Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Famed Security Researcher 'Mudge' Creates New Algorithm For Measuring Code Security (theintercept.com) 28

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept: "Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."

The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.
Microsoft

Court Ruling Shows The Internet Does Have Borders After All (csoonline.com) 46

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
Businesses

Amazon CEO Jeff Bezos Becomes World's Third Richest Person (bbc.com) 62

An anonymous reader quotes a report from BBC: Strong earnings from Amazon and a boost to the company's stock have made its founder, Jeff Bezos, the world's third richest person, according to Forbes. Mr Bezos owns 18% of Amazon's shares, which rose 2% in trading on Thursday. Forbes estimated his fortune to be $65.3 billion (49.5 billion British Pound). Amazon's revenue beat analysts' expectations, climbing 31% from last year to $30.4 billion in the second quarter. Profit for the e-commerce giant was $857 million, compared with $92 million in 2015. According to Forbes estimates, Mr Bezos's fortune is only surpassed by Microsoft founder Bill Gates, worth $78 billion (59 billion British Pound), and the $73.1 billion (55 billion British Pound) fortune of Zara founder Amancio Ortega. Amazon had developed a reputation for announcing little or no profit each quarter, but appeared to hit a turning point last year and has seen improving earnings since. Amazon shares have spiked 50% since February. BBC's report includes some bullet points about Bezos. He was born in Albuquerque, New Mexico, in 1964. He studied at Princeton University and worked on Wall Street. In 1994, he launched Amazon as an online book retailer. A lifelong Star Trek fan, Bezos launched Blue Origin spaceflight and aerospace firm in 2000, and more than a decade later, he purchased The Washington Post newspaper in 2013.
Microsoft

Slashdot Asks: Free Upgrade To Windows 10 Ends Today: What's Your Thought On This? 481

Exactly one year ago, Microsoft released Windows 10 to the general public. The latest version of company's desktop operating system brought with it Cortana, and Windows Hello among other features. While users have lauded Windows 10 for performance improvements, the Redmond-based company's aggressive upgrade tactics have spoiled the experience for many. Whether it was installing Windows 10 on computers without users' consent, or eating up tons of bandwidth for users who couldn't afford it, or whether it was deceptive dialog boxes, Microsoft definitely deserves a lot of blame -- and rightfully, a bunch of lawsuits. But many of these things, hopefully, will end today -- July 29, 2016 (or to be exact, Saturday morning 5:59am EDT / 2:59am PDT) Today is officially the last day when eligible Windows 7 and Windows 8 computers could be upgraded to Windows 10 for free of charge. After this, an upgrade to Windows 10 will set you back by at least $119.
We asked you a couple of weeks ago whether or not would you recommend someone to update their computer to Windows 10, and the vast majority of you insisted against it. What's your thought on this now? Those who opt out of updating to Windows 10 will also miss the Anniversary Update -- and its features -- which Microsoft plans to release on August 2 for free of charge.
Businesses

Microsoft To Lay Off Another 2,850 People In the Next 12 Months (businessinsider.com) 160

An anonymous reader writes from a report via Business Insider: Microsoft is planning to lay off 2,850 more employees in the next 12 months or so, according to Microsoft's full 10-K report it filed with the Securities and Exchange Commission. Part of the document reads: "In addition to the elimination of 1,850 positions that were announced in May 2016, approximately 2,850 roles globally will be reduced during the year as an extension of the earlier plan, and these actions are expected to be completed by the end of fiscal year 2017." Business Insider reports: "The first 1,850 layoffs mentioned here were mainly from Microsoft's struggling smartphone business, including 1,350 employees in Finland working at what was once Nokia world headquarters. These layoffs also included people in Microsoft's salesforce, which was recently reorganized and saw the departure of COO Kevin Turner. In total, Microsoft laid off 7,400 employees in its last fiscal year, which ended on June 30th, 2016. The new layoffs are a continuation of the same plan, and include the sales group as well as others. About 900 people affected by the new layoffs were already informed during the sales reorganization, according to a person familiar with Microsoft's plans."
Windows

Microsoft Faces Two New Lawsuits Over Aggressive Windows 10 Upgrade Tactics 103

Microsoft is facing two more lawsuits over its Windows 10 upgrade tactics. The first lawsuit comes from U.S. District Court in Florida, where the company has been accused of violating "laws governing unsolicited electronic advertisements" The suit, PCWorld reports, says Microsoft's tactics are against the FTC's rules on deceptive and unfair practices. The second lawsuit was filed last month in Haifa, Israel alleging that Microsoft installed Windows 10 on users' computer without their consent. It's similar to another recent lawsuit that was filed against Microsoft in which the Redmond company had to pay a sum of $10,000. The company, however, believes that these new lawsuits won't succeed. In a statement to The Seattle Times, the company said:We believe the plaintiffs' claims are without merit and we are confident we'll be successful in court.
Microsoft

