Privacy-Centric Linux Distro Tails Hits 2.0 Release

http://linux.slashdot.org/story/16/01/29/159219/privacy-centric-linux-distro-tails-hits-20-release?utm_source=feedly1.0mainlinkanon&utm_medium=feed

Privacy-Centric Linux Distro Tails Hits 2.0 Release38

Posted by timothy on Friday January 29, 2016 @10:11AM from the your-eyes-only dept.

A_Mythago writes:The Amnesic Incognito Live System (Tails) has finalized version 2.0, which has several improvements and updates to continue to meet their mission of preserving privacy, anonymity and circumventing censorship without a trace, using a Debian 8.0 custom live distro. More details about Edward Snowden's use of Tails and the distro itself can be found at a previous Slashdot story from 2014.

Windows Phone is dead by Tom Warren

http://www.theverge.com/2016/1/28/10864034/windows-phone-is-dead

Windows Phone started off life as a promising alternative to Android and iOS five years ago. Microsoft positioned its range of Windows Phone 7 handsets as the true third mobile ecosystem, but it's time to admit it has failed. If a lack of devices from phone makers and even Microsoft itself wasn't enough evidence, the final nail in the coffin hit today. Microsoft only sold 4.5 million Lumia devices in the recent quarter, compared to 10.5 million at the same time last year. That's a massive 57 percent drop. Even a 57 percent increase wouldn't be enough to save Windows Phone right now.

Microsoft and Nokia have sold a total of 110 million Windows Phones compared to 4.5 billion iOS and Android phones in the same period. IDC recently reported that 400 million phones were sold in the recent quarter, meaning just 1.1 percent of them were Lumia Windows Phones. Microsoft does not have any compelling Lumia handsets, and the Lumia 950 and Lumia 950 XL were both disappointing flagship devices with unfinished Windows 10 Mobile software.

With Lumia sales on the decline and Microsoft's plan to not produce a large amount of handsets, it's clear we're witnessing the end of Windows Phone. Rumors suggest Microsoft is developing a Surface Phone, but it has to make it to the market first. Windows Phone has long been in decline and its app situation is only getting worse. With a lack of hardware, lack of sales, and less than 2 percent market share, it's time to call it: Windows Phone is dead. Real Windows on phones might become a thing with Continuum eventually, but Windows Phone as we know it is done. It won't stop Microsoft producing a few handsets every year as a vanity project, but for everyone else it's the end of the line. Farewell, Windows Phone.

Hot Potato Exploit Gives Attackers the Upper Hand in Multiple Windows Versions by Catalin Cimpanu

http://news.softpedia.com/news/hot-potato-exploit-gives-attackers-the-upper-hand-in-multiple-windows-versions-499192.shtml

By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows.

The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000.

All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

Hot Potato is made up of three different exploits

The three security problems that form the Hot Potato exploit are a local NBNS (NetBIOS Name Service) spoofing technique that's 100% effective, a flaw which allows attackers to set up fake WPAD (Web Proxy Auto-Discovery Protocol) proxy servers, and an attack against the Windows NTLM (NT LAN Manager) authentication protocol.

Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges, the Windows analog for a Linux/Android root user's permissions.

Foxglove researchers created their exploit on top of a proof-of-concept code released by Google's Project Zero team in 2014 and have presented their findings at the ShmooCon security conference over the past weekend. They've even posted their exploit code onGitHub.

Hot Potato can be used against multiple Windows versions

Additionally, some proof-of-concept videos were also uploaded on YouTube, and you can see the researchers break Windows versions such as 7, 8, 10, Server 2008 and Server 2012.

Researchers say that enabling "Extended Protection for Authentication" in Windows should stop the last stage of their exploit, the NTLM relay attack.

Using SMB (Server Message Block) signing may theoretically block the attack, but they have not properly investigated this mitigation technique.