Miscellaneous Tech News



  • Unpatched Linux bug may open devices to serious attacks over Wi-Fi

    Buffer overflow can be triggered in Realtek Wi-Fi chips, no user interaction needed.
    A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said. The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013.





  • Alexa and Google Home abused to eavesdrop and phish passwords

    Amazon- and Google-approved apps turned both voice-controlled devices into "smart spies."
    *By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials. Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. *



  • https://mover.io/blog/2019/10/21/mover-acquired-by-microsoft/

    Since we launched Mover, we have dedicated ourselves to being one of the fastest and most recognized cloud storage migrators in the world. Today the next chapter in our journey begins, and I am very happy to announce that Microsoft has acquired Mover.

    As the world moves to Microsoft 365, it needs an excellent self-serve solution for migrating content. Our technology makes us one of the fastest OneDrive and SharePoint document migrators in the world. My team has proven this time and time again by setting migration speed records for the industry, always meeting customer needs. Security, file fidelity, and transfer accuracy are core tenets of our company and we take pride in our reputation.

    Moving forward, we’ll bring our deep expertise and migration technology to serve Microsoft customers. This acquisition will ensure that customers making the move to Microsoft 365 have a seamless and cost effective experience.

    It has been a fantastic journey these last eight years. We have met thousands of wonderful customers and moved more data than I ever imagined. It has been an honor to be trusted by you and your fellow customers.

    On behalf of everyone at Mover, thank you to all our family, friends, customers, partners, investors, and allies who helped us get to where we are today. We couldn’t have done it without you.

    -Best, Eric Warnke

    Also:
    https://blogs.microsoft.com/blog/2019/10/21/microsoft-acquires-mover-to-simplify-and-speed-file-migration-to-microsoft-365/
    Microsoft acquires Mover to simplify and speed file migration to Microsoft 365



  • Hackers steal secret crypto keys for NordVPN. Here’s what we know so far

    Breach happened 19 months ago. Popular VPN service is only disclosing it now.
    Hackers breached a server used by popular virtual network provider NordVPN and stole encryption keys that could be used to mount decryption attacks on segments of its customer base. A log of the commands used in the attack suggests that the hackers had root access, meaning they had almost unfettered control over the server and could read or modify just about any data stored on it. One of three private keys leaked was used to secure a digital certificate that provided HTTPS encryption for nordvpn.com. The key wasn't set to expire until October 2018, some seven months after the March 2018 breach. Attackers could have used the compromised certificate to impersonate the nordvpn.com website or mount man-in-the-middle attacks on people visiting the real one. Details of the breach have been circulating online since at least May 2018.



  • Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
    https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/

    Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow.

    ...

    "Users that have purchased any of the products directly will now have access to a scoped version of the Microsoft 365 admin center that is limited to their purchases. Self-service purchasers are responsible for managing their own billing information, subscriptions and license assignment,"



  • @nadnerB said in Miscellaneous Tech News:

    Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
    https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/

    Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow.

    ...

    "Users that have purchased any of the products directly will now have access to a scoped version of the Microsoft 365 admin center that is limited to their purchases. Self-service purchasers are responsible for managing their own billing information, subscriptions and license assignment,"

    I don't have an issue with this, as the person who paid for the service, should be able to see their information at any time they want.



  • @nadnerB said in Miscellaneous Tech News:

    Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
    https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/

    Microsoft, though, has picked up an obstacle to the "empowerment" for which the Power Platform is intended, which is that users have to work with their IT administrators to get licenses for the services they want to use.

    This sounds like a failing within that business. I know many businesses sadly do suffer this this level of failing.

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.



  • @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.



  • @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.



  • @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

    Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.



  • This is similar to what they have been doing with Teams.



  • @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

    Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

    yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.





  • @JaredBusch said in Miscellaneous Tech News:

    https://spacenews.com/spacex-plans-to-start-offering-starlink-broadband-services-in-2020/

    US only at launch (pun intended), but sounds like global coverage coming quickly.



  • @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

    Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

    yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

    I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.



  • @dbeato said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

    Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

    yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

    I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

    For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.