Microsoft To Disable Policies In Windows 10 Pro With Anniversary Update (ghacks.net) 528

Reader BobSwi writes: More changes in the Windows Anniversary update, due August 2nd, are being discovered. After yesterday's news about Cortana not able to be turned off in the Windows Anniversary update, certain registry entries and group policies have been found to be updated with a note stating that they only apply to Enterprise and Education editions. Win 10 Pro users will no longer be able to turn off policies such as the Microsoft Consumer Experience, Show Windows Tips, Do not display the lock screen, and Disable all apps from the Windows Store.
Cloud

Oracle To Buy Cloud-Software Provider NetSuite For $9.3 Billion (bloomberg.com) 32

Oracle announced Thursday that it has agreed to buy NetSuite for $9.3 billion, in a move to bolster its cloud-computing offerings as it races to catch up to rivals. Both companies provide applications for running a business called enterprise-resource-planning software. Bloomberg reports: Oracle, which sells software to big corporations, has been trying to shift more sales to cloud-based products increasingly demanded by its customers. New cloud services made up about 8 percent of the company's total sales during its fiscal fourth-quarter. Buying NetSuite -- whose products include customer relationship management software -- will help Oracle compete against the likes of Salesforce.com Inc. and Microsoft Corp. "Oracle and NetSuite cloud applications are complementary, and will coexist in the marketplace forever," said Oracle co-Chief Executive Officer Mark Hurd in a statement Thursday. "We intend to invest heavily in both products -- engineering and distribution."
Democrats

Tech Takes Its K-12 CS Education and Immigration Crisis To the DNC (cnet.com) 118

theodp writes: In early 2013, Code.org and FWD.us coincidentally emerged after Microsoft suggested tech's agenda could be furthered by creating a crisis linking U.S. kids' lack of computer science savvy to tech's need for tech worker visas. Three years later, CNET's Marguerite Reardon reports that tech took its K-12 computer science and immigration crisis to the Democratic National Convention on Wednesday, where representatives from Microsoft, Facebook, and Amazon called for the federal government to invest in more STEM education and reform immigration policies -- recurring themes the industry hopes to influence in the run-up to the 2016 presidential election. "We believe in the importance of high-skilled immigration coupled with investments in education," said Microsoft President Brad Smith, repeating the Microsoft National Talent Strategy. The mini-tech conference also received some coverage in the New Republic, where David Dayen argues that the DNC is one big corporate bride.
Cloud

Office 365 Gets New Word, PowerPoint and Outlook Features (networkworld.com) 98

New submitter Miche67 writes: As part of the July 2016 update to Office 365, Microsoft is adding several features across the board to Word, PowerPoint and Outlook. Word, however, is getting the biggest new features -- Researcher and Editor -- to improve your writing. "As its name implies, Researcher is designed to help the user find reliable sources of information by using the Bing Knowledge Graph to search for sources, and it will properly cite them in the Word document," reports Network World. "[Editor] builds on the already-existing spellchecker and thesaurus to offer suggestions on how to improve your overall writing. In addition to the wavy red line under a misspelled word and the wavy blue line under bad grammar, there will be a gold line for writing style." The new features are expected to be available later this year. In addition to the two new features added to PowerPoint last year -- Designer and Morph, Microsoft is offering Zoom, a feature that lets you easily create "interactive, non-linear presentations." "Instead of the 1-2-3-4 linear method of presenting slides, forcing you to place them all in the order you wish to display, presenters will be able to show their slides in any order they want at any time," reports Network World. "This way you can change your presentation order as needed without having to stop PowerPoint or interrupt the display." As for Outlook, Focused Inbox is coming to Office 365. Focused Inbox separates your inbox into two tabs. The "Focused" tab is where all of your high-priority emails will be found, while everything else will be in the "Other" tab. Outlook will learn from your behavior over time and sort your mail accordingly. In addition, @mentions are coming to Outlook 365 and Outlook for PC and Mac, "making it easy to identify emails that need your attention, as well as flag actions for others."
Microsoft

You Can't Turn Off Cortana In the Windows 10 Anniversary Update (pcworld.com) 354

