Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft raises concerns on Government’s open source push in GeM

Filed under
Microsoft
OSS

The world’s largest software maker Microsoft has raised concerns over the government putting its weight behind open source software in its recent request for proposal to appoint a managed service provider for its e-marketplace, nicknamed GeM.

“The RFP has allocated 50 out of 150 marks to solutions that are built using open source software only; this means that if a bidder does not use open source product only then it would be impossible for such a bidder to achieve the 65 percent qualification marks in solution evaluation and would then automatically become technically disqualified,” Microsoft has said in a letter to the government, reviewed by Moneycontrol.

Moneycontrol has accessed a copy of the letter. In an official response, Microsoft confirmed sending a letter in this regard.

Read more

Microsoft Culture

Filed under
Microsoft

Microsoft Antitrust and Security Failures

Filed under
Microsoft
Security
  • Kaspersky sues Microsoft over claims Windows 10 is 'incompatible' with third-party AV

    In a sensational claim, Kaspersky says that a customer in France was told by a Microsoft representative that "Windows 10 is incompatible with third-party antivirus. It's a shame that you've spent money on a Kaspersky Lab product, but you can't reinstall it without running the risk of the appearance of new bugs."

  • Microsoft Targeted by Kaspersky Antitrust Complaint to EU

    Kaspersky sent a formal complaint to European Union and German antitrust regulators, saying “hurdles” created by Microsoft limit consumer choice and drive up the cost of security software.

  • If hacking {sic} back becomes law, what could possibly go wrong? [iophk: "any Windows machines even sending stray packet will then receive the full force of vault7+"]

    Representative Tom Graves, R-Ga., thinks that when anyone gets hacked {sic} -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers {sic} outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking {sic} back" easy-breezy-legal believes it would've stopped the WannaCry ransomware.

  • Ransomware attack will count as data breach: security pro

    Ransomware attacks will be regarded as data breaches under Australia's new data breach legislation that comes into force on 22 February next year, according to the chief cyber security adviser at RSA.

Microsoft Bribery Again

Filed under
Microsoft
  • Microsoft's cunning plan to make Bing the leading search engine: Bribery

    The uptake for Microsoft's long-suffering search engine, Bing, continues to be so dismal that Redmond has resorted to paying people to use it.

    The "loyalty scheme" offers points that can be exchanged for charity donations or music, games, devices and other stuff on the Microsoft Store. Users are awarded three points per search, up to 30 a day at Level 1.

    To get an idea of what they're worth, 5,300 gets you a £5 Xbox digital gift card, which equates to 10 per cent off a current-gen game. That's quite a grind – 176 days of furious Binging for pennies. But hit Level 2, by bashing Bing for 500 points per month, and you can reap 150 points a day.

  • Microsoft is paying users to search with Bing over Google

    Under this scheme, the company will reward users for using Bing with points, which can later be exchanged for charity donations or freebies available on the Microsoft Store.

Microsoft's Latest Stunts

Filed under
Microsoft

Security News: “Pandemic” for Windows, WannaCry, and Linux 'Flaw'

Filed under
Microsoft
Security
  • WikiLeaks says CIA’s “Pandemic” turns servers into infectious Patient Zero

    "Pandemic," as the implant is codenamed, turns file servers into a secret carrier of whatever malware CIA operatives want to install, according to documents published Thursday by WikiLeaks. When targeted computers attempt to access a file on the compromised server, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers. A user manual said Pandemic takes only 15 seconds to be installed. The documents didn't describe precisely how Pandemic would get installed on a file server.

  • WannaCry: Can Linux save us?

    The idea is simple if you don’t have the money to upgrade to the latest Windows operating system, move to Linux, because, piracy and price issues are antithetical to the world of Linux. Linux based operating systems are mostly free to use. Even the enterprise solutions, like Ubuntu Server, OpenSuse Linux Enterprise, and Red Hat Enterprise, come at a fraction of what Microsoft charges. So, the inability to update/upgrade arising out of piracy/price issues is ruled out.

  • Opsec for a world where the laptop ban goes global

    If the Trump administration makes good on its promise to pack all potentially explosive laptops together in a blast-multiplying steel case in the plane's hold, it will be good news for would-be bombers -- and bad news for your data security.

  • How to protect Samba from the SambaCry exploit
  • The Linux Virus: how it can be

    Downloaded the virus for Linux.

    Unzipped it.

    Installed it under root.

    It didn't start. Spent 2 hours googling. Realised that the virus instead of /usr/local/bin installed itself into /usr/bin where user malware does not have the write permissions. That's why the virus could not create a process file.

