Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

The Psychological Reasons Behind Risky Password Practices (helpnetsecurity.com) 82

Orome1 quotes a report from Help Net Security: Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits. My personal favorite: password paradox. "The survey revealed that the majority of respondents understand that their digital behavior puts them at risk, but do not make efforts to change it," reports Help Net Security. "Only five percent of respondents didn't know the characteristics of a secure password, with the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols. Furthermore, 91 percent of respondents said that there is inherent risk associated with reusing passwords, yet 61 percent continue to use the same or similar passwords anyway, with more than half (55 percent) doing so while fully understanding the risk." The report also found that when attempting to create secure passwords, "47 percent of respondents included family names or initials," while "42 percent contain significant dates or numbers and 26 percent use the family pet."
Android

Google Rebrands 'Apps for Work' To 'G Suite,' Adds New Features (thenextweb.com) 46

Google has renamed "Apps for Work" to "G Suite" to "help people everywhere work and innovate together, so businesses can move faster and go bigger." They have also added a bunch of new features, such as a "Quick Access" section for Google Drive for Android that uses machine learning to predict what files you're going to need when you open up the app, based off your previous behavior. Calendar will automatically pick times to set up meetings through the use of machine intelligence. Sheets is also using AI "to turn your layman English requests into formulas through its 'Explore' feature," reports The Next Web. "In Slides, Explore uses machine learning to dynamically suggest and apply design ideas, while in Docs, it will suggest backup research and images you can use in your musings, as well as help you insert files from your Drive account. Throughout Docs, Sheets, and Slides, you can now recover deleted files on Android from a new 'Trash' option in the side/hamburger menu." Google's cloud services will now fall under a new "Google Cloud" brand, which includes G Suite, Google Cloud Platform, new machine learning tools and APIs, and Google's various devices that access the cloud. Slashdot reader wjcofkc adds: I just received the following email from Google. When I saw the title, my first thought was that there was malware lying at the end -- further inspection proved it to be real. Is this the dumbest name change in the history of name changes? Google of all companies does not have to try so hard. "Hello Google Apps Customer, We created Google Apps to help people everywhere work and innovate together, so that your organization can move faster and achieve more. Today, we're introducing a new name that better reflects this mission: G Suite. Over the coming weeks, you'll see our new name and logo appear in familiar places, including the Admin console, Help Center, and on your invoice. G Suite is still the same all-in-one solution that you use every day, with the same powerful tools -- Gmail, Docs, Drive, and Calendar. Thanks for being part of the journey that led us to G Suite. We're always improving our technology so it learns and grows with your team. Visit our official blog post to learn more."
Security

The Yahoo Hackers Weren't State-Sponsored, Security Firm Says (csoonline.com) 25

itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."
Cellphones

FCC Votes To Upgrade Emergency Smartphone Alerts (cnn.com) 70

After recent bombings, the Federal Communications Commission has voted to update the four-year-old emergency smartphone alerts system, which is used by officials to ping smartphones to alert people of severe weather, missing children, terror attacks or other danger. Some of the new changes allow the system to send texts with links to pictures, maps and phone numbers. CNNMoney reports: The agency also voted to allow longer messages -- 360 characters, up from 90 -- and to require wireless providers to support Spanish-language alerts. Wireless carriers will be allowed to support embedded links later this year. They'll be required to next year. The system's limits were on display last week when millions of New Yorkers received a text alert seeking information on Ahmad Khan Rahami, suspected in bombings in New York and New Jersey. "See media for pic," the alert said. Emergency alerts still won't include embedded photos, but commissioners said they're open to the idea. "Vague directives in text about where to find information about a suspect, just as we saw in New York, are not good enough," said Jessica Rosenworcel, an FCC commissioner. "As we move into the 5G future, we need to ensure that multimedia is available in all of our alert messages." Not everyone was so sure. Michael O'Rielly, another commissioner, said adding links and multimedia could jam cell networks during emergencies.
The Courts

