Slashdot Mirror

Reader v3rgEz writes: International customers are becoming increasingly concerned about the U.S.'s data snooping practices, and it appears Microsoft has devised a solution to make them happy: Set up Azure cloud in a foreign region. Because it's under the technical ownership of a German company named Deutsche Telekom, even Microsoft doesn't have access to the data. The move is not surprising, but it could set a precedent that encourages others to move their corporate data away from U.S. shores to countries that take a friendlier view of encryption and data privacy. From the official blog post, "Microsoft has -- in this new model -- no rights at all to access customer data. Only for special purpose like a support call from a customer a temporary access will be granted by the Data Trustee to the Microsoft engineer, and only for the specified area. After that time (using a technology similar to what you might know as JIT) all access is revoked automatically. So to repeat: Access is granted to the Microsoft engineer only by the Data Trustee. Microsoft has no way to grant that access to itself."

theodp writes: A year after its acquisition of Revolution Analytics, Microsoft announced a slew of R-related product offerings, and noted that Revolution R Open is giving up her maiden name and will henceforth be known as Microsoft R Open. Tucked away in the announcement was the news that R is coming to Visual Studio. Microsoft has released a teaser video for R Tools for Visual Studio (RTVS) and is taking sign-ups for early access.

theodp writes: When President Obama delivers his final State of the Union address on Tuesday, the White House reports that the inspiring individuals seated with the First Lady will include Microsoft CEO Satya Nadella. "Microsoft has been a leader in expanding access to computer science in K-12 classrooms," explains the White House, perhaps unaware that the company reportedly struck a deal to kill BASIC on Macs in 1985 and stopped including BASIC on PCs after Windows 95. Ironically, Microsoft now laments that girls began to stop seeing themselves as coders after 1984, which gave rise to the need for today's Microsoft-led national K-12 CS intervention. "Girls don't see other girls programming," Microsoft explained in 2013, "so they just don't know that it's available to them." So, is there such a thing as corporate Munchausen syndrome by proxy?

An anonymous reader writes: Microsoft said in a blog post Thursday that it aided law enforcement agencies in several regions to disrupt a 4-year-old botnet called Dorkbot. The botnet aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix and has infected one million computers worldwide. The company didn't provide details on how Dorkbot's infrastructure was disrupted.

An anonymous reader writes: Microsoft has this week made its Distributed Machine Learning Toolkit (DMTK) openly available to the developer community. Researchers at the Microsoft Asia lab have released the toolkit on GitHub under an MIT (Massachusetts Institute of Technology) license, to encourage the use of multiple computers in parallel to solve complex problems. Its design builds on a parameter server-based programming framework, which allows big data machine learning tasks to be easily scaled, and flexibly and efficiently executed. The toolkit also contains two distributed machine learning algorithms, which can be used to train the world's fastest and largest topic model, as well as the largest word-embedding model.
This is a welcome move, especially after Google did something broadly similar.

jones_supa writes: Microsoft's mail and calendar server package Exchange Server 2016 is being refreshed and is now out of preview, along with the 2016 revamp for other Office products. The new Exchange tries to simplify the software's architecture while still adding new features and working better with other Office products. You can now use links from Sharepoint 2016 and OneDrive for Business as email attachments, instead of having to upload the actual file, leading to more robust file sharing and editing. Add-ins have been introduced, which allows extensibility similar to extensions on a web browser. Microsoft is providing a 180-day trial for free.

