Courtesy Gregg Keizer, Computerworld
The security researcher who yesterday was awarded $100,000 by Microsoft spent about two weeks pondering, then demonstrating a new way to circumvent Windows’ defensive technologies.
In an interview today, James Forshaw, the head of vulnerability research at U.K.-based Context Information Security, described in the most general terms the work that resulted in the big bounty.
"When Microsoft announced the initial bounties, I first thought about the mitigations I wanted to go over." said Forshaw. "Windows has a lot of mitigating in place, so I started to brainstorm. I asked myself, ‘How would I do it [if I was a cyber criminal]?’"
From start to finish — from those brainstorming sessions to an exploit that proved his mitigation bypass approach worked — Forshaw said he spent about half a month on the project. "From my initial thought to a full working proof of concept was about two weeks," he said.
Forshaw stressed that the two weeks of solid work were atop the years he’s spent in information security, hammering home the point that winning submissions, whether for a bonus program like Microsoft’s or those that browser makers and other vendors run to collect details on specific vulnerabilities, almost always goes to very experienced, long-time researchers.
"This is not something that anyone’s done before, but then again, nothing is completely revolutionary," said Forshaw.
Microsoft echoed that yesterday. In a Tuesday blog post, Katie Moussouris, a senior security strategist with the Microsoft Security Response Center (MSRC), and the manager of the bounty programs, said that a Microsoft engineer had independently found a variant of the attack technique class that Forshaw reported.
"But James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty," wrote Moussouris.
courtesy Adrian Bridgwater, DrDobbs.com
PhatWare’s WritePad handwriting recognition SDK for Microsoft Windows 8/RT and Windows Phone 8 has been updated with support for 11 languages in a single static library.
This tool recognizes natural handwritten text in a variety of handwriting styles: cursive (script), PRINT, and MIXed.
Suitable for implementation in both embedded devices and "external" applications, this is handwriting-based text input to automatically convert text in third-party applications on Windows-based devices.
Support for seven new languages brings the total count of supported languages to 11, including English (US, UK, US Medical), Danish, Dutch, Finnish, French, German, Italian, Norwegian, Portuguese (Brazil, Portugal), Spanish, and Swedish.
PhatWare has worked on improved recognition quality of individual letters and words in print and cursive modes. The company has also updated sample code that demonstrates how to call native WritePad API from .NET and Windows Store applications. It recognizes dictionary words from its main or user-defined dictionary, as well as non-dictionary words, such as names, numbers, and mixed alphanumeric combinations.
It also provides automatic segmentation of handwritten text into words and automatically differentiates between vocabulary and non-vocabulary words, and between words and arbitrary alphanumeric strings.
According to PhatWare, "WritePad SDK includes handwriting recognition engine static libraries and dictionaries for all supported languages, API header files, documentation, and sample code in C++ and C# allowing easy integration with new or existing Windows applications or devices. WritePad SDK evaluation is free, while commercial redistribution is royalty-based."
Courtesy Terrence O’Brien, Engadget
It’s hardly a secret that the computer-buying public hasn’t fallen head over heels for the Windows 8 start screen. In fact, a whole cottage industry has sprung up around returning Windows to its version-7 glory. The latest rumors indicate that Microsoft may be moving to squash these apps, by enabling 8.1 to boot directly to the desktop and reinstating the start button. Code recently dug up in a DLL, buried within the bowels of a leaked version of Windows Blue strongly suggests that this relatively minor revision of the desktop and tablet OS could offer users a way to skip the live tiles and go right to the familiar UI of Windows past. An entry for “CanSuppressStartScreen” was found by quite a few different forum users in the TwinUI.dll file. Unfortunately, we were unable to confirm this ourselves. While there’s no hard evidence for a return of the start button just yet, the reliable Mary Jo Foley has heard from at least one source that Redmond is considering bringing the little logo orb back. Of course, nothing is certain yet. There’s no guarantee that either feature will actually make it into the final version of Windows 8.1, but we’re sure at least a few of you have your fingers crossed.
Courtesy PC Magazine
A tease of the upcoming update to Windows 8 has leaked online, with a number of leaked screenshots showing off some of the cosmetic and under-the-hood changes Microsoft has in store for its "Windows Blue" update.
First up, Microsoft appears to be expanding the allowable size of tiles that one can place on Windows 8’s Start Screen – permitting tiles that are one-fourth the size of a typical tile (i.e. envision splitting one normal-sized tile into four tinier titles), as well as titles that are up to four times as big.
Microsoft’s also throwing in some additional customization options into the mix, adding what appears to be a Charms Bar menu for Start Screen called "Personalize" that allows a user to swap out one’s background, edit background colors, and edit accent colors directly from the operating system’s sidebar.
The ability to more easily mess with Windows 8’s settings without having to jump through all sorts of hoops and menu options seems to be a common theme within Windows Blue. For Microsoft’s also apparently adding in a few extra settings within the Start Screen-based "PC settings" section – presumabyl to keep users, especially those on tablets, from having to jump into a Desktop Mode-driven settings panel.
A new option for SkyDrive configuration joins a breakout menu for editing one’s Lock screen, a new section for Network and Apps-related settings, and a separate "Update & Recovery" menu presumably for editing Windows’ auto-update settings (and disaster management). Additionally, a new "Screen" menu will give Windows 8 users the ability to edit related power-saving features, in addition to tweaking other display settings and flipping their devices’ touch feedback on and off.
Perhaps one of the more noticeable additions to Windows 8 will come in the form of stronger split-screen treatment for Windows 8 apps. Users will now be able to divide their screens in half and run two apps at a time that take up equal portions of one’s display real estate. And for those slightly crazier, you’ll even be able to split your screen into a setup that allows four apps to run concurrently – a quad, perhaps?
If you’d like to check out all the update goodies for yourself, a leaked version of a Windows Blue partner build is making its way on various file-sharing sites (that we’re not going to specifically list). However, a more legitimate copy of the update is likely to come in the form of a Microsoft-sanctioned public preview released at some point in the next few months – as specific a deadline as we’ve been able to glean so far. Windows Blue is expected to officially launch at some point later this year.
From Microsoft Developer Tools Blog
Starting tomorrow, we are updating Internet Explorer 10 in Windows 8 and Windows RT to enable Flash content to run by default. On Windows 8, all Flash content continues to be enabled for IE on the desktop.
As we have seen through testing over the past several months, the vast majority of sites with Flash content are now compatible with the Windows experience for touch, performance, and battery life. With this update, the curated Compatibility View (CV) list blocks Flash content in the small number of sites that are still incompatible with the Windows experience for touch or that depend on other plug-ins.
We believe having more sites “just work” in IE10 improves the experience for consumers, businesses, and developers. As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on. Otherwise, the device is just a companion to a PC. Because some popular Web sites require Adobe Flash and do not offer HTML5 alternatives, Adobe and Microsoft continue to work together closely to deliver a Flash Player optimized for the Windows experience.
Enabled unless on CV list
Enabled unless on CV list
Enabled for all sites
Enabled unless on CV list
This updates the immersive IE experience on Windows 8, and both the immersive and desktop IE experiences on Windows RT. The update will be made available to customers with Windows Update. The curated CV list applies to IE on the desktop for Windows RT since the most common reason to block Flash is that the site relies on other plug-ins that are not available on Windows RT.