Internet Explorer flaw may let ad firms track mouse input, Microsoft says that will change

URL: http://www.engadget.com/2012/12/13/internet-explorer-flaw-reportedly-lets-ad-firms-track-mouse-input/

Many of us already complain that web ads follow us too closely. You can understand why Internet Explorer users might be nervous, then, when Spider.io claims that the ads are even tracking their mouse movements. A JavaScript hole in Internet Explorer 6 through 10 reportedly lets intruders follow along with the onscreen pointer, regardless of whether or not the browser is the active app. That could easily prove a security risk for anyone using a virtual keyboard, including some tablet owners. Microsoft has confirmed that it's investigating and plans to "adjust this behavior," although it takes issue with Spider.io both focusing on IE and decrying two ad analytics firms that are supposedly exploiting the flaw today. The Redmond team argues that other browsers have "similar capabilities" and that Spider.io has ulterior motives, being an ad analytics firm itself -- it allegedly wants to knock down two competitors that it doesn't think are playing fair. We've asked Spider.io for its reaction and will get back if we're told more. In the meantime, don't be too alarmed when the vulnerability would likely only work with detailed knowledge of the target PC.

Filed under: Internet, Software, Microsoft

Comments

Via: The Verge

Source: Spider.io, IEBlog

Swiss City Mandates Use Of Open Source, Banishes Microsoft Officially

URL: http://www.linuxtoday.com/upload/swiss-city-mandates-use-of-open-source-banishes-microsoft-officially-121211094009.html

 The PowerBase: In an overwhelming majority vote, the city council in Bern, Switzerland has moved to implement all future infrastructure with open source technologies.

Microsoft está investigando o problema dos reboots aleatórios no Windows Phone 8

URL: http://targethd.net/2012/11/20/microsoft-esta-investigando-o-problema-dos-reboots-aleatorios-no-windows-phone-8/

No dia de ontem (19), diversos sites especializados divulgaram a notícia que o recém lançado Windows Phone 8, a nova versão do sistema operacional móvel da Microsoft, estava sendo alvo de reclamação dos usuários de smartphones Microsoft e HTC por um comportamento anormal de reboots aleatórios. Para alguns, pode parecer um problema pequeno, mas pense [...]

Exclusive: Internal Videos Show Why Microsoft Kin Cratered

URL: http://www.wired.com/gadgetlab/2012/11/unreleased-internal-microsoft-videos-show-why-kin-crashed-and-burned/

These internal Microsoft testing videos of its ill-fated line of Kin phones demonstrate a product not ready for prime time.

Attached media file [image/jpeg] (48000 bytes)

Attached media file [image/jpeg] (48000 bytes)

Usuários do Surface reclamam de problemas com Wi-Fi do tablet

URL: http://rss.idgnow.com.br/c/32184/f/499648/s/25a64026/l/0Lct0Bidg0N0Bbr0Ccgi0Ebin0Credirector0Bcgi0Drnd0F0A0Guid0F187ced547455ca0A550A55a654429b420A80Gsite0Fidgnow20Gorigem0Fidgnow20Cmobilidade0Gurl0Fhttp0J3A0C0Cidgnow0Buol0N0Bbr0Cmobilidade0C20A120C110C150Cusuarios0Edo0Esurface0Ereclamam0Ede0Eproblemas0Ecom0Ewi0Efi0Edo0Etablet0Gtitle0FRSS20Gtype0FRSS/story01.htm

As principais queixas contra produto da Microsoft envolvem queda de conexão, sinal fraco e aviso de "conectividade limitada". Aparelho roda Windows 8.

