Entries from May 10, 2015 - May 16, 2015

Saturday
May162015

Microsoft announces six different versions of Windows 10

DateSaturday, May 16, 2015 at 10:00AM

imageThere will be six versions released, with Windows 10 Home, Windows 10 Mobile, Windows 10 Mobile Enterprise, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. As you can see, most people will opt for Home or Professional. Here is a quick run down from Mary Jo Foley:

Windows 10 Home: The consumer-focused desktop edition. This will include the core Windows 10 features, such as the Edge browser, Continuum tablet-mode for touch-capable devices; Cortana integration; free Photos, Maps, Mail, Calendar; Music and Video apps; and Windows Hello face-recognition/iris/fingerprint log-in for devices that support those technologies. On devices with screen sizes of 10.1 inches or less, users also will get Universal Office apps for free, once they are available.

Windows 10 Mobile: This is the SKU for Windows Phones and small Intel- and ARM-based tablets. ("Small" means between three and 7.99 inches in size.) This SKU will include the core Windows 10 features; free Universal Office apps once they are available; and support for Continuum for Phone, allowing customers to use phones as PCs connected to larger screens (but only on new devices supporting certain screen resolutions).

Windows 10 Mobile Enterprise: This is a version of Windows 10 Mobile for volume licensing customers only. According to the blog post, this SKU incorporates the latest security and feature updates to Windows 10 once they are available. There's no word if users will be able to delay these updates in order to test/stagger their delivery, which is offered under Windows Update for Business.

Windows 10 Pro: A desktop version of Windows 10 for mobile workers, tech enthusiasts and other power users. This version is one of at least two -- the other being Windows 10 Enterprise -- that will allow users to opt for Windows Update for Business. Windows Update for Business will allow admins to opt to not receive all feature and security updates from Microsoft immediately after they are available.

Windows 10 Enterprise: This is the Enterprise version of Windows 10 that is available to volume-licensing customers. This version is not part of Microsoft's first-year-free upgrade offer, but those with volume-licensing Software Assurance customers will be able to move to this version as part of their licensing terms. The Enterprise version customers get access to the Long Term Servicing Branch of Windows 10 -- which allows them to opt to receive security fixes only and no new features as Microsoft rolls them out.

Windows 10 Education: This is the version for staff, administrators, students and teachers, and will be available through academic Volume Licensing. Microsoft officials say there will be paths for schools and students to upgrade from Windows 10 Home and Pro, but don't yet provide details on that front.

AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
May152015

Can the Rombertik malware really "destroy computers"? No, no, three times NO!

DateFriday, May 15, 2015 at 12:24PM

Thanks to James Wyke of SophosLabs for doing the hard parts of this article.

We didn't really want to get drawn into this one.

But it's hard to avoid commenting on malware that has variously been described as a "terrifying 'suicide bomber'" and as having a payload that "destroys computers."

That's the sort of computer security hyperbole that does nothing but harm.

The best outcome is that you end up being offensive, as you are when you insist on trotting out the phrase "digital Pearl Harbor" and expecting to be taken seriously.

The worst outcome is that you create an entirely false sense of security by describing a manageable, albeit serious, threat as though it were truly extreme.

By creating the impression that a manageable threat is "as bad as it gets," you undermine your readers' interest in bothering about less serious threats at all.

Introducing Rombertik

The malware in question has been nicknamed "Rombertik" (Sophos products will block it as Troj/Delp-AD).

SophosLabs first came across it in January 2015, one of some 300,000 new malware samples that we encounter each day.

→ The vast majority of the samples we get each day aren't truly new. They're unique only in the strictly technical sense that they consist of a sequence of bytes that we haven't encountered before, in the same way that Good morning and GOOD MORNING are not literally the same. Most of the new samples that show up each day are merely minor variants that we already detect, or known malware that has been encrypted or packaged differently. Nevertheless, that still leaves plenty of samples worth looking at.

Rombertik's primary purpose seems to be to hook itself into your browser so it can keep track of what you type in.

Make no mistake, credential stealing malware of this sort is serious, because it can lead to compromised bank accounts, hacked servers, stolen data, decrypted secrets and more.

But it won't destroy your computer, or kill you along with itself.

The cause of the hype

Where the hype-making headlines come from is an anti-hacking trick that's buried in the malware.

