Latest news and stories from BleepingComputer.com

Free Windows 8 Update to Address Confusion

Budapest — Wed, 15 May 2013 01:47:08 EDT

A planned Windows 8 update to address complaints and confusion with Microsoft's new operating system will be made available for free this year, the company says.

Not charging extra for Windows 8.1, previously code named "Windows Blue", is consistent with the company's practice of offering "decimal point" updates to operating systems for free. But when Microsoft announced the update last week, it didn't say that it would be free.

Tami Reller, the marketing and financial chief for Microsoft's Windows business, said the company wants to assure customers that they can buy Windows 8 now and still get the benefits of Windows 8.1 later.

"Windows 8.1 will be delivered as a free update to Windows 8 and to Windows RT and it will be easy to get right from the Windows start screen through the app store," said Reller.

READ MORE

[...]

How the Syrian Electronic Army Hacked The Onion

buddy215 — Fri, 10 May 2013 12:17:14 EDT

Seriously...The Onion got hacked...The Onion...seriously...explains how it was done...seriously

�

How the Syrian Electronic Army Hacked The Onion - Onion Inc.'s Tech Blog

�

QUOTE from link above:

.........At this point the editorial staff began publishing articles inspired by the attack. The second article, Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels, angered the attacker who then began posting editorial emails on their Twitter account. Once we discovered this, we decided that we could not know for sure which accounts had been compromised and forced a password reset on every staff member’s Google Apps account.

In total, the attacker compromised at least 5 accounts. The attacker logged in to compromised accounts from 46.17.103.125 which is also where the SEA hosts a website.

Don’t let this happen to you

Under the above heading are some suggestions to avoid this type of attack...

�

[...]

Microsoft Releases Fix It for vulnerability in Internet Explorer 8

Lawrence Abrams — Wed, 08 May 2013 23:46:06 EDT

On May 3rd, Microsoft released an advisory about a vulnerability in Internet Explorer 8 that could allow specially crafted code to execute commands on your computer. It was later confirmed that there was actual exploits available on the Internet and that this vulnerability was actively being used by malware developers to infect your computer. The good news is that only Internet Explorer 8 is affected and that IE 7, 9, & 10 are not vulnerable.

If you are using Internet Explorer 8, Microsoft released a Fix It today that resolves this issue until a security update is released. This Fix It is labeled CVE-2013-1347 MSHTML Shim Workaround and can be found at the following address: http://support.microsoft.com/kb/2847140. It is strongly suggested that all users of IE 8 immediately install the Fix It that enables this feature. When a formal update is released, you can visit the same page and download the Fix It that disables this solution.

Please note that when you install this Microsoft Fix It, you will most likely be prompted by IE as to whether whether you wish to run Active Scripting or Content while browsing various web sites. If you know the site is safe, feel free to allow the content to run. Otherwise, do not allow it to do so. [...]

Microsoft Just Upgraded All Hotmail Users To New Outlook.com

buddy215 — Fri, 03 May 2013 18:33:15 EDT

Microsoft Says Goodbye Hotmail::Brought to you by TechWeb

�

QUOTE from link above:

"Hotmail was still one of the most widely used services, with over 300 million active accounts," he wrote. "This made the magnitude of the process incredible, maybe even unprecedented. This meant communicating with hundreds of millions of people, upgrading all their mailboxes and making sure that every person's mail, calendar, contacts, folders, and personal preferences were preserved in the upgrade. Of course, this had to be done with a live site experience that was handling billions of transactions a day."

So, farewell Hotmail, which almost certainly had users active on it since its 1996 debut.

�

ImageDetail

Microsoft just upgraded everyone who uses Hotmail to the new Outlook.com. This required migrating more than 150 petabytes (150 million gigabytes) of data.

�

[...]

R.I.P. Windows Live Messenger. Forced migration to Skype begins today.

Lawrence Abrams — Fri, 26 Apr 2013 11:00:16 EDT

The long awaited transition from Windows Live Messenger to Skype begins today. The next time Windows Live Messenger users attempt to login, they will be greeted with a message message stating a new version is available and that you must update in order to continue. This new update, though, is not for Live Messenger but rather to install Skype 6.3, which you will now be forced to use.
�

Those using 3rd party programs, such as Trillian or Pidgin, will still be able to communicate via the Messenger network until April 30th when it is slated to be shutdown. [...]

Breaking News: Twinkies are back

quietman7 — Thu, 25 Apr 2013 15:12:07 EDT

Twinkies are back: Hostess plant in Columbus, Ga., will reopen in July

[...]

