DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Operating Systems

NSA's DoublePulsar Kernel Exploit a 'Bloodbath' (threatpost.com) 135

msm1267 quotes a report from Threatpost: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come. MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish. "This is a full ring0 payload that gives you full control over the system and you can do what you want to it," said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday. "This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it's still found in a lot of places," Dillon said. "I find it everywhere. This is the most critical Windows patch since that vulnerability." Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he's running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue. "This is easily describable as a bloodbath," Tentler said.
Microsoft

Microsoft Will Block Desktop 'Office' Apps From 'Office 365' Services In 2020 (techradar.com) 215

An anonymous reader writes: Microsoft is still encouraging businesses to rent their Office software, according to TechRadar. "In a bid to further persuade users of the standalone versions of Office to shift over to a cloud subscription (Office 365), Microsoft has announced that those who made a one-off purchase of an Office product will no longer get access to the business flavours of OneDrive and Skype come the end of the decade." PC World explains that in reality this affects very few users. "If you've been saving all of your Excel spreadsheets into your OneDrive for Business cloud, you'll need to download and move them over to a personal subscription -- or pony up for Office 365, as Microsoft really wants you to do."

Microsoft is claiming that when customers connect to Office 365 services using a legacy version of Office, "they're not enjoying all that the service has to offer. The IT security and reliability benefits and end user experiences in the apps is limited to the features shipped at a point in time. To ensure that customers are getting the most out of their Office 365 subscription, we are updating our system requirements." And in another blog post, they're almost daring people to switch to Linux. "Providing over three years advance notice for this change to Office 365 system requirements for client connectivity gives you time to review your long-term desktop strategy, budget and plan for any change to your environment."

In a follow-up comment, Microsoft's Alistair Speirs explained that "There is still an option to get monthly desktop updates, but we are changing the 3x a year update channel to be 2x a year to align closer to Windows 10 update model. We are trying to strike the right balance between agile, ship-when-ready updates and enterprise needs of predictability, reliability and advanced notice to validate and prepare."
Android

Anbox Can Run Android Apps Natively On Linux (In A Container) (anbox.io) 66

Slashdot user #1083, downwa, writes: Canonical engineer Simon Fels has publicly released an Alpha version of Anbox. Similar to the method employed for Android apps on ChromeOS, Anbox runs an entire Android system (7.1.1 at present) in an LXC container. Developed over the last year and a half, the software promises to seamlessly bring performant Android apps to the Linux desktop.

After installing Anbox (based on Android 7.1.1) and starting Anbox Application Manager, ten apps are available: Calculator, Calendar, Clock, Contacts, Email, Files, Gallery, Music, Settings, and WebView. Apps run in separate resizeable windows. Additional apps (ARM-native binaries are excluded) can be installed via adb. Installation currently is only supported on a few Linux distributions able to install snaps. Contributions are welcome on Github.

In a blog post Simon describes it as "a side project" that he's worked on for over a year and a half. "There were quite a few problems to solve on the way to a really working implementation but it is now in a state that it makes sense to share it with a wider audience."
Databases

Microsoft Will Support Python In SQL Server 2017 (infoworld.com) 97

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn't limited to enterprise editions of SQL Server 2017, either -- it'll also be available in the free-to-use Express edition... Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it'll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database...

An existing Python installation isn't required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed.

Except it's not yet available for Linux users, according to the article. "Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python."
Government

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com) 100

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

Microsoft

Microsoft Improves Gmail Experience For Windows 10 Insiders, But There Are Privacy Concerns (betanews.com) 69

Reader BrianFagioli writes: Today, Microsoft announced a new Gmail experience for Windows 10. While only available for Windows Insiders as of today, it uses the same concept as the Outlook mobile app, but for the Mail and Calendar apps. Microsoft will provide you with an arguably improved experience as long as you are OK with storing all of your Gmail messages in Microsoft's cloud. What types of features will the new experience offer? Things such as tracking packages, getting updated on your favorite sports teams, and a focused inbox. "To power these new features, we'll ask your permission to sync a copy of your email, calendar and contacts to the Microsoft Cloud. This will allow new features to light up, and changes to update back and forth with Gmail -- such as creation, edit or deletion of emails, calendar events and contacts. But your experience in Gmail.com or apps from Google will not change in any way."
Cloud