Many Trojans and viruses over the years have had some sort of tamper-detection or tamper-prevention built in, just like the security tools that try to detect them in the first place.

Some malware, like Dyreza, about which we wrote recently, tries to work out if it is being run inside a malware research environment, and behaves entirely innocently if so.

This is the low-key way of avoiding notice: give nothing away at all, so that the file gets overlooked and put to the bottom of the queue for attention.

Other malware, like Rombertik, takes a different approach.

If it detects that you have altered the malware in certain ways – for example, if you are another crook trying to repurpose it without paying for the privilege – it will overwrite vital information on your computer.

In all likelihood, you'll lose your data and end up reinstalling your operating system and applications to get up and running again.

You can call it spite, call it revenge, call it retaliation, call it destructive to your data (that much is perfectly true)...

...just don't say that it destroys the computer, and don't even think of comparing it to suicide bombing.

How it works

For what it's worth, Rombertik's data-wiping techniques go something like this:

Try to wipe out the MBR.

The MBR is the very first data sector on the hard disk, known as the Master Boot Record, and it maintains an index of how your disk is partitioned.

Wiping the MBR really is a spiteful way to proceed, because it leaves you so near, yet so far.

Technically speaking, all your data remains behind, so with the right expertise or recovery tools you may very well get it back, but almost certainly not without plenty of frustration along the way.

It's like putting a vital document through a shredder and then handing back the strips and saying, "There you are. All present and correct! You only have to work out which pieces go where."

Fortunately, writing to the MBR requires Administrator privilege on Windows, so a program run by a regular user can't do it.

If trashing the MBR fails, Rombertik falls back on this:

Starting in the home folder, overwrite almost all files.

In what is almost certainly a bit of gruesome humour from the crooks, Rombertik works just like ransomware, encrypting your files in place on the disk.

The malware chooses a random 256-byte encryption key for each file, but none of the keys is saved anywhere, so you end up with what is effectively random, shredded cabbage instead of your data.

Only files with the extensions .EXE, .DLL, .VXD and .DRV will survive.

What to do?

Ironically, getting hit right away by Rombertik's data-wiping payload is probably a safer outcome than being infected for days or weeks without noticing.

Remember that the non-destructive part of the malware sets out, amongst other things, to snoop on your browsing and steal your data, perhaps even your identity.

Either way, as with any malware, your best bet is not to get infected in the first place:

  • Keep your operating system and applications patched.
  • Use an active anti-virus and keep it up-to-date.
  • Avoid unexpected attachments.
  • Try stricter filtering at your email gateway.

And these precautions will shield you against all sorts of catastrophes, not just destructive malware:

  • Only logon with Administrator privileges when you genuinely need to.
  • Take regular backups, and keep one backup set off-site.
  • Remove unnecessary or unwanted software so there is less to go wrong.
AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
May152015

Lync is now Skype for Business–see what’s new

DateFriday, May 15, 2015 at 11:51AM

If you already use Skype to stay in touch with friends and family in your life away from work, you'll appreciate the power and simplicity of Skype for Business where it's easy to find and connect with co-workers. And you can use the devices you already have to reach businesses through an enterprise-grade, secure, IT-managed platform. If you're coming to Skype for Business from Lync, you'll recognize all of the features you already use but in a fresh new interface with simplified controls and some great new additions:

  • New look and feel

  • Call from Skype for Business using your desk phone for audio

  • Integration with the Skype directory

  • Call Monitor

  • Rate My Call

  • Quick access to call controls

  • Emoticons

New look and feel

If you’re a regular user of the commercial version of Skype, then Skype for Business will seem very familiar: the Contacts list, presence indicators, buttons and icons, and even the app sounds should make you feel right at home.Learn more.

Skype for Business Contacts list

Of course, all the essential Lync features are still there—like the Quick Actions buttons, which let you IM or call a contact (and more) with just one click or tap.

Contact quick actions: IM, audio, video, contact card, and more

In the Skype Meeting window, the simplified arrangement of controls and menus makes it easy to find the command you need. In the conversation window, chat text is formatted so you can easily see who’s talking, and tabbed conversations allow you to keep track of several discussions at once.