Is your router secure?

Michael — Fri, 19 Apr 2013 23:25:49 EDT

Better hold off on answering that question just yet.

ISE, a security research company, has published a report detailing the ease with which they were able to compromise several popular SOHO routers.

I strongly recommend everyone read the following article.

http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/

However, users should not immediately freak out. While possible, these attacks do carry with them some limitations. Without access to your local network there is not a known exploit which will compromise your router without your clicking on a malicious link or running a malicious file. Furthermore, only two models of routers (Belkin N300 and Belkin N900) can be attacked from the Internet without having login credentials to the router.

See the ISE report for which model routers are susceptible to which threats. The identity of five of the compromised models has not yet been released as patches have not yet been made available.

http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp

It is very important that router owners use WPA encryption on their networks (avoid WEP!) and ensure that the admin credentials on their router have been changed from their defaults. Additionally, be on the lookout for router vendors to be pushing firmware updates in the near future to address these concerns. [...]

How to protect your computer against dangerous Java Applets

boopme — Wed, 17 Apr 2013 23:21:56 EDT

Java exploits represent a common attack vector used by the bad guys to infiltrate vulnerable computers via the web browser. We wrote about the rise of Java exploits as early as 2010, and we haven't seen that trend decline. In fact, in the first quarter of 2013 alone, we've seen three Java remote code execution vulnerabilities being exploited in the wild: CVE-2013-0422, CVE-2013-0431, and CVE-2013-1493. In response, Oracle recently introduced a new security feature regarding the way unsigned Java applets and web start applications are run in the release of Java 7 update 11. The text in Oracle's release notes reads:

Synopsis: Default Security Level Setting Changed to High.

The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

�

The rest is here.....

Microsoft Corporation

[...]

Rumors that Windows 8.1 (Blue) may bring back the Start Menu and boot to desktop

Lawrence Abrams — Wed, 17 Apr 2013 14:58:19 EDT

When Microsoft unveiled Windows 8, the biggest complaints were the lack of the traditional Start Menu and Windows booting directly to the Windows Start screen instead of the desktop. Rumors are now circulating that Windows 8.1, codenamed Blue, will possibly offer options that can enable booting directly to the Windows 8 desktop and the ability to bring back the Windows Start Menu.

On April 14th, MicrosoftPortal.net blogged about how the twinui.dll file found in the leaked Windows Blue Build 9364 contains code that controls whether the computer will boot directly to the desktop. If this setting in the twinui.dll file is manually patched, Windows 8 will then boot directly to the desktop. As previous builds of Windows Blue did not contain this option, it is through that Microsoft may finally be listening to their user's biggest concerns and working to fix them.
/spacer.gif' class='bbc_emoticon' alt=':spacer:' />

Screenshot from http://microsoftportal.net/windows-blue/2037-windows-blue-pozvolit-otklyuchit-startovyy-ekran.html

/spacer.gif' class='bbc_emoticon' alt=':spacer:' />
Yesterday, Mary Jo Foley reported that one of her sources has indicated that Microsoft may also be planning on adding the ability to bring back the Start menu button as part of the Windows Blue update.

At this point there is no official word from Microsoft, so we will just have to wait to see what happens in August 2013 when Windows 8.1 is released to manufacturing.

There are some great new features in Windows 8 that make it more secure and easier to troubleshoot. Bringing back the Start Menu and directly booting to the desktop may make Windows 8 a real winner.

What are your thoughts? [...]

ACLU Files Complaint With FTC Stating Only Google Phones Get Updated Properly

buddy215 — Wed, 17 Apr 2013 07:09:02 EDT

The ACLU complaint says only Google supplied Android phones get timely security updates.

The others from all the big name carriers such as ATT, Verizon Wireless, Sprint Nextel and T-Mobile USA

are running outdated software including proprietary software and outdated browsers.

�

More here: ACLU complains to FTC that mobile carriers leave Android phones unsecured | PCWorld

�

QUOTE from link above: ......

according to the complaint, which has asked the FTC to require the operators to allow users to exchange their Android smartphones that are less than 2 years old for one that receives regular security updates, or return the phone for a full refund of the purchase price, if they have not been receiving regular and prompt security updates.

ACLU also asked the FTC to compel the operators to allow customers using carrier-supplied Android smartphones to cancel contracts without any early termination fees. The operators should also be compelled to warn all subscribers using carrier-supplied Android smartphones with known, unpatched security vulnerabilities..............

[...]