Miscellaneous Tech News

mlnews

Hackers steal secret crypto keys for NordVPN. Here’s what we know so far

Breach happened 19 months ago. Popular VPN service is only disclosing it now.
Hackers breached a server used by popular virtual network provider NordVPN and stole encryption keys that could be used to mount decryption attacks on segments of its customer base. A log of the commands used in the attack suggests that the hackers had root access, meaning they had almost unfettered control over the server and could read or modify just about any data stored on it. One of three private keys leaked was used to secure a digital certificate that provided HTTPS encryption for nordvpn.com. The key wasn't set to expire until October 2018, some seven months after the March 2018 breach. Attackers could have used the compromised certificate to impersonate the nordvpn.com website or mount man-in-the-middle attacks on people visiting the real one. Details of the breach have been circulating online since at least May 2018.

nadnerB

Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/

Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow.

...

"Users that have purchased any of the products directly will now have access to a scoped version of the Microsoft 365 admin center that is limited to their purchases. Self-service purchasers are responsible for managing their own billing information, subscriptions and license assignment,"

DustinB3403

@nadnerB said in Miscellaneous Tech News:

Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/

Microsoft will allow "self-service purchase and license management capabilities" for Office 365 users, initially for its Power Platform low-code services, PowerApps, PowerBI and Flow.

...

"Users that have purchased any of the products directly will now have access to a scoped version of the Microsoft 365 admin center that is limited to their purchases. Self-service purchasers are responsible for managing their own billing information, subscriptions and license assignment,"

I don't have an issue with this, as the person who paid for the service, should be able to see their information at any time they want.

Dashrender

@nadnerB said in Miscellaneous Tech News:

Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365
https://www.theregister.co.uk/2019/10/22/microsoft_self_service_office_365/

Microsoft, though, has picked up an obstacle to the "empowerment" for which the Power Platform is intended, which is that users have to work with their IT administrators to get licenses for the services they want to use.

This sounds like a failing within that business. I know many businesses sadly do suffer this this level of failing.

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

scottalanmiller

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Dashrender

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

scottalanmiller

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

scottalanmiller

This is similar to what they have been doing with Teams.

Dashrender

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

JaredBusch

https://spacenews.com/spacex-plans-to-start-offering-starlink-broadband-services-in-2020/

StrongBad

@JaredBusch said in Miscellaneous Tech News:

https://spacenews.com/spacex-plans-to-start-offering-starlink-broadband-services-in-2020/

US only at launch (pun intended), but sounds like global coverage coming quickly.

dbeato

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

scottalanmiller

@dbeato said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.

mlnews

Microsoft’s new Secured-core PC initiative short circuits firmware attacks

Secured-core extends the root of trust past the boot environment itself.
Microsoft on Tuesday announced a new hardware security initiative, dubbed Secured-core PC. The short version of what "Secured-core PC" really means is a defense against attacks at the firmware layer. Although actual firmware-based attacks have been relatively uncommon in the field so far, they represent a particularly nasty avenue of exploitation for an advanced, persistent attacker. Once a machine's firmware is compromised, the exploit is persistent across reboots, operating-system re-installations, and even full hard drive replacement. As operating systems themselves become more secure and difficult to compromise and keep compromised, the value of pivoting from a shell to the firmware layer in order to enhance persistence also increases. Even detection of compromised firmware is problematic, since Windows Defender and other antivirus applications run at the operating-system level and don't necessarily have direct access to the firmware.

Dashrender

@scottalanmiller said in Miscellaneous Tech News:

@dbeato said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.

likely only workable if you are not using any MS services.

scottalanmiller

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@dbeato said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

At least the article goes on to say a Director with a company CC is who would be buying these licenses, so likely someone on that Directors staff would be managing these licenses, not each person individually.

Basically MS is promoting "Shadow IT", which is in MS' benefit, but is not in a business' benefit. Shows how far MS has fallen from being a business focused company.

Yep, this is what the thread on SW was basically saying as well. MS, like so many other companies - don't care about processes, only about profits.

Until someone does this, a lawyer cites MS' "admins can't stop us policy" and sues for MS being complacent, or worse, in data theft and they start looking for people to go to jail.

yeah - the data being in places IT is unaware of, that upper management is unaware of - that's the big issue I've seen since I read about this.

I was discussing it too in SW but some on a thread I was in think it is targeted to business but I believe they are targeting businesses but focusing on the individuals (Like consumers) and the bottom line is more money.

For sure, they are just in a money grab, not considering how this will look in the bigger picture. Simple answer... use your filters and block MS websites.

likely only workable if you are not using any MS services.

Which you'd be heavily encourage not to use after this.

mlnews

Firefox 70 brings Enhanced Tracking Protection and longer battery life

Firefox 70 brings users privacy, battery, and performance improvements.
Yesterday, Mozilla released Firefox 70. The newest version of the most-popular fully open source browser expands on the Enhanced Tracking Protection we saw as an option in Firefox 69 and turns that protection on by default for all users. We already saw most of these new features in our Firefox 70 beta coverage, but since then, the features have been expanded upon and fine-tuned, and major new features have appeared or have been added in the Lockwise online password manager for users who have a Firefox cloud account. In addition to automatically generating pseudorandom passwords for you, saving them, and automatically filling out login forms with them, Lockwise continuously scans the Internet for password and database dumps that might contain leaked copies of your credentials. Lockwise does this by comparing a hash of each of your passwords to hashes of the passwords in the dumps and leaks—so you don't have to worry about Mozilla itself, or its employees, "knowing" your password.

black3dynamite

https://www.omgubuntu.co.uk/2019/10/linux-deepin-20-new-app-launcher

black3dynamite

https://www.omgubuntu.co.uk/2019/10/canonical-has-a-new-ubuntu-desktop-director

mlnews

Microsoft beat expectations with strong Windows revenue, but Xbox had a rough quarter

Surface didn't post good numbers, but that could change in the next quarter.
Microsoft beat analyst expectations in its quarterly earnings report, achieving $33.06 billion in revenue in the start of its first 2020 fiscal quarter (which ended September 30) compared to a projected $32.23 billion. That's a 14% increase over the same quarter the prior year. Much of the growth still came from Azure, the company's ever-expanding cloud-services platform, which saw 59% revenue growth. However, that's down just a little from the previous quarter, which saw 64% growth. Azure and other cloud services saw $10.85 billion in revenue.That's not what disappointed analysts and investors. Most expected a similar figure as Azure's growth slows down quarter by quarter and it achieves greater market saturation. (Amazon's more popular AWS has seen slowing growth lately, too).