Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

USB Trojan Hides In Portable Applications, Targets Air-Gapped Systems 83

Reader itwbennett writes: A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we analyzed, it was configured to steal all data files such as images or documents, the whole windows registry tree (HKCU), file lists from all of the drives, and information gathered using an imported open-source application called 'WinAudit'," the ESET researchers said. The stolen data was saved back to the USB drive and was encrypted using elliptic curve cryptography. Once the USB drive was removed, there was no evidence left on the computer, the ESET researchers added.

Company Behind Badlock Disclosure Says Pre-Patch Hype Is Good Marketing (csoonline.com) 79

itwbennett writes: A new vulnerability in Windows and Samba, called Badlock, is set for disclosure on April 12, according to Badlock.org. Yes, this vulnerability has its own website and logo and therein lies the problem. In a Twitter exchange with CSO Online's Steve Ragan, Johannes Loxen, who registered the Badlock domain, called the pre-patch marketing a win-win, saying, 'A serious bug gets attention and marketing for us and our open source business is a side effect for us of course.' As Ragan notes, 'PR-driven vulnerability disclosure isn't something new,' and 'can be useful sometimes.' Marketing around Heartbleed, for example, 'generated tons of news coverage and quick reaction by administrators who worked long hours to patch vulnerable systems. There have been several since Heartbleed,' says Ragan. But in the case of Badlock, a 20-day lead time gives criminals plenty of time to tear Samba apart.

Google Will Kill Its Chrome App Launcher For Windows, Mac, and Linux In July 77

An anonymous reader writes: Google today announced plans to kill off the Chrome app launcher for Windows, Mac, and Linux in July. The tool, which lets users launch Chrome apps even if the browser is not running, will continue to live on in Chrome OS. So why is Google removing the Chrome app launcher from Chrome? Well, it turns out Google has finally figured out what everyone all already knew: "we've found that users on Windows, Mac, and Linux prefer to launch their apps from within Chrome."
Emulation (Games)

Wine Makes It Possible To Run Vulkan Windows Programs On Linux (phoronix.com) 52

The cool Wine-related news of the week isn't just for Android Remix; an anonymous reader writes with some news applicable to a wider set of users: While no Windows-only Vulkan games have yet to be released, Wine developers are ready and have worked out experimental support for wrapping Vulkan Windows programs on Linux. Assuming you have a Vulkan Linux driver, the latest Wine-Staging build allows for Vulkan Windows programs/games to be dynanically translated and run on Linux 32-bit and 64-bit. Wine's Vulkan wrapper is passing all Khronos conformance tests, but hopefully the ever-expanding Linux game catalog will make this 10k+ lines of code not necessary moving into the future.

Microsoft Tries Hard To Play Nice With Open Source, But There's an Elephant In the Room 163

Esther Schindler writes: They're trying, honest they are. In 2016 alone, writes Steven Vaughan-Nichols, Microsoft announced SQL Server on Linux; integrated Eclipse and Visual Studio, launched an open-source network stack on Debian Linux; and it's adding Ubuntu Linux to its Azure Stack hybrid-cloud offering. That's all well and good, he says, but it's not enough. There's one thing Microsoft could do to gain real open-source trust: Stop forcing companies to pay for its bogus Android patents. But, there's too much money at stake, writes sjvn, for this to ever happen. For instance, in its last quarter, volume licensing and patents, accounted for approximately 9% of Microsoft's total revenue.

Microsoft Denies Rogue Windows 10 Upgrades, Says Users Remain Fully In Control (hothardware.com) 515

MojoKid writes: Despite significant user outcry that Microsoft Windows 10 upgrade mechanism has gone rogue, installing on customers' Windows 7 and Windows 8.1 machines when their backs were turned or they were otherwise away from the computer, Microsoft is pleading innocent. News broke of the automatic Windows 10 upgrades over the weekend, and in nearly every case, it was claimed Windows 10 installed without user intervention. Microsoft issued the following statement regarding the alleged unplanned upgrades: "We shared in late October on the Windows Blog, we are committed to making it easy for our Windows 7 and Windows 8.1 customers to upgrade to Windows 10. As stated in that post, we have updated the upgrade experience to make it easier for customers to schedule a time for their upgrade to take place. Customers continue to be fully in control of their devices, and can choose to not install the Windows 10 upgrade or remove the upgrade from Windows Update (WU) by changing the WU settings." However, users are still reporting the Windows 10 has allegedly forcefully taken over their machines. Hundreds and maybe thousands of users and IT admins are still chiming in on various threads around the web that they've "been had" by Microsoft.

Microsoft Still Accepts Bitcoin, Apologizes For 'Inaccurate Information' 25

An anonymous reader writes: In December 2014, Microsoft added Bitcoin as a payment option, courtesy of Bitcoin processor BitPay, for a variety of its gaming and mobile content. On Saturday, a simple message titled "Microsoft Store doesn't accept Bitcoin" was spotted on Microsoft's website, and naturally some interpreted that as meaning support for the digital currency had ended. We asked Microsoft for clarification, but the company only got back to us [Monday] — with an explanation that it was all a mistake.

