Jump to content

Search the Community

Showing results for tags 'bug'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Claps and cheers: Apple stores' carefully managed drama Those ‘geniuses’ in the bright, sleek Apple store are underpaid, overhyped and characters in a well-ma Steve Jobs wanted customers to understand the Apple store “with one sweep of the eye,” as if gods standing on Mount Olympus. Indeed, the outlets seem to speak for themselves. Bright, uncluttered, and clad in glass, they couldn’t contrast more sharply with the big-box labyrinths they were designed to replace. Neither could their profit margins. Since launching in 2001, the instantly recognizable stores have raked in more money – in total and per square foot – than any other retailer on the planet, transforming Apple into the world’s richest company in the process. Yet the very transparency of the Apple store conceals how those profits are made. When we think of “tech”, we rarely think of retail stores, and when we think of “tech workers” we rarely think of the low-waged “geniuses” who staff them. Most media coverage of tech companies encourages us to forget that the vast majority of their employees are not, in fact, coders in Silicon Valley: they’re the suicidal assemblers of your phone, the call-center support staff, the delivery drivers and the smiling shop floor staff who make up the majority of Apple’s workforce. The Apple store was explicitly designed as a brand embassy rather than a dedicated source of technical knowledge. As Ron Johnson, the former Target executive who came up with the concept, told the Harvard Business Review, “People come to the Apple store for the experience – and they’re willing to pay a premium for that … Apple is in the relationship business as much as the computer business.” Johnson and Jobs wanted ambassadors whose ostensible role was not to sell products – uniquely, Apple store employees receive no commission – but to create positive customer sentiment and repair trust in the brand when it broke. That was hard to do if your stuff was lumped in with everyone else’s in a big electronics store, overseen by third-party staff lacking any special expertise or interest in what you wanted to sell. The goal was to take full control of the brand image while humanizing it. The problem, however, was that humans can be rather unruly. Fortunately for Apple, someone had been hard at work fixing that bug. In 1984, a group of professors at Harvard Business School published a book, Managing Human Assets, aimed at updating workplace organization for a new era. The book was based on the first new compulsory course at the Harvard Business School in a generation, launched in 1981. Ron Johnson started his MBA at Harvard the next year, graduating as the book itself was released. Previously, the book argued, labor discipline could be achieved in a relatively straightforward top-down manner, but now it required something else. “The limitations of hierarchy have forced a search for other mechanisms of social control,” the authors said. The mechanisms they proposed consisted, at root, of treating employees as nominal stakeholders in business success, but within narrow limits that would increase rather than challenge shareholder profitability. Johnson put many of these ideas into practice. He found the first cohort of Apple store employees by personally interviewing every manager and offering jobs to upbeat staff working for competitors. He sent the first five managers through the Ritz-Carlton training program to learn concierge skills. Then he developed a training program for the in-house production of “geniuses”. (Jobs reportedly hated the term at first, finding it ridiculous. True to form, he asked his lawyers to apply for a trademark the following day.) How do you create an engaged, happy, knowledgable workforce that can pass, however implausibly, as an entire battalion of geniuses in towns across the country? More importantly, how do you do all of that without the stick of the authoritarian boss or the carrot of a juicy commission? Apple’s solution was to foster a sense of commitment to a higher calling while flattering employees that they were the chosen few to represent it. By counterintuitively raising the bar of admission, crafting a long series of interviews to weed out the mercenary or misanthropic, Johnson soon attracted more applicants than there were posts. Those keen enough to go through the onerous hiring process were almost by definition a better “fit” for the devotional ethos of the brand, far more receptive to the fiction that they weren’t selling things but, in an oft-repeated phrase, “enriching people’s lives”, as if they’d landed a job at a charity. “When people are hired,” Johnson explained, “they feel honored to be on the team, and the team respects them from day one because they’ve made it through the gauntlet. That’s very different from trying to find somebody at the lowest cost who’s available on Saturdays from 8 to 12.” While not the lowest, the cost of these eager staff was still low – relative to industry averages, to the amount they made for the company, and to the $400m that Johnson earned in his seven years at Apple. Lower wages also had another, less obvious effect. As Apple store managers explained to the New York Times, the lack of commissions meant that the job didn’t pay well enough to support those with dependents: older workers were functionally excluded from representing the brand without the need for a formal