Four States Sue To Stop Internet Transition (thehill.com) 191

An anonymous reader quotes a report from The Hill: Republican attorneys general in four states are filing a lawsuit to block the transfer of internet domain systems oversight from the U.S. to an international governing body. Texas Attorney General Ken Paxton, Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt and Nevada Attorney General Paul Laxalt filed a lawsuit on Wednesday night to stop the White House's proposed transition of Internet Assigned Numbers Authority (IANA) functions. The state officials cite constitutional concerns in their suit against the National Telecommunications and Information Administration, U.S. government and the Department of Commerce. "The Obama Administration's decision violates the Property Clause of the U.S. Constitution by giving away government property without congressional authorization, the First Amendment to the U.S. Constitution by chilling speech, and the Administrative Procedure Act by acting beyond statutory authority," a statement released by Paxton's office reads. The attorneys generals claim that the U.S. government is ceding government property, pointing to a Government Accountability Office (GAO) review that "concluded that the transition does not involve a transfer of U.S. government property requiring Congressional approval." Paxton also echoed Texas Sen. Ted Cruz's warnings that the transition could harm free speech on the internet by giving Russia, China and Iran a voice on the international governing body that would oversee internet domain systems. "Trusting authoritarian regimes to ensure the continued freedom of the internet is lunacy," Paxton said. "The president does not have the authority to simply give away America's pioneering role in ensuring that the internet remains a place where free expression can flourish."
Democrats

Comey Denies Clinton Email 'Reddit' Cover-Up (politico.com) 383

An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.
Software

The UK's Largest Sperm Bank Is Now An App (technologyreview.com) 64

Sperm bank? There's an app for that. The largest sperm bank in the United Kingdom -- the London Sperm Bank -- has released an official app that aims to "modernize the process of hooking prospective parents up with the biological material they need to make it happen," according to MIT Technology Review: The app is essentially just a mobile version of the filtered search function the London Sperm Bank offers on its website. But in doing something as simple as bringing its desktop services to mobile devices, the bank is making a play to further normalize reproductive technologies. The London Sperm Bank boasts that users will receive push notifications as soon as new donors are available, which could help speed things up for hopeful parents looking for a match. The road to conception can take years for people using reproductive technologies, so expediting any part of the process would be a welcome time-saver. But the bank has over 10,000 vials of sperm, so searching, even using filters, could still be a lengthy process. To combat this, the app also offers a wish list function that lets more focused users predetermine what they're looking for in a donor, and receive a notification when their criteria are met. The way the service works on mobile has been compared to Tinder, but there's actually no swiping involved. Its wish list function means it's more akin to apps like Anthology, which job seekers use to find their next career move. The report notes that, while there are other mobile sperm bank apps out there, the London Sperm Bank is the only one with several medical associations and the U.K. government's Human Fertilization and Embryology Authority on board. Also, the app is free to download, but the cost of ordering sperm is about $1,200 per order, which is the same as if you order through the London Sperm Bank catalogue.
Government

US Believes Hackers Are Shielded By Russia To Hide Its Role In Cyberintrusions: WSJ (newsmax.com) 108

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
HP

HP To Issue 'Optional Firmware Update' Allowing 3rd-Party Ink (arstechnica.com) 78

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.
Piracy

Cloudflare: We Can't Shut Down Pirate Sites (torrentfreak.com) 129

CloudFlare has said it cannot shut down piracy websites. The CloudFlare's response comes two months after adult entertainment outfit ALS Scan filed a complaint at a California federal court two months ago in which the company accused the CDN service of various counts of copyright and trademark infringement. From a TorrentFreak report:"CloudFlare is not the operator of the allegedly infringing sites but is merely one of the many intermediaries across the internet that provide automated CDN services, which result in the websites in question loading a bit faster than they would if they did not utilize CDN services." If Cloudflare terminated the accounts of allegedly infringing websites, the sites themselves would still continue to exist. It would just require a simple DNS reconfiguration to continue their operation. "Indeed, there are no measures of any kind that CloudFlare could take to prevent this alleged infringement, because the termination of CloudFlare's CDN services would have no impact on the existence and ability of these allegedly infringing websites to continue to operate," Cloudflare writes. As such, the company argues that it's not "materially contributing" to any of the alleged copyright infringements.
Microsoft

Vladimir Putin Is Replacing Microsoft Programs With Domestic Software (bloomberg.com) 274

