Researchers Bypassed Windows Password Locks With Cortana Voice Commands ( 90

Two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems. From a report: Tal Be'ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.

Ask Slashdot: Should We Worry Microsoft Will 'Embrace, Extend, and Extinguish' Linux? ( 431

BrianFagioli writes: While there is no proof that anything nefarious is afoot, it does feel like maybe the Windows-maker is hijacking the Linux movement a bit by serving distros in its store. I hope there is no "embrace, extend, and extinguish" shenanigans going on.

Just yesterday, we reported that Kali Linux was in the Microsoft Store for Windows 10. That was big news, but it was not particularly significant in the grand scheme, as Kali is not very well known. Today, there is some undeniably huge news -- Debian is joining SUSE, Ubuntu, and Kali in the Microsoft Store. Should the Linux community be worried?

My concern lately is that Microsoft could eventually try to make the concept of running a Linux distro natively a thing of the past. Whether or not that is the company's intention is unknown. The Windows maker gives no reason to suspect evil plans, other than past negative comments about Linux and open source. For instance, former Microsoft CEO Steve Ballmer once called Linux "cancer" -- seriously.


Microsoft Confirms Windows 10 'S Mode' ( 90

An anonymous reader shares a report: Microsoft head honcho Joe Belfiore confirmed today that Windows 10 S won't be a separate Windows version anymore and that Microsoft will ship an "S Mode" with Windows 10 starting 2019. "Next year 10S will be a "mode" of existing versions, not a distinct version," Belfiore said today on Twitter.

Chrome On Windows Ditches Microsoft's Compiler, Now Uses Clang ( 94

An anonymous reader quotes a report from Ars Technica: Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows. Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two. But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.

Microsoft To Offer Governments Local Version of Azure Cloud Service ( 28

Microsoft on Monday said it will soon make it possible for government clients to run its cloud technology on their own servers as part of a concerted effort to make Azure more appealing to local and federal agencies. From a report: The pairing of Azure Stack, Microsoft's localized cloud product, and Azure Government, the government-tailored version of Microsoft's cloud, comes as competition against Inc for major clients in the public sector ramps up. The new offering, which will be made available in mid-2018, is designed to appeal to governments and agencies with needs for on-premise servers, such as in a military operation or in an embassy abroad, said Tom Keane, Microsoft Azure's head of global infrastructure.

Do Neural Nets Dream of Electric Sheep? ( 201

An anonymous reader shares a post: If you've been on the internet today, you've probably interacted with a neural network. They're a type of machine learning algorithm that's used for everything from language translation to finance modeling. One of their specialties is image recognition. Several companies -- including Google, Microsoft, IBM, and Facebook -- have their own algorithms for labeling photos. But image recognition algorithms can make really bizarre mistakes. Microsoft Azure's computer vision API added the above caption and tags. But there are no sheep in the image. None. I zoomed all the way in and inspected every speck. It also tagged sheep in this image. I happen to know there were sheep nearby. But none actually present. Here's one more example. In fact, the neural network hallucinated sheep every time it saw a landscape of this type. What's going on here?

Are neural networks just hyper-vigilant, finding sheep everywhere? No, as it turns out. They only see sheep where they expect to see them. They can find sheep easily in fields and mountainsides, but as soon as sheep start showing up in weird places, it becomes obvious how much the algorithms rely on guessing and probabilities. Bring sheep indoors, and they're labeled as cats. Pick up a sheep (or a goat) in your arms, and they're labeled as dogs.


Windows Phone 8.1 Users Are Having Trouble Downloading Apps From the Store ( 64

An anonymous reader shares a report: While Microsoft ended mainstream support for Windows Phone 8.1 more than six months ago, there are some users that still utilize the platform as their daily driver. Although the company's overall mobile initiative isn't faring too well either, most users on older platforms are still there because they prefer it over the competition or weren't offered an upgrade path to Windows 10 Mobile. However, it now appears that Windows Phone 8.1 users are facing some unforeseen problems with the Store - and no, it isn't regarding the dearth of apps. According to reports, people on the platform have been unable to download apps from the Store since yesterday. Hundreds of people over in Windows phone Facebook groups, Reddit, and Microsoft support forums are complaining that they are being hit with error code 80070020 when attempting to download apps from the Store using their Windows Phone 8.1 devices. We have confirmed the presence of the issue on our devices too.

