Language Selection

English French German Italian Portuguese Spanish

Microsoft

Former Microsoft Security Analyst Claims Office 365 Knowingly Hosted Malware For Years

Filed under
Microsoft
Security

Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too?

On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive.

Read more

Microsoft Bailouts From the US Army Budget

Filed under
Microsoft
  • US Army slows ~$20bn project to put Microsoft's HoloLens VR headsets into the field [Ed: President Biden has already bailed out Microsoft to the tune of 22 billion dollars for something that's basically dead; Microsoft sacked all staff of HoloLens; this is worse than grifting as it's akin to Microsoft theft from taxpayers (Trump did the same with "JEDI"; latest below)]

    The US Army has delayed a massive rollout of Microsoft's HoloLens virtual reality headsets.

  • [Older] Looks like NSA now stands for Not Selecting Azure: US spy agency picks AWS over Microsoft
  • Supreme Court declines to hear Oracle's challenge to JEDI • The Register

    The US Supreme Court has brushed off Oracle’s complaint that it wasn't awarded the Pentagon's $10bn winner-takes-all Joint Enterprise Defense Infrastructure (JEDI) cloud contract.

    [...]

    Still, Big Red refused to give up. It appealed its case all the way to the Supreme Court. The US government told the justices the case ought to be rejected given that Oracle wouldn’t have won the contract anyway. The ongoing legal spats, however, were made pointless when the Pentagon scrapped JEDI in July.

    Despite this, Oracle still thought the case was worth pursuing considering the DoD had replaced the cloud project with the new “Joint Warfighter Cloud Capability (JWCC)” contract. The JWCC deal has been limited to AWS and Microsoft only. We note that Oracle says it does more than $28bn a year in cloud revenues.

Free Software Foundation claims Windows 11 will reduce user freedom

Filed under
GNU
Microsoft

The Free Software Foundation has described Windows 11, the new avatar of Microsoft's desktop operating system that was launched on 6 October, as taking "important steps in the wrong direction when it comes to user freedom".

In a blog post, the organisation's campaigns manager Greg Farough said Windows 11 did nothing to mitigate "Windows' long history of depriving users of freedom and digital autonomy".

The FSF was set up by former MIT employee Richard Stallman to try and develop an operating system and other utilities that would not impinge on the freedom of users. The word "free" refers not to the price, but the ability to change and share the software as one wishes.

Farough said Microsoft was "intentionally choosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information".

Read more

Proprietary Web and Vista 11 Performance Catastrophe

Filed under
Microsoft
Web
  • Client-side content scanning as an unworkable, insecure disaster for democracy • The Register

    Fourteen of the world's leading computer security and cryptography experts have released a paper arguing against the use of client-side scanning because it creates security and privacy risks.

    Client-side scanning (CSS, not to be confused with Cascading Style Sheets) involves analyzing data on a mobile device or personal computer prior to the application of encryption for secure network transit or remote storage. CSS in theory provides a way to look for unlawful content while also allowing data to be protected off-device.

    Apple in August proposed a CSS system by which it would analyze photos destined for iCloud backup on customers' devices to look for child sexual abuse material (CSAM), only to backtrack in the face of objections from the security community and many advocacy organizations.

    The paper [PDF], "Bugs in our Pockets: The Risks of Client-Side Scanning," elaborates on the concerns raised immediately following Apple's CSAM scanning announcement with an extensive analysis of the technology.

  • Vivaldi Adblock is mostly Adblock Plus and ublock-origin.

    The Vivaldi browser has a built-in ad blocker.

    However, the company hasn’t been extremely forthcoming about how it works.

    However, it seems to accept any list in adblock plus format, and Vivaldi seems to have implemented Webkit Content Blockers as well.

    Vivaldi includes a list called “DuckDuckGo Tracker Radar”, which leads to what seems to be a Webkit Content Blocker format list mirrored by Vivaldi.

    In my testing, the DuckDuckGo Tracker Radar seems to largely duplicate what Fanboy’s Ultimate List already had in it.

    While Fanboy’s Ultimate List is not in Vivaldi by default, you can add it by going to Vivaldi Menu/Settings/Privacy, and then select “Block Trackers and Ads”, and then I would suggest de-selecting everything in both columns that Vivaldi defaults to having on, then clicking + under Ad Blocking Sources, then adding https://www.fanboy.co.nz/r/fanboy-ultimate.txt and then Import. It should tell you it brought in a bunch of ad blocking rules.

  • This week's Windows 11 patch didn't fix AMD performance woes • The Register

    Windows 11 received its first bundle of fixes this week, but AMD users hoping for respite from performance issues that have dogged their PCs were to be disappointed. In fact, for some, performance might have actually got a bit worse.

    It wasn't the news AMD fangirls and fanboys were hoping for. After AMD noted performance issues with Microsoft's latest operating system, a fix had been expected to drop during October. Alas, that fix didn't turn up in this week's first Cumulative Update for the GA code. In fact, according to hardware site TechPowerUp, things might have even deteriorated.

  • Microsoft’s first Windows “11” update addresses AMD CPU scheduling problems. Ends up making them worse. – BaronHK's Rants

    Microsoft released their first “Windows 11” update.

