Miscellaneous Tech News
-
@dustinb3403 said in Miscellaneous Tech News:
@jaredbusch said in Miscellaneous Tech News:
@dustinb3403 said in Miscellaneous Tech News:
Why the downvote on that @JaredBusch? The issue is clearly how windows supports the elevation and allows a user to select anything outside of the intended purpose.
Plugging an device in while locked will still have the same issue, no matter what.
The issue also clearly involves interaction with the GUI.
Sure, but the issue will still exist no matter what, regardless of the GUI the system is still vulnerable to being owned.
No, this issue, specifically requires that a user be logged in to the GUI in order to be able to exploit it.
Other than Mr. Microsoft ( @Obsolesce ), no one is trying to say MS doesn't have a shit ass flaw that needs fixed. But the flaw 100% requires the GUI.
-
@jaredbusch said in Miscellaneous Tech News:
Other than Mr. Microsoft ( @Obsolesce )
I acknowledged the flaw in their process.
-
https://www.the-sun.com/tech/3525714/microsoft-power-apps-exposed-data-leaks/
Kind of click-baity title but power apps automatically makes a database public when you enable an API to interact with the database.
-
@stacksofplates said in Miscellaneous Tech News:
https://www.the-sun.com/tech/3525714/microsoft-power-apps-exposed-data-leaks/
Kind of click-baity title but power apps automatically makes a database public when you enable an API to interact with the database.
At what point do we hold people (Microsoft) criminally liable who design and implement these systems with such poor security practices, by default the database was public when using an API....
Um my 3 year old would know better than to use that as a default setting.
-
Google Pay team reportedly in major upheaval after botched app revamp
"Dozens of employees and executives have left" the struggling payments division.
Google Pay is apparently just as much a disaster internally as the app transition has been externally. That's the big takeaway from a recent Business Insider article detailing an exodus of executives from Google's payment division, lower-than-expected app adoption, and employees frustrated with the slow movement of the division. Business Insider spoke with ex-employees and learned that "dozens of employees and executives have left" the Google Payments team in recent months, including "at least seven leaders on the team with roles of director or vice president." The most prominent departure, of payments chief Caesar Sengupta, kicked off the exodus in April, and now employees are worried about another reorganization and even slower progress. Many rank-and-file team members have reportedly departed, too, with the story saying, "One former employee estimated that half the people working on the business-development team for Google Pay—a group of about 40 people—have left the company in recent months." -
-
As expected, another vendor hardware installer exposed critical Windows 10 bug...
-
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user's. By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically. -
@mlnews said in Miscellaneous Tech News:
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user's. By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically.Days late, we've discussed this in depth. Arstechnica needs to step up their game
-
Overwatch to change cowboy character McCree's name
Jesse McCree, a character in Blizzard's Overwatch game, will be renamed in the wake of fallout over sexual harassment allegations against the company.
The in-game McCree, a revolver-toting cowboy character, was named after a real-life Blizzard staff member. In August, he and two other executives left the company without explanation. In a statement, the Overwatch team said it was "necessary to change the name... to something that better represents what Overwatch stands for". "Going forward, in-game characters will no longer be named after real employees," it promised. But the Overwatch developers did not reveal what the character's new name would be. -
Azure Databases Compromised.
-
Update on Windows 11 minimum system requirements and the PC Health Check app
First, an update on Windows 11 minimum system requirements based, in part, on feedback from the Windows Insider community. Second, information on the updated PC Health Check app that is now available to Windows Insiders.
-
-
@dustinb3403 said in Miscellaneous Tech News:
Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Arstechnica needs to step up their game
-
@dustinb3403 said in Miscellaneous Tech News:
Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Who woulda thought that misconfiguring services could open up vulnerabilities?
-
@obsolesce said in Miscellaneous Tech News:
Who woulda thought that misconfiguring services could open up vulnerabilities?
WTF are you trying to say here?
Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.
-
@jaredbusch said in Miscellaneous Tech News:
@obsolesce said in Miscellaneous Tech News:
Who woulda thought that misconfiguring services could open up vulnerabilities?
WTF are you trying to say here?
Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.
I took it as a misconfiguration on the customers part. But reading it again now, not sure if a misconfiguration on MS's part or the customer. But yes, that is in addition to a vulnerability with the service itself. That part I wasn't debating.
-
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience too -
@hobbit666 said in Miscellaneous Tech News:
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience tooOMG! about fucking time!!!! they brought that back.
-
@hobbit666 said in Miscellaneous Tech News:
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience tooKinda ridiculous it took this long. I always liked that you could do it when installing a Linux OS.
