DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Operating Systems

NSA's DoublePulsar Kernel Exploit a 'Bloodbath' (threatpost.com) 37

msm1267 quotes a report from Threatpost: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come. MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish. "This is a full ring0 payload that gives you full control over the system and you can do what you want to it," said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday. "This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it's still found in a lot of places," Dillon said. "I find it everywhere. This is the most critical Windows patch since that vulnerability." Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he's running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue. "This is easily describable as a bloodbath," Tentler said.
Microsoft

Microsoft's Nadella Banks On LinkedIn Data To Challenge Salesforce (reuters.com) 24

Microsoft is rolling out upgrades to its sales software that integrates data from LinkedIn, an initiative that Microsoft CEO Satya Nadella told Reuters was central to the company's long-term strategy for building specialized business software. From the report: The improvements to Dynamics 365, as Microsoft's sales software is called, are a challenge to market leader Salesforce.com and represent the first major product initiative to spring from Microsoft's $26 billion acquisition of LinkedIn, the business-focused social network. The new features will comb through a salesperson's email, calendar and LinkedIn relationships to help gauge how warm their relationship is with a potential customer. The system will recommend ways to save an at-risk deal, like calling in a co-worker who is connected to the potential customer on LinkedIn. [...] The artificial intelligence, or AI, capabilities of the software would be central, Nadella said. "I want to be able to democratize AI so that any customer using these products is able to, in fact, take their own data and load it into AI for themselves," he said. On Monday, LinkedIn said it has surpassed 500 million members globally, one of the first big milestones for the business social network since its acquisition.
Microsoft

Microsoft Will Block Desktop 'Office' Apps From 'Office 365' Services In 2020 (techradar.com) 214

An anonymous reader writes: Microsoft is still encouraging businesses to rent their Office software, according to TechRadar. "In a bid to further persuade users of the standalone versions of Office to shift over to a cloud subscription (Office 365), Microsoft has announced that those who made a one-off purchase of an Office product will no longer get access to the business flavours of OneDrive and Skype come the end of the decade." PC World explains that in reality this affects very few users. "If you've been saving all of your Excel spreadsheets into your OneDrive for Business cloud, you'll need to download and move them over to a personal subscription -- or pony up for Office 365, as Microsoft really wants you to do."

Microsoft is claiming that when customers connect to Office 365 services using a legacy version of Office, "they're not enjoying all that the service has to offer. The IT security and reliability benefits and end user experiences in the apps is limited to the features shipped at a point in time. To ensure that customers are getting the most out of their Office 365 subscription, we are updating our system requirements." And in another blog post, they're almost daring people to switch to Linux. "Providing over three years advance notice for this change to Office 365 system requirements for client connectivity gives you time to review your long-term desktop strategy, budget and plan for any change to your environment."

In a follow-up comment, Microsoft's Alistair Speirs explained that "There is still an option to get monthly desktop updates, but we are changing the 3x a year update channel to be 2x a year to align closer to Windows 10 update model. We are trying to strike the right balance between agile, ship-when-ready updates and enterprise needs of predictability, reliability and advanced notice to validate and prepare."
Programming

Stack Overflow Reveals Which Programming Languages Are Most Used At Night (stackoverflow.blog) 95

Stack Overflow data scientist David Robinson recently calculated when people visit the popular programming question-and-answer site, but then also calculated whether those results differed by programming language. Quoting his results:
  • "C# programmers start and stop their day earlier, and tend to use the language less in the evenings. This might be because C# is often used at finance and enterprise software companies, which often start earlier and have rigid schedules."
  • "C programmers start the day a bit later, keep using the language in the evening, and stay up the longest. This suggests C may be particularly popular among hobbyist programmers who code during their free time (or perhaps among summer school students doing homework)."
  • "Python and Javascript are somewhere in between: Python and Javascript developers start and end the day a little later than C# users, and are a little less likely than C programmers to work in the evening."