Leaked Document Sheds Light On Microsoft's Chromebook Rival (windowscentral.com) 91

Microsoft has announced plans to host an event next month where it is expected to unveil Windows 10 Cloud operating system. Microsoft will be positioning the new OS as a competitor to Chrome OS, according to several reports. Windows Central has obtained an internal document which sheds light on the kind of devices that will be running Windows 10 Cloud. The hardware requirement that Microsoft has set for third-party OEMs is as follows: 1. Quad-core (Celeron or better) processor.
2. 4GB of RAM.
3. 32GB of storage (64GB for 64-bit). 4. A battery larger than 40 WHr.
5. Fast eMMC or solid state drive (SSD) for storage technology.
6. Pen and touch (optional).
The report adds that Microsoft wants these laptops to offer over 10-hour of battery life, and the "cold boot" should not take longer than 20 seconds.
Windows

File System Improvements To the Windows Subsystem for Linux (microsoft.com) 109

An anonymous reader shares a new article published on MSDN: In the latest Windows Insider build, the Windows Subsystem for Linux (WSL) now allows you to manually mount Windows drives using the DrvFs file system. Previously, WSL would automatically mount all fixed NTFS drives when you launch Bash, but there was no support for mounting additional storage like removable drives or network locations. Now, not only can you manually mount any drives on your system, we've also added support for other file systems such as FAT, as well as mounting network locations. This enables you to access any drive, including removable USB sticks or CDs, and any network location you can reach in Windows all from within WSL.
Microsoft

Microsoft Says It Will Release Two Feature Updates Per Year For Windows 10, Office (petri.com) 62

Microsoft is making a few changes to how it will service Windows, Office 365 ProPlus and System Center Configuration Manager. From a report: Announced today, Microsoft will be releasing two feature updates a year for Windows 10 in March in September and with each release, System Center Configuration Manager will support this new aligned update model for Office 365 ProPlus and Windows 10, making both easier to deploy and keep up to date. This is a big change for Microsoft as Windows will now be on a more predictable pattern for major updates and by aligning it with Office 365 Pro Plus, this should make these two platforms easier to service from an IT Pro perspective. The big news here is also that Microsoft is announcing when Redstone 3 is targeted for release. The company is looking at a September release window but it is worth pointing out that they traditionally release the month after the code is completed.
Network

The Biggest Time Suck at the Office Might Be Your Computer (bloomberg.com) 168

Sharing personal anecdotes and recent studies, a new report on Bloomberg blames outdated computers, decade-old operating systems and ageing equipments for being one of the biggest hurdles that prevents people from doing actual work in their offices. From the article: Slow, outdated computers and intermittent internet connections demoralize workers, a survey of 6,000 European workers said. Half of U.K. employees said creaking computers were "restrictive and limiting," and 38 percent said modern technology would make them more motivated, according to the survey, commissioned by electronics company Sharp. Scott's (a 25-year-old researcher who works at an insurance firm) PC runs the relatively up-to-date Windows 8 operating system, but his computer sometimes struggles to handle large spreadsheets and multiple documents open simultaneously, slowing him down. Others are in a worse spot. One in every eight business laptops and desktops worldwide still run Windows XP, which was introduced in 2001. [...] Some businesses can't help using old hardware or operating systems, because they use specialized software that also hasn't been brought up-to-date.
The Internet

Newest Firefox Browser Bashes Crashes (cnet.com) 133

Nobody likes it when a web browser bombs instead of opening up a website. Mozilla is addressing that in the newly released v53 of its Firefox browser, which it claims crashes 10 percent fewer times. CNET adds: The improvement comes through the first big debut of a part of Project Quantum, an effort launched in 2016 to beef up and speed up Firefox. To improve stability, Firefox 53 on Windows machines isolates software called a compositor that's in charge of painting elements of a website onto your screen. That isolation into a separate computing process cuts down on trouble spots that can occur when Firefox employs computers' graphics chips, Mozilla said.
Desktops (Apple)

