Tag Archives: windows

Microsoft will alter Windows Update to stymie Flame-like attacks

Microsoft today announced it will issue an update to its Windows Update to prevent copy-cat hackers from duplicating Flame’s feat of infecting fully-patched PCs by faking the service.

The company also described in more detail how Flame’s authors were able to spoof Windows Update.

On Sunday, Microsoft acknowledged that Flame — the super-espionage toolkit that has infected Windows PCs throughout the Middle East, but appears to have been aimed at Iran in particular — used fraudulent code-signing certificates generated by abusing the company’s Terminal Services licensing CA (certificate authority), which is normally used by enterprises to authorize remote desktop services and sessions.

Later, Microsoft also confirmed that those certificates were used to sign bogus updates that were force-fed uninfected PCs by a Flame-compromised computer on the same network.

Researchers at Kaspersky Lab and Symantec used their forensics analyses to more completely describe how Flame managed the feat.

Today, Microsoft said that Flame was able to trick Windows XP machines into accepting the phony Windows Updates once they generated digital certificates with Microsoft’s own "signature."

But to dupe Windows Vista and Windows 7 systems, the hackers had to go a step further.

To do that, they leveraged several weaknesses in Microsoft’s certificate infrastructure and signing to perform a cryptographic "collision attack," where two different values produce the same cryptographic "hash."

Jonathan Ness, an engineer with the MSRC (Microsoft Security Response Center), explained the results.

"After [the collision] attack, the attacker had a certificate that could be used to sign code that chained up to the Microsoft Root Authority and worked on all versions of Windows [emphasis added]," Ness wrote today on the Security Research & Defense blog.

The combination of the flaws in the Terminal Services’ CA and the collision attack made it possible for Flame to hoodwink Windows Vista and Windows 7 PCs as well as those running the 11-year-old XP.

Microsoft’s Windows Update team also blogged Wednesday to explain how it plans to better secure Windows’ default update mechanism, which is used by hundreds of millions of PCs worldwide, to prevent a repeat of the Flame tactic.

An update for Windows Update will be pushed to users later this week that will force the service to acknowledge only certificates issued from a new authority the company will create, and no longer accept other Microsoft-signed digital signatures, as it has since its inception.

"Second, we are strengthening the communication channel used by Windows Update in a similar way," the blog stated.

Companies that use WSUS (Windows Server Update Services), a Windows Server component and the de facto patching and update mechanism for most businesses, will be updated in a similar fashion.

Andrew Storms, director of security operations at nCircle Security, was disappointed in the lack of detail in Microsoft’s explanation of the changes. "They basically admitted that Windows Update was man-in-the-middled, but then said very little about how they are fixing it," Storms said in an interview via instant messaging Wednesday.

"Basically they crossed the certificate streams between Windows Update and other security services in Windows," Storms continued, getting in a reference to Ghost Busters. "Crossing the streams is bad…. Windows Update should have been on an entirely different [certificate] stream than anything else. It’s just too darned important to have been intermingled with any other chain of trust, and this shows exactly what can happen."

Wolfgang Kandek, chief technology officer at Qualys, read the Windows Update blog the same way as Storms.

"They fixed the immediate problem by revoking the certificates, but now they need to prevent others from copying Flame’s mechanism," said Kandek. "So they’re saying that ‘We will start to sign updates with Windows Update-specific certificates instead of just any certificates.’ Windows Update will be more picky about what certificates it accepts."

Windows PCs that have not applied the certification revocation Microsoft issued last Sunday remain vulnerable to the same kind of attack that Flame demonstrated, Kandek noted.

"Others will reverse-engineer this," he predicted. "It took Microsoft a couple of days to do that, and [some cybercriminals] are just as smart as the guys at Microsoft."

Because updates to Windows Update don’t rely on users having set the mechanism to automatically receive and install all fixes, everyone who runs the service will receive the update. Windows Update updates are installed whenever the service is engaged, whether automatically, manually or the in-between mode that only notifies users of impending updates.

Only PC owners who have disabled the service and never use it — experts have long suspected that users running counterfeit copies of Windows avoid it because they fear being found out — will not be migrated to the new, more restrictive certificate model.

Microsoft did not set a day this week when it will issue the update for Windows Update.

Source:

http://www.infoworld.com/d/security/microsoft-will-alter-windows-update-stymie-flame-attacks-195059?page=0,0

Did you like this? Share it:

MWC 2012: Top 10 Best New Apps

There’s so much new gadgetry coming out of the MWC 2012, it’s easy to overlook some of the most popular and least expensive gear to debut, namely the apps. Microsoft has run away with the apps crown at this show because they used the conference to unveil the Windows 8 Consumer Preview software. Included in that release is the opening of the Windows 8 store, and the new apps there are free during the duration of the preview.

