sexta-feira, 15 de junho de 2012
quinta-feira, 14 de junho de 2012
Why Microsoft's Metro Push Is Good for Linux
URL: http://www.linuxtoday.com/upload/why-microsofts-metro-push-is-good-for-linux.html
Datamation: The Windows 8 interface may prompt a certain group of users to adopt the Linux desktop.
Attention all Windows users: patch your systems now
URL: http://arstechnica.com/security/2012/06/windows-users-patch-now/
Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible.
The exploit of a critical IE bug, reported by researchers from antivirus provider McAfee, means there are two newly disclosed vulnerabilities in Microsoft products under attack. On Tuesday, Microsoft warned of a separate vulnerability in all supported versions of Windows that was also actively being exploited.
The most immediate significance of the McAfee report is this: If you run Windows and haven't installed Tuesday's batch of security fixes, you should stop whatever else you're doing and run them now.
terça-feira, 5 de junho de 2012
Google Accuses Microsoft and Nokia of Patent Trolling Conspiracy
Google: Microsoft and Nokia Try to Hurt Android Using Patent Trolls
segunda-feira, 4 de junho de 2012
"Flame" malware was signed by rogue Microsoft certificate
URL: http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
Microsoft has pushed out a new patch for Windows.
Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.
The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificate—an extremely sensitive cryptographic seal. Rogue intermediate certificate authorities that contained the stamp were then able to trick administrators and end users into trusting various Flame components by falsely certifying they were produced by Microsoft.
"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," Microsoft Security Response Center Senior Director Mike Reavey wrote in a blog post published Sunday night. "We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft."
Fedora could seek Microsoft code signing to contend with secure boot
This penguin is also contemplating boots.
Future versions of Fedora could come with a bootloader that is signed by Microsoft, a move that would ensure that the Linux distribution is easy to install on computers with the secure boot mechanism. The proposal was described in a blog entry this week by Red Hat kernel developer Matthew Garrett.
Microsoft's compatibility certification criteria for Windows 8 requires PC vendors to adopt UEFI and enable secure boot. The transition to signed bootloaders will help protect users against certain kinds of malware, but it could also pose an obstacle for for users who want to run third-party operating systems.
In a hardware environment with secure boot, the code that bootstraps the operating system must be signed with a key that corresponds with a certificate stored in the computer's firmware. The computer will refuse to execute code that lacks a trusted signature. The purpose of this mechanism is to prevent arbitrary, untrusted code from running during startup and tampering with the operating system.
sábado, 2 de junho de 2012
Windows 8 Release Preview Approaches; Compared to Windows ME
Microsoft has ripped out legacy code that allowed third parties to turn the popular Start Menu back
Assinar:
Postagens (Atom)