Microsoft will release Windows 10 Anniversary Update next week. Earlier this week we listed some of its best features. PCWorld is now reporting about a major change that may annoy some users: once you've installed the update, Cortana can no longer be disabled. From the article: Cortana, the personal digital assistant that replaced Windows 10's search function and taps into Bing's servers to answer your queries with contextual awareness, no longer has an off switch. The impact on you at home: Similar to how Microsoft blocked Google compatibility with Cortana, the company is now cutting off the plain vanilla search option. That actually makes a certain of amount of sense. Unless you turned off all the various cloud-connected bits of Windows 10, there's not a ton of difference between Cortana and the operating system's basic search capabilities.
Microsoft

Steam On Windows 10 Will Get 'Progressively Worse': Gears of War Developer (ndtv.com) 410

Microsoft's Universal Windows Platform, or UWP, approach isn't sitting well with many game developers. Four months after criticising UWP ecosystem for being a walled-garden, curtailing "users' freedom to install full-featured PC software, and subverting the rights of developers and publishers to maintain a direct relationship with their customers," Tim Sweeney, co-founder of Epic Games, the studio behind the Gears of War and Unreal franchises has once again lashed out at the Redmond-based company. He alleges that Microsoft plans to make Steam -- the world's largest PC gaming platform, "progressively worse and more broken." in a move to bolster people's reliance on the Windows Store. From a Gadgets 360 report: "Slowly, over the next five years, they will force-patch Windows 10 to make Steam progressively worse and more broken. They'll never completely break it, but will continue to break it until, in five years, people are so fed up that Steam is buggy that the Windows Store seem like an ideal alternative. That's exactly what they did to their previous competitors in other areas. Now they're doing it to Steam. It's only just starting to become visible. Microsoft might not be competent enough to succeed with their plan but they are certainly trying," Sweeney said. He adds the outcome of this would be forcing every app and game to be sold through the Windows Store alone. "If they can succeed in doing that then it's a small leap to forcing all apps and games to be distributed through the Windows store. Once we reach that point, the PC has become a closed platform. It won't be that one day they flip a switch that will break your Steam library -- what they're trying to do is a series of sneaky manoeuvres. They make it more and more inconvenient to use the old apps, and, simultaneously, they try to become the only source for the new ones," he claims.
Microsoft

Windows 10 Anniversary Update: the Best New Features (theverge.com) 373

A year after the release of Windows 10, Microsoft is gearing up for Anniversary Update, the first major update to the company's desktop operating system. Ahead of the public release of Anniversary Update on August 2, Microsoft provided media outlets with the Anniversary Update, and their first impressions and reviews are out. The Verge has listed the big changes Windows 10 Anniversary ships with. From the article: Windows Ink: Windows Ink is without a doubt the best part of the Anniversary Update. It's essentially a central location to find built-in or third-party apps that work with your stylus. You can use the new sticky notes to note down reminders, and they'll even transform into true reminders as Cortana understands what you write.
Microsoft Edge extensions: If you're a fan of Chrome extensions, then you'll be glad to hear that they're heading to Microsoft's Edge browser. The Anniversary Update brings support for extensions, and it's now up to third-party developers to fill the Windows Store with their add-ons.
Cortana improvements: Microsoft's digital assistant, Cortana, debuted on Windows 10 last year, and the software maker is bringing it to the lock screen with the Anniversary Update. You'll be able to ask it to make a note, play music, set a reminder, and lots more without ever logging in. Cortana is also getting a little more intelligent, with the ability to schedule appointments in Outlook or options to send friends a document you were working on a week ago.
Dark theme and UI tweaks: You can switch on what I call even darker mode in settings, and it will switch built-in apps that typically use a white background over to black.
Other improvements include things like Windows 10's ability to set your time zone automatically, and opening up of Windows Hello, the biometric feature to apps and websites. Additionally, the Xbox One is getting Windows apps. The Verge adds, "It feels like a promise that was made years ago, but it's finally coming true with the Anniversary Update. As Windows 10 now powers the Xbox One, Microsoft will start rolling out an update to its console to provide support for Cortana on Xbox One and the new universal apps." Microsoft is also adding Bash, the Linux command line to Windows with the new update. It's an optional feature and users will need to enable it to use it. Users will also be able to "project to PC," a feature that will allow one to easily find a PC to project to from a phone or another PC. There's also a new Skype app, and syncing of notifications between PC and phone is getting better.
Going by the reviews, it appears Windows 10 Anniversary Update is substantially more stable, and has interesting new features. You can read the first impressions of it on ZDNet, and review on PCWorld.
Microsoft

Microsoft Cuts Xbox One Price To $249 - Would You Buy or Recommend One? (theverge.com) 140

