Miscellaneous Tech News
-
Unpatched Linux bug may open devices to serious attacks over Wi-Fi
Buffer overflow can be triggered in Realtek Wi-Fi chips, no user interaction needed.
A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said. The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013. -
-
Alexa and Google Home abused to eavesdrop and phish passwords
Amazon- and Google-approved apps turned both voice-controlled devices into "smart spies."
*By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials. Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. * -
https://mover.io/blog/2019/10/21/mover-acquired-by-microsoft/
Since we launched Mover, we have dedicated ourselves to being one of the fastest and most recognized cloud storage migrators in the world. Today the next chapter in our journey begins, and I am very happy to announce that Microsoft has acquired Mover.
As the world moves to Microsoft 365, it needs an excellent self-serve solution for migrating content. Our technology makes us one of the fastest OneDrive and SharePoint document migrators in the world. My team has proven this time and time again by setting migration speed records for the industry, always meeting customer needs. Security, file fidelity, and transfer accuracy are core tenets of our company and we take pride in our reputation.
Moving forward, we’ll bring our deep expertise and migration technology to serve Microsoft customers. This acquisition will ensure that customers making the move to Microsoft 365 have a seamless and cost effective experience.
It has been a fantastic journey these last eight years. We have met thousands of wonderful customers and moved more data than I ever imagined. It has been an honor to be trusted by you and your fellow customers.
On behalf of everyone at Mover, thank you to all our family, friends, customers, partners, investors, and allies who helped us get to where we are today. We couldn’t have done it without you.
-Best, Eric Warnke
Also:
https://blogs.microsoft.com/blog/2019/10/21/microsoft-acquires-mover-to-simplify-and-speed-file-migration-to-microsoft-365/
Microsoft acquires Mover to simplify and speed file migration to Microsoft 365 -
Hackers steal secret crypto keys for NordVPN. Here’s what we know so far
Breach happened 19 months ago. Popular VPN service is only disclosing it now.
Hackers breached a server used by popular virtual network provider NordVPN and stole encryption keys that could be used to mount decryption attacks on segments of its customer base. A log of the commands used in the attack suggests that the hackers had root access, meaning they had almost unfettered control over the server and could read or modify just about any data stored on it. One of three private keys leaked was used to secure a digital certificate that provided HTTPS encryption for nordvpn.com. The key wasn't set to expire until October 2018, some seven months after the March 2018 breach. Attackers could have used the compromised certificate to impersonate the nordvpn.com website or mount man-in-the-middle attacks on people visiting the real one. Details of the breach have been circulating online since at least May 2018. -
Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow.
...
"Users that have purchased any of the products directly will now have access to a scoped version of the Microsoft 365 admin center that is limited to their purchases. Self-service purchasers are responsible for managing their own billing information, subscriptions and license assignment,"
-
@nadnerB said in Miscellaneous Tech News:
Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow.
...
"Users that have purchased any of the products directly will now have access to a scoped version of the Microsoft 365 admin center that is limited to their purchases. Self-service purchasers are responsible for managing their own billing information, subscriptions and license assignment,"
I don't have an issue with this, as the person who paid for the service, should be able to see their information at any time they want.
-
@nadnerB said in Miscellaneous Tech News:
Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/Microsoft, though, has picked up an obstacle to the "empowerment" for which the Power Platform is intended, which is that users have to work with their IT administrators to get licenses for the services they want to use.
This sounds like a failing within that business. I know many businesses sadly do suffer this this level of failing.
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
-
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
-
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
-
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.
-
This is similar to what they have been doing with Teams.
-
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.
yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.
-
-
@JaredBusch said in Miscellaneous Tech News:
https://spacenews.com/spacex-plans-to-start-offering-starlink-broadband-services-in-2020/
US only at launch (pun intended), but sounds like global coverage coming quickly.
-
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.
yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.
I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.
-
@dbeato said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.
yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.
I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.
For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.
-
Microsoft’s new Secured-core PC initiative short circuits firmware attacks
Secured-core extends the root of trust past the boot environment itself.
Microsoft on Tuesday announced a new hardware security initiative, dubbed Secured-core PC. The short version of what "Secured-core PC" really means is a defense against attacks at the firmware layer. Although actual firmware-based attacks have been relatively uncommon in the field so far, they represent a particularly nasty avenue of exploitation for an advanced, persistent attacker. Once a machine's firmware is compromised, the exploit is persistent across reboots, operating-system re-installations, and even full hard drive replacement. As operating systems themselves become more secure and difficult to compromise and keep compromised, the value of pivoting from a shell to the firmware layer in order to enhance persistence also increases. Even detection of compromised firmware is problematic, since Windows Defender and other antivirus applications run at the operating-system level and don't necessarily have direct access to the firmware. -
@scottalanmiller said in Miscellaneous Tech News:
@dbeato said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.
yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.
I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.
For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.
likely only workable if you are not using any MS services.
-
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@dbeato said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.
Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.
Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.
Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.
yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.
I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.
For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.
likely only workable if you are not using any MS services.
Which you'd be heavily encourage not to use after this.