The site also released an interactive app which lets users see how the results for other languages compared to C#, JavaScript, Python, and C, though of those four, "C# would count as the 'most nine-to-five,' and C as the least."

And they've also calculated the technologies used most between 9 to 5 (which "include many Microsoft technologies, such as SQL Server, Excel, VBA, and Internet Explorer, as well as technologies like SVN and Oracle that are frequently used at enterprise software companies.") Meanwhile, the technologies most often used outside the 9-5 workday "include web frameworks like Firebase, Meteor, and Express, as well as graphics libraries like OpenGL and Unity. The functional language Haskell is the tag most visited outside of the workday; only half of its visits happen between 9 and 5."


Databases

Microsoft Will Support Python In SQL Server 2017 (infoworld.com) 93

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn't limited to enterprise editions of SQL Server 2017, either -- it'll also be available in the free-to-use Express edition... Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it'll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database...

An existing Python installation isn't required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed.

Except it's not yet available for Linux users, according to the article. "Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python."
Microsoft

Microsoft Improves Gmail Experience For Windows 10 Insiders, But There Are Privacy Concerns (betanews.com) 69

Reader BrianFagioli writes: Today, Microsoft announced a new Gmail experience for Windows 10. While only available for Windows Insiders as of today, it uses the same concept as the Outlook mobile app, but for the Mail and Calendar apps. Microsoft will provide you with an arguably improved experience as long as you are OK with storing all of your Gmail messages in Microsoft's cloud. What types of features will the new experience offer? Things such as tracking packages, getting updated on your favorite sports teams, and a focused inbox. "To power these new features, we'll ask your permission to sync a copy of your email, calendar and contacts to the Microsoft Cloud. This will allow new features to light up, and changes to update back and forth with Gmail -- such as creation, edit or deletion of emails, calendar events and contacts. But your experience in Gmail.com or apps from Google will not change in any way."
Microsoft

LinkedIn Apologizes For Trying To Connect Everyone In Real Life (vocativ.com) 71

LinkedIn has apologized for a vague new update that told some iPhone users its app would begin sharing their data with nearby users without further explanation. From a report: The update prompted outrage on Twitter after cybersecurity expert Rik Ferguson received a strange alert when he opened the resume app to read a new message: "LinkedIn would like to make data available to nearby Bluetooth devices even when you're not using the app." That gave Ferguson, vice president of research at the cybersecurity firm Trend Micro, a handful of concerns, he told Vocativ. Among them: "the lack of specificity, which data, when, under what conditions, to which devices, why does it need to happen when I'm not using the app, what are the benefits to me, where is the feature announcement and explanation, why wasn't it listed in the app update details." Reached for comment, LinkedIn said it's a mistake -- that some iPhone users were accidentally subject to undeveloped test feature the company is still working on.
Cloud

Leaked Document Sheds Light On Microsoft's Chromebook Rival (windowscentral.com) 91

Microsoft has announced plans to host an event next month where it is expected to unveil Windows 10 Cloud operating system. Microsoft will be positioning the new OS as a competitor to Chrome OS, according to several reports. Windows Central has obtained an internal document which sheds light on the kind of devices that will be running Windows 10 Cloud. The hardware requirement that Microsoft has set for third-party OEMs is as follows: 1. Quad-core (Celeron or better) processor.
2. 4GB of RAM.
3. 32GB of storage (64GB for 64-bit). 4. A battery larger than 40 WHr.
5. Fast eMMC or solid state drive (SSD) for storage technology.
6. Pen and touch (optional).
The report adds that Microsoft wants these laptops to offer over 10-hour of battery life, and the "cold boot" should not take longer than 20 seconds.
Windows