White House Tech Policy Brought by Microsoft

Filed under
Microsoft
  • The White House will meet with tech execs for advice on giving the government a digital upgrade

    Announced in April, the American Technology Council is comprised of federal officials who oversee technology-focused agencies, and it's officially led by Chris Liddell, a White House aide who previously served as the chief financial officer at Microsoft. The initiative itself lives under the umbrella of Kushner's Office of American Innovation, which aspires to cure longtime, unresolved government ills, such as the poor, aging technology in use at the Department of Veterans Affairs.

  • Sharing America's code

    Since Salehi joined the CIO team in 2015, the government has made great strides toward open sourcing its code. The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government.

Windows Security Cannot be Blamed on "XP"

Filed under
Microsoft
Security

Windows Intruded by CIA

Filed under
Microsoft
Security
  • Athena

    Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

    According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

    Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

  • Microsoft held back free patch that could have slowed WannaCry
Syndicate content

More in Tux Machines

Development: RTOS, LipidFinder, Github Threat, and Stack Overflow Survey

  • RTOS Primer, Part Two: Real Time Applications
    Employing Linux as an embedded RTOS has several advantages that make it highly attractive on a number of levels, specifically the most important concern these days, which seems to be cost. The second concern is security; Linux proves to be pretty secure in comparison to several common alternatives like Windows.
  • LipidFinder: An Open-Source Python Workflow for Novel Lipid Discovery
    Obtaining precise, high-quality lipidomic (or metabolomic) datasets comes with its challenges. One factor that I am sure comes to mind is the ability to minimize, or even better, eliminate those large numbers of artefacts that could otherwise hinder your mass spectrometry data analysis, to ensure accurate interpretation.
  • The Github threat
    The Github application belongs to a single entity, Github Inc, a US company which manage it alone. So, a unique company under US legislation manages the access to most of Free Software application code sources, which may be a problem with groups using it when a code source is no longer available, for political or technical reason.
  • Stack Overflow gives an even closer look at developer salaries
    Today, Stack Overflow announced a slightly more useful application for that same data, with the Stack Overflow Salary Calculator. Tell it where you live, how much experience and education you have, and what kind of developer you are, and it will tell you the salary range you should expect to make in five national markets (US, Canada, UK, France, Germany) and a handful of cities (New York, San Francisco, Seattle, Toronto, London, Paris, Berlin).

Security: Equifax, Kodi, Infrared, and Windows XP in 2017

  • Safer but not immune: Cloud lessons from the Equifax breach
  • Warning: If you are using this Kodi repository, you could be in danger
    Kodi is quite possibly the best media center software of all time. If you are looking to watch videos or listen to music, the open source solution provides an excellent overall experience. Thanks to its support for "addons," it has the potential to become better all the time. You see, developers can easily add new functionality by writing an addon for the platform. And yes, some addons can be used for piracy, but not all of them are. These addons, such as Exodus and Covenant, are normally added using a repository, which hosts them. [...] We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry.
  • Infrared signals in surveillance cameras let malware jump network air gaps
    The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks. The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.
  • Manchester police still relies on Windows XP
    England's second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July. Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used. Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk. The figure was disclosed as part of a wider Freedom of Information request. "Even if security vulnerabilities are identified in XP, Microsoft won't distribute patches in the same way it does for later releases of Windows," said Dr Steven Murdoch, a cyber-security expert at University College London.

Flock 2017, Fedora 27, and New Fedora 26 (F26) ISO

  • Flock 2017: How to make your application into a Flatpak?
  • Flock to Fedora 2017
  • Flock 2017 – A Marketing talk about a new era to come.
    I had two session at Flock this year, one done by me and another in support of Robert Mayr in the Mindshare one, if there were been any need for discussing. Here I’m talking about my session: Marketing – tasks and visions (I will push the report about the second one after Robert’s one, for completion). In order to fit the real target of a Flock conference (that is a contributor conference, not a show where people must demonstrate how much cool they are; we know it!) is to bring and show something new, whether ideas, software, changes and so on, and discuss with other contributors if they’re really innovative, useful and achievable.
  • F26-20170918 Updated Live isos released
  • GSoC2017 Final — Migrate Plinth to Fedora Server
  • Building Modules for Fedora 27
    Let me start with a wrong presumption that you have everything set up – you are a packager who knows what they want to achieve, you have a dist-git repository created, you have all the tooling installed. And of course, you know what Modularity is, and how and why do we use modulemd to define modular content. You know what Host, Platform, and Bootstrap modules are and how to use them.

Red Hat Financial Results Expectations High