Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Crime

New Dark Web Market Is Selling Zero-Day Exploits 28

Posted by samzenpus
from the finest-crime dept.
Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers' zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal's creators say they're looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.

Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Microsoft

Microsoft's Role As Accuser In the Antitrust Suit Against Google 192

Posted by samzenpus
from the on-the-other-side dept.
HughPickens.com writes Danny Hakim reports at the NYT that as European antitrust regulators formally accuse Google of abusing its dominance, Microsoft is relishing playing a behind-the-scenes role of scold instead of victim. Microsoft has founded or funded a cottage industry of splinter groups to go after Google. The most prominent, the Initiative for a Competitive Online Marketplace, or Icomp, has waged a relentless public relations campaign promoting grievances against Google. It conducted a study that suggested changes made by Google to appease regulators were largely window dressing. "Microsoft is doing its best to create problems for Google," says Manfred Weber, the chairman of the European People's Party, the center-right party that is the largest voting bloc in the European Parliament. "It's interesting. Ten years ago Microsoft was a big and strong company. Now they are the underdog."

According to Hakim, Microsoft and Google are the Cain and Abel of American technology, locked in the kind of struggle that often takes place when a new giant threatens an older one. Microsoft was frustrated after American regulators at the Federal Trade Commission didn't act on a similar antitrust investigation against Google in 2013, calling it a "missed opportunity." It has taken the fight to the state level, along with a number of other opponents of Google. Microsoft alleges that Google's anti-competitive practices include stopping Bing from indexing content on Google-owned YouTube; blocking Microsoft Windows smartphones from "operating properly" with YouTube; blocking access to content owned by book publishers; and limiting the flow of ad campaign information back to advertisers, making it more expensive to run ads with rivals. "Over the past year, a growing number of advertisers, publishers, and consumers have expressed to us their concerns about the search market in Europe," says Brad Smith, Microsoft's general counsel. "They've urged us to share our knowledge of the search market with competition officials."
Security

The Voting Machine Anyone Can Hack 105

Posted by samzenpus
from the vote-now-vote-often dept.
Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."
Windows

Remote Code Execution Vulnerability Found In Windows HTTP Stack 119

Posted by Soulskill
from the another-day,-another-vuln dept.
jones_supa writes: A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.
Chrome

Chrome 42 Launches With Push Notifications 198

Posted by Soulskill
from the douglas-adams-edition dept.
An anonymous reader writes: Google today launched Chrome 42 for Windows, Mac, and Linux with new developer tools. Chrome 42 offers two new APIs (Push API and Notifications API) that together allow sites to send notifications to their users even after the given page is closed. While this can be quite an intrusive feature for a browser, Google promises the users have to first grant explicit permission before they receive such a message.
Microsoft

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw 171

Posted by samzenpus
from the protect-ya-neck dept.
Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.
Books

Book Review: Networking For System Administrators 33

Posted by samzenpus
from the read-all-about-it dept.
Saint Aardvark writes Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. Networking for System Administrators, available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend. Keep reading for the rest of Saint Aardvark's review.
Security

LG Split Screen Software Compromises System Security 187

Posted by Soulskill
from the low-grade dept.
jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.
Software

BitTorrent Launches Beta of Torrent-Based Browser Project Maelstrom 35

Posted by timothy
from the bits-and-pieces-from-all-over dept.
An anonymous reader writes BitTorrent today launched Project Maelstrom, the company's distributed browser, in beta. The company also released new tools on GitHub that let developers and publishers build content for the browser. Announced in December, Project Maelstrom, then just an invite-only alpha, was described as "the first torrent-based browser." The launch today is an open beta, meaning anyone can now try an early version of Maelstrom. You do, however, need a Windows computer. Windows users can download the beta now from here. Since the alpha, BitTorrent says it has improved stability, integrated support for automatic updates, and added DHT visualization for users when loading torrents.
Communications