An anonymous reader quotes a report from Bloomberg: Moscow city will replace Microsoft Corp. programs with domestic software on thousands of computers in answer to President Vladimir Putin's call for Russia's authorities to reduce dependence on foreign technology amid tensions with the U.S. and Europe. The city will initially replace Microsoft's Exchange Server and Outlook on 6,000 computers with an e-mail system installed by state-run carrier Rostelecom PJSC, Artem Yermolaev, head of information technology for Moscow, told reporters Tuesday. Moscow may expand deployment of the new software, developed by Russia's New Cloud Technologies, to as many as 600,000 computers and servers, and may also consider replacing Windows and Office, Yermolaev said. Putin is urging state entities and local companies to go domestic amid concerns over security and reliability after U.S. firms shut down paid services in Crimea following Russia's 2014 annexation. The plan poses a challenge to the likes of Microsoft, SAP SE and Oracle Corp. in the country's $3 billion software market. Adding to pressure, Putin's internet czar German Klimenko wants to raise taxes on U.S. technology companies to help Russian competitors such as Yandex NV and Mail.ru Group Ltd.
Democrats

FBI Investigating Possible Hack of Democratic Party Staffer Cell Phones (cnn.com) 107

In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.
Communications

Anti-Defamation League Declares Pepe the Frog a Hate Symbol (time.com) 391

An anonymous reader quotes a report from TIME: The Anti-Defamation League (ADL) has declared a popular internet meme depicting a cartoon frog to be a hate symbol. Pepe the Frog's beginnings were unoffensive: he is the creation of comic book creator Matt Furie, who featured the frog as a character in the series Boy's Club beginning in 2005. The character subsequently became a beloved meme, often called the "sad frog meme" and shared with a speech bubble reading "Feels good man" or "Feels bad man." But recently, as the Daily Beast reported in May, the character has been co-opted by a faction of Internet denizens who decided to reclaim it from the mainstream, and began sharing it in anti-Semitic contexts. "Images of the frog, variously portrayed with a Hitler-like mustache, wearing a yarmulke or a Klan hood, have proliferated in recent weeks in hateful messages aimed at Jewish and other users on Twitter," the ADL wrote in a statement. "Once again, racists and haters have taken a popular Internet meme and twisted it for their own purposes of spreading bigotry and harassing users," wrote ADL CEO Jonathan A. Greenblatt.
The Almighty Buck

Revealed: How One Amazon Kindle Scam Made Millions of Dollars (zdnet.com) 40

An anonymous Slashdot reader shares an excerpt with us from a report via ZDNet that summarizes a catfishing scheme designed to deceive Amazon users into buy low-quality ebooks: Emma Moore is just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinks Amazon customers into buying low-quality ebooks, which have been boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers. Catfishing isn't new -- it's been well documented. Some scammers buy fake reviews, while others will try other ways to game the system. Until now, nobody has been able to look inside at how one of these scams work -- especially one that's been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance. Shershnyov was able to stay in Amazon's shadows for two years by using his scam server conservatively so as to not raise any red flags. What eventually gave him away weren't customer complaints or even getting caught. It was good old-fashioned carelessness. He forgot to put a password on his server.
Government

FCC Official Asks Agency To Investigate Ban On Journalists' Wi-Fi Personal Hotspots At Debate (arstechnica.com) 168

Yesterday, it was reported that journalists attending the presidential debate at Hofstra University were banned from using personal hotspots and were told they had to pay $200 to access the event's Wi-Fi. The journalists were reportedly offered the option to either turn off their personal hotspots or leave the debate. Cyrus Farivar via Ars Technica is now reporting that "one of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban." Ars Technica reports: Earlier, Commissioner Jessica Rosenworcel tweeted, saying that something was "not right" with what Hofstra did. She cited an August 2015 order from the FCC, forcing a company called SmartCity to no longer engage in Wi-Fi blocking and to pay $750,000. Ars has since updated their report with a statement from Karla Schuster, a spokeswoman for Hofstra University: The Commission on Presidential Debates sets the criteria for services and requires that a completely separate network from the University's network be built to support the media and journalists. This is necessary due to the volume of Wi-Fi activity and the need to avoid interference. The Rate Card fee of $200 for Wi-Fi access is to help defray the costs and the charge for the service does not cover the cost of the buildout. For Wi-Fi to perform optimally the system must be tuned with each access point and antenna. When other Wi-Fi access points are placed within the environment the result is poorer service for all. To avoid unauthorized access points that could interfere, anyone who has a device that emits RF frequency must register the device. Whenever a RF-emitting device was located, the technician notified the individual to visit the RF desk located in the Hall. The CPD RF engineer would determine if the device could broadcast without interference.
AI