New Tool Offers Look At Performance of UWP Games On Windows 29

Vigile writes: One of the concerns surrounding the recent debate of the Unified Windows Platform and games being released on it, such as the recent Gears of War Ultimate Edition, was the inability for media and consumers, and even entry level developers, to properly profile the performance of those applications. All of the standard testing applications like Fraps, FCAT and other overlays are locked out of UWP games. A Intel graphics engineer released a tool called PresentMon on GitHub yesterday that accesses event timers in Windows to monitor Present commands in any API, including DX11, DX12, Vulkan as well as games built on the Windows Store platform. Using this data, PC Perspective was able to profile the performance of the new Gears of War on PC, comparing frame time variability between the two flagship parts from NVIDIA and AMD. While it's not a perfect utility yet, there is hope now that this open source code will allow for performance metrics on any and all gaming titles.

Patch Tuesday Brought Windows 10 Ad Generator 490

jones_supa writes: Microsoft has been very aggressive on getting Windows 7 and 8 users to upgrade to Windows 10. The company has introduced a "Get Windows 10" system tray icon, moved the upgrade to "recommended" category in Windows Update, and even initiated the OS download automatically. The latest trick is almost comical: KB3139929 is an actual security update for Internet Explorer, but it also deploys a trojan horse, KB3146449, which is an advertisement generator for Internet Explorer. On computers not joined to a domain, it adds a blue banner when a user opens a new tab, saying "Microsoft recommends upgrading to Windows 10".

Microsoft To Court: Make Comcast Give Us Windows-Pirating Subscriber's Info (networkworld.com) 259

An anonymous reader writes: Microsoft is using the IP address 'voluntarily' collected during its software activation process to sue a Comcast subscriber for pirating thousands of copies of Windows and Office. The Redmond giant wants the court to issue a subpoena which will force Comcast to hand over the pirating subscriber's info. If the infringing IP address belongs to another ISP which obtained it via Comcast, then Microsoft wants that ISP's info and the right to subpoena it as well. "Defendants activated and attempted to activate at least several thousand copies of Microsoft software, much of which was pirated and unlicensed," Microsoft's legal team wrote. The product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008. The product keys, Microsoft said, were used "more times than is authorized by the applicable software license," used by "someone other than the authorized licensee," or were "activated outside the region for which they were intended." Whether or not the IP traces back to a Comcast subscriber or was assigned by Comcast to a different ISP, as the The Register pointed out, "It would be a significant gaffe on behalf of the alleged pirates if the IP address data pointed to their real identifies."

Brazilian Coders Are Pioneering the First Cross-OS Malware Using JAR Files 124

An anonymous reader writes: Criminal gangs in Brazil are experimenting with the first malware families that are packaged as JAR files, capable of being deployed to Windows, Linux, Mac, and even Android from the same codebase, instead of relying on 4 different versions. Right now, only the malware dropper, a component used to infect computers with banking trojans, seems to have been coded in Java, but security experts expect a full-blown banking trojan to soon follow.

Another Windows 10 Update Causing Problems (windowsreport.com) 354

New submitter sexconker writes: The recently-released cumulative update for Windows 10 (KB3140743) is reportedly causing problems. Symptoms include crashes, BSODs, and the inability to boot, even in safe mode. The Windows 10 subreddit has many threads detailing the inability to boot. The only fix seems to be booting to a recovery ISO, uninstalling the update / rolling back, and hoping you don't get hit again. W10Privacy 2 claims to be able to (among other things) give Windows 10 users control over the automatic updates.

Microsoft Losing Ground On Windows Store and UWP For Gaming 209

Vigile writes: Microsoft has big plans to try and merge the experiences of the Xbox One and Windows for gaming but the push back from the community and from major developers and personalities is mounting. Earlier this week PC Perspective posted a story that detailed the controversy around DX12 performance analysis without an exclusive full screen mode, changes to multi-GPU configurations and even compatibility issues with variable refresh that crop up from games from the Windows Store. Microsoft's only official response so far as been that it is listening to feedback and plans to address it with upcoming changes. Now today, Epic's Tim Sweeney has posted an editorial at The Guardian with an even more dramatic tone, saying that UWP (Unified Windows Platform) "can, should, must and will, die..." Clearly the stakes are being placed in the ground and even damage control from Phil Spencer on Twitter isn't likely to hold back angry PC users.

Windows RT Could Make a Comeback 73

SmartAboutThings writes: Windows RT has been a terrible flop for Microsoft, but it seems the company isn't yet ready to totally abandon the concept. There's now speculation that Microsoft is working on Windows 10 RT, as mentions of the 'new OS' have been spotted inside of Device Guard which is a new security feature for Windows 10 Enterprise that scans a program for a digital signature, and determines whether it's trusted or not. Judging by its name, the OS should not be confused with proper Windows 10 that we see on Microsoft's mobile devices, as Windows 10 RT is a version of the OS that is designed for the desktop class PC and tablets.

Windows' Built-In PDF Reader Exposes Edge Browser To Hacking (softpedia.com) 97

An anonymous reader writes: Edge, Microsoft's new browser, uses the WinRT PDF library to automatically embed and present PDF files while navigating the web. This is what Java does with applets, and Flash with SWF files -- it unintentionally allows a hacker to append malicious code to PDF files and trigger drive-by attacks, which exploit WinRT vulnerabilities to target Windows 10 users. All that an attacker needs to do is to find and create a database of WinRT vulnerabilities it could leverage to distribute his malware.

Slashdot Top Deals

I have the simplest tastes. I am always satisfied with the best. -- Oscar Wilde