Microsoft: Feds Are 'Rewriting' the Law To Obtain Emails Overseas 100

Posted by Soulskill
from the get-out-of-my-inbox dept.
An anonymous reader writes: The Electronic Communications Privacy Act was written in 1986. It's incredibly outdated, yet it still governs many internet-related rights for U.S. citizens. Microsoft has now challenged Congress to update the legislation for how online communications work in 2015. The company is currently embroiled in a legal battle with the government over a court order to release emails stored in a foreign country to U.S. authorities. In a new legal brief (PDF), Microsoft says, "For an argument that purports to rest on the 'explicit text of the statute,' the Government rewrites an awful lot of it. Congress never intended to reach, nor even anticipated, private communications stored in a foreign country when it enacted [the ECPA]." In an accompanying blog post, Microsoft general counsel Brad Smith wrote, "Until U.S. law is rewritten, we believe that the court in our case should honor well-established precedents that limit the government's reach from extending beyond U.S. borders. ... To the contrary, it is clear Congress's intent was to ensure that your digital information is afforded the same legal protections as your physical documents and correspondence, a principle we at Microsoft believe should be preserved."
Intel

Intel's Core M Performance Is Erratic Between Devices 85

Posted by Soulskill
from the bring-back-the-turbo-button dept.
An anonymous reader writes: AnandTech noticed some odd performance disparities with Intel's Core M CPU, a chip designed to bring high-powered processing to thin, fan-less devices. After investigating, they found that how OEMs build their laptops and tablets has a far greater effect on Core M performance than it does for other chips. "When an OEM designs a device for Core M, or any SoC for that matter, they have to consider construction and industrial design as well as overriding performance. ... This, broadly speaking, gives the OEM control over several components that are out of the hands of the processor designers. Screen size, thickness, industrial design, and skin temperature all have their limits, and adjusting those knobs opens the door to slower or faster Core M units, depending on what the company decides to target.

In the Core M units that we have tested at AnandTech so far this year, we have seen a variety of implementations with and without fans and in a variety of form factors. But the critical point of all of this comes down to how the OEM defines the SoC/skin temperature limitations of the device, and this ends up being why the low-end Core M-5Y10 can beat the high-end Core M-5Y71, and is a poignant part of our tests. Simply put, if the system with 5Y10 has a higher SoC/skin temperature, it can stay in its turbo mode for longer and can end up outperforming a 5Y71, leading to some of the unusual results we've seen so far."
Displays

Virtual Desktop Makes Windows OS Oculus Rift-Capable 47

Posted by timothy
from the with-a-little-help dept.
An anonymous reader writes Virtual Desktop is a free program that makes the Windows operating system compatible with the Oculus Rift VR headset. To the surprise of some, plugging the Oculus Rift into a computer doesn't result in a native view of the OS, meaning that users have to put on and take off the headset as they move from one VR-specific app to the next. If you want to use typical Windows programs—like Photoshop, Firefox, or Microsoft Office—no dice! That's where Virtual Desktop comes in, enabling the entire Windows desktop, and any application that can run on it, to be seen through the Oculus Rift. It also works as a bridge between VR-specific applications, allowing you to move from one to the next without ever taking off the headset. The latest version released today includes voice commands for launching VR games, global monitor mirroring, performance improvements, and is built against the latest Oculus Rift SDK.
Windows

Microsoft Creates a Docker-Like Container For Windows 95

Posted by samzenpus
from the imitation-is-the-sincerest-form-of-flattery dept.
angry tapir writes Hoping to build on the success of Docker-based Linux containers, Microsoft has developed a container technology to run on its Windows Server operating system. The Windows Server Container can be used to package an application so it can be easily moved across different servers. It uses a similar approach to Docker's, in that all the containers running on a single server all share the same operating system kernel, making them smaller and more responsive than standard virtual machines.
Windows

Windows 10 Successor Codenamed 'Redstone,' Targeting 2016 Launch 197

Posted by Soulskill
from the please-just-call-it-windows-11 dept.
MojoKid writes: Windows 10 isn't even out the door yet, so what better time than now to talk about its successor? Believe it or not, there's a fair bit of information on it floating around already, including its codename: "Redstone." Following in the footsteps of 'Blue' and 'Threshold', Redstone is an obvious tie-in to Microsoft's purchase of Minecraft, which it snagged from Mojang last year. Redstone is an integral material in the game, used to create simple items like a map or compass as well as logic gates for building electronic devices, like a calculator or automatic doors. The really important news is that we could see Windows Redstone sometime in 2016.
Open Source

US NAVY Sonar/Lidar Editing Software Released To the World 56

Posted by timothy
from the public-domain-makes-registration-a-temporary-annoyance dept.
New submitter PFMABE writes The Naval Oceanographic Office (NAVO) has spent 16 years developing the Pure File Magic Area Based Editor (PFMABE) software suite to edit the huge volumes of lidar and sonar data they collect every year. In accordance with 17 USC 105, copyright protection is not available to any work of the US government. Originally developed to run on RedHat OS with network distributed storage, it has been migrated to Windows 7. This software, and accompanying source code (Win & Linux), has been released to the public domain at pfmabe.software, free for download with registration.
Input Devices

Kinect For Windows Is Dead; Long Live Kinect For Windows Via USB 45

Posted by timothy
from the sir-this-teapot-may-not-be-able-to-weather-the-tempest dept.
puddingebola writes Microsoft has announced it will no longer manufacture Kinect for Windows. Only the Xbox One version will be available for purchase. Microsoft said it could not meet demand for the device, a strange claim for a company to make. The console version, though, will still work with Windows by way of a USB adapter, and as pointed out by this similar story at Gamespot, for about the same total price.
Windows

Second Technical Preview of Windows Server 2016 Arriving This Spring 34

Posted by timothy
from the parallel-lives dept.
jones_supa writes: The second technical preview of Windows Server 2016 will be launching in May as the first one nears its expiration date. The next Windows Server is being developed and targeted for an early 2016 release, however, the latest and greatest preview builds haven't been released to the public by Microsoft since October 2014. At the same time, Windows 10 builds have been released regularly to everybody who wants to try them out. It was revealed earlier that the Windows Server release won't take place along with that of Windows 10, so it makes sense that Microsoft is pushing more builds of the desktop OS out for testing first. There is no mention of an exact date of the upcoming Windows Server Technical Preview, but an announcement can be expected during the upcoming BUILD 2015 conference which starts on 29th April.
Microsoft

Microsoft Celebrates 40th Anniversary 142

Posted by timothy
from the 14,609-days-ought-to-be-enough-for-anybody dept.
HughPickens.com writes Alyssa Newcomb reports at ABC News that the software company started by Bill Gates and Paul Allen on April 4, 1975 is 40 and fabulous and highlights products and moments that helped define Microsoft's first four decades including: Microsoft's first product — software for the Altair 8800; Getting a deal to provide a DOS Operating System for IBM's computers in 1980; Shipping Windows 1.0 in 1985; Microsoft Office for Mac released in 1989; Windows 3.0 ships in 1990, ushering in the era of graphics on computers; Windows 95 launches in 1995, selling an astounding 7 million copies in the first five weeks, and the first time the start menu, task bar, minimize, maximize and close buttons are introduced on each window.

For his part, Bill Gates sent a letter to employees celebrating Microsoft's anniversary, and how far computing has come since he and Paul Allen set the goal of a computer on every desk and in every home, and predicting that computing will evolve faster in the next 10 years than it ever has before.
Windows

The Most Highly Voted Requests In Windows 10 Feedback Pool 159

Posted by timothy
from the those-sound-reasonable dept.
jones_supa writes: Some of you have probably used the Feedback app of Windows 10 Technical Preview, which has enabled us to submit feature requests and bug reports directly to Microsoft in order to improve the operating system as the company approaches the final release. While Microsoft tries to make some of the requests available, it also depends on the number of votes that each submission gets. Softpedia takes a look at the top 5 requests right now: make Feedback app available in final Windows, too; improve network connections management; allow task view drag windows between desktops; give Cortana the ability to open programs; and bring back resize options for Start Menu.
Internet Explorer

Microsoft To Stop Enabling 'Do Not Track' By Default 64

Posted by Soulskill
from the do-not-do-not-track dept.
An anonymous reader writes: The history of the do-not-track setting for web browsers has been rife with debate. It took a long time for web experts to come to anything resembling a consensus on how it should be implemented, and the process isn't over yet. Microsoft took criticism for enabling the do-not-track setting by default in Internet Explorer. While it sounds good in theory, many worried it would just spur websites to completely disregard the setting (and some, like Yahoo, did just that). Now, Microsoft has reversed their stance. The do-not-track setting will not be enabled by default in the company's future browsers. They say, "Put simply, we are updating our approach to DNT to eliminate any misunderstanding about whether our chosen implementation will comply with the W3C standard. ... As a result, DNT will not be the default state in Windows Express Settings moving forward, but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so."