AmiMoJo writes: Last month Microsoft changed its policy on protecting search settings to include any software that attempts to hijack searches as malware. As a result, this month the Ask Toolbar, which most people will probably recognize as being unwanted crapware bundled with Java, was marked as malware and will now be removed by Microsoft's security software built in to Windows 7 and above.

theodp writes: Wondering what kind of things Microsoft might do with its purchase of Revolution Analytics? Over at the Revolutions blog, David Smith announces that in-database R is coming to SQL Server 2016. "With this update," Smith writes, "data scientists will no longer need to extract data from SQL server via ODBC to analyze it with R. Instead, you will be able to take your R code to the data, where it will be run inside a sandbox process within SQL Server itself. This eliminates the time and storage required to move the data, and gives you all the power of R and CRAN packages to apply to your database." It'll no doubt intrigue Data Scientist types, but the devil's in the final details, which Microsoft was still cagey about when it talked-the-not-exactly-glitch-free-talk (starts @57:00) earlier this month at Ignite. So, brush up your R, kids, and you can see how Microsoft walks the in-database-walk when SQL Server 2016 public preview rolls out this summer.

wabrandsma (2551008) writes with this excerpt from The Verge: Last night, researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems. After some digging, researcher Jerome Segura realized the problem was coming from Google's DoubleClick ad servers and the popular Zedo ad agency. Together, they were serving up malicious ads designed to spread the recently identified Zemot malware. A Google representative has confirmed the breach, saying "our team is aware of this and has taken steps to shut this down."

An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."

MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.

MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.

An anonymous reader writes For some reason that escapes me, a Judge has granted Microsoft permission to hijack NoIP's DNS. This is necessary according to Microsoft to thwart a "global cybercrime epidemic" being perpetrated by infected machines running Microsoft software. No-IP is a provider of dynamic DNS services (among other things). Many legitimate users were affected by the takedown: "This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives. ... We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening."

Z80xxc! (1111479) writes "Today at the first annual Code Conference, Microsoft demonstrated its new real-time translation in Skype publicly for the first time. Gurdeep Pall, Microsoft's VP of Skype and Lync, compares the technology to Star Trek's Universal Translator. During the demonstration, Pall converses in English with a coworker in Germany who is speaking German. 'Skype Translator results from decades of work by the industry, years of work by our researchers, and now is being developed jointly by the Skype and Microsoft Translator teams. The demo showed near real-time audio translation from English to German and vice versa, combining Skype voice and IM technologies with Microsoft Translator, and neural network-based speech recognition.'"

An anonymous reader writes "In a time when the government avows that it cannot carry out justice without issuing secret warrants and National Security Letters to anyone other than the suspect, it is truly noteworthy when news breaks that the FBI, facing push-back from the likes of a company such as Microsoft, finds that it can indeed gather the information it needs for its investigation through a regular search warrant applied directly to its suspect. Such was the case on Thursday. Court documents (PDF) reveal that Microsoft filed a petition against the National Security Letter (NSL) it received involving one of its customers, citing violations to the First Amendment. The FBI later withdrew the NSL and went after their suspect in the old, Constitutionally-sound way. A federal judge ruled last year that the NSLs impinge on free speech' That judgement has been stayed, of course, pending appeal."

msm1267 (2804139) writes "Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.

Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said. Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."

jones_supa (887896) writes "Neowin reports how Microsoft made a rare weekend post on its Security Response Center blog to announce an advisory that affects all currently supported versions of Internet Explorer (versions 6 to 11). The issue is based on a newly discovered exploit that could be used against the web browser. The vulnerability exists in the way that IE accesses an object in memory that has been deleted or has not been properly allocated. Memory may be corrupted in a way that could allow an attacker to execute arbitrary code in the context of the current user. Microsoft is aware of 'limited, targeted attacks' that have used the exploit. IE 10 and 11 are protected against attacks using this exploit if they have their Enhanced Protected Mode turned on. Also, PCs that have either the Enhanced Mitigation Experience Toolkit 4.1 or the EMET 5.0 Technical Preview installed are also secured against this security hole. Microsoft will take the appropriate action to protect its customers by delivering a security update."

snydeq (1272828) writes "Microsoft TechNet blog makes clear that Windows 8.1 will not be patched, and that users must get Windows 8.1 Update if they want security patches, InfoWorld's Woody Leonhard reports. 'In what is surely the most customer-antagonistic move of the new Windows regime, Steve Thomas at Microsoft posted a TechNet article on Saturday stating categorically that Microsoft will no longer issue security patches for Windows 8.1, starting in May,' Leonhard writes. 'Never mind that Windows 8.1 customers are still having multiple problems with errors when trying to install the Update. At this point, there are 300 posts on the Microsoft Answers forum thread 'Windows 8.1 Update 1 Failing to Install with errors 0x80070020, 80073712 and 800F081F.' The Answers forum is peppered with similar complaints and a wide range of errors, from 800F0092 to 80070003, for which there are no solutions from Microsoft. Never mind that Microsoft itself yanked Windows 8.1 Update from the corporate WSUS update server chute almost a week ago and still hasn't offered a replacement.'"