policy – or the attendant specter of discrimination lawsuits that it would raise. Deploying psychology, not the maximizing calculus of economic rationality (money), allowed Apple to turn hiring and wages into managerial props. The sense of higher calling and flattery doesn’t stop with the hiring process, of course. Make it through the gauntlet and you are “clapped in” by existing workers: given a standing ovation as if receiving a prize. The clapping, according to employees, continues until new hires, perhaps after a confused delay, begin clapping too, graduating from outside spectator to part of the performance – part of the team. Leave the company and you’re “clapped out”. Products are clapped, customers waiting overnight to buy them are clapped, their purchases are clapped, claps are clapped. Clap, clap, clap. “My hands would sting from all the clapping,” said one manager. Claps, cheers, performances of rapturous engagement provided, by design, a ready-mixed social glue to bind teams together, reaffirming both the character of the brand and employees’ cultish devotion to it. It might be expected that Apple store employees are, as their name implies, tech gurus with incredible intellects. But their true role has always been to use emotional guile to sell products. The Genius Training Student Workbook is the vaguely comical title of the manual from which Apple store employees learn their art. Prospective geniuses are taught to use empathetic communication to control customer experience and defuse tension, aiming to make them happy and relax their purse strings. One of the techniques the book teaches is the “three Fs”: feel, felt, found. Here’s an example from the book, meant to be role-played by trainees: Customer: This Mac is just too expensive. Genius: I can see how you’d feel this way. I felt the price was a little high, but I found it’s a real value because of all the built-in software and capabilities. When customers run into trouble with their products, geniuses are encouraged to sympathize, but only by apologizing that customers feel bad, lest they implicate Apple’s products as the source of the trouble. In this gas-lit performance of a “problem free” brand philosophy, many words are actually verboten for staff. Do not use words like crash, hang, bug, or problem, employees are told. Instead say does not respond, stops responding, condition, issue, or situation. Avoid saying incompatible; instead use does not work with. Staff have reported the absurdist dialogues that can result, like when they are not allowed to tell customers that they cannot help even in the most hopeless cases, leading customers into circular conversations with employees able neither to help nor to refuse to do so. Apple’s “geniuses” perform on a stage that’s as carefully managed as they are. Jobs and Johnson wanted to control every aspect of the Apple stores, down to the specific color of the bathroom signs. Almost every detail is trademarked, from stairs to display tables to storage racks. Even the supposedly “intuitive” layout, so obvious that it can be understood by all, is considered unique enough to warrant a suite of intellectual property protections. In part to counter the falling sales volume of a saturated market, Apple has spent the past two years overhauling its stores to work even harder. Potted trees have been added to give a green splash to the signature grey and, in a move so ridiculous it’s almost certain to be a hit, the Genius Bar has been rebranded the “Genius Grove”. Windows are opened to blur the distinction between inside and outside, and the stores are promoted as quasi-public spaces. “We actually don’t call them stores any more,” the new head of retail at Apple, former Burberry executive Angela Ahrendts (2017 salary: $24,216,072), recently told the press. “We call them town squares.” The town square. It’s an almost-quaint symbol of participatory civic life – a world away from the big-box sprawl that characterized the retail imaginary of the late 20th century, or even the digital isolation of the 21st. Apple’s goal has been to create spaces for people to just hang out in, extending the original insight that focusing on everything other than cold hard cash will paradoxically be the best way to rake it in. In Ahrendts’s vision, “the store becomes one with the community”. But the real hope seems to be closer to the opposite, that the community will become one with the store. After Apple recently won the race to surpass a $1tn valuation, CEO Tim Cook emailed staff to explain, “Financial returns are simply the result of Apple’s innovation, putting our products and customers first, and always staying true to our values.” While seductive, this story is, like the Apple store itself, a managed fiction. Apple’s system of operation is less the result of genius than of capture and control. Semiconductors, microprocessors, hard drives, touch screens, the internet and its protocols, GPS: all of these ingredients of Apple’s immense profitability were funded through public dollars channeled into research through the Keynesian institution called the US military. They are the basis of Apple’s products, as the economist Mariana Mazzucato has shown. The company’s extraordinary wealth is not simply a reward for innovation, or the legacy of “innovators” like Steve Jobs. Rather, it flows from the privatization of publicly funded research, mixed with the ability to command the low-wage labor of our Chinese peers, sold by empathetic retailers forbidden from saying “crash”. The profits have been stashed offshore, tax free, repatriated only to enrich those with enough spare cash to invest. But, as the public well from which it has drawn past innovations runs dry, the company’s ability to repeat the success of the iPhone is evaporating. Federal funding for scientific research is in deep decline, and Apple isn’t likely to make up the gap. To keep profitability high, Apple is moving to ever-more-luxury price tags for ever-more-marginal improvements (like the iPhone XS Max) and expanding its ability to extract rent by controlling the creativity of others (through Apple Music or the App Store, both impossible to sign out of without landing in pop-up purgatory). All the while its brand embassies sell a different story with a smile. Source
