Enlarge / This demonstration of Microsoft's Project xCloud as played with a Razer Kishi controller, attached to a standard Android smartphone, could be a hint of what's to come to iOS devices in Spring of 2021. (credit: Microsoft)

In a blog post today outlining everything from upcoming games to plans for Xbox Series X/S, Microsoft announced that Xbox cloud gaming will come to iOS mobile devices and Windows PCs in spring of 2021.

On Windows PCs, the games will stream through the Xbox app or a Web browser, whereas the service will be limited to the mobile Web browser on iOS devices.

Microsoft's game streaming features require an Xbox Game Pass Ultimate subscription, which also includes an on-demand library of downloadable games for both Xbox platforms and Windows PCs, the EA Play downloadable game library, as well Xbox Live Gold, the company's online multiplayer service.

Read 7 remaining paragraphs | Comments

Si vous utilisez Steam pour vos jeux, vous avez peut-être déjà remarqué que celui-ci pompait quand même pas mal de RAM. La faute au client qui utilise un composant web (WebHelper) assez gourmand pour ouvrir les pages web liées au « magasin » Steam.

Toutefois, il est possible de désactiver ce composant et d’utiliser Steam pour lancer uniquement vos jeux grâce au mode mini.

Alors, comment faire ? Et bien, fermez Steam (et tuez les processus qui pourraient rester en arrière-plan avec le gestionnaire de tâches) puis créez un nouveau raccourci sur votre bureau et donnez comme chemin d’accès :

"C:\Program Files (x86)\Steam\steam.exe" -no-browser +open steam://open/minigameslist

Le paramètre -no-browser permet de désactiver le composant WebHelper de Steam et le paramètre +open steam://open/minigameslist permet de lancer Steam en mode mini.

Lancez ensuite Steam via ce nouveau raccourci, et voici ce que vous verrez :

En observant la consommation de RAM, vous verrez que vous êtes passé de plusieurs centaines de Mo de RAM à quelques dizaines. Cool non ?

Et si vous repassez Steam en version « large » via le menu « Afficher », vous pourrez effectivement constater que le composant web browser n’est pas chargé.

Source

Enlarge (credit: Getty Images )

Google’s project zero says that hackers have been actively exploiting a Windows zeroday that isn’t likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome . The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 8 remaining paragraphs | Comments

Si vous êtes sous Windows 10 et que vous aimez garder le contrôle des mises à jour que vous faites sur votre système d’exploitation préféré, vous pouvez choisir de les télécharger manuellement ou vous reposer sur un logiciel comme PatchFluent .

Par défaut Microsoft permet de faire ou de ne pas faire les mises à jour de l’OS, mais vous n’avez pas vraiment le choix. C’est tout ou rien.

PatchFluent est un petit soft qui désactive les mises à jour automatiques et permet justement de choisir les celles que vous voulez appliquer et donc potentiellement repousser l’installation de certaines mises à jour qui ne vous iraient pas.

C’est un outil pratique, mais à réserver aux experts qui savent ce qu’ils peuvent et ne peuvent pas installer, car d’une manière générale, je recommande à tout le monde de faire les mises à jour via Windows Update ne serait ce que pour la sécurité de votre ordinateur.

When Microsoft’s Windows XP launched in 2001, it was somewhat of a revelation.

Built on Windows NT and a clear step up from the consumer variants of Windows that preceded it, the OS reigned for years after being installed on millions of machines.

It’s currently estimated that around 0.8% of Windows PCs are still running Windows XP, despite Microsoft offering zero support for the relatively ancient OS. Nevertheless, there was mild euphoria among coders last month when it was confirmed that the source code for XP, among other things, had been leaked online , presumably to the dismay of Microsoft.

Leaked via 4chan, Distributed via Torrents and MEGA

For the vast majority of interested onlookers, the leak probably meant very little in practical terms. With no support from Microsoft, running Windows XP is already a security gamble, regardless of any additional leaks.

However, when Microsoft confirmed it was actively investigating the leak, some presumed the company would act very quickly to have the code disappeared from the web. Quite when the upload to MEGA was taken down is unclear but it didn’t take long for the file to be removed following a complaint.

Torrents, of course, are much more complicated. While it is possible to have some torrent sites respond to takedown requests, sites such as The Pirate Bay will happily index pretty much anything – including the source code leak.

Predictably, the leaked content is available via the site today and not even the mighty Microsoft can do much about that. However, when checking the hash value in Google search and scouring the DMCA notice archive hosted by Lumen Database, there appears to have been little or even no effort to have links to the source code removed from Google or Twitter.