Tom Warren, writing for The Verge: Microsoft is cutting the price of its Xbox One console to $249. The new price marks the third price cut in less than two months, ahead of the new Xbox One S launch on August 2nd. 500GB versions of the Xbox One are now $249, and this includes bundles with games like Gears of War: Ultimate Edition, Quantum Break, Forza Motorsport 6, Rise of the Tomb Raider, and Rare Replay. Retailers like Best Buy and Amazon will be selling Microsoft's Xbox One console at the new $249 price point immediately, and the software giant says the consoles will be available at $249 "while supplies last." Microsoft's aggressive Xbox One pricing follows a sales gap between its console and Sony's PlayStation 4. Sony has sold more than 40 million PS4s, but it's not clear exactly how many Xbox Ones have been sold as Microsoft hasn't provided sales figures for quite some time. EA previously revealed Microsoft had sold 19 million Xbox One consoles back in January.
Microsoft

Microsoft Can't Shield User Data From Government, Says Government (bloomberg.com) 191

Microsoft is now arguing in court that their customers have a right to know when the government is reading their e-mail. But "The U.S. said federal law allows it to obtain electronic communications without a warrant or without disclosure of a specific warrant if it would endanger an individual or an investigation," according to Bloomberg. An anonymous reader quotes their report: The software giant's lawsuit alleging that customers have a constitutional right to know if the government has searched or seized their property should be thrown out, the government said in a court filing... The U.S. says there's no legal basis for the government to be required to tell Microsoft customers when it intercepts their e-mail... The Justice Department's reply Friday underscores the government's willingness to fight back against tech companies it sees obstructing national security and law enforcement investigations...

Secrecy orders on government warrants for access to private e-mail accounts generally prohibit Microsoft from telling customers about the requests for lengthy or even unlimited periods, the company said when it sued. At the time, federal courts had issued almost 2,600 secrecy orders to Microsoft alone, and more than two-thirds had no fixed end date, cases the company can never tell customers about, even after an investigation is completed.

Programming

Programming Language Gurus Converge on 'Curry On' Conference (curry-on.org) 87

Videos are now online from this week's Curry On conference, which incuded talks by programming pioneers Larry Wall and Matthias Felleisen, as well as speakers from Google, Twitter, Facebook, Microsoft, and Oracle. Dave Herman from Mozilla Research also talked about building an open source research lab, while Larry Wall's keynote was titled "It's the End of the World as We Know It, and I Feel Fine."

Billing itself as a non-profit conference about programming languages and emerging computer-industry challenges, this year's installment included talks about Java, Rust, Scala, Perl, Racket, Clojure, Rascal, Go and Oden. Held in a different European city each year, the annual conference hopes to provoke an open conversation between academia and the larger technology industry.
Security

'High-Risk Vulnerabilities' In Oracle File-Processing SDKs Affect Major Third-Party Products (csoonline.com) 11

itwbennett writes: "Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors," writes Lucian Constantin on CSOonline. The vulnerabilities, which were found by researchers from Cisco's Talos team, are in the Oracle Outside In Technology (OIT), a collection of SDKs that are used in third-party products, including Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.

"It's not clear how many of those products are also affected by the newly patched seventeen flaws, because some of them might not use all of the vulnerable SDKs or might include other limiting factors," writes Constantin. But the Cisco researchers confirmed that Microsoft Exchange servers (version 2013 and earlier) are affected if they have WebReady Document Viewing enabled. In a blog post the researchers describe how an attacker could exploit these vulnerabilities.

TL;DR version: "Attackers can exploit the flaws to execute rogue code on systems by sending specifically crafted content to applications using the vulnerable OIT SDKs."
Businesses

Salesforce CEO Told LinkedIn He Would Have Paid Much More Than Microsoft (recode.net) 64

Ina Fried, reporting for Recode: It was already known that LinkedIn chose a potentially lower all-cash acquisition offer from Microsoft rather than take on the uncertainties of a stock-and-cash deal from Salesforce. But now it has been revealed that Salesforce might have been willing to go "much higher" than Microsoft's $26.2 billion, or change other terms of its bid, had it been given the chance. In a filing with regulators on Friday, LinkedIn said a board committee met on July 7 to discuss an email from Salesforce CEO Marc Benioff. "The email indicated that Party A would have bid much higher and made changes to the stock/cash components of its offers, but it was acting without communications from LinkedIn," LinkedIn said in the updated filing with the Securities and Exchange Commission.
Security

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 20

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
Businesses

Cyanogen Inc. Reportedly Fires OS Development Arm, Switches To Apps (arstechnica.com) 124

An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."

UPDATE 7/25/16: Cyanogen CEO and cofounder Kirt McMaster took to Twitter to dispel some of the rumors, tweeting: "Cyanogen NOT pivoting to apps. We are an OS company and our mission of creating an OPEN ANDROID stands. FALSE reporting was outstanding."

Slashdot Top Deals