Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

PowerShell Security Threats Greater Than Ever, Researchers Warn (computerweekly.com) 66

Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.
Printer

Google Cloud Print Is Turning Off Epson Printers (pcmag.com) 58

When Google launched Cloud Print, it removed a lot of the hassle from using a printer. Instead of a printer only printing documents from the PC it was connected to, Cloud Print allowed any device, be it a Windows PC, Mac, Chromebook, smartphone, tablet, etc. to print to any printer either locally or remotely. However, Google Cloud Print has gone awry this week, as reports PCMag, and Epson printer owners are suffering because of it. From the article: A thread appeared on the Chromebook Central Help Forum explaining a problem where an Epson XP-410$185.00 at Amazon printer was turning itself off after 30 seconds. The printer worked without issue for two years, but now it wouldn't stay powered on. At first, this seems like a printer hardware problem, but the printer started working again once it was disconnected from the Internet. However, as soon as Google Print Cloud was enabled, the automatic power down happened again. Later in the support thread an Epson WF-4630 owner reports the same issue, as do XP-215, XP-415, XP-610, WF-545, WF-845, and WF-7610 owners.A change in Google's API for its cloud service triggered the issue, reports ArsTechnica. The change has caused a conflict between Cloud Print and printers' firmware.
Wireless Networking

Microsoft Wants To Enable Cellular PCs, But Will Carriers Bite? (computerworld.com) 120

Microsoft is aiming to enable the installation of non-removable programmable SIM cards and data radios in PCs and Windows tablets. In the company's vision, users will then be able to purchase cellular data for those cards through the Windows Store. The announcement was made at the company's WinHEC conference for device manufacturers in Shenzhen, China. From a report on ComputerWorld: Users would also get settings to help them better manage the use of data plans, so it's easier for them to control how much data apps can suck up. But there's a wrinkle in that plan: Cellular carriers will have to get on board with selling plans through the Windows Store, which will likely be a tougher sell.
Emulation (Games)

Microsoft and Qualcomm Collaborate To Bring Windows 10, x86 Emulation To Snapdragon Processors (anandtech.com) 81

An anonymous reader quotes a report from AnandTech: Today at Microsoft's WinHEC event in Shenzhen, China, the company announced that it's working with Qualcomm to bring the full Windows 10 experience to future devices powered by Snapdragon processors. These new Snapdragon-powered devices should support all things Microsoft, including Microsoft Office, Windows Hello, Windows Pen, and the Edge browser, alongside third-party Universal Windows Platform (UWP) apps and, most interestingly, x86 (32-bit) Win32 apps. They should even be able to play Crysis 2. This announcement fits nicely with Microsoft's "Windows Everywhere" doctrine and should come as no surprise. It's not even the first time we've seen Windows running on ARM processors. Microsoft's failed Windows RT operating system was a modified version of Windows 8 that targeted the ARMv7-A 32-bit architecture. It grew from Microsoft's MinWin effort to make Windows more modular by reorganizing the operating system and cleaning up API dependencies. The major change with today's announcement over Windows RT and UWP is that x86 apps will be able to run on Qualcomm's ARM-based SoCs, along with support for all of the peripherals that are already supported with Windows 10. This alone is a huge change from Windows RT, which would only work with a small subset of peripherals. Microsoft is also focusing on having these devices always connected through cellular, which is something that is not available for many PCs at the moment. Support will be available for eSIM to avoid having to find room in a cramped design to accommodate a physical SIM, and Microsoft is going so far as to call these "cellular PCs" meaning they are expecting broad support for this class of computer, rather than the handful available now with cellular connectivity. The ability to run x86 Win32 apps on ARM will come through emulation, and to demonstrate the performance Microsoft has released a video of an ARM PC running Photoshop.
Bug

Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 (onthewire.io) 70

Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says.
Windows

Microsoft Likely To See a Boost in Windows 10 Sales This New Year (fortune.com) 166

Because many businesses are wary of new software updates, let alone a new operating system, Microsoft could see a significant surge in Windows 10 install base and sales in the New Year. From a report on Fortune: Businesses have been slow to upgrade all of their corporate computers to the latest Windows OS in 2016, according to research by IT services and technology company Adaptiva. Adaptiva said Tuesday that based on its findings, it believes companies are going to be upgrading to the latest version in 2017. Adaptiva based its findings from a survey it conducted over the summer of 300 IT professionals at various businesses. The company said that 41% of the companies it surveyed have been avoiding the upgrade, and some "have gone so far as to actively resist the move by using software to prevent or disable Windows 10 installation." The survey didn't say why exactly companies were avoiding the upgrade, but the majority of respondents that did upgrade "rated the Windows 10 migration process to be somewhat to extremely challenging," the survey said. According to latest figures provided by Microsoft, Windows 10 is running on over 400 million devices.
Software