Google's Slack Competitor 'Hangouts Chat' Comes Out of Beta ( 52

Frederic Lardinois reports via TechCrunch: Hangouts Chat, Google's take on modern workplace communication, is now generally available and is becoming a core part of G Suite. Hangouts Chat was first announced at Google Cloud Next 2017, together with Hangouts Meet. While Meet went right into public availability, though, Chat went into an invite-only preview. Now, Google is rolling Chat out to all G Suite users over the course of the next seven days (so if you don't see it yet, don't despair). For all intents and purposes, Hangouts Chat is Google's take on Slack, Microsoft Teams and similar projects. Since Google first announced this project, Atlassian also joined the fray with the launch of Stride. Like its competitors, Chat is available on iOS, Android and the web.

Chat currently supports 28 languages and each room can have up to 8,000 members. What's maybe just as important, though, is that Google has already built an ecosystem of partners that are integrating with Chat by offering their own bots. They include the likes of Xero, RingCentral, UberConference, Salesforce, Zenefits,, Jira, Trello, Wrike and Kayak. There's even a Giphy bot. Developers can also build their own bots and integrate their own services with Chat.


New Apple Patent Imagines an OLED Screen As a Keyboard For MacBooks ( 119

An anonymous reader quotes a report from The Verge: The United States Patent and Trademark Office has granted Apple a patent titled "dual display equipment with enhanced visibility and suppressed reflections." The documentation for what is patent number 9,904,502 outlines a device that would use a second display as a dynamic keyboard. Two implementations of this design are described in the patent application, according to Patently Apple. The first utilizes a permanent hinge, while the second allows the screen to be removed and used separately, along the lines of Microsoft's Surface Pro range and other two-in-one computers. The patent documentation makes it clear that the implementation is not intended as an accessory that would allow two iPads to be paired together, with one serving as the keyboard. Additionally, illustrations associated with the application explicitly state that one screen is an OLED display, while the other is an LCD. A double-display set-up could provide easy access to a different keyboard layout language, context-sensitive controls, or even a large sketching surface to use in conjunction with something like an Apple Pencil. However, that flexibility would come at the cost of the traditional typing experience offered by a mechanical keyboard.

Bill Gates: Cryptocurrency Is 'Rare Technology That Has Caused Deaths In a Fairly Direct Way' ( 161

An anonymous reader quotes a report from CNBC: During a recent "Ask Me Anything" session on Reddit, the Microsoft co-founder said that the main feature of cryptocurrencies is the anonymity they provide to buyers, and Gates thinks that can actually be harmful. "The government's ability to find money laundering and tax evasion and terrorist funding is a good thing," he wrote. "Right now, cryptocurrencies are used for buying fentanyl and other drugs, so it is a rare technology that has caused deaths in a fairly direct way." When a Reddit user pointed out that plain cash can also be used for illicit activities, Gates said that crypto stands out because it can be easier to use. "Yes -- anonymous cash is used for these kinds of things, but you have to be physically present to transfer it, which makes things like kidnapping payments more difficult," he wrote. Gates also warned that the wave of speculation surrounding cryptocurrencies is "super risky for those who go long."

