Microsoft Updates Yammer

Microsoft unveiled a bevy of improvements to its Yammer enterprise social network, focused on helping people connect more easily with their teams.

By default, people who access Yammer via their web browser will be taken to a new “Discovery” feed on the service’s home page that is supposed to better show them relevant content from their groups along with other public teams across their company’s network. It’s supposed to help keep people in closer touch with important discussions they may be missing on Yammer.

After users finish reviewing new content in one group, Yammer will display a pop up banner with a link to the next group they’re subscribed to that has new content. Yammer’s mobile apps will get similar functionality through a new Group Updates feed that lets users see a list of different conversations in various groups all on one screen. That way, they won’t have to look through individual groups to get the same information. That feature will begin rolling out on Android first before making it to Yammer’s iOS app.

In addition, Yammer is also tweaking the design of individual groups’ pages. Now, each group will have a full-width banner at the top of its page, and discussions within the group can now take up a wider space on the page to aid in lengthier discussions. The whole page has also been redesigned to focus users’ attention on important content.

Icons in the left-hand sidebar will show the users that are active in groups they are a part of, so they can stay up-to-date on where conversations are happening in real time. It’s a move that could make Yammer more competitive with popular chat solutions like Slack, which has been growing incredibly rapidly and was recently valued at $2.8 billion.

Yammer’s mobile app also gained support for attaching files from external storage services like OneDrive and Dropbox, inviting coworkers to a user’s network by email and mentioning people in comments.

There’s even more up Yammer’s sleeve on top of all these updates. The social network’s iPhone app will soon have a companion version for the Apple Watch that will let people interact with content from their coworkers.

The updates come at a time when Microsoft is putting more effort into improving its workplace collaboration tools.

Source

Dropbox Beefs Up Security

Two-factor authentication is widely regarded as a best practice for security in the online world, but Dropbox has announced a new feature that’s designed to make it even more secure.

Whereas two-step verification most commonly involves the user’s phone for the second authentication method, Dropbox’s new U2F support adds a new means of authenticating the user via Universal 2nd Factor (U2F) security keys instead.

What that means is that users can now use a USB key as an additional means to prove who they are.

“This is a very good advancement and adds extra security over mobile notifications for two-factor authentication,” said Rich Mogull, Securosis CEO.

“Basically, you can’t trick a user into typing in credentials,” Mogull explained. “The attacker has to compromise the exact machine the user is on.”

For most users, phone-based, two-factor authentication is “totally fine,” he said. “But this is a better option in high-security environments and is a good example of where the FIDO standard is headed.”

Security keys provide stronger defense against credential-theft attacks like phishing, Dropbox said.

“Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code,” the company explained in a blog post. “They can then use this information to access your account.”

Security keys, on the other hand, use cryptographic communication and will only work when the user is signing in to the legitimate Dropbox website.

Dropbox users who want to use the new feature will need a security key that follows the FIDO Alliance’s Universal 2nd Factor (U2F) standard. That U2F key can then be set up with the user’s Dropbox account along with any other U2F-enabled services, such as Google.

Source

HTC To Go High-End

Taiwanese smartphone maker HTC Corp said it will eliminate some jobs and discontinue models as part of its strategy to focus on high-end devices to better compete with the likes of AppleInc and Samsung Electronics.

“The cuts will be across the board,” Chief Financial Officer Chialin Chang told reporters after HTC reported a second-quarter loss and forecast another for the third-quarter. “They will be significant.”

Chang said the cost reductions would extend to the first quarter of next year, but declined to give further details.

A pioneer in early smartphones, HTC has been dismissed by industry watchers as confused, unoriginal and uncompetitive.

The company has been losing market share over the past few years, hit by intense competition at the high-end of the market from the likes of Apple and Samsung Electronics while budget Chinese rivals have also eclipsed its low-cost offerings.

HTC shares have fallen 51 percent so far this year. The stock closed 1.69 percent lower before the results were announced.

Chang said HTC was banking on selling high-end models in emerging smartphone markets such as India, where he said the company has a 20 percent market share of phones priced between $250-$400.

Analysts, however, are less optimistic, saying HTC is likely to continue to struggle for the next four quarters at least.

“We believe HTC will keep losing share in the smartphone market and will keep losing money,” analyst Calvin Huang with Taiwan’s SinoPac Securities wrote in a recent research note.

Source

Did Microsoft Intentionally Delay The Surface Pro 4?

The latest rumors suggest that Microsoft was waiting to jack the latest Intel Skylake processor under its bonnet.

Redmond seemingly wants the new Surface Pro to be state of the art and be a tablet which is useful. Skylake will give it better battery life and performance with current industry standards like Bluetooth 4.1, Cat6 LTE, WiDi 6.0, and A4WP wireless charging weaved into it.

Intel will support the tablets through compatibility with 3D cameras and audio processing software plus better stylus interaction.

There is no sign of confirmation of the rumors. Microsoft has been quiet so far about the Surface Pro 4. We had been expecting it to highlight some of the better features of Windows 10.

However if the rumors are true it will be a hell of a lot better than the MacBook Air 2015 because it will feature innovation, rather than just being thin.

Latest news about its release date suggests a 2016 launch.

Source

Can OSX Make Macs Vulnerable To Rootkits?

The software genii at Apple have redesigned their OSX software to allow malware makers to make designer micro-software that can infect Macs with rootkits.

Obviously the feature is one that Apple software experts designed specifically for malware writers, perhaps seeing them as an untapped market.

The bug in the latest version of Apple’s OS X allows attackers root user privileges with a micro code which could be packed into a message.

Security researcher Stefan Esser said that this was the security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.

The OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Plainly the software genii did not believe that standard safeguards involving additions to the OS X dynamic linker dyld applied to them because they were protected from harm by Steve Job’s ghost.

This means that attackers to open or create files with root privileges that can reside anywhere in the OS X file system.

“This is obviously a problem, because it allows the creation or opening (for writing) of any file in the filesystem. And because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege-escalation,” Esser said.

The vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. Importantly, the current beta version of 10.11 is free of the flaw, an indication that Apple developers may already be aware of the vulnerability.

An Apple spokesman said that engineers are aware of Esser’s post of course they did not say they would do anything about it. They will have to go through the extensional crisis involved in realising that their product was not secure or perfect. Then the security team will have to issue orders, signed in triplicate, sent in, sent back, queried, lost, found, subjected to an internal inquiry, lost again, and finally bury it in soft peat for three months and recycled as firelighters.

Source

Microsoft To Release Advanced Threat Analytics

Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.

ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.

That final release will happen in August, which should give you plenty of time to get your head around it.

Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.

— Kevin Jones (@vcsjones) May 4, 2015

Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.

“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.

“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.

“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”

The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.

“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.

“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”

A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.

Source

Suse Goes 64-bit ARM Servers

Suse wants to speed the development of server systems based on 64-bit ARM processors.

The outfit said that it is making available to its partners a version of Suse Linux Enterprise 12 ported to ARM’s 64-bit architecture (AArch64).

This will enable them to develop, test and deliver products to the market based on ARM chips.

Suse has also implemented support for AArch64 into its openSUSE Build Service. This allows the community to build packages against real 64-bit ARM hardware and the Suse Linux Enterprise 12 binaries.

Hopefully this will improve the time to market for ARM-based solutions, the firm said.

Suse partners include chip makers AMD AppliedMicro and Cavium, while Dell, HP and SoftIron. Suse wants ARM processors to be part of a scalable technology platform in the data centre.

Through participation in the programme, partners will be able to build solutions for various applications, from purpose-built appliances for security, medical and network functions, to hyperscale computing, distributed storage and software-defined networking.

There are multiple vendors using the same core technology licensed from ARM. This provides a common base for the OS vendors, like Suse, to build support in their kernel.

Suse has some competition for ARM-based systems. Last year, Red Hat started up its ARM Partner Early Access Programme (PEAP), while Canonical has offered ARM support in its Ubuntu platform for several years now, including a long-term support (LTS) release last year that included the OpenStack cloud computing framework.

Source

China Keeps Supercomputing Title

A supercomputer developed by China’s National Defense University still is the fastest publically known computer in the world, while the U.S. is close to an historic low in the latest edition of the closely followed Top 500 supercomputer ranking, which was just published.

The Tianhe-2 computer, based at the National Super Computer Center in Guangzhou, has been on the top of the list for more than two years and its maximum achieved performance of 33,863 teraflops per second is almost double that of the U.S. Department of Energy’s Cray Titan supercomputer, which is at the Oak Ridge National Laboratory in Tennessee.

The IBM Sequoia computer at the Lawrence Livermore National Laboratory in California is the third fastest machine, and fourth on the list is the Fujitsu K computer at Japan’s Advanced Institute for Computational Science. The only new machine to enter the top 10 is the Shaheen II computer of King Abdullah University of Science and Technology in Saudi Arabia, which is ranked seventh.

The Top 500 list, published twice a year to coincide with supercomputer conferences, is closely watched as an indicator of the status of development and investment in high-performance computing around the world. It also provides insights into what technologies are popular among organizations building these machines, but participation is voluntary. It’s quite possible a number of secret supercomputers exist that are not counted in the list.

With 231 machines in the Top 500 list, the U.S. remains the top country in terms of the number of supercomputers, but that’s close to the all-time low of 226 hit in mid-2002. That was right about the time that China began appearing on the list. It rose to claim 76 machines this time last year, but the latest count has China at 37 computers.

The Top 500 list is compiled by supercomputing experts at the University of Mannheim, Germany; the University of Tennessee, Knoxville; and the Department of Energy’s Lawrence Berkeley National Laboratory.

Source

Will Cortana Impact Windows 10 Battery Life?

It is just over a month until Microsoft introduces Windows 10, and as you should know by now, Cortana is one of the key elements of the new OS.

Cortana always listens in order to hear its name and be a smart digital assistant. This is Microsoft answer to Siri and Google Now that is making its way to Windows 10.

Unfortunately, this will affect your notebook battery life. We have spoken with a few industry sources and we can definitely confirm that Windows 10 with enabled Cortana will have an impact on the battery life. We are testing this as we speak to check how big the impact is.

We don’t know how significant the battery life decrease will be, but the good thing is that you will be able to switch Cortana off in case you don’t need it. We heard that many new Toshiba notebooks will come with a dedicated Cortana button, as this is the easiest way to save battery life. Cortana on Toshiba won’t listen until you press the button.

It would be smart if Microsoft would come up with Cortana enable / disable keyboard shortcut. Win + Q will enable Cortana news while Win + S will bring you directly to the Cortana search engine.

Windows 10 seems to be a logical upgrade for anyone who has Windows 8.1 on their notebooks and misses the options from Windows 7, and some familiar UI elements. We use Windows 8.1 on some devices, while most of our computers still have Windows 7 and nothing more. Microsoft DirectX 12 will force us to Windows 10 but from what awe can tell from Preview release, the upgrade to Windows 10 from with 7 seems like quite seamless and logical step.

Just make sure to be aware that your notebook battery life might suffer because of Cortana. Have in mind that this “talk to your PC and expect a smart answer” option can be disabled.

Source

Cisco Warns Of Bug In Virtual App

Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.

The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.

It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.

Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.

The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.

“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.

“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”

Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.

The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.

Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.

Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.

The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.

Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.

Source

« Previous Page — Next Page »