Posted on February 24th, 2017 at 15:54 Comment on the AskWoody Lounge
I didn’t see this one coming.
If you have a volume license, you can stick LTSB – the version of Win10 that’ll be supported for ten years – on your current computers. But when you get new computers, or replace the old ones, you have to use the latest LTSB version.
So far we’ve had two LTSB versions, the so-called LTSB 2015 (which is just the original, RTM version of Win10) and LTSB 2016 (which is the 1607 “Anniversary Update” version).
Excellent article by Gregg Keizer in Computerworld on the ramifications.
Posted on February 24th, 2017 at 12:41 Comment on the AskWoody Lounge
I’m downloading it now.
Posted on February 24th, 2017 at 08:40 Comment on the AskWoody Lounge
I’m as skeptical as the next guy – moreso, actually – but I’m impressed by the security enhancements planned for the next version of Edge.
Matt Miller has an overview here.
Part 2 should be out shortly.
Long and short of it:
Most modern browser exploits attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is prevalent because it provides the path of least resistance for attackers by enabling them to flexibly and uniformly stage each phase of their attack. For defenders, preventing arbitrary native code execution is desirable because it can substantially limit an attacker’s range of freedom without requiring prior knowledge of a vulnerability. To this end, Microsoft Edge in the Creators Update of Windows 10 leverages Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to help break the most universal primitive found in modern web browser exploits: loading malicious code into memory.
I don’t know how quickly the bad guys will be able to break CIG and ACG, but if they hold up as long as ASLR, it’ll be a significant improvement.
Posted on February 23rd, 2017 at 16:01 Comment on the AskWoody Lounge
A meticulous, in-depth comparison of the three Office apps on the iPad – and some real insight into whether an iPad is “good enough” for most Windows users.
Galen Gruman on InfoWorld.
Posted on February 23rd, 2017 at 12:28 Comment on the AskWoody Lounge
We just upgraded the site to PHP 7, and it looks like the MS-DEFCON banner at the top of the page took a hit.
We’re still at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
Posted on February 23rd, 2017 at 12:02 Comment on the AskWoody Lounge
First sightings of Win10 “Redstone 3” appear on BuildFeed – and what that means to you.
InfoWorld Woody on Windows.
Posted on February 23rd, 2017 at 09:59 Comment on the AskWoody Lounge
The two most common file encryption/hashing methods are now officially compromised. MD5 was hacked years ago. Now, Google has come up with an algorithm that generates two different PDF files with the same SHA1 hash.
Still unscathed: SHA-256 and SHA-3
Important article by Dan Goodin, Ars Technica
Posted on February 23rd, 2017 at 09:44 Comment on the AskWoody Lounge
This is an important privacy case. You should be aware of it, especially if you use OK Google, Siri, Cortana – or even the voice recognition system in your car, GPS device, or other Internet of Things, uh, things.
Tafi Mukunyadzi Associated Press.