“Flame” is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures.
While anonymous US officials have claimed responsibility for the program, officially both the USA and Israel have denied any involvement.
Summary and conclusions:
- The Flame command-and-control infrastructure, which had been operating for years, went offline immediately after our disclosure of the malware’s existence last week.
- We identified about 80 total domains which appear to belong to the Flame C&C infrastructure.
- The Flame C&C domains were registered with an impressive list of fake identities and with a variety of registrars, going back as far as 2008.
- The attackers seem to have a high interest in PDF documents, Office and AutoCad drawings.
- The data uploaded to the C&C is encrypted using relatively simple algorithms. Stolen documents are compressed using open source Zlib and modified PPDM compression.
- Flame is using SSH connections (in addition to SSL) to exfiltrate data. The SSH connection is established by a fully integrated Putty-based library.
- Windows 7 64 bit, which we previously recommended as a good solution against infections with other malware, seems to be effective against Flame
So let me get this straight. Advertising networks that track user behavior are OK with “Do Not Track” only so long as a single-digit percentage of users have it turned on? But if a lot of people start using it they’re out? Not being able to track users across the web is a “nightmare” for ad networks?
Years ago I had the idea that if Microsoft really wanted to destroy Google, they should have released a version of IE with a built-in on-by-default ad-blocker that included Google ads in its blacklist.
Let’s follow the money. The OEMs are paid by a variety of software makers to install crapware onto systems. The OEMs don’t disclose how much money they receive from this, but sources tell me that it works out at a few dollars per PC. That doesn’t sound like much, but multiply that across millions of PCs and it becomes a significant number.
Then the customer pays the OEM — or a middleman — for the PC, a PC which Microsoft itself admits is “slower-than-should-be” because of all the stuff loaded onto the system unnecessarily. Consumers are expected to take their new PC to a Microsoft Store — though there are currently only 16 of them in the United States — and pay Microsoft $99 to remove the crapware that the OEMs were paid to install.
It could only be worse if the OEMs wanted payment to remove crapware. Think that wouldn’t happen? It’s already been tried. Back in 2008, Sony announced plans to charge customers $50 for what it called “Fresh Start” systems that were free of crapware. The plans were dropped following a barrage of negative feedback.
The OEMs make money from installing crapware onto PCs, and now Microsoft is making money removing it. Makes you realize why more and more people are buying Apple hardware.
Most of you probably already know that you can remove a lot of the preinstalled crapware from PCs using PC Decrapifier. It won’t give you the nice Signature edition desktop wallpaper, and won’t install pretty much every piece of Windows Live software ever made onto your PC — like Microsoft seems to do on Signature editions PCs — but it will remove most of the crapware that you find on new PCs. And the best part is it won’t cost you $99. In fact, it won’t cost you anything, because it’s free for personal use.
Siri, on the iPhone, mostly uses Wolfram Alpha as a search engine. Since it has a fairly limited set of product reviews, you can get hilarious results like this:
When you ask the Nokia Lumia 800 what the best smartphone ever is – thus using Microsoft’s TellMe service in combination with Bing – the first result you will get is this Business Insider article with the following headline:
Fogg may have underestimated the developer issue. What most Nokia-watchers appear to be unaware of is that for developers, breakage lies ahead. The three bedrock components of Windows Phone 7x – the Embedded CE kernel, the Compact .NET framework and Silverlight – are all being cast aside. Windows 8 Apollo will share the same kernel as Windows 8. What third-party developers are supposed to do is not clear. Will all today’s applications break? Will there be a legacy runtime? What source-conversion tools will be available? Even key Nokia sources don’t know the answer to these questions yet.
I’ve got a Lumia 800 to develop on, and it’s a nice phone. But I haven’t been able to make a business case for an app on it, yet, and I worry I never will.
Microsoft’s working quickly to counter backlash it’s receiving after denying a user who won a Windows Phone challenge his just reward. Yesterday, Sahas Katta won a “Smoked by Windows Phone” challenge when his Galaxy Nexus displayed the weather of two different cities faster than the Windows Phone he was up against, but the Microsoft store claimed that he had to show weather from two different states. Microsoft has been roundly bashed for this technicality since then, so Windows Phone evangelist Ben Rudolph has just taken to Twitter to apologize and offer Katta a new laptop and Windows Phone, as well as an apology.
You could see this coming miles away. I mean, what marketing genius thought it was a great idea to set up a rigged “contest” where the whole point is to ridicule your potential customers one at a time? How is this supposed to make your potential customers feel good? And why do you thing that, in the age of the Internet, you can get away with cheating potential customers?
You’ve got to hand it to Kirill Tatarinov, the head of Microsoft’s ERP division. The Russian Rocket was cool as a cucumber on Monday when a demo of the Windows 8 Metro UI running on a touch-screen tablet crashed and burned during the opening keynote of Convergence 2012.
You probably take for granted that you can view videos on your smartphone, tablet, PC, or DVD/Blu-ray player and connect to the Internet without being tied to a cable. That works because the industry came together years ago to define common technical standards that every firm can use to build compatible products for video and Wi-Fi. Motorola and all the other firms that contributed to these standards also made a promise to one another: that if they had any patents essential to the standards, they would make their patents available on fair and reasonable terms, and would not use them to block competitors from shipping their products.
Motorola has broken its promise. Motorola is on a path to use standard essential patents to kill video on the Web, and Google as its new owner doesn’t seem to be willing to change course.
Microsoft telling Google to not be evil.
I surely must have stepped through the looking glass…
Like the curtain finally falling from the Wizard of Oz to find just a small, frail, man pretending to be far more powerful and relevant than he really was. Microsoft’s biggest miss was allowing the world to finally see the truth behind the big lie — they were not needed to get real work done. Or anything done, really.
