Microsoft

Auto Added by WPeMatico

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says.

In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft.

F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk.

The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

It’s not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal “anything that happens to be in memory,” like passwords and corporate network credentials, which can lead to a deeper compromise.

Their findings were shared with Microsoft, Apple, and Intel prior to release. According to the researchers, only a smattering of devices aren’t affected by the attack. Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with “Home” licenses are out of luck. And, any Apple Mac equipped with a T2 chip are not affected, but a firmware password would still improve protection.

Both Microsoft and Apple downplayed the risk.

Acknowledging that an attacker needs physical access to a device, Microsoft said it encourages customers to “practice good security habits, including preventing unauthorized physical access to their device.” Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.

When reached, Intel would not to comment on the record.

In any case, the researchers say, there’s not much hope that affected computer makers can fix their fleet of existing devices.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” said Segerdahl. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Companies, and users, are “on their own,” said Segerdahl.

“Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” he said.

The Boring Company proves life can be a video game

The Boring Company just posted a video on Twitter showing its latest digging machine can be controlled by an Xbox One controller. Because, if you’re going to dig holes, why not make it a bit of fun?

Software makes it easy to map PC controls to an Xbox pad. Instead of developing and fabricating a custom controller, using an Xbox gamepad is a cost-effective alternative for a lot of organizations. The military services agree. In its latest subs the US Navy tapped the Xbox 360 controller to maneuver submarine periscopes and the Army’s anti-drone laser uses an Xbox controller. They’re used to control robots and drones, too.

The reasoning is simple: A lot of research goes into game controllers. Microsoft reportedly spent over $100 million on the Xbox One controller, which, is just an updated version of the Xbox 360 controller. More than that, these controllers, whether of the Microsoft or Sony variant, are already familiar to most users. Operators do not have to learn a new set of controls. They can pick up a controller and be familiar within seconds.

And if the Xbox or Playstation controller doesn’t offer enough buttons, companies could always look to repurposing Steel Battalion controllers.

Best video game ever pic.twitter.com/DlGFsji76l

— The Boring Company (@boringcompany) September 8, 2018

Microsoft no longer taking new enrollments for its Surface Plus financing program

Microsoft has quietly ended its Surface Plus financing program about a year after it launched. In a message on its site, the company said it stopped taking new enrollments on August 31 “after much thought and consideration.” The change does not affect existing customers, however, who will still be covered by their current financing plans.

Financed by Klarna, a Stockholm-headquartered online financial services provider, the Surface Plus financing program launched in August 2017. It targeted students and other people who wanted an affordable way to own a Surface device, allowing them to spread payments over 24 months. The Surface Plus plan also enabled customers to upgrade to the latest device after 18 months, as long as they returned their previous device in good working condition.

In a FAQ, Microsoft said existing customers will still be able to upgrade their Surface under the plan’s terms. The program’s end also does not affect existing warranty plans.

Microsoft’s Surface Plus for Business payment plans launched around the same time as the Surface Plus program and it looks like it will continue. TechCrunch has contacted Microsoft for more information.

Epic Games just gave a perk for folks to turn on 2FA; every other big company should, too

Let’s talk a bit about security.

Most internet users around the world are pretty crap at it, but there are basic tools that companies have, and users can enable, to make their accounts, and lives, a little bit more hacker-proof.

One of these — two-factor authentication — just got a big boost from Epic Games, the maker of what is currently The Most Popular Game In The World: Fortnite.

Epic is already getting a ton of great press for what amounts to very little effort.

Son: Do you know what two-factor authentication is?
Me: Uh, yeah?
Son: I get a free dance on @Fortnitegame if I enable two factor. Can we do that?

Incentives matter.

— Dennis (@DennisF) August 23, 2018

The company is giving users a new emote (the victory dance you’ve seen emulated in airports, playgrounds and parks by kids and tweens around the world) to anyone who turns on two-factor authentication. It’s one small (dance) step for Epic, but one giant leap for securing their users’ accounts.

The thing is any big company could do this (looking at you Microsoft, Apple, Alphabet and any other company with a huge user base).

Apparently the perk of not getting hacked isn’t enough for most users, but if you give anyone the equivalent of a free dance, they’ll likely flock to turn on the feature.

It’s not that two-factor authentication is a panacea for all security woes, but it does make life harder for hackers. Two-factor authentication works on codes, basically tokens, that are either sent via text or through an over-the-air authenticator (OTA). Text messaging is a pretty crap way to secure things, because the codes can be intercepted, but OTAs — like Google Authenticator or Authy — are sent via https (pretty much bulletproof, but requiring an app to use).