Google's New Translation Software Powered By Brainlike Artificial Intelligence (sciencemag.org) 87

sciencehabit quotes a report from Science Magazine: Today, Google rolled out a new translation system that uses massive amounts of data and increased processing power to build more accurate translations. The new system, a deep learning model known as neural machine translation, effectively trains itself -- and reduces translation errors by up to 87%. When compared with Google's previous system, the neural machine translation system scores well with human reviewers. It was 58% more accurate at translating English into Chinese, and 87% more accurate at translating English into Spanish. As a result, the company is planning to slowly replace the system underlying all of its translation work -- one language at a time. The report adds: "The new method, reported today on the preprint server arXiv, uses a total of 16 processors to first transform words into a value known as a vector. What is a vector? 'We don't know exactly,' [Quoc Le, a Google research scientist in Mountain View, California, says.] But it represents how related one word is to every other word in the vast dictionary of training materials (2.5 billion sentence pairs for English and French; 500 million for English and Chinese). For example, 'dog' is more closely related to 'cat' than 'car,' and the name 'Barack Obama' is more closely related to 'Hillary Clinton' than the name for the country 'Vietnam.' The system uses vectors from the input language to come up with a list of possible translations that are ranked based on their probability of occurrence. Other features include a system of cross-checks that further increases accuracy and a special set of computations that speeds up processing time."
Piracy

YouTube-MP3 Ripping Site Sued By IFPI, RIAA and BPI (torrentfreak.com) 307

An anonymous reader quotes a report from TorrentFreak: Two weeks ago, the International Federation of the Phonographic Industry published research which claimed that half of 16 to 24-year-olds use stream-ripping tools to copy music from sites like YouTube. The industry group said that the problem of stream-ripping has become so serious that in volume terms it had overtaken downloading from 'pirate' sites. Given today's breaking news, the timing of the report was no coincidence. Earlier today in a California District Court, a huge coalition of recording labels sued the world's largest YouTube ripping site. UMG Recordings, Capitol Records, Warner Bros, Sony Music, Arista Records, Atlantic Records and several others claim that YouTube-MP3 (YTMP3), owner Philip Matesanz, and Does 1-10 have infringed their rights. The labels allege that YouTube-MP3 is one of the most popular sites in the entire world and as a result its owner, German-based company PMD Technologies UG, is profiting handsomely from their intellectual property. YouTube-MP3 is being sued for direct, contributory, vicarious and inducement of copyright infringement, plus circumvention of technological measures. Among other things, the labels are also demanding a preliminary and permanent injunction forbidding the Defendants from further infringing their rights. They also want YouTube-MP3's domain name to be surrendered. "YTMP3 rapidly and seamlessly removes the audio tracks contained in videos streamed from YouTube that YTMP3's users access, converts those audio tracks to an MP3 format, copies and stores them on YTMP3's servers, and then distributes copies of the MP3 audio files from its servers to its users in the United States, enabling its users to download those MP3 files to their computers, tablets, or smartphones," the complaint reads. "Defendants are depriving Plaintiffs and their recording artists of the fruits of their labor, Defendants are profiting from the operation of the YTMP3 website. Through the promise of illicit delivery of free music, Defendants have attracted millions of users to the YTMP3 website, which in turn generates advertising revenues for Defendants," the labels add.
Republicans

Trump Takes On 'Crooked Hillary' With Snapchat Geofilter (arstechnica.com) 135

In an effort to appeal to more young voters, U.S. Republican presidential nominee Donald Trump has unveiled a "geofilter" ad campaign for Snapchat that slaps on the banner phrase "Donald J. Trump vs. Crooked Hillary" to a user's photo and video Snaps. Ars Technica reports: "The ad rolled out to American Snapchat users today, just ahead of the 2016 presidential election's first major debate between Trump and Hillary Clinton (the debate starts tonight at 9pm EDT). The ad joins the usual geofilter available to Snapchat users, which usually list the name of a city or a nearby event as determined by GPS and time information. The campaign differs from the deluge of text, photo, and video ads that politicans have relied on in recent years, as it doesn't publish or display to the public without a personal photo or video attached. While other political campaigns have paid for geofilter ad campaigns on Snapchat in the past, including Clinton and Bernie Sanders, those have been timed and targeted for smaller-scale events like political conventions and primary voting periods. In a statement to CNN, the Clinton campaign said that Trump was "throwing his money into a fire pit," and it pointed out the ad's potential for backfiring, since "given Trump's deep unpopularity with young voters, [the ad's phrasing] will be used mainly at [his] own expense."
Security

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 169

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.

Slashdot Top Deals