DroidJason1 (3589319) writes "Microsoft has released the highly anticipated Windows 8.1 Update, adding numerous improvements for non-touch consumers based on feedback. It is also a required update for Windows 8.1, otherwise consumers will no get any future security updates after May 2014. Most of the changes in the update are designed to appease non-touch users, with options to show apps on the desktop taskbar, the ability to see show the taskbar above apps, and a new title bar at the top of apps with options to minimize, close, or snap apps."

theodp (442580) writes "Over at Microsoft on the Issues, Microsoft continues to lament the computer programming skills gap of American kids, while simultaneously lobbying for more H-1B visas to fill that gap. Saying that states must do more to 'help students gain critical 21st century skills,' Microsoft credits itself and partner Code.org for getting 30,606,732 students to experience coding through the Hour of Code, claiming that K-12 kids have 'written 1,332,784,839 lines of code' (i.e., dragged-and-dropped puzzle pieces), So, if it's concerned about helping students gain programming skills, shouldn't Microsoft be donating fully-functional desktop versions of MS-Office to schools, which would allow kids to use Visual Basic for Applications (VBA)? While Microsoft's pledge to give 12 million copies of its Office software to schools was heralded by the White House and the press, a review of the 'fine print' at Microsoft suggests it's actually the online VBA-free version of Office 365 Education that the kids will be getting, unless their schools qualify for the Student Advantage program by purchasing Office for the faculty and staff. Since Microsoft supported President Obama's call for kids to 'Don't Just Play on Your Phone, Program It', shouldn't it give kids the chance to program MS-Office, too?"

theodp (442580) writes "Over at Microsoft on the Issues, Microsoft continues to lament the computer programming skills gap of American kids, while simultaneously lobbying for more H-1B visas to fill that gap. Saying that states must do more to 'help students gain critical 21st century skills,' Microsoft credits itself and partner Code.org for getting 30,606,732 students to experience coding through the Hour of Code, claiming that K-12 kids have 'written 1,332,784,839 lines of code' (i.e., dragged-and-dropped puzzle pieces), So, if it's concerned about helping students gain programming skills, shouldn't Microsoft be donating fully-functional desktop versions of MS-Office to schools, which would allow kids to use Visual Basic for Applications (VBA)? While Microsoft's pledge to give 12 million copies of its Office software to schools was heralded by the White House and the press, a review of the 'fine print' at Microsoft suggests it's actually the online VBA-free version of Office 365 Education that the kids will be getting, unless their schools qualify for the Student Advantage program by purchasing Office for the faculty and staff. Since Microsoft supported President Obama's call for kids to 'Don't Just Play on Your Phone, Program It', shouldn't it give kids the chance to program MS-Office, too?"

An anonymous reader writes "Microsoft took some much-deserved flack last week for admitting they examined the emails of a Hotmail user who received some leaked Windows 8 code. The company defended their actions at the time. Now, after hearing the backlash, Microsoft General Counsel Brad Smith says they will not do so in the future. Instead, they'll refer it to law enforcement. He wrote, 'It's always uncomfortable to listen to criticism. But if one can step back a bit, it's often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers. ...As a company we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities. While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us.'"

