sábado, 17 de junho de 2017

You Can't Open the Microsoft Surface Laptop Without Literally Destroying It

You Can't Open the Microsoft Surface Laptop Without Literally Destroying It



URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/AiYBfu3C428/you-cant-open-the-microsoft-surface-laptop-without-literally-destroying-it

An anonymous reader quotes a report from Motherboard: Microsoft's latest Surface Laptop may have earned glowing reviews from certain sections of the tech press, but don't tell that to iFixit. The company, which provides repair tools and manuals for popular gadgets like the iPhone and PlayStation, has handed the Surface Laptop a score of 0 out of 10 in terms of user repairability, stating definitively that the laptop "is not meant to be opened or repaired; you can't get inside without inflicting a lot of damage." iFixit's detailed teardown illustrates just how difficult it is to open the Surface. For starters, there are no screws, proprietary or otherwise, on the outside of the laptop. Instead, the laptop is literally welded together using a type of "plastic soldering" that is rare to see in consumer electronics. Anyone hoping to get inside the "beautifully designed and crafted" computer will have to pry it open with a knife or dedicated pick in order to defeat Microsoft's plastic welding. Whether or not it's actually worth going through the trouble of defeating said welding is another matter, given that the "glue-filled monstrosity," as iFixit dubs the laptop, has none of the user-upgradeable parts you'd want to see in a PC, like memory or storage. "It literally can't be opened without destroying it," the repair company concludes. "If we could give it a -1 out of 10, we would," iFixit said in an emailed statement on Friday. "It's a Russian nesting doll from hell with everything hidden under adhesive and plastic spot welds. It is physically impossible to nondestructively open this device."

Read more of this story at Slashdot.

segunda-feira, 20 de março de 2017

Windows 10 Will Download Some Updates Even Over a Metered Connection

Windows 10 Will Download Some Updates Even Over a Metered Connection



URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Dt-8dDqsRoA/windows-10-will-download-some-updates-even-over-a-metered-connection

Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.

Read more of this story at Slashdot.

sábado, 18 de março de 2017

Windows 10 UAC Bypass Uses Backup and Restore Utility

Windows 10 UAC Bypass Uses Backup and Restore Utility



URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/6zqSvclL1JI/windows-10-uac-bypass-uses-backup-and-restore-utility

An anonymous reader writes: "A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning," reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility

Read more of this story at Slashdot.

terça-feira, 7 de março de 2017

sexta-feira, 3 de fevereiro de 2017

Windows DRM-Protected Files Used To Decloak Tor Browser Users

Windows DRM-Protected Files Used To Decloak Tor Browser Users



URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/nIC3Uqa_YvI/windows-drm-protected-files-used-to-decloak-tor-browser-users

An anonymous reader writes from a report via BleepingComputer: Downloading and trying to open Windows DRM-protected multimedia files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned. On Windows, multimedia files encoded with special Microsoft SDK will automatically open an IE window and access a URL to check the file's license. Since this request is sent outside of the Tor Browser and without user interaction, this can be used to ping law enforcement servers and detect the user's real IP address and other details. For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. The same tactic can also be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, and more. A video of the attack is available here.

Read more of this story at Slashdot.