IM window with two conversations, and meeting window with Present menu

If you've ever had someone send you a file during an IM conversation, then file transfer preview is another feature of the new Skype for Business look and feel you'll appreciate. When someone sends you a file, select Download in the IM window to update the file's icon, or right-click or tap and hold to forward, preview, or delete it.

Preview a file sent to you during an IM conversation

Call from Skype for Business using your desk phone for audio

IMPORTANT   This feature is available only if your organization has Skype for Business Server 2015.

If you have a PBX (Private Branch Exchange) desk phone and your IT department has configured it to work with Skype for Business you can search for people in your organization and place calls to them from within the Skype for Business user interface, while audio for the call flows through your standard desk (PBX) phone. You can also place calls from the Skype for Business client using any phone near you (like your mobile, home, or hotel phone). The person you’re calling sees your phone number as though you were calling from your company's main phone number. When you make a Skype for Business call with audio routed through your desk phone, you get great audio, plus:

  • IM—so you can do a quick copy/paste of a URL you want to share, for example

  • Desktop and app sharing—so you can easily show and tell, work through problems, or explain stuff with visuals

  • Attachments—send files to the other person without leaving Skype for Business

Diagram of the call via work process

Server admins enable and configure this feature for the enterprise. End users have limited configuration capabilities, which include turning the feature on or off for their individual account (once it's enabled at the enterprise level) and setting the phone number that Skype for Business should call. If the number has been set and locked by the administrator, then outgoing call options will be unavailable.

Screen shot of the Call Handling dialog with the Outgoing Calls section highlighted

For more information, see Make a Skype for Business call but use your PBX desk phone for audio

Integration with the Skype directory

IMPORTANT   This feature requires:

  • Skype for Business Server 2015 or Skype for Business for Office 365 Skype for Business Logo

  • The latest version of Skype Skype logo

Skype for Business users can connect over the Internet with hundreds of millions of Skype users right from the Skype for Business user interface. The first step is to search for your contact.

  1. In the search box on the Contacts view of the Skype for Business main window, type a name, IM address, or desk phone number (if they are in your organization). As you type, search results will start appearing below the search box and the tabs will change from Groups, Status, Relationships, and New:

    When the Search box is empty, the available tabs are Groups, Status, Relationships, and New.

    to My Contacts and Skype Directory:

    When you start typing in the Search box, the tabs below change to My Contacts and Skype Directory.

  2. If the person you are searching for is in your organization, keep the My Contacts tab selected (that's the default). When My Contacts is selected, Skype for Business searches in your organization's address book.

    If the person you are searching for is not in your organization but you know they have a Skype account, click the Skype Directory tab to search for them among the millions of Skype users out there. Knowing their Skype ID and location helps narrow the search quickly. You can also search using their email address or Microsoft account (e.g., JohnDoe@outlook.com).

    NOTE   Your administrator enables or disables the Skype Directory search feature in accordance with your organization's search policy. If you don't see a Skype Directory tab like the one shown in the screen shot above, then you won't be able to search for Skype users.

When you search for contacts in the Skype directory, you can add them to your contact list, have an instant messaging conversation, see their presence information, and have an audio or video call with them. Note that the Skype directory only contains contact information for Skype users, not Skype for Business users. A Skype user who wants to add a Skype for Business user to their contact list must use the Skype for Business user's full email address, such as Joe@contoso.com.

Call Monitor

Call Monitor is a popular Skype feature that's now available in Skype for Business. With Call Monitor, you can move back and forth between a full Skype for Business window, for those times when you're actively participating in the call, and a compact version that lets you continue to monitor call progress—and mute or end the call—while focusing on other tasks.

The compact Call Monitor window appears during an audio or video call whenever the main conversation window is minimized. To show the full conversation window again, simply double-click or double-tap the Call Monitor.

Screen shots of both full Skype for Business windows and minimized window

Rate My Call

The Rate My Call feature lets Skype for Business Server 2015 administrators collect call data, access standard reports, and export raw data for further analysis. This feature is available for on-premises deployments only. Users are prompted to take a survey after completing a call.

Screen shot of the call quality rating dialog

Quick access to call controls

Access to the dial pad and call controls is much improved. For public switched telephone network (PSTN) calls, the dial-pad and call controls remain visible throughout the call. For non-PSTN calls, the dial-pad and call controls are accessible with one click.