An anonymous reader writes "Microsoft, along with the Computer History Museum, has posted the source code for MS-DOS 1.1 and 2.0, and Word for Windows 1.1a. It's been a long time coming — DOS 2.0 was released for IBM PCs in 1983, and Word for Windows 1.1a came out in 1990. The museum, with Microsoft's consent, has made the code available for non-commercial use. They've also explained some of the history of this software's development: '[In August, 1980], IBM had already contracted with Microsoft to provide a BASIC interpreter for the PC, so they asked them to investigate also providing the operating system. Microsoft proposed licensing "86-DOS", which had been written by Tim Paterson at Seattle Computer Products (SCP) for their 8086-based computer kit because the 16-bit version of CP/M was late. When SCP signed the licensing deal [7] with Microsoft, they didn't know for sure who the computer manufacturer was. Paterson said "We all had our suspicions that it was IBM that Microsoft was dealing with, but we didn't know for sure." [1] He left SCP to work for Microsoft in 1981. "The first day on the job I walk through the door and 'Hey! It's IBM.'" Microsoft originally licensed 86-DOS in December 1980 for a flat fee of $25,000. By the next summer they recognized the importance of owning it and being able to license it to other companies making IBM-PC clones, so they purchased all rights for an additional $50,000.'"

MojoKid writes "Microsoft has been loudly and insistently banging a drum: All support and service for Windows XP and Office 2003 shuts down on April 8. In early February, faced with a slight uptick in users on the decrepit operating system the month before, Microsoft hit on an idea: Why not recruit tech-savvy friends and family to tell old holdouts to get off XP? The response ... was a torrent of abuse from Windows 8 users who aren't exactly thrilled with the operating system. Microsoft has come under serious fire for some significant missteps in this process, including a total lack of actual upgrade options. What Microsoft calls an upgrade involves completely wiping the PC and reinstalling a fresh OS copy on it — or ideally, buying a new device. Microsoft has misjudged how strong its relationship is with consumers and failed to acknowledge its own shortcomings. Not providing an upgrade utility is one example — but so is the general lack of attractive upgrade prices or even the most basic understanding of why users haven't upgraded. Microsoft's right to kill XP is unquestioned, but the company appears to have no insight into why its customers continue to use the OS. "

An anonymous reader writes "Microsoft remotely deleted old versions of Tor anonymizing software from Windows machines to prevent them from being exploited by Sefnit, a botnet that spread through the Tor network. It's unclear how many machines were affected, but the total number of computers on the Tor network ballooned from 1 million to 5.5 million as Sefnit spread. 'By October, the Tor network had dropped two million users thanks to Sefnit clients that had been axed. No one, not even the Tor developers themselves, knew how Microsoft had gone on a silent offensive against such a big opponent and won a decisive battle,' the Daily Dot reported. In a blog post, Microsoft claimed it views Tor as a 'good application,' but leaving it installed presented a severe threat to the infected machines."

Trailrunner7 writes "The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said it is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm. RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications. The company also said that as of January 2016 it will no longer will validate any code signing or root certificate that uses SHA-1."

Trailrunner7 writes "The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said it is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm. RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications. The company also said that as of January 2016 it will no longer will validate any code signing or root certificate that uses SHA-1."

An anonymous reader writes in with good news for Windows loving nonprofits and libraries. "Microsoft today announced the availability of Windows 8.1 for nonprofits. The move is an extension of the company's nod to the nonprofit community with the launch Windows 8. The announcement means eligible nonprofit organizations and public libraries can request Windows 8.1 through Microsoft's software donation program."

wiredmikey writes "Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia. According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync. The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. If exploited successfully, the vulnerability can be used to remotely execute code. The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack."

