Windows 8 - Deeper Impressions

[bpalone]

As one commenter says, if you'e going to go this far, you'll be limiting the PC's functionality so much that you may as well go back to using a typewriter.

Using a typewriter isn't all that secure either. Back in the old days, the spook agencies would plant a bug to measure the EMF in the room and could decode what was typed. They may of even been able to do it by focusing some form of antenna on the target from a nearby building. Now if you were using a mechanical typewriter, they used accustical (sp?) methods and achieved the same results.

Plus you had to be sure to destroy the back (pad) piece of paper, as they could also gather the impressions from it. Also, don't forget the carbon paper.

bpalone

Edited April 22, 2014 by bpalone

[ricktendo]

Easter egg: DSL router patch merely hides backdoor instead of closing it

The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

[Monroe]

OK jaclaz ... I guess CDs / DVDs can't be read after being cut into pieces. The silver film does flake off ... so no repair jobs with super glue! I will still burn and melt them down ... mine have nothing important on them to anyone, I do like watching them melt and as they burn, all the different colors and then black smoke.

I remember reading somewhere where paper that had been cross shredded was put back together over a very long period of time ... very time consuming but do-able.

...

[JorgeA]

More joys of living in the cloud where Windows 8's creators would like to steer us:

Even the most secure cloud storage may not be so secure, study finds

Zero knowledge cloud vendors examined by the researchers - in this case Spider Oak, Wuala and Tresorit - typically use a method where data is encrypted when it is stored in the cloud and only unencrypted when the user downloads it again from the cloud. This model is secure. But, the researchers warn that if data is shared in the cloud, meaning that it is sent via the cloud service without the user downloading it on to their system, then vendors have an opportunity to view it. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," lead author Duane Wilson, a doctoral student in the Information Security Institute at the Department of Computer Science at Johns Hopkins University, was quoted as saying in a review of the report. View the full PDF of the report here.

Verizon: Web apps are the security punching bag of the Internet

Verizon today issued its annual data-breach investigations report, a study of what happened in 1,367 known cases across dozens of industries in 95 countries last year, and the most common form of attack was breaking in through Web applications.

"Web applications remain the proverbial punching bag of the Internet," as Verizon puts it in its "2014 Data Breach Investigations Report." Thirty-five percent of the more than 1,300 data breaches examined fell into this category, as opposed to other categories, such as the 14% assigned to point-of-sale intrusions or the 8% attributed to "insider misuse" of data, for example. Over half of the time, the attackers breaking in through Web applications were doing it for ideological reasons, or just for the "lulz," the fun of disruption. About a third of the time, attackers did it for financial gain, but only seldom for cyber-espionage to steal important information.

--JorgeA

[JorgeA]

Easter egg: DSL router patch merely hides backdoor instead of closing it

The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Hide the flaw instead of fixing it. Lovely, just great.

In a bit of a rush right now, but I wonder if anybody has compiled a list of the affected models.

--JorgeA

UPDATE: Ah, the list was linked to at the end of the Ars piece. Thanks, ricktendo.

Edited April 23, 2014 by JorgeA

[jaclaz]

Back on topic (almost), I just checked the price list from a small local OEM (for OS to be installed/shipped with one of their desktop systems):

• Windows 8 "Home" Euro 91.83
• Windows 8.1 "Home" Euro 92.35
• Windows 7 "home Premium" Euro 100.16

It must be be because of the "Premium"

jaclaz

[Flasche]

Back on topic (almost), I just checked the price list from a small local OEM (for OS to be installed/shipped with one of their desktop systems):

• Windows 8 "Home" Euro 91.83
• Windows 8.1 "Home" Euro 92.35
• Windows 7 "home Premium" Euro 100.16

It must be be because of the "Premium"

jaclaz

I did not even know that windows 8.0 was still sold. It makes me glad that 8.0s support ends in 2016. Making its support shorter than ME's http://support.microsoft.com/lifecycle/?c2=16796

[JorgeA]

Microsoft is pushing an "important" new Windows Update (KB2952664) for Win7 systems for the purpose of preparing users' PCs for "up"grading to Windows 8.1:

This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.

Sounds like it proposes to make a lot of changes to Windows files for something I will never do. Unless there's some other benefit to it, I'm hiding that update.

--JorgeA

[Flasche]

Microsoft is pushing an "important" new Windows Update (KB2952664) for Win7 systems for the purpose of preparing users' PCs for "up"grading to Windows 8.1:

This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.

Sounds like it proposes to make a lot of changes to Windows files for something I will never do. Unless there's some other benefit to it, I'm hiding that update.

--JorgeA

Seems to me that they are trying to kill anything that is a threat to metro .

Edited April 24, 2014 by Flasche

[JorgeA]

Or at least they're trying to "ease the way" into Metro/Win8.

I wonder what actual problems, exactly, they might be addressing. You don't think they're doing something to handicap Windows 7? They wouldn't go THAT far. (Would they? )

Aside from that, it's curious that they don't specifically mention Windows 8/8.1 when talking about upgrading to "the latest version of Windows." If it was such a great product, you'd think they'd be splashing the name everywhere they could. I doubt they're being intentionally vague because somebody's too lazy to change a name on the web page (from 8.1 to Update 1 or whatever) as the name changes.