  2. Microsoft releases an update to fix the Windows 10 blue screen issue involving Thunderbolt docks Some users running Windows 10 version 2004 (Windows 10 May 2020 Update) on their PCs faced blue screen error when plugging or unplugging a Thunderbolt dock. In May, Intel and Microsoft found the incompatibility issues causing this blue screen error. All Windows 10 PCs with at least one Thunderbolt port, Kernel DMA Protection enabled and Windows Hypervisor Platform disabled were affected by this issue. To protect users from blue screen errors, Microsoft stopped the roll-out of Windows 10 Version 2004 to these users. Microsoft has recently released the new KB4565503 update that fixes this Thunderbolt dock blue screen issue. Since the issue is resolved, the safeguard hold has been removed. If you are running a Windows 10 PC with Thunderbolt dock connected, you can now download the Windows 10 version 2004 update (Windows 10 May 2020 Update) through Windows Update. Microsoft releases an update to fix the Windows 10 blue screen issue involving Thunderbolt docks
  3. Twitter announced today that an issue in its app for Android exposed some users’ protected tweets for over four years if they made certain changes to their account settings. As a result, content intended only for approved followers became publicly visible. Bug survived since late 2014 The problem caused the “Protect your Tweets” feature to become disabled for users of Twitter for Android that had it turned on and also made some modifications to their account, such as updating the associated email address. Users fitting this profile between November 3, 2014, and January 14, 2019 - the day the issue got fixed - may be impacted by the bug, Twitter says in a post on its Help Center. iOS and Web clients are not impacted. The company has already alerted the people known to the affected and enabled the “Protect your Tweets” setting for them. However, the exact number of accounts touched by the issue remains unestablished, and that’s why they published the announcement. “We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted,” Twitter says. For the same reason, the social network tweeted about the issue to the almost 5.8 million followers of its Support account. The message does not seem to have propagated well, though, with just 73 retweets and 170 likes recorded at the moment of writing. Twitter encourages its users to verify the current status of the tweet-protection setting in their account to make sure it is in accordance with their preferences. A full review is underway to make certain that such a problem does not occur again. The company promises to provide more information when it becomes available and if it is sufficiently important. Source
  4. Avitar

    Broken Links

    The link to the requested file isn't working. I don't know who took over nsane management from shought and lite... but you need to step up your game. Other links to various hosted files do not work as well. I don't know if this is intentional but you're killing the very essence of nsanedown and nsaneforums. This IS the digital frontier and freedom of digital information was the founding principle of this site. For the less fortunate, the ones who couldn't pay and the ones who couldn't access credit cards, all software were made free on this site. Skill was the great equalizer between corporate greed and free interest. Whoever was given the power here has clearly been paid off by corporate entities and spit upon the very foundation of this site. Make a U-turn and make this site great again.
  5. Samsung began rolling out Android 10 based One UI 2.0 Beta builds to Galaxy S10 devices early this month amid reports of a possible delay. The successor to Android 9.0 Pie-based One UI is more of an iterative update that brings with it polishes and improvements to existing features along with Android 10-specific features such as the gesture navigation system. However, users that are running the beta builds were in for a surprise when a recent update locked them out of their devices – refusing to accept any authentication methods. Users running recent One UI 2.0 Beta builds began reporting that they were unable to unlock their devices through the way of a pin, password or biometrics after restarting the phones. The only preventive measure for those that still had access to their device was to disable all lock screen authentication methods through the Lock Screen settings. For those that were locked out, one of the ways to circumvent the issue was by deleting all authentication methods through Samsung’s Find My Mobile service (provided it was enabled). However, if that service was not enabled, there was no other option but to reset