theodp writes "In a move straight out of Healthcare.gov's playbook, teachers won't get to preview the final lessons they're being asked to roll out to 10 million U.S. students until a week before the Dec. 9th launch of the Hour of Code nation-wide learn-to-code initiative, according to a video explaining the project, which is backed by the nation's tech giants, including Facebook, Microsoft, Apple, Google, and Amazon. The Hour of Code tutorial page showcased to the press sports Lorem Ipsum pseudo-Latin text instead of real content, promised tutorial software is still being developed by Microsoft and Google, and celebrity tutorials by Bill Gates and Mark Zuckerberg are still a work-in-progress. With their vast resources and deep pockets, the companies involved can still probably pull something off, but why risk disaster for such a high-stakes effort with a last-minute rush? One possible explanation is that CS Education Week, a heretofore little-recognized event, is coming up soon. Then again, tech immigration reform is back on the front burner, an initiative that's also near-and-dear to many of same players behind Hour of Code, including Microsoft Chief Counsel Brad Smith who, during the Hour of Code kickoff press conference, boasted that Microsoft's more-high-tech-visas-for-U.S.-kids-computer-science-education deal found its way into the Senate Immigration Bill, but minutes later joined his fellow FWD.us panelists to dismiss a questioner's suggestion that Hour of Code might somehow be part of a larger self-serving tech industry interest."

An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection."

cagraham writes "Microsoft's cloud storage platform Azure received their first government certification yesterday, less than 24 hours before the official shutdown. The certification, which grants Azure 'Provisional Authority to Operate,' should make it easier for Microsoft to compete with rivals like IBM and Amazon Web Services for government contracts. The certification signifies that the Department of Defense, Homeland Security, and US General Services Administration have all deemed Azure safe from external hackers. Government cloud contracts are a lucrative market, as seen by Amazon's recent tussle with IBM over a $600M contract for a private CIA cloud."

Many submitted, and symbolset emailed me to wake up, sending this bit of interesting news out of Redmond: "Microsoft Corporation and Nokia Corporation today announced that the Boards of Directors for both companies have decided to enter into a transaction whereby Microsoft will purchase substantially all of Nokia's Devices & Services business, license Nokia's patents, and license and use Nokia's mapping services. Under the terms of the agreement, Microsoft will pay EUR 3.79 billion to purchase substantially all of Nokia's Devices & Services business, and EUR 1.65 billion to license Nokia's patents, for a total transaction price of EUR 5.44 billion in cash. Microsoft will draw upon its overseas cash resources to fund the transaction. The transaction is expected to close in the first quarter of 2014, subject to approval by Nokia's shareholders, regulatory approvals and other closing conditions." And, yep, Elop is part of the deal (quoting Ballmer): "Stephen Elop will be coming back to Microsoft, and he will lead an expanded Devices team, which includes all of our current Devices and Studios work and most of the teams coming over from Nokia, reporting to me."

dhavleak writes "From Gizmodo: Earlier today, the Microsoft-built YouTube app for Windows Phone was unceremoniously disabled by Google. These kind of little inter-corporate kerfuffles happen from time to time, and usually resolve themselves without screwing too many users. But boy, Microsoft didn't take it quietly."

MojoKid writes "Microsoft is smarting in the wake of the Guardian's discussion of how chummy it's gotten with the NSA over the past few years, and the company wants permission to clarify its relationship with the federal government. To that end, the company has sent a follow-up letter (PDF) to the Attorney General's office, asking it to please address the petition it filed in court back on June 19. Redmond is undoubtedly cringing at the accolades being heaped on Yahoo and its repeated court battles on behalf of its users, and wants an opportunity to clear the air. But Microsoft has gone farther than simply asking the government to hurry up and rule on its petition — it has also issued a series of clarifying remarks regarding its relationship with the NSA. Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."

wiredmikey writes "Facebook and Microsoft say they received thousands of requests for information from U.S. authorities last year but are prohibited from listing a separate tally for security-related requests or secret court orders related to terror probes. The two companies have come under heightened scrutiny since reports leaked of a vast secret Internet surveillance program U.S. authorities insist targets only foreign terror suspects and is needed to prevent attacks. Facebook said Friday it had received between 9,000 and 10,000 requests for user data affecting 18,000 to 19,000 accounts during the second half of last year and Microsoft said it had received 6,000 to 7,000 requests affecting 31,000 to 32,000 accounts during the same period." Meanwhile, an article at the Guardian is suggesting the government may have better targets to pursue than Edward Snowden. "[U.S. director of national intelligence James Clapper] has come out vocally to condemn Snowden as a traitor to the public interest and the country, yet a review of Booz Allen's own history suggests that the government should be investigating his former employer, rather than the whistleblower."