Skype Experiences Security Vulnerability, Microsoft Patches it Up

URL: http://dailytech.feedsportal.com/c/34650/f/635057/s/2596bf3b/l/0L0Sdailytech0N0CSkype0KExperiences0KSecurity0KVulnerability0KMicrosoft0KPatches0Kit0KUp0Carticle29190A0Bhtm/story01.htm

Hackers could take over accounts with only an email address

Usuários do Surface relatam falhas no som e defeito na capa

URL: http://exame.abril.com.br/tecnologia/noticias/usuarios-do-surface-relatam-falhas-no-som-e-defeito-na-capa

Segundo o jornal, reclamações alegam que a capa do tablet está soltando a costura, expondo as conexões do encaixe do Surface

Attached media file [image/jpeg] (49973 bytes)

Attached media file [image/jpeg] (49973 bytes)

Microsoft Accidentally Issues DMCA Takedowns for U.S. Gov't, Google, Itself

URL: http://dailytech.feedsportal.com/c/34650/f/635057/s/2440fc5a/l/0L0Sdailytech0N0CMicrosoft0KAccidentally0KIssues0KDMCA0KTakedowns0Kfor0KUS0KGovt0KGoogle0KItself0Carticle278790Bhtm/story01.htm

Seemingly incompetent contractors lead to bizarre DMCA notices on Microsoft's behalf

Intel diz que Windows 8 está cheio de bugs, relatam sites

URL: http://exame.abril.com.br/tecnologia/noticias/intel-diz-que-windows-8-esta-cheio-de-bugs-relatam-sites

A Microsoft vai liberar o Windows 8 ainda cru, disse Paul Otellini, o CEO da Intel, segundo relatos da imprensa americana

Attached media file [image/jpeg] (24122 bytes)

Attached media file [image/jpeg] (24122 bytes)

Secret Microsoft policy limited Hotmail passwords to 16 characters

URL: http://arstechnica.com/security/2012/09/secret-microsoft-policy-limited-hotmail-passwords-to-16-characters/

For years, Microsoft engineers have quietly limited Hotmail passwords to 16 characters, a revelation that has surprised and concerned some users who have long entered passcodes twice that long to access accounts.

One such user is Costin Raiu, the director of the global research and analysis team at antivirus provider Kaspersky Lab. On Friday he reported receiving a new error message when he entered the same 30-character passcode he long used on the Microsoft site. When he typed in the first 16 characters, as the error message directed him to do, he was able to access his account just fine. The change concerned Raiu, because it meant that for years his Hotmail account hadn't been as secure as he was led to believe.

"To pull off this trick with older passwords, Microsoft has two choices," he wrote. Choice one: "Store full plaintext passwords in their [database]; compare the first 16 [characters] only." Choice two: "Calculate the hash only on the first 16; ignore the rest."

Read 11 remaining paragraphs | Comments

Internet Explorer 10's bundled Flash leaves users exploitable

URL: http://arstechnica.com/information-technology/2012/09/internet-explorer-10s-bundled-flash-leaves-users-exploitable/

Early users of Windows 8's built-in Internet Explorer may find themselves at risk of exploitation via the Flash plugin, as the version included with Windows 8 is out of date. Adobe patched Flash on August 21 to resolve known security flaws, but the patch can't be applied to Internet Explorer 10.

Internet Explorer 10 bundles Adobe Flash, with Microsoft taking on responsibility for shipping updates to the integrated plugin. One repercussion of this arrangement is that Adobe's patches and autoupdate mechanism can't be used; they can update the standalone version used by Firefox, but not the embedded version in Internet Explorer. The same is true of Chrome; it includes an embedded version of Flash, and the only way to update that is with a Chrome update. Adobe's updater can't touch it.

There has been some chatter on Twitter about this issue since Adobe shipped its most recent patch. Ed Bott at ZDNet asked Microsoft about the issue, and was told:

Read 7 remaining paragraphs | Comments

One more reason to not use Skype for Linux

URL: http://www.linuxtoday.com/upload/one-more-reason-to-not-use-skype-for-linux-120830070534.html

LinuxBSDos: This should not come as a shock to anybody, considering that Skype is now owned by Microsoft, the anti-Linux and anti-free software company, whose operating system and other software products are riddled with backdoors.