the device and roll back to Android 9 Pie through Smart Switch. Some users also reported that they have been unable to set a pin/password even after rolling back to Pie. Considering the severity of the issue, the firm was quick to release a hotfix for the problem that is now rolling out to all One UI 2.0 Beta users. The critical update package is about 131MB in size, carrying build number G970FXXU3ZSL and should be available to all S10 variants running the beta software. It should be noted that users that are currently locked out will have to either delete their authentication presets first or roll back and re-join the beta since the device will not initiate the update if the device is locked. Running beta software always brings a few risks with it, so it is best to have one’s device backed up in case something goes wrong. As a precaution for any such issues in the future, you can turn on Find My Mobile from Settings > Biometrics and Security > Find My Mobile. Source: 1. Samsung rolls out hotfix for One UI 2.0 Beta after update locks out users (via Neowin) 2. Critical Galaxy S10 Android 10 beta update out, fixes device lock issue (via SamMobile)
  6. No more distractions WhatsApp’s latest iOS update stops showing an unread notification badge on its app icon for messages you’ve muted. It’s a minor but welcome change that arrived with version 2.19.110 of the iOS app. The change applies for both individual and group chats. The messaging app’s mute feature is invaluable if you want to reduce distractions, particularly if you’re a participant in any large group chats. Before the update, muting a chat would only stop your phone from vibrating and playing a notification sound when it received a new message, while doing nothing about the anxiety-inducing red notification badge placed on the app’s icon on the home screen. The new update only affects iOS users. On Android, meanwhile, WhatsApp has a separate “Show notifications” toggle which you can either tick or untick when you’re muting a chat. Source: WhatsApp fixes the notification badge on muted iOS chats (via The Verge)
  7. Signal Users on Android Need to Update Right Now Image: Signal Signal, a popular encrypted messaging app, has recently patched a flaw that left Android users’ audio calls vulnerable to bad actors. Basically, the bug would’ve let someone answer calls for you—and it could all happen without you even knowing. Google’s Project Zero team reported the bug on September 27, and Signal fixed it in version 4.47.7, which was released last week. According to the bug report, the gist is a logic error in the Android client. There’s a method called “handle CallConnected” which allows a call to finish connecting. In normal usage, it’s employed when you accept an incoming call and when the caller’s device is notified that you’ve accepted the call. With a modified client, a bad actor could “send the ‘connect’ message to a callee device when an incoming call is in progress, but has not yet been accepted by the user,” Project Zero researcher Natalie Silvanovich wrote in the bug report. “This causes the call the be answered, even though the user has not interacted with the device.” This particular bug is somewhat similar to that FaceTime flaw that popped up earlier this year, in which users could eavesdrop on others before a call was answered. Both involve tricking the programs into thinking a call has been accepted when they haven’t. Unlike the FaceTime bug, however, the Signal bug is limited to audio calls—thankfully, Signal requires users to manually enable video. As the Next Web points out, the iOS version of Signal has a similar problem to the Android app; however, a UI quirk means it can’t be exploited in quite the same way. Still, Silvanovich recommends “improving the logic in both clients, as it is possible the UI problem doesn’t occur in all situations.” An iOS update is not available as of publication, but Signal users on Android should make sure they’re running the most current version of the app. Source: Signal Users on Android Need to Update Right Now
  8. Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks. Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug (CVE-2019-1460) would allow an attacker to perform cross-site scripting (XSS) attacks on the affected systems and run scripts in the security context of the current user, according to Microsoft’s advisory on the bug. XSS occurs when malicious parties inject client-side scripts into web pages, which trick the unsuspecting user’s browser into thinking that the script came from a trusted source. In this case, the computing giant said that the issue exists in the way Microsoft Outlook for Android software parses specifically crafted email messages – thus, an attacker could exploit the vulnerability by sending just such an email. Czech firm Cybersecurity Help said in a posting this week that the problem was an “Improper Neutralization of Input During Web Page Generation” problem that exists due to insufficient sanitization of user-supplied data. The adversary would need to be authenticated to the same network as the potential victim in order to carry out an attack, Microsoft said. A write-up by Symantec said that an attacker can exploit this issue to conduct spoofing attacks, while Cybersecurity Help added that an attacker could “steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.” Users should ensure that they have the latest version of the app, and update it manually if they haven’t received an auto-update. Beyond installing that update, Symantec also noted that mitigation includes running the software as a nonprivileged user with minimal access rights. Researcher Rafael Pablos was credited with finding the bug, which Microsoft rates as “important” in severity. It’s listed as having a 5.6 out of 10 severity rating on the CVSS v.3 vulnerability rating scale. Source