Supreme Court Wrestles With Microsoft Data Privacy Fight ( 163

Supreme Court justices on Tuesday wrestled with Microsoft's dispute with the U.S. Justice Department over whether prosecutors can force technology companies to hand over data stored overseas, with some signaling support for the government and others urging Congress to pass a law to resolve the issue. From a report: Chief Justice John Roberts and Justice Samuel Alito, both conservatives, hinted during an hour-long argument in the case at support for the Justice Department's stance that because Microsoft is based in the United States it was obligated to turn over data sought by prosecutors in a U.S. warrant. As the nine justices grappled with the technological complexities of email data storage, liberals Ruth Bader Ginsburg and Sonia Sotomayor questioned whether the court needed to act in the data privacy case in light of Congress now considering bipartisan legislation that would resolve the legal issue. A ruling is due by the end of June.
Education Celebrates 5th Anniversary, Success In Changing K-12 Education Policy ( 36

theodp writes: It's exactly five years since launched with the video What Most Schools Don't Teach ," noted in a Monday blog post entitled Dedicating Our 5 year Anniversary to our Partners. "Since then, tens of millions of students have begun learning computer science, hundreds of thousands of schools have begun teaching CS, tens of thousands of teachers have attended workshops to introduce CS in their classrooms, hundreds of school districts have added CS to their curriculum, and forty U.S. states and 25 countries have announced policies and plans to support CS in schools [...] We should start by thanking our amazing donors, particularly Amazon [$10+ million], Facebook [$10+ million], Google [$3+ million], Infosys [$10+ million], and Microsoft [$10+ million]. Whether it's corporate funders, foundations, or individual donors, without your generous funding, we wouldn't exist [...] Changing education policies in forty states wouldn't be possible without the help of Microsoft, College Board, Amazon, and every partner in the Advocacy Coalition [...] We're particularly fortunate and proud to have had the vocal support of Bill Gates [$4+ million] and Mark Zuckerberg [$1+ million] since day one." Hey, it takes a corporate village to raise a CS-savvy child!

Microsoft Updates Guideline on Windows Driver Security ( 17

An anonymous reader shares a report: Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws. The new guide -- also available as a one-document PDF -- is authored by Microsoft's Don Marshall and comes to replace an older help page. [...] While the driver security checklist is a must-read for any software developer and not just driver authors, the guide on assessing "threat modeling for drivers" is also something that software engineers should take a peek at.

Microsoft Starts Selling Lumia Windows Phones Again ( 111

After removing its Lumia devices back in June, Microsoft has started selling them again at the company's online retail store. According to Windows Latest, Microsoft U.S. Store is selling the Lumia 950 for $399, Lumia 950 XL for $499, Lumia 550 and Lumia 650 for $139 and $199 respectively. From the report: A Microsoft Store sales agent confirmed to us that Lumia phones are back in the store on February 4 after a long gap. "They are recently back this early February. Specifically, on February 4th 2018," Microsoft sales team told us. Rumor had it that Microsoft wanted to sell as many Lumias as possible until stores ran out of stock, but it looks like the plans have changed or the company is selling the remaining stock which they recently discovered.

Apple Confirms It Uses Google's Cloud For iCloud Services ( 46

An anonymous reader quotes a report from CNBC: A file that Apple updated on its website last month provides the first acknowledgment that it's relying on Google's public cloud for data storage for its iCloud services. The disclosure is fresh evidence that Google's cloud has been picking up usage as it looks to catch up with Amazon and Microsoft in the cloud infrastructure business. Some media outlets reported on Google's iCloud win in 2016, but Apple never provided confirmation. Apple periodically publishes new versions of a PDF called the iOS Security Guide. For years the document contained language indicating that iCloud services were relying on remote data storage systems from Amazon Web Services, as well as Microsoft's Azure. But in the latest version, the Microsoft Azure reference is gone, and in its place is Google Cloud Platform. Before the January update, Apple most recently updated the iOS Security Guide in March. The latest update doesn't indicate whether Apple is using any Google cloud services other than core storage of "objects" like photos and videos. The document also doesn't make it clear when Apple started storing data in Google's cloud.