--JorgeA

[JorgeA]

Something I've thought for a while about the implications of pervasive surveillance:

The Growing Perils of the Cashless Future

Privacy experts suspect that if the NSA is capable of recording information about people's phone calls, it is certainly monitoring electronic purchases. "That is a civil liberties concern," says Scott Shay, chairman of Signature Bank. "When governments have information they are sometimes tempted to use it, and sometimes they attempt to use it in ways that are not fully vetted by due process."

[...]

Individuals and organizations may be unwilling to promote unpopular or unconventional ideas if they know their transactions are being monitored. "Ultimately, this would lead to a weaker form of democracy, in which certain voices could not be heard and lobbied for."

--JorgeA

[JorgeA]

Governments 'responsible for 87pc of online spying'

The latest annual Data Breach Investigations Report by Verizon Communications reveals that there has been a three-fold increase in cyber espionage since the last report was published in April 2013.

Of the 511 spying incidents recorded, 87 per cent were conducted by "state-affiliated actors" (governments), as opposed to 11 per cent by organised criminal groups.

Verizon's definition of cyberespionage doesn't seem to leave room for the sort of stuff that the NSA does. In fact if you read the report itself, less than 1 percent of cyberespionage is said to originate from North America. If we were to factor in the, um, contributions of various three-letter agencies, that 87% of all cyberespionage that's being done by governments would no doubt shoot up far into the 90-percent range.

Interesting discussion of a kind of attack I hadn't heard of before, "strategic web compromises."

Instead of email bait, SWCs set a trap within a legitimate website likely to be visited by the target demographic. When they visit the page, the trap is sprung and the system infected.

A related article:

Retail attacks dropped last year; cyber-espionage grew

The most common targets are government and professional-services firms with many clients, followed by manufacturers.

Overall, government, information firms — such as media, film distributors and and Web-hosting services — and finance organizations such as banks were the most common targets of attacks. But successful data breaches happened most often at finance, government, retail and accommodation providers, such as restaurants, bars and hotels.

Credit to Breitbart.com for calling attention to this analysis.

Banks, government agencies, and professional services with lots of sensitive data are replacing retail operations as the targets of choice, even though they've always been seen as tough systems to crack... anecdotal evidence that the advantage hackers enjoy over system defenders is increasing.

Whether as a private individual or as a company -- still wanna keep all your stuff in the cloud?

--JorgeA

Edited April 25, 2014 by JorgeA

[JorgeA]

The other day we commented on Microsoft's claim that they had a plan to take out the Start Menu in order to bring it back later. Here's what our favorite Windows observer, Paul Thurrott, had to say about this in Windows Weekly:

Leo: It's a little bit of a — it's a capitulation, except it's not because now we know that it was only — what did he say? Only the — "We had to get the novice users in line, and now we can go back to the old way of doing things."

Paul: Right, right, right.

Leo: Who was it said that? I forgot.

Mary Jo: Some guy on Reddit, who —

Leo: Oh, that's right, yeah.

Mary Jo: — is a nobody, really.

Leo: Did we ever identify him?

Mary Jo: (Laughs) I think he — he works on Windows, oh has, but he's not somebody who probably — we don't believe he's somebody who actually had input or knowledge into the higher levels.

Paul: This — yeah, you know, it's funny. That came and went. So I must — this must have been the week I was off.

Mary Jo: It did.

Paul: But I wrote something rather scathing about that. And my problem with it is twofold. One is that it's not true that they planned this along. That's complete [sensor beep]. There's no other nice way to say it. I mean, that's completely made up. This notion that "We made Metro so we could later make the desktop a better place power users" is complete and utter nonsense. That's insane. That they may come back, now, and fix desktop because of the reaction to Windows 8 is fine, and I — and that's great, and I welcome that as a desktop user. But to claim otherwise is absolutely crazy. I just — I found that whole thing to be very disingenuous, and I just — I don't know. That really — that whole thing rubbed me the wrong way.

Leo: The notion that they planned this all along.

Paul: The whole — the whole premise of it, yeah.

Mary Jo: Yeah. It would be a very elaborate plan if that had been the plan. (Laughs)

Paul: This guy is — yeah. It's like a Clouseau movie or something.

Leo, Yeah, yeah.

Paul: Like, it's just not — that's not what happened.

Leo: "No, really, we meant to do that." (Laughs)

Paul: "Yeah, if you guys had just shut up and sucked it in, we would have just revealed our master plan when Windows" — shut up. It's just — it's so made up.

--JorgeA

[JorgeA]

The Russian government is clamping down on the Internet:

Russian 'anti-terrorism' laws will ban Skype, Facebook, Gmail if companies don't comply

Russia has passed a series of new 'anti-terrorism' laws that will make services like Skype illegal unless companies change their practices within six months.

The new laws require that service operators such as Skype, Facebook and Google's Gmail store Russian user data on servers that are located in the country. Why? Well, if Russian authorities want access to this data, they need the servers to be located on their soil so that they can legally request the information.

--JorgeA

[Formfiller]

I know it's no news, but looking at Neowin it's somewhat dumbfounding how blatantly they are a Microsoft outpost.

A few years ago they at least tried to appear somewhat independent, now that site looks like a blog on blogs.technet.com. Sure, other "fansites", like AppleInsider.com, have their loyalties too, but Neowin has even mastered the typical corporate-speak to the letter. They should be just done with it and let MS officially acquire them.

Edited April 25, 2014 by Formfiller