This is really great, but the real question is will users actually see this on a default Lenovo OS build? Can anyone confirm that Defender doesn't get disabled in favor or say... McAfee or Symantec?
Microsoft informed us that a fix was planned for the January patches but has to be pulled due to compatibility issues. Therefore the fix is now expected in the February patches.
So, they met the deadline and fixed the vulnerability, but due to compatibility issues had to pull it before being released through Windows Update.
... so they didn't meet the deadline. The deadline is for a released fix, not a theoretical fix that nobody can install in reality. They could, and should, speed up their process. But they won't, unless they get pressure from outside.
...yea it's easy to say when most people here should know how hard it is to ship any complicated system on multiple platforms. Actually, just making an app work for all major versions of Android could be a nightmare. And...what do you mean "they won't speed up their process"? Microsoft has released zero-day security bug fixes less than 90 days so many times before.
I didn't say it was easy. I said Microsoft could do it, and that's true. Microsoft can do hard things, if it's a priority for them. Apparently they've judged that the damage isn't worth prioritizing these fixes higher.
> Specifically, it related to Microsoft Secure Channel, known as Schannel, Microsoft's software for implementing secure transfer of data.
I'm confused... The article says this research relates to the SChannel vulnerability being patched this month and cites IBM Researchers[1] finding it, but the link to the blog post showing the work is towards OLE and not SChannel. Also, Microsoft has mentioned that they found[2] the SChannel vulnerability through an internal audit. To me, it seems the research is talking about CVE-2014-6332[3], which shows the patch as MS14-064. MS14-066 is the patch for the SChannel vulnerability.
Either BBC is confused on which patch they're trying to report on, or I am.
I think the BBC reporter likely got confused. However it seems http://securityintelligence.com/ibm-x-force-researcher-finds...is a blog post about a 19 year old remotely exploitable bug being fixed recently, so it seems like if anything the link should go there.
Depends on the IE Zone settings. I believe that if you set the a zone to 'Low', a web page can execute a VBSCript code, with or without ActiveX being enabled.
Yeah, running your own switch allows you to send whatever you want as caller ID. You get the subject's number, call 911 and claim there's a hostage crisis.
I miss the days when prank calls were about refrigerators running. Things are so mean on the Internet these days. Trolls play for keeps, not for luls.
I fail to see how the two are even remotely the same. Google continuously scans email content to sell ads; while Microsoft does it once and admits it so they can catch someone stealing trade secrets.
While I agree that the Scroogled campaign does tread slightly into the hyperbole, I can't agree that this the double-standard that most are making it out to be.
It doesn't matter if they're the same. The point of the Scroogled campaign is to say "the other companies read your emails, while we don't". Like every other MS marketing campaign, it doesn't take long to unravel.
Do they read your email? Your parent specifically debunked the point your trying to make. Microsoft selectively reading one persons mail who was leaking their activation technology, is not the same as reading their customers emails.
Hyperbole doesnt make your case stronger. In light of every other privacy issue happening in the world, this is a non story. I think it would be useful to prioritize outrage, and direct it to a spy agency or some other countries military.
I'm not entirely sure my previous posts were clear enough.
I'm not saying that Outlook / Hotmail is better or worse than competitors in terms of privacy. I'm saying that an MS Marketing campaign has helped create an unrealistic perception of MS email services for the public, which after this PR debacle has created yet another unrealistic perception of MS email services.
"...also alleged to have stolen Microsoft’s “Activation Server Software Development Kit,” a propriety system used to prevent the unauthorized copying of Microsoft programs."[1]
And another expansion on what the leak could allow:
"According to the reports, not only was Windows 8 leaked, but he also leaked Windows 7 files and the Microsoft Activation Server Software Development Kit which when reverse engineered, could allow hackers to crack the Activation process within Windows, meaning that pirated copies of Windows 7 could continue to function without the nagging presence of popup messages warning users about their copy of Windows."[2]
> could allow hackers to crack the Activation process within Windows
They already have. Well, maybe not exactly cracked, but there are workarounds. I'm pretty sure I don't need to list them here, because they're just a google search away.
Oh so it is an internal SDK, like something MS shares between Windows and Office or something? I'd expect it to rely on something other than a global secret. Or maybe they mean that with the source, it's easier to see how the activation checks are implemented and help reverse engineer them out?
Either way, pretty sure all MS products are widely available pirated.
I didn't see anything in the news... Was KUL-PEK a normal route for this pilot? Makes a lot of sense to have and practice on runways in the area you take off or land into the most.
That would be like a programmer writing "Hello World" in C if landing commercial aircraft was as easy, inconsequential and irrelevant to the main part of their job as writing "Hello World", or if programmers worked in a highly-regulated regime where their lives were dependent on absolutely perfect execution of repetitive "Hello World"-type tasks. Or indeed, if piloting and programming were remotely comparable activities.
Stretching the analogy beyond it's elastic breaking point and devolving in to pedantry: Good job! I was in essence pointing out, being both a pilot and a programmer, that pilots and programmers have zero interest in doing the same procedure over and over again in their leisure time just for shits and giggles. I don't practice landing at Van Nuys airport on the simulator in a Citation because that's old hat. I practice landing on the simulator at a scenic airport in the Swiss alps, with 40 knot cross winds, low cloud layer, just at dawn because it is fun...
There are times when pedantry is called for, one of which is when people are insinuating there's anything remotely unusual about a pilot playing with some nearby airports on a home flight sim; whether you intended to contribute towards the excessive levels of FUD on here or not.
The Maldives are pretty darn scenic, the landing strip is a tiny island and a 777-rated pilot wouldn't have been flying there with MAS; some of his friends might have been. And even landing somewhere as run-of-the mill as Changi can be made less dull by doing it on the military runway in a storm - it's a lot easier on a sim when you don't have to explain your actions to ATC
And there are enough plane spotters amongst the aviation enthusiast community to suggest that the real aviation industry equivalent of reimplementing of "Hello World" has its fanbase :-)
Looking at the update at 2.32pm AEST makes me sad. Two people mourning over the loss of their relatives and everyone in the airport takes pictures of them. Here is the image (although I'm just spreading it around more): http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/20...