Windows 10 'Home Hub' Is Microsoft's Response To Amazon Echo and Google Home (mashable.com) 100

Microsoft's response to the Amazon Echo and Google Home is Home Hub, a software update for Windows 10's Cortana personal assistant that turns any Windows PC into a smart speaker of sorts. Mashable reports: Microsoft's smart digital assistant Cortana can already answer your queries, even if the PC's screen is locked. The Home Hub is tied to Cortana and takes this a few steps further. It would add a special app with features such as calendar appointments, sticky notes and shopping lists. A Home Hub-enabled PC might have a Welcome Screen, a full-screen app that displays all these, like a virtual fridge door. Multiple users (i.e. family members) could use the Home Hub, either by authenticating through Windows Hello or by working in a family-shared account. Cortana would get more powerful on Home Hub; it could, for example, control smart home devices, such as lights and locks. And even though all of this will work on any Windows 10 device -- potentially making the PC the center of your smart home experience -- third-party manufacturers will be able to build devices that work with Home Hub. You can read Windows Central's massive report here. Do note that Home Hub is not official and individual features could change over time. The update is slated for 2017.
Google

Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com) 57

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.
Microsoft

Does Windows 10's Data Collection Trade Privacy For Microsoft's Security? (pcworld.com) 181

jader3rd shares an article from PC World arguing that Windows 10's data collection "trades your privacy for Microsoft's security." [Anonymized] usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences.

Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers.

The article points out that unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed.
Open Source

Linux Mint 18.1 'Serena' BETA Ubuntu-based Operating System Now Available For Download (betanews.com) 137

BrianFagioli shares his story on Beta News: Feeling fatigued by Windows 10 and its constant updates and privacy concerns? Can't afford one of those beautiful new MacBook Pro laptops? Don't forget, Linux-based desktop operating systems are just a free download away, folks!

If you do decide to jump on the open source bandwagon, a good place to start is Linux Mint. Both the Mate and Cinnamon desktop environments should prove familiar to Windows converts, and since it is based on Ubuntu, there is a ton of compatible packages. Today, the first beta of Linux Mint 18.1 'Serena' becomes available for download.

Here's the release notes for both Cinammon and MATE.
Microsoft

How Microsoft Lost In Court Over Windows 10 Upgrades (digitaltrends.com) 121

In June a California woman successfully sued Microsoft for $10,000 over forced Windows 10 upgrades, and she's now written a 58-page ebook about her battle (which she's selling for $9.99). But an anonymous Slashdot reader shares another inspiring story about a Texas IT worker and Linux geek who got Microsoft to pay him $650 for all the time that he lost. "Worley built a Windows 7 machine for his grandfather, who has Alzheimer's Disease, [customized] to look like Windows XP, an operating system his grandfather still remembered well..." writes Digital Trends. "But thanks to Microsoft's persistent Windows 10 upgrade program, Worley's grandfather unknowingly initiated the Win 10 upgrade by clicking the 'X' to close an upgrade window." After Worley filed a legal "Notice of Dispute," Microsoft quickly agreed to his demand for $650, which he donated to a non-profit focusing on Alzheimer's patients.

But according to the article, that's just the beginning, since Worley now "hopes people impacted by the forced Windows 10 upgrade will write a complaint to Microsoft demanding a settlement for their wasted time and money in repairing the device," and on his web page suggests that if people don't need the money, they should give it to charities fighting Alzheimer's. "If Microsoft isn't going to wake up and realize that lobbing intentionally-tricky updates at people who don't need and can't use them actively damages not only the lives of the Alzheimer's sufferer, but those of their whole family, then let's cure the disease on Microsoft's dime so their tactics and those of companies that will follow their reckless example aren't as damaging."