Office 365 Growth Opportunity 'a Lot Bigger Than Anything We've Achieved', Microsoft CEO Satya Nadella Says ( 153

Microsoft CEO Satya Nadella on Monday suggested that Microsoft could grow more from its Office 365 line of cloud productivity apps than anything in the company's 43-year history. From a report: With business editions of Office 365, Microsoft faces competition from Google, as well as younger players like Box and Dropbox, in the race to get companies collaborating in apps running on remote cloud servers. "The growth opportunity for what is Office 365 is a lot bigger than anything we've achieved, even with our high penetration in the client-server world," Nadella said at the Morgan Stanley Technology Media and Telecom conference in San Francisco. When companies transition from Microsoft's traditional licensing business to cloud-based subscriptions, it's "not a one-for-one move," Nadella told Morgan Stanley analyst Keith Weiss at the event. Microsoft recently introduced the Microsoft 365 bundle, which includes Office as well as Windows, along with enterprise security and mobility services. Nadella also talked up the company's potential in the Azure public cloud infrastructure business, where it competes with Google as well as Amazon Web Services. "We had a good business in our server business, but this business is orders of magnitude bigger than what used to be a successful server business," he said.

Hackers Are Selling Legitimate Code-signing Certificates To Evade Malware Detection ( 50

Zack Whittaker, writing for ZDNet Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. New research by Recorded Future's Insikt Group found that hackers and malicious actors are obtaining legitimate certificates from issuing authorities in order to sign malicious code. That's contrary to the view that in most cases certificates are stolen from companies and developers and repurposed by hackers to make malware look more legitimate. Code-signing certificates are designed to give your desktop or mobile app a level of assurance by making apps look authentic. Whenever you open a code-signed app, it tells you who the developer is and provides a high level of integrity to the app that it hasn't been tampered with in some way. Most modern operating systems, including Macs , only run code-signed apps by default.
Data Storage

Dropbox Shows How It Manages Costs By Deleting Inactive Accounts ( 29

Dropbox employs a somewhat unusual technique to lower its costs, the cloud software company revealed on Friday in its filing to go public . From a report: In a process the company calls "infrastructure optimization," Dropbox said it deletes users' accounts if they don't sign in for a year and don't respond to emails. That keeps the company from incurring storage costs for inactive users, a tactic Yahoo has used in the past. Dropbox said that the costs of revenue dropped 6 percent in 2017 to $21.7 million, mostly due to a $35.1 million reduction "in our infrastructure costs." As it prepares to lure public market investors, Dropbox is paying particularly close attention to its expenses. The company operates in an intensively competitive market against vendors including Apple, Amazon, Box, Google and Microsoft. Once reliant on Amazon Web Services , Dropbox has moved away from public cloud in recent years and has been building its own data center infrastructure to store the majority of user data. Another way it's managed costs is by making sure that there weren't too many copies of users' files on third-party infrastructure.

The College Board Pushes To Make Computer Science a High School Graduation Requirement 132

theodp writes: Education Week reports that the College Board wants high schools to make it mandatory for students to take computer science before they graduate. The call came as the College Board touted the astonishing growth in its Advanced Placement (AP) computer science courses, which was attributed to the success of its new AP Computer Science Principles (AP CSP) class, a "lite" alternative to the Java-based AP CS A course. "The College Board is willing to invest serious resources in making this viable -- much more so than is in our economic interest to do so," said College Board President David Coleman. "To governors, legislators, to others -- if you will help us make this part of the life of schools, we will help fund it."

Just two days before Coleman's funds-for-compulsory-CS offer, Education Week cast a skeptical eye at the tech sector's role in creating a tremendous surge of enthusiasm for K-12 CS education. Last spring, The College Board struck a partnership with the Chan Zuckerberg Initiative with a goal of making AP CSP available in every U.S. school district. Also contributing to the success of the College Board's high school AP CS programs over the years has been tech-bankrolled, as well as tech giants Microsoft and Google. The idea of a national computer programming language requirement for high school students was prominently floated in a Google-curated Q&A session with President Obama (video) following the 2013 State of the Union address.

Slashdot Top Deals