Comparison of call controls in PTSN and non-PTSN calls

Emoticons

Skype for Business now includes the same set of emoticons found in the consumer version of Skype. You can turn off emoticons in Skype for Business by going to Options > IM. No server setting is available.

Screen shot showing available emoticons and the control for turning them on and off

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
May142015

Apple confirms that tattooed wrists will confuse Watch

DateThursday, May 14, 2015 at 6:08PM

Apple has stated:

imagePermanent or temporary changes to your skin, such as some tattoos, can ... impact heart rate sensor performance. The ink, pattern, and saturation of some tattoos can block light from the sensor, making it difficult to get reliable readings.

This technology, while difficult to pronounce, is based on a very simple fact: Blood is red because it reflects red light and absorbs green light. Apple Watch uses green LED lights paired with light‑sensitive photodiodes to detect the amount of blood flowing through your wrist at any given moment. When your heart beats, the blood flow in your wrist — and the green light absorption — is greater. Between beats, it's less. By flashing its LED lights hundreds of times per second, Apple Watch can calculate the number of times the heart beats each minute — your heart rate.

Dark inks, such as red, blue and black, are reportedly more likely to obscure heart rate readings, given how colors play into the device's sensor system.

There has also been some conjecture that the watch may not work as well with people who have darker skin. Hmmm, a bigoted watch.

AuthorBob Appleby | CommentPost a Comment |
in
Wednesday
May132015

Why migrate to 802.11ac?

DateWednesday, May 13, 2015 at 5:08PM

sidebar imageMobile devices and apps are pushing Wi-Fi to the limit and there’s no end in sight. Workers are determined to use enterprise apps on personally-owned devices to get more done and it’s placing a huge burden on corporate Wi-Fi networks. That’s why enterprise IT is migrating to 802.11ac, the gigabit Wi-Fi standard.

In this 802.11ac primer learn more about:

  • Why is 802.11ac crucial for today’s all-wireless workplace
  • What are the key technical advantages of this wireless standard
  • Why you should move to 802.11ac

Get the 802.11ac Migration Guide

Let me help you to become the Mobility Hero for your organization today.

If you have any questions or would like to discuss the Aruba product line give Jude Daigle or Bob Appleby a call at 724-838-7526

imageLearn more about the why, the how, and the significant improvements attained by migrating to 802.11ac.

PAconnect
http://www.paconnect.com

AuthorBob Appleby | CommentPost a Comment |
in , ,
Tuesday
May122015

Fliers’ rights to use electronic devices in flight upheld

DateTuesday, May 12, 2015 at 12:00PM

imageIn 2013 the FAA ruled that passengers can use their electronic devices during takeoff and landing. Shortly after, the Association of Flight Attendants sued claiming the FAA had overstepped their authority by changing policy without going through appropriate legal steps. Their major complaint is with passengers ignoring safety briefings and they were worried that phones cam become dangerous projectiles in the case of turbulence.

The District of Columbia Court of Appeals ruled against the AFA on technical grounds, saying that the FAA has always had discretion regarding rules on portable electronics:

In this case, it really does not matter whether Notice N8900.240 is viewed as a policy statement or an interpretive rule. The main point here is that the Notice is not a legislative rule carrying “the force and effect of law.” Perez, 135 S. Ct. at 1204. A legislative rule “modifies or adds to a legal norm based on the agency’s own authority” flowing from a congressional delegation to engage in supplementary lawmaking. Syncor, 127 F.3d at 95.

Say yeah for passengers unless you happen to be the one at the other end of the flying projectile’s path!

AuthorBob Appleby | CommentPost a Comment |
Tuesday
May122015

Lenovo uses System Update to patch serious System Update security hole

DateTuesday, May 12, 2015 at 8:17AM

by Paul Ducklin on May 11, 2015 | 1 Comment

FILED UNDER: Featured, Vulnerability

Laptop megabrand Lenovo was all over the news recently thanks to a preinstalled utility calledSuperfish.

Lenovo's motivation for choosing Superfish seems to have been entirely innocent, but nevertheless ended in tears, especially for Lenovo.

The program supposedly boosted the accuracy and relevance of image searches you did; in return, the company bankrolling the Superfish system could make money at the other end by putting relevant advertisers in front of you.