So using SMS-based two-factor authentication is better than nothing, but it’s not Fort Knox (however, these days, even Fort Knox probably isn’t Fort Knox when it comes to security).

Still, anything that makes things harder for crimes of opportunity can help ease the security burden for companies large and small, and the consumers and customers that love them (or at least are forced to pay and use them).

I’m not sure what form the perk could or should take. Maybe it’s the promise of a free e-book or a free download or an opportunity to have a live chat with the celebrity, influencer or athlete of a user’s choice. Whatever it is, there’re clearly something that businesses could do to encourage greater adoption.

Self-preservation isn’t cutting it. Maybe an emote will do the trick.

Big tech companies are looking at Hollywood as the next stage in their play for the cloud

This week, both Microsoft and Google made moves to woo Hollywood to their cloud computing platforms in the latest act of the unfolding drama over who will win the multi-billion dollar business of the entertainment industry as it moves to the cloud.

Google raised the curtain with a splashy announcement that they’d be setting up their fifth cloud region in the U.S. in Los Angeles. Keeping the focus squarely on tools for artists and designers the company talked up its tools like Zync Render, which Google acquired back in 2014, and Anvato, a video streaming and monetization platform it acquired in 2016.

While Google just launched its LA hub, Microsoft has operated a cloud region in Southern California for a while, and started wooing Hollywood last year at the National Association of Broadcasters conference, according to Tad Brockway, a general manager for Azure’s storage and media business.

Now Microsoft has responded with a play of its own, partnering with the provider of a suite of hosted graphic design and animation software tools called Nimble Collective.

Founded by a former Pixar and DreamWorks animator, Rex Grignon, Nimble launched in 2014 and has raised just under $10 million from investors including the UCLA VC Fund and New Enterprise Associates, according to Crunchbase.

“Microsoft is committed to helping content creators achieve more using the cloud with a partner-focused approach to this industries transformation,” said Tad Brockway, General Manager, Azure Storage, Media and Edge at Microsoft, in a statement. “We’re excited to work with innovators like Nimble Collective to help them transform how animated content is produced, managed and delivered.”

There’s a lot at stake for Microsoft, Google and Amazon as entertainment companies look to migrate to managed computing services. Tech firms like IBM have been pitching the advantages of cloud computing for Hollywood since 2010, but it’s only recently that companies have begun courting the entertainment industry in earnest.

While leaders like Netflix migrated to cloud services in 2012 and 21st Century Fox worked with HP to get its infrastructure on cloud computing, other companies have lagged. Now companies like Microsoft, Google, and Amazon are competing for their business as more companies wake up to the pressures and demands for more flexible technology architectures.

As broadcasters face more demanding consumers, fragmented audiences, and greater time pressures to produce and distribute more content more quickly, cloud architectures for technology infrastructure can provide a solution, tech vendors argue.

Stepping into the breach, cloud computing and technology service providers like Google, Amazon, and Microsoft are trying to buy up startups servicing the entertainment market specifically, or lock in vendors like Nimble through exclusive partnerships that they can leverage to win new customers. For instance, Microsoft bought Avere Systems in January, and Google picked up Anvato in 2016 to woo entertainment companies.

The result should be lower cost tools for a broader swath of the market, and promote more cross-pollination across different geographies, according to Grignon, Nimble’s chief executive.

“That worldwide reach is very important,” Grignon said. “In media and entertainment there are lots of isolated studios around the world. We afford this pathway between the studio in LA and the studio in Bangalore. We open these doorways.”

There are other, more obvious advantages as well. Streaming — exemplified by the relationship between Amazon and Netflix is well understood — but the possibility to bring costs down by moving to cloud architectures holds several other distribution advantages as well as simplifying processes across pre- and post-production, insiders said.

 

Microsoft acquires conversational AI startup Semantic Machines to help bots sound more lifelike

Microsoft announced today that it has acquired Semantic Machines, a Berkeley-based startup that wants to solve one of the biggest challenges in conversational AI: making chatbots sound more human and less like, well, bots.

In a blog post, Microsoft AI & Research chief technology officer David Ku wrote that “with the acquisition of Semantic Machines, we will establish a conversational AI center of excellence in Berkeley to push forward the boundaries of what is possible in language interfaces.”

According to Crunchbase, Semantic Machines was founded in 2014 and raised about $20.9 million in funding from investors including General Catalyst and Bain Capital Ventures.

In a 2016 profile, co-founder and chief scientist Dan Klein told TechCrunch that “today’s dialog technology is mostly orthogonal. You want a conversational system to be contextual so when you interpret a sentence things don’t stand in isolation.” By focusing on memory, Semantic Machines’ AI can produce conversations that not only answer or predict questions more accurately, but also flow naturally.