File System Improvements To the Windows Subsystem for Linux (microsoft.com) 109

An anonymous reader shares a new article published on MSDN: In the latest Windows Insider build, the Windows Subsystem for Linux (WSL) now allows you to manually mount Windows drives using the DrvFs file system. Previously, WSL would automatically mount all fixed NTFS drives when you launch Bash, but there was no support for mounting additional storage like removable drives or network locations. Now, not only can you manually mount any drives on your system, we've also added support for other file systems such as FAT, as well as mounting network locations. This enables you to access any drive, including removable USB sticks or CDs, and any network location you can reach in Windows all from within WSL.
Microsoft

Microsoft Says It Will Release Two Feature Updates Per Year For Windows 10, Office (petri.com) 62

Microsoft is making a few changes to how it will service Windows, Office 365 ProPlus and System Center Configuration Manager. From a report: Announced today, Microsoft will be releasing two feature updates a year for Windows 10 in March in September and with each release, System Center Configuration Manager will support this new aligned update model for Office 365 ProPlus and Windows 10, making both easier to deploy and keep up to date. This is a big change for Microsoft as Windows will now be on a more predictable pattern for major updates and by aligning it with Office 365 Pro Plus, this should make these two platforms easier to service from an IT Pro perspective. The big news here is also that Microsoft is announcing when Redstone 3 is targeted for release. The company is looking at a September release window but it is worth pointing out that they traditionally release the month after the code is completed.
Microsoft

Microsoft To Shut Down Wunderlist, an App It Acquired Two Years Ago, In Favor Of Homegrown App To-Do (techcrunch.com) 58

From a report on TechCrunch: Microsoft acquired the popular mobile to do list application Wunderlist back in 2015, and now it's preparing users for its eventual demise with the release of its new application "To-Do," it announced this week. The new app was built by the team behind Wunderlist, and will bring in the favorite elements of that app in the months ahead, Microsoft insists. The company also added that it won't shut down Wunderlist until it's confident that it has "incorporated the best of Wunderlist into To-Do." In case you're hoping Wunderlist will get some sort of reprieve, Microsoft makes its forthcoming demise pretty clear. Stating its plans in black-and-white: "we will retire Wunderlist," it says in a blog post. In the meantime, Microsoft is encouraging Wunderlist users to make the switch by offering an importer that will bring in your lists and to-dos from Wunderlist into To-Do, where those items will now be available in other Microsoft products, like Exchange and Outlook.
Communications

Microsoft's Skype Is Most Used Messaging Service For Cyber Criminals, Study Finds (securityledger.com) 57

chicksdaddy quotes a report from The Security Ledger: Cyber criminals lurk in the dark recesses of the internet, striking at random and then disappearing into the virtual ether. But when they want to talk shop with their colleagues, they turn to Redmond, Washington-based Microsoft and its Skype communications tools, according to an analysis by the firm Flashpoint. Mentions of different platforms were used as a proxy for gauging interest in and use of these messaging services. Flashpoint analysts looked, especially, for invitations to continue conversation outside of cyber criminal marketplaces, like references to ICQ accounts or other platforms. The survey results show that, out of a population of around 80 instant messenger platforms and protocols, a short list of just five platforms accounts for between 80% and 90% of all mentions within the cyber underground. Of those, Microsoft's Skype was the chat king. It ranked among the top five platforms across all language groups. That, despite the platform's lack of end-to-end encryption or forward secrecy features and evidence, courtesy of NSA hacker Edward Snowden, that U.S. spies may have snooped on Skype video calls in recent years, The Security Ledger reports. The conclusion: while security is a priority amongst thieves, it isn't the sole concern that cyber criminals and their associates have. In fact, sophisticated hacking communities like those in Russia to continue to rely on legacy platforms like ICQ when provably more secure alternatives exist. The reason? Business. "These cyber criminals have a lot of different options that they're juggling and a lot of factors that weigh on their options," said Leroy Terrelonge III, the Director of Middle East and Africa Research at Flashpoint. "We might suspect that cyber criminals use the most secure means of communication all the time, that's not what our research showed."
Facebook

