparison, this figure was 96.8 percent in the second quarter of 2015. The Verge reports: Of the 432 million smartphones sold in the last quarter, 352 million ran Android (81.7 percent) and 77 million ran iOS (17.9 percent), but what happened to the other players? Well, in the same quarter, Windows Phone managed to round up 0.3 percent of the market, while BlackBerry was reduced to a rounding error. The once-great firm sold just over 200,000 units, amounting to 0.0 percent market share. It's worth noting that although, in retrospect, this state of affairs seems inescapable, for years analysts were predicting otherwise. Three years ago, Gartner said that Microsoft's mobile OS would overtake iOS for market share in 2017, while BlackBerry would still be hanging around as sizable (if small) player.
Businesses

Tech Jobs Took a Big Hit Last Year (fortune.com) 119

Barb Darrow, writing for Fortune: Tech jobs took it on the chin last year. Layoffs at computer, electronics, and telecommunications companies were up 21 percent to 96,017 jobs cut in 2016, compared to 79,315 the prior year. Tech layoffs accounted for 18 percent of the total 526,915 U.S. job cuts announced in 2016, according to Challenger, Gray & Christmas, a global outplacement firm based in Chicago. Of the 2016 total, some 66,821 of the layoffs came from computer companies, up 7% year over year. Challenger attributed much of that increase to cuts made by Dell Technologies, the entity formed by the $63 billion convergence of Dell and EMC. In preparation for that combination, layoffs were instituted across EMC and its constituent companies, including VMware.
Businesses

Check Your Privacy Filters: Facebook Wants To Be the New LinkedIn (cnet.com) 85

From a report on CNET: Facebook isn't just for wasting time in the office. It can now help you find a new job entirely. The social network has unveiled a Jobs page, which allows businesses to list all kinds of work for you to find. You can even apply for the job and make contact with recruiters directly through Facebook. This could be seen as a challenge to competing services such as LinkedIn, the recruiting network acquired by Microsoft last December. But while LinkedIn is entirely focused on business, Facebook's social aspects could make it easier for potential employers to trawl your profile for details of your personal life.
Security

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs (computerworld.com) 251

You may recall "APT28", the Russian hacking group which was tied to last year's interference in the presidential election. It has long been known for its advanced range of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. From a report on ComputerWorld: The group -- known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 -- has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers obtained only the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved. Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.Further reading on ArsTechnica.
Microsoft

Microsoft Delays February Patch Tuesday Indefinitely (sans.edu) 88

UnderAttack writes: Microsoft today announced that it had to delay its February Patch Tuesday due to issues with a particular patch. This was also supposed to be the first Patch Tuesday using a new format, which led some to believe that even Microsoft had issues understanding how the new format is exactly going to work with no more simple bulletin summary and patches being released as large monolithic updates. Ars Technica notes the importance of this Patch Tuesday as "there's an in-the-wild zero-day flaw in SMB, Microsoft's file sharing protocol, that at the very least allows systems to be crashed." They also elaborate on the way Microsoft is "continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2."

Slashdot Top Deals