    It was deployed to try to correct the AMD CPU problems that Windows “11” created on Ryzen, which tripled L3 CPU cache latency and slowed the processor down by an average of 15%.

    The update ended up making the problem worse. Doubling the cache latency from where it already was at launch.

    “Early adopters” of Microsoft’s latest broken operating system are seeing much worse performance than they were on Windows 10, even on the Intel side, as Microsoft’s “virtualization based security” was already wreaking havoc on video game performance.

  • The "What If" Performance Cost To Kernel Page Table Isolation On AMD CPUs - Phoronix

    Made public this week by CPU security researchers at Graz University of Technology and CISPA Helmholtz Center for Information Security was the research paper published "AMD Prefetch Attacks through Power and Time". The paper points to AMD CPUs suffering from a side-channel leakage vulnerability through timing and power variations of the PREFETCH instruction. The paper argues that AMD CPUs should activate stronger page table isolation by default. AMD has now published their security response where they are not recommending any mitigation changes at this time. But what if Kernel Page Table Isolation (KPTI/PTI) proves necessary for AMD CPUs? Here are some initial benchmarks showing what that performance impact could look like.

Microsoft and CNET confuse users with fake “This PC can’t run Windows 11” errors. Suggest buying a completely new computer.

Filed under
GNU
Linux
Microsoft

Microsoft and CNET confuse users with fake “This PC can’t run Windows 11” errors. Suggest buying a completely new computer.

Mostly, if your machine doesn’t have “Security Theater Boot” and the “Toilet Paper Module” (I jest.) available to be turned on, you need to buy another computer.

Except that you don’t. You could format Windows off your computer entirely and go on happily using GNU/Linux for many more years without fake incompatibility messages from your pals at Microsoft and Intel, where sales have been in the dumps and they need fake error messages to drive new sales.

Read more

Best Free and Open Source Alternatives to Microsoft Office

Filed under
Microsoft
OSS

This series looks at the best free and open source alternatives to products and services offered by Microsoft. This article focuses on the best free and open source alternatives to Microsoft Office.

What are the best open source alternatives to Office 365? This article focuses on replacements for only some of the components of Office 365. We’ll explore other components in later articles in this series.

Read more

Openwashing of Proprietary Traps

Filed under
Microsoft
  • Broadband Forum Launches Latest Open Source Project to Bring Full Benefits of 5G to Fixed-line Services | Business Wire

    The goal of a new Broadband Forum project, Open Broadband – WWC Reference Implementation for 5G-RG (OB-5WWC) is for vendors and operators to bring products to market in a shorter timeframe and enjoy reduced development times and cycles. The Open Source project will bring the full benefits of the 5G ecosystem to fixed-line services and offer a full end-to-end solution to operators.

  • .NET Foundation boss apologizes for pull request that sparked community row

    We covered Littles earlier this week, noting that after he ran for the board on a platform of making it more responsive to developers' needs – rather than Microsoft's. He later quit because, according to a post, "I didn't have the energy to put into an organization that doesn't share my views and stance on what I think the community needs, Sustainable Open Source Software."

    [...]

    The first comment on the apology described it as "a total non-apology" – a sentiment repeated in other comments. The conversation also features some discussion of how to withdraw projects from the foundation.

    The Register suspects the foundation may soon need some new volunteers. Brave new volunteers

  • Microsoft's .NET Foundation under fire as resigning board member questions its role
    [Ed: Microsoft Tim weighs in as well. It's him who helped Microsoft hijack Linux (exporting it to GitHub).]
  • Questions Raised About .NET Foundation

    Littles was elected and took on the role of chair for the Technical Steering Group, hoping to be able to achieve some progress towards Open Source sustainability. However, when he realized that his efforts were futile he resigned from the .NET Foundation board ahead of the 2021 elections which took place in August. He hadn't intended to draw attention to this, but changed his mind when the announcement of the election results reported on his resignation.

Proprietary Leftovers (Mostly Microsoft)

Filed under
Microsoft
  • US Rolls Out New Cybersecurity Requirements for Rail, Air [iophk: Windows TCO]

    Homeland Security Secretary Alejandro Mayorkas announced the measures Tuesday at a virtual cybersecurity conference, warning that recent incidents such as the SolarWinds [crack] and the Colonial Pipeline ransomware attack showed that "what is at stake is not simply the way we communicate or the way we work, but the way we live."

    The new security directives target what the Department of Homeland Security and the Transportation Security Administration describe as "higher risk" rail companies, "critical" airport operators, and air passenger and air cargo companies.

  • Bill requiring companies report cyber incidents moves forward in the Senate [iophk: Windows TCO]

    The bill would require owners and operators of critical infrastructure groups to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It would also require critical infrastructure groups, nonprofits and most medium to large businesses to report making ransomware attack payments within 24 hours.

  • TSA to issue regulations to secure rail, aviation groups against cyber threats [iophk: Windows TCO]

    According to Mayorkas, the directive will require these groups to “identify a cybersecurity point person” charged with reporting cybersecurity incidents to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), along with establishing “contingency and recovery plans” in the case of cyberattacks.