Nokia released a few new apps for the Windows Phone system, and Nokia has also united Bing Maps with their own Maps app. The singular design is now available in both app versions. Additionally, there are new apps for the PlayStation Vita, and we included a couple of new useful iPhone apps and Android apps, of course. The focus has been on Microsoft, and perhaps the most popular app unveiled for Windows Phone was Skype (beta).

Finally, Samsung announced an app contest for the Galaxy Note. The best new app that takes advantage of the Note’s S Pen will win $200,000 and there’s a popular choice award given to the app consumers like best. Developers have until April 2 to submit their new Galaxy Note specific apps. Start the slideshow to see the 10 best new apps from MWC 2012. Let us know in the comments if you’re checking out the Windows 8 preview and what you think of the new apps.

Source: http://www.ibtimes.com/articles/306873/20120229/mwc-2012-top-10-best-new-apps.htm

Did you like this? Share it:

Nokia New Drive Transport and Reading Apps for the Lumia Range

Nokia has announced Nokia Transport and Reading apps at the Mobile World Congress in Barcelona, along with updates for its existing apps for the Windows Phone 7.

The updates will be available at the Windows Phone marketplace from next month and includes improvements in Nokia Maps, and the Nokia Drive, full with offline use (you can stop complaining now) and feature speed limit alerts.

Coming to the new apps, the Nokia Transport was first announced at CES in January. His one will let you plan your journeys in 46 major cities across the world, through train, underground, tram, monorail, and bus. It will tell you the quickest route from one point to another.

Next one is Nokia Reading, which is more than just buying books and reading on the go. Users can choose the font size, brightness of the screen as well as whether the text is black on white or white on black.

The app also includes news feeds from other websites-you can add your own RSS feed-based on a variety of subjects. This one will be available in April, no sign-in or subscription.

Source: http://www.gizmocrave.com/11159-nokia-new-drive-transport-and-reading-apps-for-the-lumia-range/

Did you like this? Share it:

Skype for Windows Phone being tested, coming soon

Skype should be arriving on Windows Phone soon, as reports from The Verge suggest the app is in the testing stages.

Microsoft employees are reportedly able to download test versions of the Skype app from the Windows Phone Marketplace. The app itself will likely fit right in with the Windows Phone aesthetic, with several panes to scroll through by swiping left and right.

The app can’t arrive too soon as far as we’re concerned, because in case you’d forgotten, Microsoft actually owns Skype. So the fact that we’re still waiting for the VoIP service to arrive on the software giant’s own operating system is weird to say the least.

Microsoft originally vowed to get Skype on to Windows Phone in autumn of last year. The news that it’s in testing is positive though, and if it’s ready to show off by the end of February, it could make an appearance at Mobile World Congress, a big trade show for everything phone-related.

We used to be reluctant when it came to recommending Windows Phone, because compared to iOS and Android it was extremely light in the app department.

Read More:

http://crave.cnet.co.uk/mobiles/skype-for-windows-phone-being-tested-coming-soon-50006855/

Did you like this? Share it:

Microsoft now testing Skype for Windows Phone 7, could debut soon

After a surprisingly long delay, Windows Phone owners may soon be able to get their hands on a Skype app of their very own.

Microsoft is currently testing a near-final version of Skype for Windows Phone 7, and the company may be planning to launch the app at Mobile World Congress in Barcelona later this month, reports Tom Warren at the Verge.

Microsoft has been promising a Skype app for Windows Phone for some time. The app was originally targeted for a late 2011 launch, but it obviously missed that timeline. During CES, a Skype representative hinted that a Windows Phone app was “coming soon.”

According to Warren, the Skype app won’t offer any big surprises design-wise. But it’s expected to be heavily integrated in Windows Phone 8′s People Hub, which should make it easy to Skype your phone’s contacts.

If Microsoft handles the integration right, Skype on Windows Phone 8 could be even more useful and elegant than Apple’s FaceTime on the iPhone. And given that Microsoft spent $8.5 billion to acquire Skype, I’d imagine that the company would want to make the most of its investment.

Read More:

http://venturebeat.com/2012/02/03/skype-windows-phone-7/

Did you like this? Share it:

Laplink Releases Free Windows® 8 Testing Tool

Laplink Software, Inc. today officially released PCmover® Windows® 8 Beta Assistant™, a free tool that makes testing Windows 8 more efficient and easily allows users to migrate selected programs, files and settings from a Windows 7 PC to a Windows 8 PC.

PCmover Windows 8 Beta Assistant is available now as a free download on Laplink’s website and can be used to perform an unlimited number of migrations at no charge prior to July 2012.