Worley suggests each Notice of Dispute should demand at least $50 per hour from Microsoft, adding "If recent history holds steady they might just write you a check!"
Linux

Ask Slashdot: What's the Best Linux Laptop? 284

Long-Time Slashdot reader sconeu is finally replacing his 10-year-old Toshiba Satellite laptop, and needs suggestions on the best current laptops for running Linux. I'm looking to run some flavor of Linux (probably KDE-based UI, but not mandatory) while using a virtual machine to run Windows 7 (for stuff needed for work). For me personally, battery life and weight are more important than raw power. I'm not going to be running games on this. I've been considering an XPS 13 Developer Edition, or something from System76, ZaReason or Emperor Linux. What laptop do you use? Do you have any suggestions?
It's your chance to share useful information, recommendations, and your own experiences with various brands of laptop. So leave your best answers in the comments. What's the best Linux laptop?
Movies

Free TV-Show Streaming Hurts Online Sales, Research Finds (torrentfreak.com) 67

New research from Carnegie Mellon University shows that online piracy is not the only worry for TV distributors. Based on Downton Abbey streaming and sales data provided by PBS, as reported by TorrentFreak, the researchers find that free legal streams can significantly reduce download sales. However, that doesn't necessarily mean that free streaming options should be banned. From the report: The researchers were able to estimate the impact in a natural experiment, since PBS was required to pull the free streams for all episodes at the same time. This means that some were streamable for more than a month, while others only for a week, or two. In addition, they had sales data for several seasons, allowing them to make an alternative comparison between years, where the streaming windows varied. In both cases, they show that free streaming cannibalizes download sales. "Our analysis in our primary specification indicates that availability in the free streaming window reduces EST sales by 8.4%. Using an alternative specification we find that free availability reduces EST sales by 9.9%," they write. The negative effect is not unexpected. However, it doesn't mean that it is wrong to offer free streaming in the long run, as there are several positive side-effects. That's where the puzzle starts to get complicated.
Microsoft

Microsoft Says Summer's Windows 10 Upgrade Fit For Business (computerworld.com) 119

Microsoft has moved Windows 10 August update to the Current Branch for Business release track, putting the "Anniversary Update" in the queue for automatic downloads and installation on enterprise PCs. From a report on ComputerWorld: The move will also set in motion a two-month countdown clock on support for the original mid-2015 version of Windows 10. "Windows 10 1607, also known as the Windows 10 Anniversary Update, has been declared as Current Branch for Business (CBB) and is ready for deployment," Michael Niehaus, a director of product marketing, said in a post to a company blog that used similar wording to the first upgrade to the CBB. In April, Microsoft moved the November 2015 upgrade to the corporate delivery track. Microsoft issued the Anniversary Update Aug. 2, even though its numerical designation of 1607 referred to July (07) of this year (16). The upgrade will be released in January through Windows Update, Windows Update for Business and Windows Server Update Services (WSUS), Niehaus said.
Microsoft

Nokia Dials Back Time To Sell Mobile Phones Again (bbc.com) 128

Nokia said Thursday mobile phones carrying its brand will make a comeback via a new venture that will reunite the Nokia brand with veteran Nokia execs who aim to move into smartphones capitalizing on an existing operation that sells low-cost basic phones. From a report on BBC: It's thanks to a deal with a small team based at a business park on the fringes of Helsinki, who are engaged in what will seem to many a foolhardy mission. They call themselves HMD Global -- and they believe they can make Nokia a big name in mobile phones once again. I met Arto Nummela, Pekka Rantala and Florian Seiche in a cafe on what is still the Nokia campus. That very day Arto and Pekka had stopped working for the Nokia Windows mobile phone business owned by Microsoft -- because they had acquired both it and the Nokia brand to start their new business. Yes, it is complicated, but so is the recent history of what was just a few years back Europe's technology superpower and the biggest force in mobile phones. After the launch of the iPhone in 2007, Nokia faltered and by 2011 was on what its first American chief executive, Stephen Elop, called a burning platform. Then, the phone business was sold to Microsoft, which soon found it had made a disastrous purchase as the Nokia Windows combination failed to claim a significant slice of a market dominated by Apple's iOS and Android. Now, the Finnish business -- which remained a big force in telecoms infrastructure after the sale of the mobile unit -- has licensed the Nokia brand to HMD Global, which aims to take it back to the future.
Firefox

Firefox Zero-Day Can Be Used To Unmask Tor Browser Users (computerworld.com) 55

An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.
Advertising

No Man's Sky's Steam Page Didn't Mislead Gamers, Rules UK Ad Watchdog (arstechnica.com) 76