  9. Facepalm: It’s been almost two weeks since Microsoft officially ended its extended support for Windows 7, but the Redmond firm is introducing another free update for the OS that fixes a bug it introduced in the final public updates. As reported by The Verge, one of Microsoft’s final free Windows 7 updates—KB4534310—is causing wallpaper problems for some users. After installation, an image can display as black when set to Stretch. The issue only appears to affect stretched wallpapers, fit, fill, tile, or center options still work normally. Microsoft had initially said that the fix would only be available to organizations who pay the expensive Extended Security Updates (ESUs), but it has now decided to offer it for free to everyone running Windows 7 and Windows Server 2008 R2 SP1. While the bug isn’t exactly a major one, the fact Microsoft introduced it just as the company stopped supporting non-paying Windows 7 users is a bad look. Pushing out the fix to everyone will help avoid some negative PR. ESUs aren’t cheap. During the first year, those using Windows 7 Enterprise will pay $25 per machine. This doubles to $50 in the second year and goes up to $100 for the third year. It’s even more expensive for those using Windows 7 Pro. ESUs for this version start at $50 before going up to $100 in year two and $200 during year three. Many businesses have been slow to migrate from Windows 7 to Windows 10, including the German government, which has to pay Microsoft around $886,000 for ESUs. In other Windows 7 news, the Free Software Foundation is demanding that the OS be released as free software. Source: https://www.techspot.com/news/83729-microsoft-issuing-free-windows-7-fix-after-introducing.html
  10. Microsoft Your Phone bug is reducing volume for other apps on Windows 10 Microsoft announced the Your Phone app for Windows 10 users at Build 2018 and the app became popular pretty quickly. Microsoft has been consistent with the updates and the app recently enabled RCS messaging for Samsung smartphones. However, it looks like the app has a nasty bug that has been causing issues for some users. According to a Redditor, Microsoft Your Phone app “lowers the volume of every single application when I make or receive a call no matter what, and the applications will remain low volume until restarted.” Unfortunately, the bug seems to be caused by a Windows setting that controls the volume when using VoIP. While Microsoft hasn’t addressed the issue officially, disabling the said setting helped a lot of users. If you’re facing a similar issue then you can follow the steps below to fix the problem. Right-click on the speaker icon in the system tray and select Open Volume Mixer. Click on your primary Playback device and navigate to the Advanced tab. Once there, uncheck the option Allow applications to take exclusive control of this device and apply the settings. The aforementioned workaround should fix the issue but it is a temporary solution and you will have to wait for Microsoft to address it officially to completely close the bug. Your Phone app has been consistent for the most part but even the best softwares are not immune to bugs which seems to be the case here. Source: Microsoft Your Phone bug is reducing volume for other apps on Windows 10 (MSPoweruser)
  11. ROBBINHOOD – THE RANSOMWARE THAT BRINGS ITS OWN BUG Ransomware is one of the most feared cybercrime problems of the modern era. The idea of malware that scrambles your files and demands money to get them back is not new – the first widespread attack happened back in 1989 – but the scale of the threat has changed dramatically in the last few years. Up to about 2010 or 2011, ransomware was little more than a lab curiosity… …until the crooks finally figured out how to extract money from their desperate victims, thanks to the anonymity (more or less) afforded by the Dark Web and the untraceable (more or less) payments offered through the use of cryptocurrencies. Crooks such as the gang behind the Cryptolocker ransomware were able to make millions, perhaps even hundreds of millions, of dollars by infecting hundreds of thousands of users and businesses, and then demanding $300 a time to unlock each user’s files. But that approach has changed recently, with the big-money ransomware criminals carrying out fewer but much bigger attacks. These days, ransomware operations are very often aimed at whole networks, or even at centrally-managed collections of networks. The idea is that the crooks are still planning to scramble hundreds or thousands of computers in an attack, but instead of blackmailing the owner of each computer to pay a few hundred dollars, they blackmail the operators of the entire network to pay a huge lump sum. Those sums typically run from $50,000 to $5,000,000, with the victims sometimes left with little choice but to pay up because their whole business has ground to a halt, not just a few computers here and there. Network-wide attacks The good news is that to mount a network-wide attack, the crooks need to break into your network first. They also typically need full control over one or more computers to use for their