That's sort of what Google and others do with their search engine, except that Superfish was preinstalled, and hooked into your browsing, making it less obvious that you were giving away search information to a third-party company in the on-line advertising industry.

But that wasn't the really bad part.

Superfish also quietly included a module to peek inside your dealings even with encrypted websites, using the same sort of technique as security software that scans encrypted web traffic for exploits, scams, malware and more.

Unfortunately, the Superfish vendor completely botched up the cryptography, theoretically making it trivial for a well-informed crook not only to trick you into trusting a fake website, but also to trick your computer into trusting any software that you downloaded from it.

We quickly published instructions to help you get rid of Superfish, so that you no longer had to worry about any side-effects it might have; happily, Lenovo soon followed suit with removal instructions and a removal toolkit of its own.

Lessons learned; problem solved; move on.

Back in the news

Sadly for Lenovo, the company is now back in the news with another security problem, but this time it's in the company's own System Update software.

System update tools can be a exploiter's dream, because they are usually designed to let an unprivileged but authorised user (i.e. you if it's the personal laptop you bought to use at home) kick off updates without having to login as an administrator first.

That's actually good for security if done well, for a variety of reasons:

  • It makes official updates easy, so you are less inclined to put them off "until next time."
  • You can let others in your family apply updates without giving them the administrator password.
  • You don't need to login as administrator at all, which reduces your time exposed to danger.

Obviously, however, system update tools that accidentally give too much power to an unprivileged user are a bad thing, because that turns them into an Elevation of Privilege (EoP) security hole.

Unfortunately, when bug-hunters IOActive took a recent expedition into Lenovo's System Update software, they found that it was too liberal in how much power it put in the hands of users who weren't supposed to have it.

Simply put, Lenovo's update service did include an authentication system that was supposed to limit accessto specific users, but the password (more correctly, what's known as a security token – a special blob of data that is supposed to be unique) could easily be guessed.

So any user on the system could pretend to be authorised to communicate with the update service.

To make things worse, the commands that the update service could handle were of a general nature, such as "please run this command for me."

In other words, any user, even an unprivileged one, could run any command as the SYSTEM account, simply by asking Lenovo's System Update service politely.

Command line utilities available on every Windows computer make it easy for privileged users to do useful tasks such as changing passwords, creating accounts, altering file access permissions, opening up network shares, installing new software and much more.

But you definitely don't want to let unprivileged users do any of those things, even if all you are worried about is accidents.

Add in the risks of users, internal or external, with malicious intent and the risks are even worse.

What to do?

This was all privately disclosed to Lenovo, and fixed before IOActive made its bulletin public.

That's the right way to deal with holes of this sort, in our opinion.

Anyone who already knew about this hole could have exploited it anyway; those who didn't were given a decent opportunity to fix the hole forever.

(Yes, it seems that Lenovo did indeed use System Update to patch System Update, giving a simple but tidy closure to the problem.)

NB. According to IOActive, Lenovo System Update at version 5.6.0.27 or earlier is vulnerable. If you have a later version, you should be immune to this vulnerability. You can check the version number of third-party software installed on Windows usingControl Panel | Programs | Programs and Features. In the Detailsview, you should see the columns Name, Publisher, Installed On, Size and Version.

AuthorBob Appleby | CommentPost a Comment |
in , ,
Monday
May112015

I love to watch people with these kinds of skills

DateMonday, May 11, 2015 at 2:22PM

 

3D Drawing a realistic Glas Water/ AMAZING illusion anamorphic

 

Done by PortraitPainter Pabst, you can watch him draw the 3D glass below.

https://youtu.be/ozzA-wkHaTY

★About PortraitPainter Pabst★
I am a professional and passionate artist and I want to inspire people through my art videos.
I want to show that you can do anything with painting. I want to show the magic of painting.
Subscribe to my channel to see:
- How portraits come to life, from a blank page to the finished artwork!
- How to paint amazing 3D illusion drawings. You won't believe that they're not real!
- Tips and Tricks about painting and illustration techniques that you can use to create your own masterpieces!

AuthorBob Appleby | CommentPost a Comment |
Monday
May112015

Sophos has some of the best videos…

DateMonday, May 11, 2015 at 10:28AM

This one we saw first at the Partner Conference…

AuthorBob Appleby | CommentPost a Comment |
in