Tech writer MG Siegler just noted a remarkable fact:
Apple’s iPhone business alone is now bigger than Microsoft.
Not Windows. Not Office. Microsoft.
Think about that.
Remember when Balmer said the iPhone would never amount to anything? Good times…
In what could simply be described as an enormous loss for Pakistan, Arfa Karim, the world’s youngest Microsoft Certified Professional (MCP), Saturday night, lost the battle of life after remaining admitted here at Combined Military Hospital for 26 days, Geo News reported.
Arfa Karim was only sixteen years old.
Her funeral prayers will be offered on Sunday at 10 AM in Cantt area.
Arfa Karim remained in intensive care at Combined Military Hospital (CMH) after suffering an epileptic seizure and cardiac arrest a few weeks ago. After battling for life for 26 days, one of Pakistan’s brightest brains left this world for good.
When I talked to Linus Torvalds he said that Secure Boot is a good thing, but can be used in a bad ways. That’s proving to be true.
When Microsoft published The Certification Requirements for Windows 8 it was evident that the company wanted to use the secure boot to lock Linux out of such hardware, thus creating a Windows only hardware. The discovery lead to a strong protest from the FLOSS community. Microsoft allowed the non-ARM hardware to be able to run Linux if the hardware vendors chooses to allow that. But as we saw the arrival of ARM on desktop Microsoft “wasted no time in revising its Windows Hardware Certification Requirements to effectively ban most alternative operating systems on ARM-based devices that ship with Windows 8.”
Steve Ballmer Reboots
With the stock hung for 10 years, no one thought to reboot Ballmer until now?!
Just got myself one, and I’ve been playing with it for 10 minutes, and I’m pleasantly surprised. Microsoft managed to create a decent user interface, and I like it. Now there’s an unexpected thing for me to say, right?
Microsoft is offering free Windows phones to Android malware victims, providing they are prepared to tell world+dog about their problems.
The marketing stunt – already given the hashtag #droidrage on Twitter – follows a run of publicity about android malware.
And in related news:
A security flaw has been discovered in Microsoft’s Windows Phone OS which allows hackers to disable a handset’s messaging system by SMS.
A malicious text can be sent which stops the SMS service from working, WinRumours reports. A factory reset is the only way to remedy the issue.
One way we can measure a company’s “evilness” is by how important litigation is to corporate strategy. We’ll open this series by comparing today’s three tech giants: Microsoft, Google, and Apple. Which company gets sued the most? And more importantly, which company sues others the most?
Microsoft has pieced together an HTML 5-based demo of its Windows Phone OS’ Metro user interface, giving iOS and Android users a taste of what life’s like on the other side.
If you’re an Android or iPhone user and fancy giving it a go, visit http://aka.ms/wpdemo from your handset’s browser. Let us know how you get on.
Very nice – first time I get to see bits of Metro. Looks like Microsoft came up with something good!
Microsoft has long been one of the most ardent proponents of expanding U.S. copyright law. But that enthusiasm doesn’t extend to the new Stop Online Piracy Act, which its lobbyists are quietly working to alter, CNET has learned.
It’s little surprise that Web-based companies like Google, Facebook, and Twitter oppose SOPA, which is designed to make allegedly piratical Web sites virtually disappear from the Internet. They, and many civil liberties and human rights groups, worry that SOPA could jeopardize legitimate Web sites too.
Sad that the only reason this bill is going to die is because powerful corporations decided to “voice their displeasure”. The public doesn’t matter any more for law makers.
The questioner asked what Microsoft thought about the contention that we’re in the "post PC era."
Ballmer started off in his usual enthusiastic fashion: "We are in the Windows era — we were, we are, and we always will be."
We are at war with Eurasia. We have always been at war with Eurasia.
Windows Phone 7.5 is gorgeous, classy, satisfying, fast and coherent. The design is intelligent, clean and uncluttered. Never in a million years would you guess that it came from the same company that cooked up the bloated spaghetti that is Windows and Office.
Most impressively, Windows Phone is not a feeble-minded copycat. Microsoft came up with completely fresh metaphors that generally steer clear of the iPhone/Android design (grid-spaced icons that scroll across home pages).
You know, compared to this, the Microsoft video wasn’t all that bad after all.
So, in the future you have to go to a hotel in a different country just to participate in a teleconference where none of the people are in the same room. And nobody talks to each other, they just finger swipe through life. Got it.
Google’s complaints about patent-based attacks against Android don’t seem to be doing the company any good. We all know Steve Jobs pledged to destroy Android, claiming it stole its ideas from Apple’s iOS. Yet what is likely an even bigger threat comes from Microsoft, which claims that more than half of all Android devices are now subject to patent licensing agreements.
What does that mean? When you buy an Android phone, there’s a good chance either the vendor whose name is on the device or one of the manufacturers who contributed hardware to it is paying Microsoft a fee for each sale. Today, Microsoft announced an agreement with Compal, an original design manufacturer that produces smartphones and tablets for third parties and takes in $28 billion in annual revenue. This was the “tenth license agreement providing coverage under our patent portfolio for Android mobile phones and tablets,” and the ninth in the last four months, Microsoft lawyers Brad Smith and Horacio Gutierrez write in a blog post.
From the above screen shot, dear Microsoft, I can safely assume that you haven’t got a clue.
If you wanted to build a retail store with four curved tabletops at the front and rear side walls and a rectangular band displaying changing video images on the walls, well, Microsofts intellectual property department would like to have a word with you.
Microsoft is flying flags at half-staff today and tomorrow at its offices around the world in honor of Steve Jobs, the Apple co-founder who died this week at the age of 56. The picture above is from the main entrance to the company’s main campus in Redmond.
Here is a photo taken of the Microsoft UK offices.