reconnaissance; they need to promote themselves to system administrators to attack all your devices; and they need to spend time mapping out your network and setting up for the final assault. In other words, in the process of getting ready for a possible million-dollar payday, the crooks have to take the risk of being spotted, rebuffed, and going away with nothing at all. (The $300-a-time crooks still stand to make some money even if they only succeed against a tiny fraction of their targets.) The bad news is that if the crooks do get in and make themselves sysdamins, they’ve pretty much turned themselves into what you might call “an alternative IT department”, so they can take steps to reduce their risk of being found. The crooks can also try to deactivate any system-wide anti-invasion protections that you’ve put in place – they’re administrators, after all, so in theory they can turn off, reset or reconfigure anything and everything you’ve previously done to lock down your network. However, even with domain administration powers, it’s not easy to take over everything. For example, many security products include tamper-protection that makes it difficult to deactivate the software, at least without leaving a fairly visible trail. Proper patching makes it harder for the crooks to sneak around security protections, because you get rid of software vulnerabilities they might otherwise exploit. Likewise, system services often keep critical files in permanent use, meaning that they can’t easily be deleted or modified, which stops the crooks from scrambling them in a ransomware attack. That could be the difference between a ransom demand that you can’t avoid paying, because everything got scrambled, and a demand you’re comfortable to ignore because your important data didn’t get touched and so your business continuity wasn’t affected. Bring your own bug! Enter the aptly named RobbinHood malware: (Click on the image to see the full text of the demand in the report.) The crooks have come up with a shortcut that makes it much easier for them to bypass your tamper protection and to get access even to locked files. Instead of hunting for unpatched vulnerabilities on your computers… …the crooks simply bring their own bug! The way this works is a fascinating story, told in easy-to-follow detail in a recent research report from SophosLabs, and we urge you to learn more about the way the crooks went about their attack by reading the paper. Briefly put, the crooks have included an old-but-buggy Windows kernel driver along with their malware. The driver itself isn’t malware, but it is an official software component from motherboard maker Gigabyte, so it’s digitally signed by the vendor and the signature is attested as official by Microsoft itself. So, Windows will load the driver because of the signature… …after which the crooks can exploit a bug in the signed driver to trick Windows into letting them load their own, unsigned and malicious kernel driver! And their driver gives them low-level kernel-land access to system processes and files, which means they can kill off programs they’re not supposed to, and delete files that would usually be locked. For what it’s worth, bodging the behaviour of the kernel like that may cause problems, such as programs that stop working properly, or data that gets corrupted, or even – possibly a while later – a Blue Screen of Death. But the crooks don’t care! By the time you notice any transient problems caused by their malicious driver, you’ll almost certainly be facing a very much bigger problem anyway, namely that most – or perhaps all – of your data files, on most – or perhaps all – of the computers on your network will be scrambled. And only the crooks will have the decryption key to unlock the scrambled files. What to do? Fortunately, the modus operandi of loading a buggy kernel driver to load a malicious kernel driver can’t just be carried out at will, so this attack trick of “bring your own bug” doesn’t give any old crook a way to implant any old malware on your computer at any old time. The crooks do need to be administrators on your network already to use this kernel driver treachery. So: Go for defence in depth. In the RobbinHood attack, there are many up-front steps – including loading the suspicious kernel drivers – that the crooks have to take. They need to succeed at each step to get where they want, whereas you can stop them by blocking just one of the precursors. Control your entry points. In many network-wide ransomware attacks we investigate, the crooks sneak in by using remote access portals (notably Windows RDP, short for Remote Desktop Protocol) that you opened up for legitimate purposes but then forgot to secure properly. Prefer two-factor authentication (2FA). A lot of ransomware incursions are made possible by weak or easily-guessed passwords, or passwords that were exposed in a previous data breach. 2FA means that anyone logging in needs a one-time code that is different every time, which strengthens your protection against password-cracking attacks. Revisit your backup strategy. It’s tempting to rely on “live” backups that happen in real-time, such as mirroring files onto network shares or copying changed files into directly-accessible cloud storage. But today’s ransomware crooks go out of their way to find any on-line mirrors or backups you have. They either delete these backups first, or scramble them with the ransomware along with everything else. Keep off-line, off-site backups too – the crooks won’t be able to get at those. Watch your logs. Getting into a network, promoting yourself to administrator and probing for the security tools that are already in place almost always leaves some traces behind. In many attacks we investigate, the crooks were obvious in hindsight due to a combination of firewall alerts, account modification warnings, anti-virus detections, and more. If you aren’t going to look at your logs, you might as well not bother keeping them in the first place. Patch early, patch often. In this case, the crooks “brought their own bug”, but they needed to have sysamdin powers anyway. Don’t make it easy for them by leaving security holes open that help the crooks to get the leg-ups they need. Source