Facebook is Working On a Way To Let You Type With Your Brain (theverge.com) 97

From a report: Facebook today unveiled a project from its secretive Building 8 research group that's working to create a brain-computer interface that lets you type with your thoughts. Regina Dugan, a former director of DARPA and the ex-head of Google's experimental ATAP research group, announced the news today onstage at Facebook's F8 developer conference. Dugan, who now heads up Building 8, says the goal is "something as simple as a yes-no brain click" that could fundamentally change how we interact with and use technology. While it does not exist today outside of very specific medical research trials, Dugan says her team is actively working to make it a reality. Dugan refers to the technology as a "brain mouse for AR," meaning it could be an ideal way to receive direct input from neural activity that would remove the need for augmented reality devices to track hand motions or other body movements. For instance, the Microsoft HoloLens uses hand tracking to let you tap your finger in front of you as if you were clicking a mouse. Facebook's theoretical device could also be used for patients with severe paralysis, acting as a "speech prosthetic" Dugan says.
Microsoft

Microsoft's Cool Quantum Computing Plan Embraces Cryogenic Memory (pcworld.com) 39

An anonymous reader shares a PCWorld report: Microsoft has crazy quantum computing plans: first, it built hardware based on a particle that hasn't even been discovered. Now, it's hoping to co-design super-cool memory for quantum computers. The company is working with Rambus to develop and build prototype computers with memory subsystems that can be cooled at cryogenic temperatures, typically below minus 180 degrees Celsius or minus 292 degrees Fahrenheit. Cryogenics goes hand in hand with quantum computers, which promise to be significantly faster than today's PCs and servers and may even eventually replace them. But the systems are notoriously unstable and need to be stored in refrigerators for faster and secure operation. As an example, D-Wave's 2000Q quantum computer needs to be kept significantly cooler than supercomputers so operations don't break down.
Security

User-Made Patch Lets Owners of Next-Gen CPUs Install Updates On Windows 7 & 8.1 (bleepingcomputer.com) 218

An anonymous reader quotes a report from BleepingComputer: GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1. This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren't able to install any Windows updates. Microsoft's move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons. When the April 2017 Patch Tuesday came around last week, GitHub user Zeffy finally had the chance to test four batch scripts he created in March, after the release of KB4012218. His scripts worked as intended by patching Windows DLL files, skipping the CPU version check, and delivering updates to Windows 7 and 8.1 computers running 7th generation CPUs.
United States

Steve Ballmer's New Project: Find Out How the Government Spends Your Money (theverge.com) 249

Former Microsoft CEO Steve Ballmer isn't satisfied with owning the Los Angeles Clippers and teaching at Stanford and USC. On Tuesday, the billionaire announced USAFacts, his new startup that aims to improve political discourse by making government financial data easier to access. A small "army" of economists, professors and other professionals will be looking into and publishing data structured similarly to the 10-K filings companies issue each year -- expenses, revenues and key metrics pulled from dozens of government data sources and compiled into a single massive collection of tables. From a report on The Verge: The nonpartisan site traces $5.4 trillion in government spending under four categories derived from language in the US Constitution. Defense spending, for example, is categorized under the header "provide for the common defense," while education spending is under "secure the blessing of liberty to ourselves and our prosperity." Spending allocation and revenue sources are each mapped out in blue and pink graphics, with detailed breakdowns along federal, state and local lines. Users can also search for specific datasets, such as airport revenue or crime rates, and the site includes a report of "risk factors" that could inhibit economic growth. The New York Times has the story on how this startup came to be.
Microsoft

Microsoft Says Previous Windows Patches Fixed Newly Leaked NSA Exploits (pcworld.com) 48

Microsoft said it has already patched vulnerabilities revealed in last week's high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they've kept their software up-to-date. From a report: Friday's leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008. However, Microsoft said several patches -- one of which was made only last month -- address the vulnerabilities. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the company said in a blog post late on Friday. Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.
Cloud

Microsoft's Rumored CloudBook Could Be Your Next Cheap Computer (venturebeat.com) 206