Instead of building its own consumer products, Semantic Machines focused on enterprise customers. This means it will fit in well with Microsoft’s conversational AI-based products, including Microsoft Cognitive Services and Azure Bot Service, which are used by one million and 300,000 developers, respectively, and virtual assistants Cortana and Xiaolce.

Those huge CPU vulnerabilities, Meltdown and Spectre, explained

TwitterFacebook

By now you’ve probably heard. A large portion of the world’s computer processors are vulnerable to at least one of two exploits that render them susceptible to hackers. But what, exactly, is going on — and what can you do to protect yourself?

While the answer to the first question is complicated, thankfully the answer to the second isn’t. It turns out that companies like Google and Microsoft have been working behind the scenes to create patches for what the security community has named Meltdown and Spectre. 

But we’re not out of the woods yet, and, depending on your operating system, you still need to take some proactive measures to make sure your data is safe.  Read more…

More about Google, Apple, Android, Microsoft, and Hackers

Africa Roundup: MEST, Airbus and Microsoft expand in Africa, while Afrostream shutters

 MEST appointed Aaron Fu as its new Managing Director, as the Accra based incubator scales up its presence across Sub-Saharan Africa. Founded in 2008, MEST operates as a training program and seed fund for African innovators to build successful commercial tech companies. Fu told TechCrunch he plans to focus on the incubator’s continued expansion. The organization currently has offices or… Read More

Powered by WPeMatico

Microsoft's Bing wants you to chat with search results

TwitterFacebook

Microsoft is testing developer tools that allow chatbots directly in Bing’s search resultsReports of the tests in Seattle and surrounding areas have been around for at least a month. The bots are powered by Skype.

Image: microsoft

The bots are currently limited to a handful of locations. Searching for a participating location reveals an option to ask the bot for help directly in the browser, as with El Gaucho (pictured above). The bots can answer basic queries about the location’s parking info, hours, and more via both buttons as well as natural language input. 

More about Skype, Bing, Search, Microsoft, and Tech

Powered by WPeMatico

Microsoft’s killer feature for its Chromebook competitor is Office

 Microsoft just unveiled a new operating system at a press event this morning. Windows 10 S is a streamlined and more secure version of Windows 10. But it still looks and feels like a normal PC. And it runs essential apps like Word, Excel and PowerPoint. While I haven’t used Office apps for years, I spent most of my days using them back when I was in a student. I used Word to write… Read More

Powered by WPeMatico

Microsoft HoloLens delivers first ever augmented reality Easter Egg hunt

TwitterFacebook

Easter Sunday is just hours away, and since it’s 2017, and we’re apparently living in the future, Microsoft has unveiled the first ever augmented reality Easter Egg hunt. 

The game was unveiled this weekend in Los Angeles at the VRLA conference where Microsoft and a team of AR developers allowed me to enter a surrealist forest construct where holographic eggs could be found using the HoloLens headset. 

While the rest of the world can only see the physical environment of the forest room space, using the HoloLens I was immediately presented with a living landscape, filled with the sounds of birds, animated flowers and rabbits furtively scurrying around the space. And when I discovered my first Easter Egg, the egg responded to my gaze by exploding open into a Disney-like flourish of color and sound.  Read more…

More about Augmented Reality, Ar, Microsoft, Hololens, and Easter

Powered by WPeMatico

Microsoft is closing the social network you forgot it ever launched

 So.cl, the little-known and probably much-forgotten social network project from Microsoft Research’s FUSE Labs division, is closing down. The service was launched in late 2011 as a social community where the objective was “collaborative consumption, not communication.” Initially for students, So.cl opened up to anyone once it had gotten going and subsequently added support… Read More

Powered by WPeMatico

HP embraces 'lapability' with new Pro x2 detachable PC

TwitterFacebook

It’s been four years since Microsoft introduced its first Surface tablet and at least two since they coined the term “lapability,” which is another way of saying, “This device is really comfortable on your lap.”