Granted, most of the sites mentioning the content have taken care not to link directly to the leaked source itself, with many preferring to post unclickable but entirely usable magnet links instead. Nevertheless, just days after the leak was reported, a very public repository of the code appeared much closer to home and nothing was done about that either.

Source Code Published to Microsoft-Owned Github

On September 29, a handful of days after the leak reportedly appeared on 4chan, someone called ‘shaswata56’ thought it would be a good idea to post the source code for Windows XP on Github, for the world to see and download. The interesting thing here is that Github is owned by Microsoft, so the computing giant was effectively hosting its own leak.

Given the presumed sensitive nature of the source code, one might conclude that it would be spotted and deleted quickly. However, despite all the publicity, it took a full 10 days for Microsoft to do anything about it, at which point it had to serve its own company with a DMCA notice requesting that the code be taken down.

Takedown Notice to Github

“I work in Microsoft Security Incident Response. The code in question is from a Windows XP source code leak,” the DMCA notice dated October 8 and filed with Github reads.

“The GitHub content is pulled directly form [sic] a torrent (that was also taken down),” it continues.

The notice originally contained a hash value for the source but that was censored by Github, presumably to stop any additional infringement. However, archive copies of the now-removed repository show that hash value in full, which can be easily converted to a torrent, one that is very much alive and being shared by many people.

Microsoft Not Too Bothered By The Leak?

Clearly, Microsoft’s claim that the torrent was somehow taken down was incorrect but that’s not a huge surprise since once a torrent is being spread, stopping people with access to magnet links or even a hash is incredibly difficult.

That being said, it would’ve been trivial to remove the source from Github on the day it was published. Instead, it took exactly 10 days, a lifetime where leaks are concerned and a little bit embarrassing when it’s your own site doing the distribution.

Quite why a rapid removal wasn’t executed isn’t clear but coupled with what appears to be a lack of enthusiasm to remove links still available via Google, it makes one wonder how concerned Microsoft is about the leak after all.

Or, just possibly, the company realizes just how futile it all is.

The DMCA notice is available here

From: TF , for the latest news on copyright battles, piracy and more.

Enlarge (credit: Getty Images)

The FBI and the cybersecurity arm of the Department of Homeland Security said they have detected hackers exploiting a critical Windows vulnerability against state and local governments and that in some cases the attacks are being used to breach networks used to support elections.

Members of unspecific APTs—the abbreviation for advanced persistent threats—are exploiting the Windows vulnerability dubbed Zerologon. It gives attackers who already have a toehold on a vulnerable network access to the all-powerful domain controllers that administrators use to allocate new accounts and manage existing ones.

To gain initial access, the attackers are exploiting separate vulnerabilities in firewalls, VPNs, and other products from companies including Juniper, Pulse Secure, Citrix NetScaler, and Palo Alto Networks. All of the vulnerabilities—Zerologon included—have received patches, but as evidenced by Friday’s warning from the DHS and FBI, not everyone has installed them. The inaction is putting governments and elections systems at all levels at risk.

Read 3 remaining paragraphs | Comments

Enlarge (credit: VGrigas (WMF) )

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device.

An “insane” bug with “huge impact”

Such post-compromise exploits have become increasingly valuable to attackers pushing ransomware or espionage spyware. Tricking employees to click on malicious links and attachments in email is relatively easy. Using those compromised computers to pivot to more valuable resources can be much harder.

Read 13 remaining paragraphs | Comments

Si vous cherchez un peu de fraicheur dans ce doux monde de brutes des lecteurs de flux RSS et que vous n’accrochez pas avec mon préféré FEEDLY, je vous invite à jeter un oeil à Fluent Reader disponible sous macOS, Linux et Windows.

L’interface est très jolie et vous pouvez au choix ajouter vos flux un par un ou importer un OPML et paramétrer chaque flux pour que le contenu s’affiche sous la forme de texte dans Fluent Reader , sous la forme de page web ou s’ouvre directement dans un navigateur extérieur.

Il est également possible de filtrer les flux pour marquer comme lu automatiquement certains sujets qui ne vous intéressent pas ou au contraire ne garder que ce qui vous plait…etc., le tout avec des filtres classiques ou des expressions régulières.

Fluent Reader peut se paramétrer en version claire ou sombre, avec un affichage sous forme de tuiles ou de listes, mais permet également de sauvegarder toute la config et l’ensemble de vos flux pour les restaurer ensuite sans souci.

Pour télécharger Fluent Reader sous macOS c’est par ici , pour Windows 10 c’est par ici , et pour Linux ou les anciennes versions de Windows, rendez-vous directement sur le Github .