An anonymous reader shares a report: In a few weeks, at its education-oriented software and hardware event in New York, Microsoft could unveil a sub-premium laptop -- something more robust than a Surface but not as fancy as a Surface Book. And rather than run good old Windows 10, the new product could run something called Windows 10 Cloud, which reportedly will only be able to run apps that you can find in the Windows Store, unless you change a certain preference in Settings. The idea is that this will keep your device more secure. However, that does mean you won't be able to use certain apps that aren't in the Store -- like Steam -- on a Windows 10 Cloud device, such as the rumored CloudBook. Microsoft is going after Google's Chromebooks that are very popular in the education space -- so much so that they are playing an instrumental role in keeping the entire PC shipments up.
Crime

Researchers Find 25,000 Domains Used In Tech Support Scams (onthewire.io) 85

An anonymous reader writes: Three doctoral students at Stony Brook University spent eight months analyzing internet scammers who pose as remote tech support workers (usually pretending to be from Microsoft of Apple). Their research revealed more than 25,000 scam domains and thousands of different scam phone numbers. "Although victims of these scams can be anywhere, the researchers found that 85.4% of the IP addresses in these scams were located across different regions of India," reports On The Wire, "with 9.7% located in the United States and 4.9% in Costa Rica. Scammers typically asked users for an average of $291, with prices ranging from $70 to $1,000."

The researchers even called 60 of the con artists to study their technique, and concluded most were working in large, organized call centers. They use remote access tools, and in fact two popular tools were used in 81% of the scams, according to the paper. "We found that, on average, a scammer takes 17 minutes, using multiple social engineering techniques mostly based on misrepresenting OS messages, to convince users of their infections..."

Input Devices

RIP, Robert Taylor, The Innovator Who Shaped Modern Computing (sfgate.com) 37

"Any way you look at it, from kick-starting the Internet to launching the personal computer revolution, Bob Taylor was a key architect of our modern world," says a historian at Stanford's Silicon Valley Archives. An anonymous reader quotes the New York Times: The Internet, like many inventions, was the work of many inventors. But perhaps no one deserves more credit for that world-changing technological leap than Mr. Taylor. The seminal moment of his work came in 1966. He had just taken a new position at the Pentagon -- director of the Information Processing Techniques Office, part of the Advanced Research Projects Agency, known as Arpa -- and on his first day on the job it became immediately obvious to him what the office lacked and what it needed. At the time, Arpa was funding three separate computer research projects and using three separate computer terminals to communicate with them. Mr. Taylor said, No, we need a single computer research network, to connect each project with the others, to enable each to communicate with the others... His idea led to the Arpanet, the forerunner of the Internet.

A half-decade later, at Xerox's storied Palo Alto Research Center, Mr. Taylor was instrumental in another technological breakthrough: funding the design of the Alto computer, which is widely viewed as the forerunner of the modern personal computer. Mr. Taylor even had a vital role in the invention of the computer mouse. In 1961, at the dawn of the Space Age, he was about a year into his job as a project manager at NASA in Washington when he learned about the work of a young computer scientist at Stanford Research Institute, later called SRI International... Mr. Taylor decided to pump more money into the work, and the financial infusion led directly to Engelbart's invention of the mouse, a computer control technology that would be instrumental in the design of both Macintosh and Microsoft Windows-based computers.

Taylor had become fascinated with human-computer interactions in the 1950s during his graduate work at the University of Texas at Austin, and was "appalled" that performing data calculations required submitting his punch cards to a technician running the school's mainframe computers. Years later, it was Taylor's group at PARC that Steve Jobs visited in 1979, which inspired the "desktop" metaphor for the Macintosh's graphical user interface. And Charles Simonyi eventually left PARC to join Microsoft, where he developed the Office suite of applications.

Taylor died Thursday at his home in Woodside, California, from complications of Parkinson's disease, at the age of 85.

Slashdot Top Deals