StarCraft Is Now Free, Nearly 20 Years After Its Release (techcrunch.com) 237

An anonymous reader quotes a report from TechCrunch: Nearly two decades after its 1998 release, StarCraft is now free. Legally! Blizzard has just released the original game -- plus the Brood War expansion -- for free for both PC and Mac. You can find it here. Up until a few weeks ago, getting the game with its expansion would've cost $10-15 bucks. The company says they've also used this opportunity to improve the game's anti-cheat system, add "improved compatibility" with Windows 7, 8.1, and 10, and fix a few long lasting bugs. So why now? The company is about to release a remastered version of the game in just a few months, its graphics/audio overhauled for modern systems. Once that version hits, the original will probably look a bit ancient by comparison -- so they might as well use it to win over a few new fans, right?
Security

User-Made Patch Lets Owners of Next-Gen CPUs Install Updates On Windows 7 & 8.1 (bleepingcomputer.com) 218

An anonymous reader quotes a report from BleepingComputer: GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1. This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren't able to install any Windows updates. Microsoft's move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons. When the April 2017 Patch Tuesday came around last week, GitHub user Zeffy finally had the chance to test four batch scripts he created in March, after the release of KB4012218. His scripts worked as intended by patching Windows DLL files, skipping the CPU version check, and delivering updates to Windows 7 and 8.1 computers running 7th generation CPUs.
Microsoft

Microsoft Says Previous Windows Patches Fixed Newly Leaked NSA Exploits (pcworld.com) 48

Microsoft said it has already patched vulnerabilities revealed in last week's high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they've kept their software up-to-date. From a report: Friday's leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008. However, Microsoft said several patches -- one of which was made only last month -- address the vulnerabilities. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the company said in a blog post late on Friday. Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.
Cloud

Microsoft's Rumored CloudBook Could Be Your Next Cheap Computer (venturebeat.com) 206

An anonymous reader shares a report: In a few weeks, at its education-oriented software and hardware event in New York, Microsoft could unveil a sub-premium laptop -- something more robust than a Surface but not as fancy as a Surface Book. And rather than run good old Windows 10, the new product could run something called Windows 10 Cloud, which reportedly will only be able to run apps that you can find in the Windows Store, unless you change a certain preference in Settings. The idea is that this will keep your device more secure. However, that does mean you won't be able to use certain apps that aren't in the Store -- like Steam -- on a Windows 10 Cloud device, such as the rumored CloudBook. Microsoft is going after Google's Chromebooks that are very popular in the education space -- so much so that they are playing an instrumental role in keeping the entire PC shipments up.
Input Devices

RIP, Robert Taylor, The Innovator Who Shaped Modern Computing (sfgate.com) 37

"Any way you look at it, from kick-starting the Internet to launching the personal computer revolution, Bob Taylor was a key architect of our modern world," says a historian at Stanford's Silicon Valley Archives. An anonymous reader quotes the New York Times: The Internet, like many inventions, was the work of many inventors. But perhaps no one deserves more credit for that world-changing technological leap than Mr. Taylor. The seminal moment of his work came in 1966. He had just taken a new position at the Pentagon -- director of the Information Processing Techniques Office, part of the Advanced Research Projects Agency, known as Arpa -- and on his first day on the job it became immediately obvious to him what the office lacked and what it needed. At the time, Arpa was funding three separate computer research projects and using three separate computer terminals to communicate with them. Mr. Taylor said, No, we need a single computer research network, to connect each project with the others, to enable each to communicate with the others... His idea led to the Arpanet, the forerunner of the Internet.

A half-decade later, at Xerox's storied Palo Alto Research Center, Mr. Taylor was instrumental in another technological breakthrough: funding the design of the Alto computer, which is widely viewed as the forerunner of the modern personal computer. Mr. Taylor even had a vital role in the invention of the computer mouse. In 1961, at the dawn of the Space Age, he was about a year into his job as a project manager at NASA in Washington when he learned about the work of a young computer scientist at Stanford Research Institute, later called SRI International... Mr. Taylor decided to pump more money into the work, and the financial infusion led directly to Engelbart's invention of the mouse, a computer control technology that would be instrumental in the design of both Macintosh and Microsoft Windows-based computers.

Taylor had become fascinated with human-computer interactions in the 1950s during his graduate work at the University of Texas at Austin, and was "appalled" that performing data calculations required submitting his punch cards to a technician running the school's mainframe computers. Years later, it was Taylor's group at PARC that Steve Jobs visited in 1979, which inspired the "desktop" metaphor for the Macintosh's graphical user interface. And Charles Simonyi eventually left PARC to join Microsoft, where he developed the Office suite of applications.