Shortly after it officially launched in August on PlayStation and Windows, No Man's Sky -- the game that sees the protagonist explore space and experience uncertain places -- was accused of false advertising. Players felt that the pictures and videos used to promote the game on its Steam page didn't represent the sort of things players might expect to encounter in the game. Today, a UK advertising regulator has ruled the opposite -- the game didn't mislead gamers. Ars Technica reports: The complainants -- who had been part of a semi-organized campaign upset with the state of the game at release -- insisted that the screenshots on the storefront had seemed to promise various features that turned out to be absent from the final game. These included things like the appearance and behavior of animals, large in-game buildings, large-scale space combat, loading screens, a promised system wherein the different factions contested galactic territory, and general graphical polish. Hello Games' defense rested on the fact that No Man's Sky is procedurally generated, and that while players would not enjoy the exact experience shown in promotional images, they could reasonably expect to see similar things. The Advertising Standards Authority (ASA) agreed, saying: "The summary description of the game made clear that it was procedurally generated, that the game universe was essentially infinite, and that the core premise was exploration. As such, we considered consumers would understand the images and videos to be representative of the type of content they would encounter during gameplay, but would not generally expect to see those specific creatures, landscapes, battles, and structures." It also ruled that the developers hadn't misled customers over graphics: "We understood the graphical output of the game would be affected by the specifications of each player's computer, and considered that consumers would generally be aware of this limitation."
Windows

Wielding Their Windows Phones, Microsoft Shareholders Grill CEO Satya Nadella On Device Strategy (geekwire.com) 157

At a meeting with shareholders Wednesday, Microsoft CEO Satya Nadella was asked numerous times what the company is doing about Windows Phones, and why do they keep hearing that Microsoft is abandoning smartphone manufacturer business. The stakeholders also asked why the company is seemingly focusing more on Android and iOS rival platforms instead of its own. From a report on GeekWire: Microsoft shareholder Dana Vance, owner of a Windows Phone and a Microsoft Band, said he received an email about the Microsoft Pix app but was surprised to learn that it was available for iPhone and Android but not Windows Phone. Ditto for Microsoft Outlook. He also alluded to reports that Microsoft has put the Band on the back burner. Given this, he asked Nadella to explain the company's vision for its consumer devices. As part of his response, Nadella said Microsoft's Windows camera and mail apps will include the same features as in Microsoft's apps for other platforms. "When we control things silicon-up, that's how we will integrate those experiences," Nadella said. The company will "build devices that are unique and differentiated with our software capability on top of it -- whether it's Surface or Surface Studio or HoloLens or the phone -- and also make our software applications available on Android and iOS and other platforms. That's what I think is needed in order for Microsoft to help you as a user get the most out of our innovation." Another shareholder, who says he uses his Windows Phone "18 hours a day," said he has heard Microsoft is "stepping away from mobile." He asked, "Can you calm me down ... and tell me what your vision is for mobile?" Nadella answered, "We think about mobility broadly. In other words, we think about the mobility of the human being across all of the devices, not just the mobility of a single device. That said, we're not stepping away or back from our focus on our mobile devices," Nadella said. "What we are going to do is focus that effort on places where we have differentiation. If you take Windows Phone, where we are differentiated on Windows Phone is on manageability. It's security, it's Continuum capability -- that is, the ability to have a phone that can act like a PC. So we're going to double-down on those points of differentiation."
Windows

PC Market Shows Signs of Recovery (betanews.com) 113

PC shipments will continue to decline in 2016, according to a new IDC forecast, but the drop will be slightly lower than previously expected. What's more, things will improve even more in 2017. BetaNews adds: IDC expects PC vendors to ship a total of 258.2 million units this year, a figure which would be 6.4 percent lower than last year. The previous estimate was a 7.2 percent fall, which IDC announced in August. Growth will still be negative in 2017, but shipments are expected to decrease by just 2.6 percent compared to this year. IDC believes that commercial shipments of notebooks will grow this year, while desktops should stay flat in terms of growth. The pressure from mobile devices is said to decrease as the markets mature. The tablet market, in particular, is not as big of a concern or threat as it sees declining shipments as well. "The PC market continues to perform close to expectations", says IDC Worldwide Tracker Forecasting and PC research vice president Loren Loverde. "Some volatility in emerging regions is being offset by incremental gains in larger mature markets while the interaction with tablets and phones is stabilizing. We continue to see steady progression toward smaller desktops and notebooks as replacement buying helps stabilize overall shipments in the coming years".
Security

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com) 138

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.

Slashdot Top Deals