You Can't Bypass the UI Formerly Known As Metro On Windows 8

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/dSUx_NBSAbg/you-cant-bypass-the-ui-formerly-known-as-metro-on-windows-8

colinneagle writes with this excerpt from Network World: "The final build of Windows 8 has already leaked to torrent sites, which is giving the propellerheads a chance to dig through the code. One revelation will probably not sit well with enterprise customers: you can't bypass the don't-call-it-Metro UI. Normally, you have to boot Windows 8 and when the tiled desktop UI (formerly known as Metro) came up, you had to click on one of the boxes to launch Explorer. Prior builds of Windows 8 allowed the user to create a shortcut so you bypass Metro and go straight to the Explorer desktop. Rafael Rivera, co-author of the forthcoming Windows 8 Secrets, confirmed to Mary Jo Foley at ZDNet that Microsoft does indeed block the boot bypass routine from prior builds. He also believes that Microsoft has blocked the ability for administrators to use Group Policy to allow users to bypass the tiled startup screen. There had been hope that Microsoft would at least relent and let corporate users have a bypass, if only for compatibility's sake."

Read more of this story at Slashdot.

Windows XP e Vista não são compatíveis com Office 2013 - Abril

URL: http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNHIyGaiJQJyhnp3J3nuNvo8oyagoQ&url=http://exame.abril.com.br/tecnologia/noticias/windows-xp-e-vista-nao-sao-compativeis-com-office-2013

Oficina da Net

Windows XP e Vista não são compatíveis com Office 2013 Abril São Paulo - A Microsoft informou nesta quinta-feira detalhes sobre os requisitos técnicos oficiais para rodar o seu novo pacote de ferramentas de produção, o Office 2013. Os programas vão exigir computadores com um processador de 1 GHz e pelo menos 3 ... Windows XP e Vista não terão suporte ao Office 13JC OnLine Office 2013 trará maior integração com a nuvemInfo Online Primeiras Impressões do Microsoft Office 2013 PreviewIDG Now! Terra Brasil -Gizmodo Brasil todos os 126 artigos »

Developer won't patch XBLA game because Microsoft would charge 'tens of thousands' of dollars

URL: http://www.engadget.com/2012/07/19/microsoft-polytron-xbla/

Seeing as how so much software is moving to online distribution, the significance of this controversy might extend far beyond gaming and XBLA. For now, however, the spotlight is firmly on Microsoft and the way it charges developers for testing their games and patches, after a well-known developer made an unusually public complaint. In a post on its official blog, Polytron said it would not patch a rare game-saving bug in its popular title Fez, because Microsoft would charge it "tens of thousands of dollars to re-certify the game." It added that "had Fez been released on Steam instead of XBLA," the problem would have been fixed "right away" and at no cost to the developer, which strongly hints that it'll jump to another platform as soon as its XBLA exclusivity expires. Responses to the story over at our sister site Joystiq are decidedly mixed, with some folks outraged that Microsoft's high maintenance attitude could hold back improvements in this way while others suspect Polytron of blame-shifting.

Filed under: Gaming, Software

Developer won't patch XBLA game because Microsoft would charge 'tens of thousands' of dollars originally appeared on Engadget on Thu, 19 Jul 2012 08:41:00 EDT. Please see our terms for use of feeds.

Permalink Joystiq  |  Polytron  | Email this | Comments

Microsoft fix kills Windows Gadgets, warns it could lead to PC hijacks

URL: http://arstechnica.com/security/2012/07/microsoft-fix-kills-windows-gadgets/

Microsoft has warned that a Gadgets feature included in Vista and later versions of Windows could allow attackers to hijack end-user machines and has taken the unusual step of issuing an temporary update that allows it to be completely disabled.

"An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user," company officials said in an advisory issued Tuesday. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system." To be successful, they added: "An attacker would have to convince a user to install and enable a vulnerable Gadget."

Microsoft added the Gadgets feature and an accompanying Sidebar to Windows Vista in hopes of matching the success Apple had with a similar feature called Dashboard, which is included in Mac OS X. It allows end users to add clocks, stock tickers, and other small apps to their desktops. A few weeks ago, Microsoft pulled the plug on its official Gadgets gallery. The page now includes a warning that says: "Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."