Trailrunner7 writes "It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same pattern as malware exploiting Microsoft vulnerabilities has for years. Research from Microsoft shows that there has been a huge spike in malware targeting Java vulnerabilities since the third quarter of 2011, and much of the activity has centered on patched vulnerabilities in Java. Part of the reason for this phenomenon may be that attackers like vulnerabilities that are in multiple versions of Java, rather than just one specific version."

An anonymous reader writes "In its continuing march toward locking up deals with every major Android and Chrome device maker, Microsoft announced on Tuesday a patent-licensing agreement with Chinese manufacturer ZTE. This follows a similar deal last week with the parent company of Foxconn. Microsoft's Deputy General Counsel Horacio Gutierrez said, 'Much of the current litigation in the so called 'smartphone patent wars' could be avoided if companies were willing to recognize the value of others’ creations in a way that is fair. At Microsoft, experience has taught us that respect for intellectual property rights is a two-way street, and we have always been prepared to respect the rights of others just as we seek respect for our rights. This is why we have paid others more than $4 billion over the last decade to secure intellectual property rights for the products we provide our customers.'"

c0lo writes "U.S. federal authorities are examining Microsoft's involvement with companies and individuals that allegedly paid bribes to overseas government officials in exchange for business. The United States Department of Justice and the Securities and Exchange Commission have both opened preliminary investigations into the bribery allegations involving Microsoft in China, Italy and Romania. The China allegations were first shared with United States officials last year by an unnamed whistle-blower who had worked with Microsoft in the country, according to the person briefed on the inquiry. The whistle-blower said that a Microsoft official in China directed the whistle-blower to pay bribes to government officials to win business deals. U.S. government investigators are also reviewing whether Microsoft had a role in allegations that resellers offered bribes to secure software deals with Romania's Ministry of Communications. In Italy, Microsoft's dealings with consultants that specialize in customer-loyalty programs are under scrutiny, with allegations that Microsoft's Italian unit used such consultants as vehicles for lavishing gifts and trips on Italian procurement officials in exchange for government business. In a blog post Tuesday afternoon, John Frank, a vice president and deputy general counsel at Microsoft, said the company could not comment about continuing investigations. Mr. Frank said it was not uncommon for such government reviews to find that the claims were without merit. Somehow, given the way OOXML became a standard, it wouldn't surprise me if it were an actual fire that caused this smoke."

Nerval's Lobster writes "Nate Silver, famous for applying rigorous statistical methods to U.S. political elections, has focused his predictive powers on a somewhat more lighthearted topic: this weekend's Academy Awards. As part of his predictive analysis, Silver rounded up the various awards that precede the Academy Awards, including those from the Directors Guild of America and the Screen Actors Guild; in his calculations, he gave additional weight to those awards with a higher historical success rate, and doubled the score 'for awards whose voting memberships overlap significantly with the academy.' But he isn't the only statistician predicting this year's Oscar winners: David Rothschild, a member of Microsoft's massive research division, has also developed a data-driven model. What does their number-crunching predict? That Argo will win Best Picture, and a bunch of people will win other things."

First time accepted submitter clockwise_music writes "With HTML5 we're closer to the point where a browser can do almost everything that a native app can do. The final frontier is 3D, but WebGL isn't even part of the HTML5 standard, Microsoft refuses to support it, Apple wants to push their native apps and it's not supported in the Android mobile browser. Flash used to be an option but Adobe have dropped mobile support. To reach most people you'd have to learn Javascript, WebGL and Three.js/Scene.js for Chrome/Firefox, then you'd have to learn Actionscript + Flash for the Microsofties, then learn Objective-C for the apple fanboys, then learn Java to write a native app for Android. When will 3D finally become available for all? Do you think it's inevitable or will it never see the light of day?"

