Intel diz que Windows 8 está cheio de bugs, relatam sites

URL: http://exame.abril.com.br/tecnologia/noticias/intel-diz-que-windows-8-esta-cheio-de-bugs-relatam-sites

A Microsoft vai liberar o Windows 8 ainda cru, disse Paul Otellini, o CEO da Intel, segundo relatos da imprensa americana

Attached media file [image/jpeg] (24122 bytes)

Attached media file [image/jpeg] (24122 bytes)

Secret Microsoft policy limited Hotmail passwords to 16 characters

URL: http://arstechnica.com/security/2012/09/secret-microsoft-policy-limited-hotmail-passwords-to-16-characters/

For years, Microsoft engineers have quietly limited Hotmail passwords to 16 characters, a revelation that has surprised and concerned some users who have long entered passcodes twice that long to access accounts.

One such user is Costin Raiu, the director of the global research and analysis team at antivirus provider Kaspersky Lab. On Friday he reported receiving a new error message when he entered the same 30-character passcode he long used on the Microsoft site. When he typed in the first 16 characters, as the error message directed him to do, he was able to access his account just fine. The change concerned Raiu, because it meant that for years his Hotmail account hadn't been as secure as he was led to believe.

"To pull off this trick with older passwords, Microsoft has two choices," he wrote. Choice one: "Store full plaintext passwords in their [database]; compare the first 16 [characters] only." Choice two: "Calculate the hash only on the first 16; ignore the rest."

Read 11 remaining paragraphs | Comments

Internet Explorer 10's bundled Flash leaves users exploitable

URL: http://arstechnica.com/information-technology/2012/09/internet-explorer-10s-bundled-flash-leaves-users-exploitable/

Early users of Windows 8's built-in Internet Explorer may find themselves at risk of exploitation via the Flash plugin, as the version included with Windows 8 is out of date. Adobe patched Flash on August 21 to resolve known security flaws, but the patch can't be applied to Internet Explorer 10.

Internet Explorer 10 bundles Adobe Flash, with Microsoft taking on responsibility for shipping updates to the integrated plugin. One repercussion of this arrangement is that Adobe's patches and autoupdate mechanism can't be used; they can update the standalone version used by Firefox, but not the embedded version in Internet Explorer. The same is true of Chrome; it includes an embedded version of Flash, and the only way to update that is with a Chrome update. Adobe's updater can't touch it.

There has been some chatter on Twitter about this issue since Adobe shipped its most recent patch. Ed Bott at ZDNet asked Microsoft about the issue, and was told:

Read 7 remaining paragraphs | Comments