Taylor died Thursday at his home in Woodside, California, from complications of Parkinson's disease, at the age of 85.
Operating Systems

Microsoft Confirms Only a Handful of Windows Phones Will Receive Windows 10 Creators Update (zdnet.com) 46

Windows Phone has less than a 1 percent market share in the mobile industry, but it is not completely dead, yet. In fact, if you own a relatively new Windows Phone, it may receive a new update that will give new life to it. Microsoft has confirmed today that only a subset of Windows Phone handsets will be getting the Windows 10 Creators Update when it begins rolling out on April 25. ZDNet reports: [Here's] Microsoft's list of supported phones: Alcatel IDOL 4S; Alcatel OneTouch Fierce XL; HP Elite x3; Lenovo Softbank 503LV; MCJ Madosma Q601; Microsoft Lumia 550; Microsoft Lumia 640/640XL; Microsoft; Lumia 650; Microsoft Lumia 950/950 XL; Trinity NuAns Neo; VAIO VPB051. "Devices not on this list will not officially receive the Windows 10 Creators Update nor will they receive any future builds from our Development Branch that we release as part of the Windows Insider Program. However, Windows Insiders who have devices not on this list can still keep these devices on the Windows 10 Creators Update at their own risk knowing that it's unsupported," said Windows Insider chief Dona Sarkar in today's blog post. Microsoft attributed the short list of support phones to Insider feedback that indicated older phones might not be providing "the best possible experience" for customers. Microsoft also released a Fast Ring test build of Windows 10 Mobile for phones to Fast Ring Insiders today. That build number is 15204 and it includes a number of bug fixes. This is the first Redstone 3 build for Windows Phones. It's only available to Insider phone users of handsets that are on the list above.
Security

NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet (arstechnica.com) 111

An anonymous reader quotes a report from Ars Technica: The Shadow Brokers -- the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits -- just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday's release -- which came as much of the computing world was planning a long weekend to observe the Easter holiday -- contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Windows 2012. It also included a framework dubbed Fuzzbunch, a tool that resembles the Metasploit hacking framework that loads the binaries into targeted networks. Independent security experts who reviewed the contents said it was without question the most damaging Shadow Brokers release to date. One of the Windows zero-days flagged by Hickey is dubbed Eternalblue. It exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocols. Another hacking tool known as Eternalromance contains an easy-to-use interface and "slick" code. Hickey said it exploits Windows systems over TCP ports 445 and 139. The exact cause of the bug is still being identified. Friday's release contains several tools with the word "eternal" in their name that exploit previously unknown flaws in Windows desktops and servers.
Microsoft

Microsoft Experimenting Tabs Experience On File Explorer, Other Apps On Windows 10 (windowscentral.com) 104

Microsoft has begun experimenting with browser tabbing experience on all apps in Windows 10, including File Explorer. From a report on WindowsCentral: According to sources familiar with the matter, Microsoft is currently experimenting internally with a new feature called "Tabbed Shell", which brings the familiar browser tabbing module to all app windows in Windows 10, including the File Explorer. Per our sources, Tabbed Shell is a feature being worked on at an OS level, and doesn't require work from app developers to take advantage of it. By default, Tabbed Shell works with any app window, whether it be Photoshop, File Explorer, or Microsoft Word. Any UWP, Win32 or Centennial app will work. Much like in Edge, you'll find a tabbed interface at the top of a window where you can switch between instances of the same app.
Youtube

YouTube Has a Secret 'Dark Mode' (thenextweb.com) 118

It appears Google has quietly introduced a new "dark mode" for its video portal YouTube, several people are reporting. Here's how to activate it, via The Next Web:
1. Open the Chrome developer tools tab.
2. Windows users can do this by pressing Ctrl + Shift + I.
3. Mac users can do this by pressing Option + Cmd + I.
4. Select the Console tab.
5. Once in Console, paste the following text: document.cookie="VISITOR_INFO1_LIVE=fPQ4jCL6EiE"
6. Hit enter.
7. Close the developer tools tab and refresh the page. Just a little heads-up: YouTube might look slightly different -- though still in white.
8. Click the main settings menu in the top right and find the 'Dark Mode' section.
9. Toggle 'Dark Mode' on and you're settled.

Slashdot Top Deals