An anonymous reader writes "Right on schedule, Microsoft on Thursday announced its usual advance notification for the upcoming Patch Tuesday. While the company is planning to release seven bulletins (two Critical and five Important) which address 12 vulnerabilities, there is one that is notably missing: a bulletin for the new IE vulnerability discovered on Saturday. For those who didn't see the news on the weekend, criminals started using a new IE security hole to attack Windows computers in targeted attacks. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are."

First time accepted submitter Bent Spoke writes "In a bit of delicious irony, Microsoft laments Google is not playing fair by excluding access to meta-data on YouTube, preventing the development of the kind of powerful app readily available on Android. From the article: 'In a blog post on Wednesday, Microsoft VP and deputy general counsel Dave Heiner said the software giant has spent two years trying to get a first-class YouTube app running on Windows Phone, but to no avail, thanks to the Chocolate Factory's stonewalling. "YouTube apps on the Android and Apple platforms were two of the most downloaded mobile applications in 2012, according to recent news reports," Heiner wrote. "Yet Google still refuses to allow Windows Phone users to have the same access to YouTube that Android and Apple customers enjoy."'"

New submitter Sebolains writes "Unlike previous years, NORAD (the North American Aerospace Defense Command) has decided to use Bing maps to track Santa's journey as he goes around the world delivering presents. Starting Christmas eve, one will be able to go to the official NORAD Santa tracking site and use Bing maps to see where Santa is delivering presents at that time. In previous years, NORAD has always gone for Google maps to track Saint Nick. The reason for this switch were not disclosed, but since nearly 25 million people are expected to use this tool come this Christmas, this will definitely benefit Bing in the ongoing competition for online map applications."

An anonymous reader writes "It seems a glitch of some sort wreaked havoc on some NTP servers yesterday, causing many machines to revert to the year 2000. It seems the Y2K bug that never happened is finally catching up with us in 2012."

hypnosec writes "Having procured permission from the U.S. District Court for the Eastern District of Virginia, Microsoft's Digital Crimes Unit managed to disrupt more than 500 different strains of malware in a bid to slow down the threats posed by the Nitol botnet. Microsoft, through an operation codenamed b70 (PDF), discovered Chinese retailers were involved in selling computers with a pirated version of Windows loaded with malware. Microsoft believes the malware could have entered the supply chain at any point, for the simple reason that a computer travels among companies that transport and resell the computer. The Windows 8 maker carried out a study focused on the Nitol botnet, through which it found nearly 20 percent of all the PCs that were purchased through insecure Chinese supply chains were infected with malware."

hypnosec writes "Having procured permission from the U.S. District Court for the Eastern District of Virginia, Microsoft's Digital Crimes Unit managed to disrupt more than 500 different strains of malware in a bid to slow down the threats posed by the Nitol botnet. Microsoft, through an operation codenamed b70 (PDF), discovered Chinese retailers were involved in selling computers with a pirated version of Windows loaded with malware. Microsoft believes the malware could have entered the supply chain at any point, for the simple reason that a computer travels among companies that transport and resell the computer. The Windows 8 maker carried out a study focused on the Nitol botnet, through which it found nearly 20 percent of all the PCs that were purchased through insecure Chinese supply chains were infected with malware."

hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"

Billly Gates writes "Microsoft has confirmed that Internet Explorer 10 will have Do-Not-Track settings enabled by default. IE 10 comes with Windows 8, and will go release candidate for Windows 7 very soon, according to Anne Kohn in a comment in IE's blog. During Windows 8 setup, users who choose the 'Express' option will have DNT on by default, while using the 'Custom' option will give them the chance to change the setting, if they want. IE 10 already has a score of 319 in html5test.com, while MS is trying to position IE as a great browser again. Will this pressure other browsers such as Firefox and Opera to do the same?" When Microsoft began talking about this in May, it touched off quite a debate at W3C about whether browsers should have DNT turned on by default or not.

An anonymous reader writes "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide ASLR. 'Always On' DEP combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from EMET with an 'EnableUnsafeSettings' registry key — because AMD/ATI video drivers will cause a BSOD on boot if 'Always On' ASLR is enabled."