Read 2 remaining paragraphs | Comments

Vírus pode atacar quase 250 mil computadores na segunda-feira

URL: http://exame.abril.com.br/tecnologia/noticias/virus-pode-atacar-quase-250-mil-computadores-na-segunda-feira

Computadores no mundo todo continuam infectados pelo "Alureon", software malicioso usado num golpe, e seus "parentes"

Attached media file [image/jpeg] (237317 bytes)

Attached media file [image/jpeg] (237317 bytes)

Olhar Digital: Loja online cobrará taxa de usuários do Internet Explorer 7

Olhar Digital: Loja online cobrará taxa de usuários do Internet Explorer 7

Why Microsoft's Metro Push Is Good for Linux

URL: http://www.linuxtoday.com/upload/why-microsofts-metro-push-is-good-for-linux.html

Datamation: The Windows 8 interface may prompt a certain group of users to adopt the Linux desktop.

Attention all Windows users: patch your systems now

URL: http://arstechnica.com/security/2012/06/windows-users-patch-now/

Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible.

The exploit of a critical IE bug, reported by researchers from antivirus provider McAfee, means there are two newly disclosed vulnerabilities in Microsoft products under attack. On Tuesday, Microsoft warned of a separate vulnerability in all supported versions of Windows that was also actively being exploited.

The most immediate significance of the McAfee report is this: If you run Windows and haven't installed Tuesday's batch of security fixes, you should stop whatever else you're doing and run them now.

Read more | Comments

Google Accuses Microsoft and Nokia of Patent Trolling Conspiracy

URL: http://www.xbitlabs.com/news/mobile/display/20120531224443_Google_Accuses_Microsoft_and_Nokia_of_Patent_Trolling_Conspiracy.html

Google: Microsoft and Nokia Try to Hurt Android Using Patent Trolls

"Flame" malware was signed by rogue Microsoft certificate

URL: http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/

Microsoft has pushed out a new patch for Windows.

Microsoft.com

Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificate—an extremely sensitive cryptographic seal. Rogue intermediate certificate authorities that contained the stamp were then able to trick administrators and end users into trusting various Flame components by falsely certifying they were produced by Microsoft.

"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," Microsoft Security Response Center Senior Director Mike Reavey wrote in a blog post published Sunday night. "We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft."

Read more | Comments

Fedora could seek Microsoft code signing to contend with secure boot

URL: http://arstechnica.com/information-technology/2012/06/fedora-could-seek-microsoft-code-signing-to-contend-with-secure-boot/

This penguin is also contemplating boots.

Gilad Rom

Future versions of Fedora could come with a bootloader that is signed by Microsoft, a move that would ensure that the Linux distribution is easy to install on computers with the secure boot mechanism. The proposal was described in a blog entry this week by Red Hat kernel developer Matthew Garrett.

Microsoft's compatibility certification criteria for Windows 8 requires PC vendors to adopt UEFI and enable secure boot. The transition to signed bootloaders will help protect users against certain kinds of malware, but it could also pose an obstacle for for users who want to run third-party operating systems.

In a hardware environment with secure boot, the code that bootstraps the operating system must be signed with a key that corresponds with a certificate stored in the computer's firmware. The computer will refuse to execute code that lacks a trusted signature. The purpose of this mechanism is to prevent arbitrary, untrusted code from running during startup and tampering with the operating system.