  • U.S. to tell critical rail, air companies to report [breaches], name cyber chiefs [iophk: Windows TCO]

    The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose [breaches] to the government and draft recovery plans for if an attack were to occur.

  • The Gates Foundation Avoids a Reckoning on Race and Power

    Over the last year, Doctors Without Borders has faced a major scandal, as more than 1,000 current and former employees signed on to a letter accusing the Nobel Peace Prize-winning humanitarian organization of institutional racism, citing a colonial mentality in how the group’s European managers view the developing world.1

    Such an allegation would be serious in any field, but it deserves another level of scrutiny in the context of global health and humanitarianism, two fields built on a paternalistic premise: rich white people from wealthy nations setting themselves up as saviors of poor people of color. The assumptions embedded in this model have provoked increasingly popular calls to “decolonize” the sector, and many organizations have responded by invoking social justice rhetoric, claiming, for instance, that their work intersects with the Black Lives Matter movement.2

  • Canopy Parental Control App Wide Open to Unpatched XSS Bugs

    The vulnerability arises because the system is failing to sanitize user inputs. The input field allows 50 characters, Young found, “which was plenty to source an external script.”

    He said there are multiple ways to exploit the issue.

Life's better together when you avoid Windows 11

Filed under
GNU
Microsoft

October 5 marks the official release of Windows 11, a new version of the operating system that doesn't do anything at all to counteract Windows' long history of depriving users of freedom and digital autonomy. While we might have been encouraged by Microsoft's vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom.

Microsoft claims that "life's better together" in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree software. Developing nonfree software is an inherently antisocial act, for it is intentionally choosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it's really doing, what it's collecting, and how often it's snitching on users. "Snitching" may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one's personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft.

Read more

Syndicate content

More in Tux Machines

CuteFish – An Elegant, Beautiful and Easy-to-Use Linux Desktop

CutefishOS is a new free and open-source desktop environment for Linux operating systems with a focus on simplicity, beauty, and practicality. Its goal is to create a better computing experience for Linux users. Cutefish OS is among the newest kids on the block of desktop environments. And since it has been born at such a time when the KDE aesthetic leads in the UI/UX stand for Linux users, it features a design that is strikingly similar. Given its goal of making a better desktop experience, the team uses KDE Frameworks, KDE Plasma 5, and Qt. My guess is that Qt is the source of its “cute” name. They seem to have collaborated heavily with JingOS, a beautiful Linux OS targeted at Tablets. Read more

Former Microsoft Security Analyst Claims Office 365 Knowingly Hosted Malware For Years

Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too? On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive. Read more

today's leftovers

  • pam-krb5 4.11

    The primary change in this release of my Kerberos PAM module is support for calling pam_end with PAM_DATA_SILENT. I had not known that the intent of this flag was to signal that only process resources were being cleaned up and external resources should not be (in part because an older version of the man page doesn't make this clear).

  • QB64 Hits Version 2.0, Gets Enhanced Debugging | Hackaday

    Despite the name, BASIC isn’t exactly a language recommended for beginners these days. Technology has moved on, and now most people would steer you towards Python if you wanted to get your feet wet with software development. But for those who got their first taste of programming by copying lines of BASIC out of a computer magazine, the language still holds a certain nostalgic appeal.

  • All Things Open: Diversity Event Today - Big Top Goes Up Monday! - FOSS Force

    By now things are going full tilt boogie in downtown Raleigh, as the All Things Open conference is well into its “pre” day. Keeping with the trend set by other conferences, All Things Open opens a day ahead of time, partially to stage free event’s that aren’t officially a part of the main show, but which offer attendees from out-of-town a reason to fly in a day early to settle in. This is good for the travelling attendees, because they don’t spend the first day suffering for jet lag or other forms of travel fatigue, and good for the event, because it means that more people are in place to fill seats and attend presentations, beginning with the opening keynote. [...] At ATO, the registration desks are open on Sunday from noon until 5:30 Eastern Time, and the pre-conference is a free Inclusion and Diversity Event that started at noon and will run until 5pm, emceed by Rikki Endsley, formally with Red Hat and now a community marketing manager at Amazon Web Services.

  • [Older] Arduino Nano Pros and Cons: Is the Cheapest Arduino Worth It?

    While there is quite an array of Arduino boards to choose from, the Nano is a versatile board suitable for almost all DIY electronic projects. These tiny micro controllers make compact DIY hardware development available to more people than ever before. In the past we have covered reasons you may not want to choose a genuine Arduino for your projects, but today lets take a look at the positives and negatives of the Arduino Nano.

  • Pnevmo-Capsula: Domiki rolls onto Windows, Mac and Linux

    Usually the term "on rails" refers to a highly linear experience over which the player has little control. But sometimes it's meant far more literally than that, as is the case in Pomeshkin Valentin Igorevich's recently released steampunk adventure, Pnevmo-Capsula: Domiki.

  • How to install Thinkorswim Desktop on a Chromebook in 2021

    Today we are looking at how to install Thinkorswim Desktop on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

Digital Restrictions (DRM) on Printers