terça-feira, 29 de dezembro de 2015

Microsoft Has Your Encryption Key If You Use Windows 10

Microsoft Has Your Encryption Key If You Use Windows 10



URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YfNKeGMMq1o/microsoft-has-your-encryption-key-if-you-use-windows-10

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

Read more of this story at Slashdot.

quarta-feira, 25 de novembro de 2015

Windows 10’s broken fall update removes user-installed applications without asking first

Windows 10's broken fall update removes user-installed applications without asking first



URL: http://www.extremetech.com/computing/218570-windows-10s-broken-fall-update-removes-user-installed-applications-without-asking-first

Windows10PLAEN
Microsoft's latest Windows 10 update is causing problems for at least some users, and uninstalling programs without the user's consent or evidence of a problem.

sábado, 17 de outubro de 2015

Windows 10 Upgrades Are Being Forced On Some Users

Windows 10 Upgrades Are Being Forced On Some Users



URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JpOsLJfTByA/windows-10-upgrades-are-being-forced-on-some-users

grimmjeeper writes: According to Ars Technica the Windows 10 upgrade option is being selected by default for some users. A dialogue box is appearing that only permits them to reschedule the upgrade process, not cancel it. "For the first year of its availability, Windows 10 is available for free to most Windows 7 and 8 users, and Microsoft has been trying to coax those users to make the switch by delivering the operating system through Windows Update. Until now, the OS has been delivered as an optional update; while Windows Update gives it prominent positioning, it shouldn't be installed automatically. This system has already generated some complaints, as Windows Update will download the sizeable operating system installer even if you don't intend to upgrade any time soon, but, over the last couple of days, the situation seems to have become a little more aggressive. We've received a number of reports that people's systems are not merely downloading the installer but actually starting it up." Update: 10/16 11:35 GMT by S : Microsoft said, "In the recent Windows update, this option was checked as default; this was a mistake and we are removing the check."

Read more of this story at Slashdot.

segunda-feira, 5 de outubro de 2015

Microsoft sites expose visitors’ profile info in plain text

Microsoft sites expose visitors' profile info in plain text



URL: http://arstechnica.com/security/2015/10/microsoft-sites-expose-visitors-profile-info-in-plain-text/

The CID, a unique identifier for Microsoft accounts, is used as part of the hostname for the location of user data for Outlook.com, Microsoft accounts, and other Live services. (credit: Sean Gallagher)

If you think using secure HTTP would be enough to protect your privacy when checking webmail, think again. When users connect to their Microsoft user account page, Outlook.com, or OneDrive.com even when using HTTPS, the connection leaks a unique identifier that can be used to retrieve their name and profile photo in plaintext.

A unique identifier called a CID is exposed because it's sent as part of a Domain Name Service lookup for the address of the storage server containing profile data and as part of the initiation of an encrypted connection. As a result, it could be used to track users when they connect to services from both computers and mobile devices, possibly even identifying users as their requests leave the Tor anonymizing network.

In a lab test, Ars confirmed the leak, first publicized this weekend by a blogger based in Beijing. Packet captures of connections to Outlook.com, the Windows account page, and OneDrive.com revealed DNS lookup requests for a host with the format cid-[user's CID here].users.storage.live.com. The CID is also embedded in the Server Name Indication (SNI) extension data exchanged during the Transport Layer Security "handshake" that secures the session to the services, as Ars confirmed in an inspection of the packets.

Read 2 remaining paragraphs | Comments

sexta-feira, 18 de setembro de 2015

Como a Cortana fez Satya Nadella passar vergonha no palco

Como a Cortana fez Satya Nadella passar vergonha no palco



URL: http://exame.abril.com.br/tecnologia/noticias/como-a-cortana-fez-satya-nadella-passar-vergonha-no-palco

Em uma demonstração ao vivo, a assistente virtual Cortana fez com que Satya Nadella, CEO da Microsoft, passasse vergonha

Attached media file [image/jpeg] (62915 bytes)

sábado, 22 de agosto de 2015

Microsoft has no plans to tell us what’s in Windows patches

Microsoft has no plans to tell us what's in Windows patches



URL: http://arstechnica.com/information-technology/2015/08/microsoft-has-no-plans-to-tell-us-whats-in-windows-patches/

Microsoft has now released three cumulative updates for Windows 10. These updates combine security fixes with non-security bug fixes, and so far, Microsoft hasn't done a very good job of describing the contents of these cumulative updates. While the security content is quite fully described, explanations of the non-security fixes have been lacking.

Many, including your author, feel that this is undesirable and that a key part of the Windows-as-a-Service concept, in which Microsoft releases a steady stream of fixes and functional improvements, is a clear explanation of what those updates are. This is a new approach for Microsoft, and it seems like reassuring users and administrators that issues are getting fixed—and that functional changes are clearly described—should be important.

This is doubly important in those unfortunate situations that a patch has a problem. Microsoft will tend to update such patches when the problems have been fixed, but it does a poor job of clearly communicating this.

Read 2 remaining paragraphs | Comments

sexta-feira, 24 de julho de 2015

Fully patched Internet Explorer menaced by a whopping 4 code-execution bugs

Fully patched Internet Explorer menaced by a whopping 4 code-execution bugs



URL: http://feeds.arstechnica.com/~r/arstechnica/security/~3/uW4xXlmmgl8/

Exploit details published six months after they were privately reported to MS.

quinta-feira, 16 de abril de 2015

Microsoft parece satisfeita com processo da UE contra Google

Microsoft parece satisfeita com processo da UE contra Google



URL: http://exame.abril.com.br/tecnologia/noticias/microsoft-parece-satisfeita-com-processo-da-ue-contra-google

A gigante do software defende há anos uma atenção regulatória mais acirrada sobre a rival

Attached media file [image/jpeg] (43754 bytes)

sábado, 21 de março de 2015

Linux’s worst-case scenario: Windows 10 makes Secure Boot mandatory, locks out other operating systems

Linux's worst-case scenario: Windows 10 makes Secure Boot mandatory, locks out other operating systems



URL: http://www.extremetech.com/extreme/201722-linuxs-worst-case-scenario-microsoft-makes-secure-boot-mandatory-locks-out-other-operating-systems

linux-boot-windows-81
With Windows 10, Microsoft will mandate Secure Boot -- and the ability to turn the feature off has gone from mandatory to optional. This could cripple the ability to install any other OS on OEM hardware.

quarta-feira, 11 de março de 2015

Windows PCs vulnerable to Stuxnet attack — five years after patch

Windows PCs vulnerable to Stuxnet attack — five years after patch



URL: http://www.extremetech.com/computing/200898-windows-pcs-vulnerable-to-stuxnet-attack-five-years-after-patches

Nuclear centrifuges
A new security patch update from Microsoft closes security holes that the company left five years ago from Stuxnet. We've all been insecure this entire time.