  12. Microsoft released non-security updates for Microsoft installed-based versions of Microsoft's Office suite on May 7, 2019. These updates address and fix issues in supported versions of Office but sometimes, they introduce issues of their own. Turns out, KB4462238 for Microsoft Office 2016 falls in that category of updates. Released to fix synchronization issues in OneNote 2016, the update introduces a bug of its own that affects any installed Office application. It appears that it breaks hyperlinks in any Office application. Microsoft notes that clicking on hyperlinks may cause the Office application to stop working altogether. After this update is installed, clicking a hyperlink in an Office application, such as Word, PowerPoint, Excel, or Outlook, may cause the application to stop working. Microsoft suggests that the update is uninstalled from the system to resolve the issue. If you experience this issue, you can uninstall the update by following the instructions in the "More information" section. The company provides removal instructions for the update. You may want to check out our in-depth tutorial on uninstalling Windows updates (including Office updates). One has to wonder how a major bug like this one slipped through the testing cracks. It is certainly possible that the bug is affecting only a tiny number of machines; Microsoft would have pulled the update, probably, if it would affect all Office installations it is installed on or the majority of them. Then again, Microsoft has a track record of releasing buggy updates. Windows 10 version 1809 is a prime example of this; the whole Windows community, at least those on Windows 10, hopes that Microsoft gets Windows 10 version 1903 right the first time it is released later this month. Closing Words A bug that stops any Office application dead in its track is quite serious; Office administrators and users who have not installed the patch yet may want to consider skipping it until the issue is resolved. OneNote 2016 users who require Sync may want to try installing the patch. Those who don't click on hyperlinks or can avoid clicking on them may do so as well. Source: Microsoft releases buggy Office 2016 Patch KB4462238 (gHacks - Martin Brinkmann)
  13. Some Firefox users started to notice that installed browser extensions were all disabled in the web browser suddenly. Extensions would display "could not be verified for use in Firefox and has been disabled" messages in the add-ons manager of the browser. Firefox would display "One or more installed add-ons cannot be verified and have been disabled" at the top as a notification next to that. Affected extensions include LastPass, Ghostery, Download Manager (S3), Dark Mode, Honey, uBlock Origin, Greasemonkey, NoScript, and others. Only options provided were to find a replacement and to remove the extension in question; this left affected users puzzled. Was this some kind of preemptive strike against policy violation extensions? Mozilla did announce that it would enforce policies more strictly. The answer is no. Turns out, the issue is caused by a bug. If you read carefully, you notice that verification is the issue. A new thread on Bugzilla suggests that this has something to do with extension signing. Firefox marked addons due signing as unsupported, but doesn't allow re-downloads from AMO → All extensions disabled due to expiration of intermediate signing cert. All Firefox extensions need to be signed since Firefox 48 and Firefox ESR 52. Firefox will block the installation of extensions with invalid certificates (or none), and that is causing the issue on user systems. Related issues have been reported: some users cannot install extensions from Mozilla's official Add-ons repository. Users get "Download failed. Please check your connection" errors when they attempt to download any extension from the official repository. Solution Nightly, Dev and Android users may be able to disable signing of extensions; some users reported that this resolved the issue temporarily on their end. You need to set the preference xpinstall.signatures.required to false on about:config to disable signing. You could change the system date to the previous day to resolve it temporarily as well, but that can lead to other issues. The issue can only be resolved on Mozilla's end. The organization needs to renew the certificate or create a new one to resolve the issue. I'd expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users. Users should not remove affected extensions from their installations; the issue will resolve itself once Mozilla fixes it. Source: Your Firefox extensions are all disabled? That's a bug! (gHacks - Martin Brinkmann) Poster's note: It's affecting my Firefox, most extensions are now disabled. Grrr...
