close
    • chevron_right

      Cela fait 30 ans que Windows oublie de mettre à jour son outil de formatage

      news.movim.eu / Numerama · 3 days ago - 15:35

    Un informaticien qui a travaillé sur Windows, David Plummer, a livré une anecdote sur le système d'exploitation. L'outil dédié au formatage a été développé initialement dans une version provisoire, qui aurait dû être actualisée par la suite. Or, la mise à jour n'a jamais eu lieu. Et depuis, la bévue est restée.

    • chevron_right

      My long quest to revive a ’90s Windows gaming cult classic

      news.movim.eu / ArsTechnica · Thursday, 30 November - 12:00 · 1 minute

    The elusive, addictive gameplay that has been haunting my dreams for years.

    As 2023 draws to a close—and as we start to finalize our Game of the Year contenders—I really should be catching up on the embarrassingly long list of great recent releases that I haven't put enough time into this year. Instead, over the last few days, I've found myself once again hooked on a simple, addictive, and utterly unique Japanese Windows freeware game from the late '90s that, until recently, I thought I had lost forever.

    Pendulumania is a cult classic in the truest sense of the word: Few people have heard of it, even in hardcore gaming circles, but those who have experienced it tend to have very fond memories of it. And while I shared those memories, it wasn't until this week that I've been able to share my effusive praise for a game whose name and playable executable had eluded me for well over a decade.

    Timeless design

    The mechanics of Pendulumania are incredibly simple. You use the computer mouse to control a metal ring, which is attached via an elastic string to a white ball. The object is to carefully move the ring so the stretchy string and gravity can nudge the ball around a 2D plane, crashing into floating scoring orbs to collect points (colored orbs that randomly appear can make the ball larger or the string stronger as well). Be careful, though; if the elastic string stretches too far, it will break and your game will be over.

    Read 18 remaining paragraphs | Comments

    • chevron_right

      hrxi talks about "Dino on Windows"

      pubsub.movim.eu / berlin-xmpp-meetup · Monday, 9 October - 16:23 edit

    hrxi talks about "Dino on Windows"

    When? Wednesday, 2023-10-11 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

    Where? In xHain hack+makespace, Grünberger Str. 16, 10243 Berlin

    This time it is a physical meeting, no Jitsi, sorry!

    You might like to join our virtual meeting place xmpp:berlin-meetup@conference.conversations.im?join.

    #Jabber #XMPP #freeSoftware #community #xHain #Dino #Windows #Berlin #meetup #community #xhain

    • chevron_right

      Windows, hardware, Xbox sales are dim spots in a solid Microsoft earnings report

      news.movim.eu / ArsTechnica · Wednesday, 26 July, 2023 - 18:21 · 1 minute

    Windows, hardware, Xbox sales are dim spots in a solid Microsoft earnings report

    Enlarge (credit: Getty Images)

    It has been a tough year for PC companies and companies that make PC components. Companies like Intel, AMD, and Nvidia have all reported big drops in revenue from the hardware that they sell to consumers (though the hardware they sell to other businesses is often doing better).

    Microsoft contributed another data point to that trend today , with fourth-quarter 2023 financial results that showed modest growth (revenue up 8 percent year over year, from $51.9 billion to $56.2 billion), but no thanks to its consumer software and hardware businesses.

    Revenue from the company's More Personal Computing division, which encompasses Windows licenses, Surface PCs and other accessories, Xbox hardware and software and services, and ad revenue, was down 4 percent year over year. This decrease was driven mostly by a drop in sales of Windows licenses to PC makers (down 12 percent because of "PC market weakness") and by reduced hardware sales (down 20 percent, though the company didn't say how much of this drop came from its accessory business and how much came from Surface PCs). Microsoft makes its own PCs and PC accessories and sells the software that most other PC makers use on their hardware, so when the entire PC ecosystem is doing poorly, Microsoft gets hit twice.

    Read 4 remaining paragraphs | Comments

    • chevron_right

      Linux could be 3% of global desktops. What happened to Windows?

      news.movim.eu / ArsTechnica · Wednesday, 12 July, 2023 - 21:47

    Linux on the desktop, only going up

    How can you argue against these numbers? (credit: 20th Century Fox / Aurich Lawson)

    According to one measurement by one firm, Linux reached 3.07 percent market share of global desktop operating systems in June 2023. It's a notable first for the more than 30-year-old operating system, though other numbers in Statcounter's chart open it up to many more interpretations. It's either the year of the Linux desktop or a notable asterisk—your call.

    As Statcounter explains , its numbers come from tracking code installed on more than 1.5 million websites across the globe, capturing roughly 5 billion page views per month. Statcounter says it does not collate, weigh, or otherwise adjust its data aside from correcting for bots and Google Chrome's prerendering. Laptops are included in "desktop" because there is no easy way to separate them. And they're subject to revision for up to 45 days after publication.

    Five years ago , Linux made up 1.69 percent of Statcounter's June numbers. In the year between June 2022 and 2023, Linux unsteadily crept up from 2.42 to 3.07 percent, jumping past 3 percent for the first time between May and June. If you regard Chrome OS as a Linux system, you could add that 4.13 percent and get to 7.2 percent.

    Read 6 remaining paragraphs | Comments

    • chevron_right

      Hackers exploit gaping Windows loophole to give their malware kernel access

      news.movim.eu / ArsTechnica · Tuesday, 11 July, 2023 - 20:07

    Hackers exploit gaping Windows loophole to give their malware kernel access

    Enlarge (credit: Getty Images)

    Hackers are using open source software that’s popular with video game cheaters to allow their Windows-based malware to bypass restrictions Microsoft put in place to prevent such infections from occurring.

    The software comes in the form of two software tools that are available on GitHub. Cheaters use them to digitally sign malicious system drivers so they can modify video games in ways that give the player an unfair advantage. The drivers clear the considerable hurdle required for the cheat code to run inside the Windows kernel, the fortified layer of the operating system reserved for the most critical and sensitive functions.

    Researchers from Cisco’s Talos security team said Tuesday that multiple Chinese-speaking threat groups have repurposed the tools—one called HookSignTool and the other FuckCertVerifyTimeValidity. Instead of using the kernel access for cheating, the threat actors use it to give their malware capabilities it wouldn’t otherwise have.

    Read 23 remaining paragraphs | Comments

    • chevron_right

      Hacks at Pwn2Own Vancouver 2023

      news.movim.eu / Schneier · Monday, 27 March, 2023 - 03:33 · 1 minute

    An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver:

    On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

    The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri ( @abdhariri ) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

    The STAR Labs team ( @starlabs_sg ) demoed a zero-day exploit chain targeting Microsoft’s SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

    Synacktiv ( @Synacktiv ) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla-Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

    Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000) by Qrious Security’s Bien Pham ( @bienpnn ).

    Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.

    The con’s second and third days were equally impressive.

    • chevron_right

      Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

      news.movim.eu / ArsTechnica · Monday, 6 March, 2023 - 16:58 · 1 minute

    Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

    Enlarge (credit: Aurich Lawson | Getty Images)

    Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

    Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware infect the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an SPI -connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch.

    Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to run malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.

    Read 28 remaining paragraphs | Comments

    • chevron_right

      Critical Microsoft Code-Execution Vulnerability

      news.movim.eu / Schneier · Wednesday, 21 December, 2022 - 19:03 · 1 minute

    A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is):

    Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.

    But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.

    […]

    Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of “important.” In the routine course of analyzing vulnerabilities after they’re patched, Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.