Read more | Comments

Windows 8 Release Preview Approaches; Compared to Windows ME

URL: http://www.dailytech.com/Windows+8+Release+Preview+Approaches+Compared+to+Windows+ME/article24826.htm

Microsoft has ripped out legacy code that allowed third parties to turn the popular Start Menu back

Óculos da Microsoft com Windows Instalado (comédia Windows Glass)

Skip Internet Explorer for Web Dev. Save $100,000

URL: http://www.linuxtoday.com/developer/skip-internet-explorer-for-web-dev.-save-100000.html

InternetNews: From the Saving Money by Avoiding IE files

Bing mostra links que Google retirou a pedido da Microsoft

URL: http://redir.folha.com.br/redir/online/tec/rss091/*http://www1.folha.uol.com.br/tec/1095611-bing-mostra-links-que-google-retirou-a-pedido-da-microsoft.shtml

A Microsoft foi flagrada num paradoxo que evidencia uma provável falha de comunicação interna na empresa. Desde esta quinta (24), o Google passou a divulgar dados sobre os pedidos de remoção de conteúdo por infração de direito autoral que recebe. A Microsoft lidera a lista entre as empresas requerentes, mas, seu buscador, o Bing, não parece estar de acordo com o setor jurídico da companhia. Leia mais (25/05/2012 - 12h53)

Microsoft é a empresa que mais pediu para Google remover conteúdo

URL: http://redir.folha.com.br/redir/online/tec/rss091/*http://www1.folha.uol.com.br/tec/1095545-microsoft-e-a-empresa-que-mais-pediu-para-google-remover-conteudo.shtml

A Microsoft está no topo da lista de empresas que solicitaram remoção de conteúdo dos resultados do Google com a alegação de danos à propriedade intelectual, com duas vezes e meia o número de solicitações feitas pela segunda colocada, a NBC Universal.

• Bing mostra links que Google retirou a pedido da Microsoft

No período contabilizado --entre julho do ano passado e abril deste ano-- a companhia pediu que mais de 2,5 milhões de links que levavam a páginas de download de produtos seus, como Windows e Office, fossem tirados do ar. Leia mais (25/05/2012 - 09h55)

Hacked Skype IP Address Search Shows Who's Speaking From Where

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gSLZ8a1JO3A/hacked-skype-ip-address-search-shows-whos-speaking-from-where

mask.of.sanity writes "An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information."

Read more of this story at Slashdot.

Microsoft Patches Major Hotmail 0-day Flaw After Widespread Exploitation

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ibOTWugzWH4/microsoft-patches-major-hotmail-0-day-flaw-after-widespread-exploitation

suraj.sun writes "Microsoft quietly fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account last Friday. The company was notified of the flaw by researchers at Vulnerability Lab on April 20th and responded with a fix within hours — but not until after widespread attacks, with the bug apparently spreading 'like wild fire' in the hacking community. Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password — a link with the token is sent to an account linked to the Hotmail account — and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account. Initially hackers were offering to crack accounts for $20 a throw. However, the technique became publicly known and started to spread rapidly with Web and YouTube tutorials showing the technique popping up across the Arabic-speaking Internet."

Read more of this story at Slashdot.

Xbox usado é vulnerável a roubo de dados, diz estudo

URL: http://exame.abril.com.br/tecnologia/noticias/xbox-usado-e-vulneravel-a-roubo-de-dados-diz-estudo

Pesquisadores da Universidade Drexel, nos Estados Unidos, conseguiram recuperar dados sensíveis armazenados no console antigo após utilizarem ferramentas comuns

Attached media file [image/jpeg] (67085 bytes)

Attached media file [image/jpeg] (67085 bytes)

Windows 8 terá um “Kill Switch" - Verdade Explícita

Windows 8 terá um “Kill Switch" - Verdade Explícita

Critical Windows bug could make worm meat of millions of high-value machines

URL: http://arstechnica.com/business/news/2012/03/remote-desktop-bug-in-windows-makes-worm-meat-of-high-value-machines.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.

The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazon's EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.

Read the comments on this post

Loja online da Microsoft na Índia é atacada por hackers

URL: http://exame.abril.com.br/tecnologia/noticias/loja-online-da-microsoft-na-india-e-atacada-por-hackers

O grupo chinês Evil Shadow publicou imagens que, segundo eles, são nomes de usuários e senhas não-encriptadas encontrados no site

Attached media file [image/jpeg] (53783 bytes)

Attached media file [image/jpeg] (53783 bytes)