In that time, Windows system manufacturers have slowly but surely adopted Microsoft’s strategy of stuffing full-blown Windows PCs into tablets that can marry with keyboards and turn into lap-friendly ultra-portable devices. In general, Microsoft’s designs for the Surface Pro 3 and 4 have been the range’s apex, and most partners have offered only pale imitations. Read more…

More about Tablets, Microsoft, Hp Pro X2 612 G2, Mobile World Congress, and Hp

Powered by WPeMatico

Microsoft launches Skype Lite Android app for India and other emerging markets

screenshot-2017-02-22-14-08-23 Microsoft has retooled Skype, the messaging service synonymous with business users, for people living in emerging markets. Today, at its Future Decoded event in India, Microsoft took the wraps off Skype Lite. The service is an Android app that mains the core video and voice calling functionalities, but is optimized for those on limited internet connections such as 2G data. It… Read More

Powered by WPeMatico

Amazon, Google, Microsoft, and other tech firms donated cash and services to Trump inauguration

Technology companies including Amazon, Google and Microsoft donated considerable amounts of both cash and technical services for the ceremonies and events around the inauguration and swearing in of President Donald Trump, according to reports making the internet rounds on Tuesday night.

(more…)

Powered by WPeMatico

Google Cloud takes aim at Microsoft customers with new Windows VMs

disrupt_sf16_diane_greene-3758 Google announced several new products today aimed at luring IT pros who are using Windows in their data centers to the Google Cloud Platform. With that in mind, Google introduced support for Microsoft SQL Server Enterprise and Windows Server Core on the Cloud Platform. In addition, the company announced support for SQL Server Always-On Availability Group for customers who are concerned about… Read More

Powered by WPeMatico

Google Cloud takes aim at Microsoft customers with new Windows VMs

disrupt_sf16_diane_greene-3758 Google announced several new products today aimed at luring IT pros who are using Windows in their data centers to the Google Cloud Platform. With that in mind, Google introduced support for Microsoft SQL Server Enterprise and Windows Server Core on the Cloud Platform. In addition, the company announced support for SQL Server Always-On Availability Group for customers who are concerned about… Read More

Powered by WPeMatico

With Windows 10, Microsoft doubles down on forced updates and reboots (save your work!)

Windows 10 takes one of the most hated aspects of Microsoft operating systems — forced, sudden software updates and reboots — and elevates them to a sadistic art, with Win 10 machines suddenly announcing that it’s update time and rendering themselves inoperable for up to an hour, wiping out unsaved work and locking users out of their computers while they’re onstage, or in the middle of large file uploads, or livecasting, or completing a live test for college admission, taking notes during an interview, etc.
(more…)

Powered by WPeMatico

Top Microsoft execs weigh in on Trump’s immigration ban

satya-nadella Slowly but surely, the tech world is reacting to a sweeping executive order signed by Trump on Friday that closes the United States’ borders to refugees and citizens from a number of countries. Some have shared personal stories or reflected on the ways in which such policy will negatively impact the Silicon Valley, where so much of the work force has immigrated from around the… Read More

Powered by WPeMatico

Microsoft CEO Satya Nadella is joining the Starbucks board

satya nadella Satya Nadella is set to join the board of Starbucks. The Microsoft CEO was announced as one of a trio of nominees who, if approved by shareholders, will increase the size of the coffee brand’s board to 14 people. Starbucks said Nadella was put forward for his “invaluable insight in international operations and distribution” and, of course, his potential to strengthen… Read More

Powered by WPeMatico

Microsoft partners with Trimble, University of Cambridge to make HoloLens a better tool for the construction industry

2017-01-24_2120 Microsoft has long positioned its HoloLens augmented reality (AR) helmet as a tool for the enterprise. One of the verticals the company has been especially interested in is construction and late last year, Trimble’s $1,499 SketchUp Viewer became the first commercial HoloLens application for the construction industry in the Windows Store. Since then, Microsoft has partnered with Trimble… Read More

Powered by WPeMatico

Crunch Report | Nintendo Switch Hits the Market on March 3

Nintendo Switch to hit the market on March 3, San Francisco District Attorney brings lawsuit against Lily, Moon Express is going to the Moon and Microsoft buys AI startup Maluuba. All this on Crunch Report. Read More

Powered by WPeMatico

Nokia finally returns to the smartphone market

Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f340425%2f6a679e9a-d27e-444d-a168-dc133aeba072

Feed-twFeed-fb

After years of anticipation, Nokia is finally back in the smartphone game. 

To little fanfare, the Finnish technology company HMD Global (HMD) Sunday unveiled the Nokia 6, a mid-range Android smartphone for the Chinese market. HMD owns the rights to use Nokia’s brand on mobile phones. 

The Nokia 6, which runs the newest version of Google’s mobile operating system, Android Nougat, sports a 5.5-inch full HD (1920×1080 pixels) display. With metal on the sides and a rounded rectangular fingerprint scanner housed on the front, the Nokia 6 seems reminiscent of the Samsung Galaxy S7Read more…

More about Windows Phone, Microsoft, Smartphone, Smartphones, and Android

Powered by WPeMatico