  14. Some M1 Mac users reporting screensaver takeover bug Including me Photo by Vjeran Pavic / The Verge I picked up a new MacBook Air with Apple’s M1 chip, and I’ve absolutely loved it so far. It’s really speedy and the battery is fantastic. But I’ve been dealing with one nagging issue. Every once in a while, for reasons that I haven’t been able to figure out, a screensaver will suddenly take over the entire computer — despite the fact that I never use a screensaver. And frustratingly, the screensaver renders my laptop inoperable until I completely close the screen and reopen it. It seems I’m not the only one seeing this bug, according to this MacRumors article. Others have shared similar issues with M1-equipped MacBook Airs, Pros, and Minis on MacRumors’ forums, Reddit (in a few threads), and Apple’s support forums. And one user on MacRumors said they’ve seen the bug on their 16-inch MacBook Pro, which has an Intel chip, so perhaps this is a problem with macOS Big Sur. Here’s a video of the bug, shared by MacRumors forum member dawideksl: Many people reporting the issue in this Reddit thread say they have multiple accounts on the same computer. And for what it’s worth, I’ve set up two accounts on my MacBook Air. One user on Apple’s support forums disabled Fast User Switching and said they weren’t seeing the screensaver, so perhaps that’s a workaround until Apple addresses the bug. Apple didn’t immediately reply to a request for comment. Some M1 Mac users reporting screensaver takeover bug
  15. Windows 10 bug crashes your PC when you access this location A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands. Last week, BleepingComputer learned of two bugs disclosed on Twitter by a Windows security researcher that can be abused by attackers in various attacks. The first bug allows an unprivileged user or program to enter a single command that causes an NTFS volume to become marked as corrupted. While chkdsk resolved this issue in many tests, one of our tests showed that the command caused corruption on a hard drive that prevented Windows from starting. Today, we look at the second bug that causes Windows 10 to perform a BSOD crash by merely attempting to open an unusual path. Opening this path causes a BSOD Since October, Windows security researcher Jonas Lykkegaard has tweeted numerous times about a path that would immediately cause Windows 10 to crash and display a BSOD when entered into the Chrome address bar. When developers want to interact with Windows devices directly, they can pass a Win32 device namespace path as an argument to various Windows programming functions. For example, this allows an application to interact directly with a physical disk without going through the file system. Lykkegaard told BleepingComputer that he discovered the following Win32 device namespace path for the 'console multiplexer driver' that he believes is used for 'kernel / usermode ipc.' When opening the path in various ways, even from low-privileged users, it would cause Windows 10 to crash. \\.\globalroot\device\condrv\kernelconnect When connecting to this device, developers are expected to pass along the 'attach' extended attribute to communicate with the device properly. CDCreateKernlConnection showing the 'attach' extended attribute Lykkegaard discovered if you try to connect to the path without passing the attribute due to improper error checking, it will cause an exception that causes a Blue Screen of Death (BSOD) crash in Windows 10. Even worse, low privileged Windows users can attempt to connect to the device using this path, making it easy for any program executed on a computer to crash Windows 10. In our tests, we have confirmed this bug to be present on Windows 10 version 1709 and later. BleepingComputer was unable to test it in earlier versions. BleepingComputer reached out to Microsoft last week to learn if they knew of the bug already and if they would fix the bug. “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible,” a Microsoft spokesperson told BleepingComputer. Threat actors can abuse the bug While it has not been determined if this bug could be exploited for remote code execution or elevation privilege, in its current form, it can be used as a denial of service attack on a computer. Lykkegaard shared with BleepingComputer a Windows URL file (.url) with a setting pointing to \\.\globalroot\device\condrv\kernelconnect. When the file is downloaded, Windows 10 would try to render the URL file's icon from the problematic path and automatically crash Windows 10. BSOD caused by accessing the \\.\globalroot\device\condrv\kernelconnect BleepingComputer has since found numerous other ways to exploit this bug, including methods to cause BSODs automatically on Windows login. In a real-life scenario, this bug could be abused by threat actors who have access to a network and want to cover their trail during an attack. If they have admin credentials, they could remotely execute a command that accesses this path on all of the Windows 10 devices on a network to cause them to crash. The havoc caused on the network could delay investigations or prevent administrative controls from detecting an attack on a particular computer. In 2017, a similar attack scenario was used by threat actors during a bank heist on the Far Eastern International Bank (FEIB) in Taiwan. In that attack, the threat actors deployed the Hermes ransomware on the network to delay investigations into the attack. Source: Windows 10 bug crashes your PC when you access this location
  16. Windows 10 build 21292.1010 breaks x64 emulation on ARM PCs As of mid-December, Windows Insiders with ARM64 PCs were able to run x64 apps in emulation, opening up the PCs to the rest of the Windows ecosystem. Yesterday, however, the team released a cumulative update for the latest Dev channel build, and as it turns out, the update breaks the feature, so you might want to skip it. The update in question is KB4601937, and the blog post has been updated to day, "After installing Build 21292.1010 (KB4601937), x64 emulation on ARM PCs will not work. There is an issue with the way the update is installed that breaks this functionality. As a workaround, you can uninstall KB4601937 to get x64 emulation working again on your ARM PC." This cumulative update was introduced as something that includes nothing that's new. According to Microsoft, it only exists to test out the servicing pipeline, meaning that the company just wants to make sure, as it does periodically, that it hasn't broken the ability to ship cumulative updates. But being an update with no features, it would be reasonable to expect that it's low-risk, and that it wouldn't break. The update should be easy enough to roll back, if you're experiencing issues. From Windows Update, go to 'View update history', and select 'Uninstall updates'. Windows 10 build 21292.1010 breaks x64 emulation on ARM PCs
  • Create New...