Miscellaneous Tech News
-
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user's. By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically. -
@mlnews said in Miscellaneous Tech News:
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user's. By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically.Days late, we've discussed this in depth. Arstechnica needs to step up their game
-
Overwatch to change cowboy character McCree's name
Jesse McCree, a character in Blizzard's Overwatch game, will be renamed in the wake of fallout over sexual harassment allegations against the company.
The in-game McCree, a revolver-toting cowboy character, was named after a real-life Blizzard staff member. In August, he and two other executives left the company without explanation. In a statement, the Overwatch team said it was "necessary to change the name... to something that better represents what Overwatch stands for". "Going forward, in-game characters will no longer be named after real employees," it promised. But the Overwatch developers did not reveal what the character's new name would be. -
Azure Databases Compromised.
-
Update on Windows 11 minimum system requirements and the PC Health Check app
First, an update on Windows 11 minimum system requirements based, in part, on feedback from the Windows Insider community. Second, information on the updated PC Health Check app that is now available to Windows Insiders.
-
-
@dustinb3403 said in Miscellaneous Tech News:
Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Arstechnica needs to step up their game
-
@dustinb3403 said in Miscellaneous Tech News:
Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Who woulda thought that misconfiguring services could open up vulnerabilities?
-
@obsolesce said in Miscellaneous Tech News:
Who woulda thought that misconfiguring services could open up vulnerabilities?
WTF are you trying to say here?
Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.
-
@jaredbusch said in Miscellaneous Tech News:
@obsolesce said in Miscellaneous Tech News:
Who woulda thought that misconfiguring services could open up vulnerabilities?
WTF are you trying to say here?
Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.
I took it as a misconfiguration on the customers part. But reading it again now, not sure if a misconfiguration on MS's part or the customer. But yes, that is in addition to a vulnerability with the service itself. That part I wasn't debating.
-
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience too -
@hobbit666 said in Miscellaneous Tech News:
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience tooOMG! about fucking time!!!! they brought that back.
-
@hobbit666 said in Miscellaneous Tech News:
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience tooKinda ridiculous it took this long. I always liked that you could do it when installing a Linux OS.
-
New Fossil smartwatches are still stuck in the bad old days of Wear OS
Gen 6 watches are slower, costlier, and have older software than a Galaxy Watch 4.
Before Samsung showed up and took over the Wear OS ecosystem, the top Android smartwatch manufacturer was Fossil. Even after Samsung's arrival, Fossil is still going, and today the company announced the Fossil Gen 6 watches. The Gen 6 Fossil watches are the company's first to ship with Qualcomm's Snapdragon Wear 4100+, a 12 nm, Cortex A53-based ARM chip. The "plus" at the end of that 4100 model number means there's a low-power co-process on the SoC now, which can handle things like health tracking without waking up the big cores. It looks like the new SoC is the only upgrade over the gen 5 watches. There's still a 1.28-inch OLED display, 1GB of RAM, and 8GB of storage. Fossil doesn't say how big the battery is, but it charges to 80 percent in 30 minutes. The watch has GPS, NFC, Wi-Fi, a PPG heart rate sensor, and is water-resistant. -
@mlnews said in Miscellaneous Tech News:
New Fossil smartwatches are still stuck in the bad old days of Wear OS
Gen 6 watches are slower, costlier, and have older software than a Galaxy Watch 4.
Before Samsung showed up and took over the Wear OS ecosystem, the top Android smartwatch manufacturer was Fossil. Even after Samsung's arrival, Fossil is still going, and today the company announced the Fossil Gen 6 watches. The Gen 6 Fossil watches are the company's first to ship with Qualcomm's Snapdragon Wear 4100+, a 12 nm, Cortex A53-based ARM chip. The "plus" at the end of that 4100 model number means there's a low-power co-process on the SoC now, which can handle things like health tracking without waking up the big cores. It looks like the new SoC is the only upgrade over the gen 5 watches. There's still a 1.28-inch OLED display, 1GB of RAM, and 8GB of storage. Fossil doesn't say how big the battery is, but it charges to 80 percent in 30 minutes. The watch has GPS, NFC, Wi-Fi, a PPG heart rate sensor, and is water-resistant.Just got a Gen 5 refurb and can't really complain. One of the guys at work is a die-hard Samsung fan but won't get another one of their watches until they either ditch the Samsung Pay or at least allow their stuff to work with the Google Pay ecosystem.
-
Hackers steal $29 million from crypto-platform Cream Finance
Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.
The company confirmed the hack earlier today, half an hour after blockchain security firm PeckShield noticed signs of an ongoing attack. Cream Finance said the hacker used a “reentrancy attack” in its “flash loan” feature to steal 418,311,571 in AMP tokens (estimated at around $25.1 million at the time of the hack) and 1,308.09 in ETH coins (estimated at around $4.15 million). The term “flash loan” refers to a contract (script) that runs on the Etherium blockchain that allows Cream Finance users to take quick loans from the company’s funds and then return them at a later date. -
South Korea law forces Google and Apple to open up app store payments
App store owners won't be able to lock developers into their 30 percent fees.
South Korea will soon pass a law banning Apple's and Google's app store payment requirements. An amendment to South Korea’s Telecommunications Business Act will stop app store owners from requiring developers to use in-house payment systems. The law also bans app store owners from unreasonably delaying the approval of apps or deleting them from the marketplace, which the country fears is used as a method of retaliation. As The Wall Street Journal reports, the law has passed South Korea's National Assembly (the country's Congress equivalent), and President Moon Jae-in is expected to sign the bill into law. -
@mlnews said in Miscellaneous Tech News:
South Korea law forces Google and Apple to open up app store payments
App store owners won't be able to lock developers into their 30 percent fees.
South Korea will soon pass a law banning Apple's and Google's app store payment requirements. An amendment to South Korea’s Telecommunications Business Act will stop app store owners from requiring developers to use in-house payment systems. The law also bans app store owners from unreasonably delaying the approval of apps or deleting them from the marketplace, which the country fears is used as a method of retaliation. As The Wall Street Journal reports, the law has passed South Korea's National Assembly (the country's Congress equivalent), and President Moon Jae-in is expected to sign the bill into law.In OTHER NEWS the US is perfectly complacent with the Monopolies run by Google and Apple with regards to their respective App Stores.
-
Microsoft sinks standalone Hyper-V Server, wants you using Azure Stack HCI for VM-wrangling
Microsoft won't ship a new version of Hyper-V Server – the free tool it offers alongside Windows Server to build hybrid clouds and manage fleets of virtual machines – with Windows Server 2022.
-
@danp said in Miscellaneous Tech News:
Microsoft sinks standalone Hyper-V Server, wants you using Azure Stack HCI for VM-wrangling
Microsoft won't ship a new version of Hyper-V Server – the free tool it offers alongside Windows Server to build hybrid clouds and manage fleets of virtual machines – with Windows Server 2022.
Just one less competitor in the market space, which will only drive up VMWare sales for the small businesses that don't see the value in using hosted services.
Edit: And who don't have/know there are alternatives to hosted/VMware because of marketing.