  • Microsoft’s new Secured-core PC initiative short circuits firmware attacks

    Secured-core extends the root of trust past the boot environment itself.
    Microsoft on Tuesday announced a new hardware security initiative, dubbed Secured-core PC. The short version of what "Secured-core PC" really means is a defense against attacks at the firmware layer. Although actual firmware-based attacks have been relatively uncommon in the field so far, they represent a particularly nasty avenue of exploitation for an advanced, persistent attacker. Once a machine's firmware is compromised, the exploit is persistent across reboots, operating-system re-installations, and even full hard drive replacement. As operating systems themselves become more secure and difficult to compromise and keep compromised, the value of pivoting from a shell to the firmware layer in order to enhance persistence also increases. Even detection of compromised firmware is problematic, since Windows Defender and other antivirus applications run at the operating-system level and don't necessarily have direct access to the firmware.



  • @scottalanmiller said in Miscellaneous Tech News:

    @dbeato said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

    Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

    yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

    I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

    For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.

    likely only workable if you are not using any MS services.



  • @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @dbeato said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    @scottalanmiller said in Miscellaneous Tech News:

    @Dashrender said in Miscellaneous Tech News:

    At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

    Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

    Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

    Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

    yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

    I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

    For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.

    likely only workable if you are not using any MS services.

    Which you'd be heavily encourage not to use after this.



  • Firefox 70 brings Enhanced Tracking Protection and longer battery life

    Firefox 70 brings users privacy, battery, and performance improvements.
    Yesterday, Mozilla released Firefox 70. The newest version of the most-popular fully open source browser expands on the Enhanced Tracking Protection we saw as an option in Firefox 69 and turns that protection on by default for all users. We already saw most of these new features in our Firefox 70 beta coverage, but since then, the features have been expanded upon and fine-tuned, and major new features have appeared or have been added in the Lockwise online password manager for users who have a Firefox cloud account. In addition to automatically generating pseudorandom passwords for you, saving them, and automatically filling out login forms with them, Lockwise continuously scans the Internet for password and database dumps that might contain leaked copies of your credentials. Lockwise does this by comparing a hash of each of your passwords to hashes of the passwords in the dumps and leaks—so you don't have to worry about Mozilla itself, or its employees, "knowing" your password.







  • Microsoft beat expectations with strong Windows revenue, but Xbox had a rough quarter

    Surface didn't post good numbers, but that could change in the next quarter.
    Microsoft beat analyst expectations in its quarterly earnings report, achieving $33.06 billion in revenue in the start of its first 2020 fiscal quarter (which ended September 30) compared to a projected $32.23 billion. That's a 14% increase over the same quarter the prior year. Much of the growth still came from Azure, the company's ever-expanding cloud-services platform, which saw 59% revenue growth. However, that's down just a little from the previous quarter, which saw 64% growth. Azure and other cloud services saw $10.85 billion in revenue.That's not what disappointed analysts and investors. Most expected a similar figure as Azure's growth slows down quarter by quarter and it achieves greater market saturation. (Amazon's more popular AWS has seen slowing growth lately, too).



  • @mlnews Im' not surprised. Xbox doesn't sound like a current product any longer. It's lost mind share in my limited view. It seems like something that quietly faded away. I forget that it's still a thing. Two years ago, that was not the case.



  • @scottalanmiller said in Miscellaneous Tech News:

    @mlnews Im' not surprised. Xbox doesn't sound like a current product any longer. It's lost mind share in my limited view. It seems like something that quietly faded away. I forget that it's still a thing. Two years ago, that was not the case.

    oh? so what still has mindspace for you? PS4?

    MS is starting the move away from the console - like everything else - they are about to release an online streaming gaming solution, no xBox required.



  • @Dashrender said in Miscellaneous Tech News:

    oh? so what still has mindspace for you? PS4?

    PS4, Switch, phones, PC....

    They all seem to get more discussion now.



  • Ubunto 19.10 is available for Raspberry Pi now.

    https://ubuntu.com/download/iot/raspberry-pi

    Install server and then add desktop afterwards. Runs all flavors of ubuntu; lubuntu, xubuntu etc.



  • 4K projector turns any wall into theater-quality screen from inches away

    Vava's 4K projector offers ultra short throw distance and Harman-Kardon speakers.
    This is Vava, a 4K definition Ultra Short Throw (UST) home theater projector retailing for $2,700. For those of you not familiar with the term, UST refers to "throw distance"—the amount of space you need between a projector and screen in order to get the desired image size. This projector also features a built-in Harman-Kardon speaker, motion sensors to keep you from blinding yourself by staring into the laser, and plenty of inputs. A few weeks ago, we reviewed Cinemood, a miniature and fairly low-cost portable projector that unfortunately did not really impress us. Vava is the projector we thought we were getting then, and we're happy to report that it impressed us a lot.



  • @mlnews man I want one of those!


Log in to reply