Source:

http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2012/01/12/prweb9102517.DTL

Recommend Articles:

1. Regression Testing Strategy

2. Importance of Software Unit Testing

Did you like this? Share it:

Google ends Wave, Buzz, Knol, Health and Google Desktop

6

Most of us in the U.S. are preparing for Thanksgiving, but it looks like Google is getting a head start on its New Years resolutions. As part of an effort to slim down the company’s multiple projects and put more focus on important sectors, it’s ending service for a handful of once-vibrant projects. Among the biggest are Google’s ambitious but under-used collaboration tool, Wave, Twitter competitor Google Buzz, Wikipedia-like aggregate Knol, medical records engine Google Health, and PC file-searching tool Google Desktop.

A lot of the abandoned projects have simply been superseded by newer technology. Google Wave and Google Buzz have both been overshadowed by Google Plus, which is getting a lot more adoption from mainstream users and technocrats alike. Google Desktop began way back in 2004, but its instant search action has been largely duplicated natively in Windows Vista, Windows 7 and OS X. The last version was released in May of last year.By April of 2012 all the above services will be completely shut down.

As Google expands into more and more markets with the incredibly popular Android, and the considerably less popular Google TV, this sort of this is unfortunately inevitable. There are alternatives for nearly all the services that are disappearing, but there are certainly users who will miss them. Google Desktop should at least continue to function in its current state, and Google has already open-sourced the software behind Wave for the truly dedicated to roll their own.

Source: http://www.slashgear.com/google-ends-wave-buzz-knol-health-and-google-desktop-22197451/

Did you like this? Share it:

How Does the Windows Phone Marketplace Stack Up at 40K Apps

080

In just over one year’s time since its public unveiling, the Windows Phone Marketplace has allegedly passed the fabled 40,000 apps mark. But that’s not a number that’s coming straight from Microsoft: The website All About Windows Phone, which uses a customized tracking system to showcase Windows Phone apps and games, is making the claim on this one.

According to All About Windows Phone’s Rafe Blandford, it’s expected that Microsoft will be able to hit 50,000 apps by mid-January given the current daily app publishing counts. However, these are—and could very well be—subject to change.

Blandford notes that the average number of apps published daily over the past four weeks is "significantly higher" than the averages from this summer. The marketplace now sits at around 165 new apps being added each day, and additional momentum could help carry Microsoft to the fabled 50,000 app milestone by the end of the year.

The numbers don’t lie: Of the 40,189 apps listed at the time of All About Windows Phone’s analysis, just around one-fourth, or 10,882, were apps that were added at some point within the past three months. Nearly 12 percent of the marketplace’s total apps were added within the past 30 days and, of these, the apps-to-games ratio sits at around 85 percent to 15 percent, respectively. As well, around 68 percent of these apps were free.

But don’t fire up your Windows Phone assuming that you’ll be able to see all 40,000-plus apps at once.

Source: http://www.pcmag.com/article2/0,2817,2396672,00.asp

Did you like this? Share it:

Nokia Happy With Early Response To Lumia 800

Nokia claims that the number of pre-orders for the Lumia 800 smartphone in the U.K. are higher than for any previous Nokia smartphone.

"The level of pre-orders, as well as reaction in shops today, lead us to be very positive about the launch of the Nokia Lumia 800," said U.K.-based Nokia spokesperson Ray Haddow. "The public have had hands on in many retail stores over the past week and were in store in abundance today, not only trying out this amazing device, but signing up for some of the great deals available."

The Lumia 800 is the first of Nokia’s new Windows Phone 7 Mango smartphones to reach the market. It is vital that Nokia’s Windows Phone devices succeed–lest the company’s future in the smartphone business become imperiled.

"We’ve had lots of people saying that they intend to switch to the Nokia Lumia 800 at their next upgrade," concluded Harrow. The Lumia 800 reached U.K. stores today and went on sale in Germany on Tuesday. It reaches France on Thursday, where pre-orders have also been high.

The Lumia looks nearly identical to the equally-attractive N9. It is minimalist in its design and manages to look simple yet modern. It includes a number of must-have features, but still manages to miss a few steps here and there.

Source: http://www.informationweek.com/news/windows/microsoft_news/231903183

Did you like this? Share it:

Microsoft builds SAGE for finding software security flaws

The research group of Microsoft built an automated testing solution to reduce security flaws in its Windows x86-based family of software products. The principal researcher at Microsoft Research, Patrice Godefroid said that the testing application – SAGE – short for Scalable, Automated, Guided Execution, has been deployed internally within Microsoft for the last two years. He indicated that software flaws are expensive to chase no matter for Microsoft or its customers. He added SAGE is one way to reduce the number of security patches it issues each month. SAGE attempts to generate only tests exercising unique control paths in the program so as to maximize the opportunity of finding defects.

Source: http://redmondmag.com/articles/2011/07/21/microsoft-credits-sage-for-finding-software-security-flaws.aspx

Did you like this? Share it: