There’s a good reason why security analysts get nervous about bundled third-party software: it can introduce vulnerabilities that the companies can’t control. And Microsoft, unfortunately, has learned that the hard way. Google researcher Tavis Ormandy discovered that a Windows 10 image came bundled with a third-party password manager, Keeper, which came with a glaring browser plugin flaw — a malicious website could steal passwords. Ormandy’s copy was an MSDN image meant for developers, but Reddit users noted that they received the vulnerable copy of Keeper after clean reinstalls of regular copies and even a brand new laptop.
A Microsoft spokesperson told Ars Technica that the Keeper team had patched the exploit (in response to Ormandy’s private disclosure), so it shouldn’t be an issue if your software is up to date. Also, you were only exposed if you enabled the plugin.
However, the very existence of the hole has still raised a concern: are Microsoft’s security tests as thorough for third-party apps as its own software? The company has declined to comment, but that kind of screening may prove crucial if Microsoft is going to maintain the trust of Windows users. It doesn’t matter how secure Microsoft’s code is if a bundled app undermines everything.
760 Shares
California advises against keeping your phone in your pocket
For thirty years, hundreds of millions and now billions of people have been irradiating themselves with cellphones, yet rates for cancer and other diseases have steadily fallen. Where’s the evidence for this official warning?
iTunes isn’t coming to the Windows Store this year after all
There are significant challenges when one tries to port poorly written software into the nice, structured, sandboxed Microsoft Store. I look forward to seeing the first usable version if iTunes.
North Korea hackers steal bitcoin by targeting currency insiders
The headline is wrong. They TRY to steal Bitcoin. The article doesn’t say that they were successful. Engadget, please insert try to between hackers and steal in the headline, or I will call the police.
Eve V review: The wisdom of the crowd mostly pays off
the bluetooth capability of the keyboard is a nice feature that i’ve been hoping for with every new surface pro release. i’ve been in a few situations with my sp3 where this would have been killer to have.
What do made-for-AI processors really do?
TL:DR technical answer: Less silicon dedicated to high-precision floating point calculations (good for graphics), more silicon dedicated to low-precision integer calculations (good for AI)
Facebook’s ‘snooze’ button mutes a friend for 30 days
Not looking at Facebook also works.
Google Maps will now tell you when to get off the bus or train
Will this app work with my school bus? Anything to help me be on time for my 9am 3rd grade physics class.
Samsung reportedly eyes first half of 2018 for smart speaker debut
Bixby is amazing. Unlike other gloried talking search engines, it does actual tasks and routines for you. What good is an assistant if it only give you information and doesnt do things FOR you. Bixby is the first TRUE AI agent.
Pentagon funded UFO identification program for 5 years
UFO sightings seem to have greatly disappeared over the last few years, either they found us uninteresting and left or infiltrated our news sources and governments to suppress any knowledge of their existences…
Sky’s restructured TV pricing is simpler and more flexible
Its a bit much having to pay an extra £5 quid to have kids entertainment added. Have a heart Sky.
Attorneys general request last-minute delay for net neutrality vote
You need to give up your continued support for removal of communication rights. NN helps insures communication rights in same way the US constitution helps insure rights.But knowing you, you would prefer to repeal the constitution as well.
The iMac Pro is fast, but who is it for?
Great write up as usual Dana. I just can’t wrap my head around who would spend $5000 on $2000 worth of hardware…but as you’ve pointed out I guess there is niche demand for this type of system running OSX.Yet, going the iMac-esque route for a professional product is so strange. Bringing back the G5-era chassis would undoubtedly be best for prosumers but then Apple can’t control the upgrade path (or lack thereof.)
Microsoft unveils improved AI-powered search features for Bing
Wrong. I use Bing and I’m not old. The best part is the Rewards/points which I’ve redeemed for Starbucks, Amazon gift cards, and Xbox Live memberships. I can’t tell the difference between Bing’s search results and Google’s
CDC barred from using terms like ‘science-based’ in budget docs
Ridiculous? I would say it’s absolutely insane. If these responsible administration officials were treated with medical practices from ancient times, they would ask for science based medicine pretty quickly.
The FCC’s ‘Harlem Shake’ video may violate copyright law
Well, he doesn’t seem to care about anything else so why would he care about copyright?
Like this:
Like Loading...
