By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Late last year, Microsoft surprised many with the announcement of the Surface-branded headphones. The premium peripheral has opened the door to the company exploring where else they can apply the Surface branding and the next stop appears to be a pair of earbuds. According to multiple sources who are familiar with the company’s plans, Microsoft is currently working on a pair of earbuds under the code name of Morrison. The company is looking to capitalize upon the development of its audio tech by expanding its portfolio to cover the two major categories of headphones: over-ear and in-ear. This isn’t Microsoft’s first adventure into the earbud segment, the company previously sold earbuds with its Zune music player several years ago. And with wireless earbuds being a quickly growing segment with Apple leading the way and Amazon likely joining the party soon, Microsoft will be entering a saturated market but that has never stopped them in the past. The codename for this product is a bit different than others we have seen come out of the Microsoft camp when it comes to hardware. There are devices like Andromeda and Centaurus that use astrological names but the original Surface Headphone name was Joplin – likely related to Scott Joplin (or actually, Janis Joplin), an American composer known for his ragtime music. Morrison is likely related to Jim Morrison, who was the lead singer of the Doors and is considered to be a classic American rock star. As for the name, Surface Buds has been tossed around but I don’t know if that will be the retail name when they do arrive. Follow this and more on OUR FORUM.

A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems. The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL S (Save web page) command. Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format. Today, security researcher John Page published details about an XXE (XML eXternal Entity) vulnerability in IE that can be exploited when a user opens an MHT file. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information," Page said. "Example, a request for 'c:Python27NEWS.txt' can return version information for that program." Because on Windows all MHT files are automatically set to open by default in Internet Explorer, exploiting this vulnerability is trivial, as users only need to double-click on a file they received via email, instant messaging, or another vector. Page said the actual vulnerable code relies on how Internet Explorer deals with CTRL K (duplicate tab), "Print Preview," or "Print" user commands. But, as Windows uses IE as the default app to open MHT files, users don't necessarily have to have IE set as their default browser, and are still vulnerable as long as IE is still present on their systems, and they're tricked into opening an MHT file. This vulnerability should not be taken lightly, despite Microsoft's response. Read the complete story on OUR FORUM.

At the National Association of Broadcasters (NAB) trade show in Las Vegas, Sony announced the world’s largest high-resolution display featuring a “16k” resolution, as well as Sony’s ‘Crystal LED’ display based on microLED technology. Sony’s 16k display has a diagonal measurement of 783” and has four times as many pixels as an 8K TV, but the company didn’t give details on the vertical resolution. The larger-than-life screen is 19.2 meters (63 feet) long and 5.4 meters (17 feet) high, so the vertical resolution likely isn't very high. This makes some sense, as walls can only be so tall, but it ultimately means Sony uses a non-standard resolution that is not a direct upscaling of 4K and 8K. Sony has started before that its modular and bezel-less Crystal LED screens can be arranged in any shape, even ones that don’t look like a typical TV. The Crystal LED screen Sony unveiled in Las Vegas is currently being installed at a new research center in Japan. These 16K screens will likely remain a high-end product for the corporate world for now, but Sony intends to sell smaller variations to offices, cinemas, and even consumers in the near future. MicroLED technology is basically OLED tech that doesn’t have burn-in issues because it doesn’t use any organic material to create the self-emitting diodes that don’t require a backlight (as LCDs do). There's more posted on OUR FORUM.

 

Windows 10 users and while the company earlier promised that it would bring the browser on other platforms such as Windows 7, Windows 8, Windows 8.1, and MAC OS, the launch date saw Microsoft announcing the browser as Windows 10 exclusive with the company saying that support for other platforms “coming soon.” Turns out that Microsoft kind of lied when it said the browser is Windows 10 exclusive at the launch date. As first spotted by Bleeping Computer, the Windows 10 Edge installer also works Windows 7, meaning you can download and install the Chromium-based Microsoft Edge browser on your Windows 7 PC. The only catch here is that you won’t be able to download the installer from Microsoft Edge website. Therefore, to taste the Microsoft Edge browser on your Windows 7 PC you have to download the installer from a Windows 10 PC, and then make a copy of the installer file, paste it to your Windows 7 PC. Follow the necessary steps and your attempt of installing the browser should be a success, you’ll also be able to use the browser and there shouldn’t be any issue with surfing the web. For more and direct download links visit OUR FORUM.

Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater. The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months. The bug was co-opted for hacking after a February 20 report from Israeli security firm Check Point revealed that a malicious ACE file could place malware anywhere on a Windows PC after being extracted by WinRAR. Locations include the Windows Startup folder, where the malware would automatically execute on each reboot. A month before Check Point's report, WinRAR developers released a new version that dropped support for ACE because it was unable to update a library in WinRAR called Unacev2.dll that contained a directory traversal flaw. However, by March, when this attack was detected by Microsoft, it's likely a large chunk of the world's 500 million WinRAR users hadn't updated to the non-ACE version or hadn't removed the vulnerable DLL. The MuddyWater group's activities were first spotted in 2017. It is known to target users in the Middle East, Europe, and the US. The group frequently doctors up phishing documents to appear as if they're from security arms of various governments.  For more visit OUR FORUM.

I thought deactivating my Facebook account would stop the social network from tracking me online. But Facebook kept tabs on me anyway. Over the past year, I've tried to minimize my presence on Facebook. I deleted a 10-year-old account and replaced it with a dummy account that I use as little as possible. I deleted the app from my phone. As of January, I started deactivating my dummy account every time I used it, rather than just log out. I couldn't break up completely with Facebook because I needed it to sign up twice a week for a workshop. I thought the precautions would reduce how much data Facebook gathered about me. Turns out, I was wasting my time. Even when your account is deactivated, the social network continues collecting data about your online activities. All that data gets sent back to Facebook and is tied to your account while it's in this state of limbo. It's as if you'd changed nothing. On the site, Facebook explains that deactivating is a half-step to complete deletion. But it says little about how data collection works during the period. In its data policy, Facebook suggests deactivation to manage your privacy but doesn't mention that it still collects data during that period. The ongoing collection of data from deactivated accounts could be considered misleading, privacy experts warn. The social network's Share button is on 275 million web pages. It collects data allowing advertisers to see what kind of content you're viewing. That's why you're likely to see ads for sports in your Facebook feed if you've been visiting a lot of sports websites. Complete details can be found on OUR FORUM.

 
 

GTranslate