Edge Security Flaw Allows Theft of Facebook and Twitter Credentials

To exploit the flaw, Caballero says that an attacker can use server redirect requests combined with data URIs, which would allow him to confuse Edge’s SOP filter and load unauthorized resources on sensitive domains. The expert explains the attack step by step on his blog.

In the end, the attacker will be able to inject a password form on another domain, which the built-in Edge password manager will automatically fill in with the user’s credentials for that domain. Below is a video of the attack.

Source: Edge Security Flaw Allows Theft of Facebook and Twitter Credentials

Microsoft Azure now offers patent troll IP protection

Microsoft quotes a report from Boston consulting group which estimates a 22% rise in IP lawsuits relating to cloud products over the last five years in the U.S. alone. It also observes that non-practicing entities have increased their spending on cloud patents by 35% over the same period of time.

Source: Microsoft Azure now offers patent troll IP protection

How to permanently stop Windows 10 reboots after installing updates

If you do not want to wait for Anniversary Update (which will be released in July 2016) or if Active Hours is not a solution for you, you can permanently stop Windows 10 reboots after updates are installed if you follow the steps below.

via How to permanently stop Windows 10 reboots after installing updates

Just bought a refurbished I7 machine with Windows 10 Home edition to use for gaming  and run VMs via Virtual Box.  The VMs need to be up 24/7 if they are an active unit.   This box has a lot of RAM so it can run many VMs.  Microsoft brought them all down last night with an update then reboot.  This is totally unacceptable.  Most of the solutions on the web using gpedit.msc or regedit do not work on Windows Home since we are the lowest OS on the MS totem pole.

The procedure in the above website worked for Windows 10 Home.   Now I just have to wait a week or so to see if it really stops the auto reboot.  I don’t mind having to queue up updates that require reboot.  VMs  need to be shutdown gracefully.  Many people use their computers for doing things other than consuming mass media.

Microsoft and Liebherr Collaborating on New Generation of Smart Refrigerators

With the SmartDevice capability, future Liebherr refrigerators will help in shopping and planning meals with intelligent food management. Stored groceries can be monitored using internal cameras and object recognition technology. This process not only captures images for viewing but also recognizes individual food items inside the refrigerator. This information flows automatically into an inventory list, which lets the customer see quickly and clearly what is in the refrigerator from anywhere. Using the SmartDeviceBox voice module, additional groceries can be added to a shopping list that customers can access when on the move using an app for iOS, Android or Windows devices.

Source: Microsoft and Liebherr Collaborating on New Generation of Smart Refrigerators | Cortana Intelligence and Machine Learning Blog

Keeping secrecy the exception, not the rule: An issue for both consumers and businesses

We believe that with rare exceptions consumers and businesses have a right to know when the government accesses their emails or records. Yet it’s becoming routine for the U.S. government to issue orders that require email providers to keep these types of legal demands secret. We believe that this goes too far and we are asking the courts to address the situation.

Source: Keeping secrecy the exception, not the rule: An issue for both consumers and businesses – Microsoft on the Issues

We believe these actions violate two of the fundamental rights that have been part of this country since its founding. These lengthy and even permanent secrecy orders violate the Fourth Amendment, which gives people and businesses the right to know if the government searches or seizes their property. They also violate the First Amendment, which guarantees our right to talk to customers about how government action is affecting their data.

Microsoft and Red Hat Team Up to Offer Linux on Azure Cloud

Jason Zander, Microsoft’s corporate VP and head of its Azure business, said since Microsoft began allowing Linux on its Azure cloud platform, about one in four customers are running one variant of Linux or another, and in China that figure rises to about one in two. “We have a lot of enterprise customers who want an enterprise version of Linux and who have a relationship with Red Hat already.”

Source: Microsoft and Red Hat Team Up to Offer Linux on Azure Cloud | Re/code

Microsoft is downloading Windows 10 to your machine ‘just in case’

Microsoft told us: “For individuals who have chosen to receive automatic updates through Windows Update, we help upgradable devices get ready for Windows 10 by downloading the files they’ll need if they decide to upgrade.

Source: Microsoft is downloading Windows 10 to your machine ‘just in case’

From: The Appeal of Free: 75 Million Users Download Windows 10 in First Month

Free Windows is proving to be a very attractive price indeed. Seventy-five million users have downloaded Windows 10 to their personal computers and tablets in the first month of its release, Microsoft announced on Wednesday.

Manipulating Microsoft WSUS to Own Enterprises

Paul Stone and Alex Chapman of Context Information Security in the U.K. took a long look at the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL. While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could with some work tamper with the unencrypted communication and inject a malicious homegrown update.

Source: Manipulating Microsoft WSUS to Own Enterprises | Threatpost | The first stop for security news

Carnegie Mellon Computer Faces Poker Pros in Epic No-Limit Texas Hold’Em Competition

In a contest that echoes Deep Blue’s chess victory over Garry Kasparov and Watson beating two Jeopardy! Champions, computer poker software developed at Carnegie Mellon University will challenge four of the world’s best professional poker players in a “Brains Vs. Artificial Intelligence” competition beginning April 24 at Rivers Casino.

Over the course of two weeks, the CMU computer program, Claudico, will play 20,000 hands of Heads-Up No-limit Texas Hold’em with each of the four poker pros. The pros — Doug Polk, Dong Kim, Bjorn Li and Jason Les — will receive appearance fees derived from a prize purse of $100,000 donated by Microsoft Research and by Rivers Casino. The Carnegie Mellon scientists will compete for something more precious.

Source: Brains Vs. Artificial Intelligence: Carnegie Mellon Computer Faces Poker Pros in Epic No-Limit Texas Hold’Em Competition-Carnegie Mellon News – Carnegie Mellon University

“Computing the world’s strongest strategies for this game was a major achievement — with the algorithms having future applications in business, military, cybersecurity and medical arenas,” Sandholm said.