Newsletter Archives

• Will the last tech worker who is fired please turn off the server

  Posted on December 19, 2022 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  A wave of layoffs by the world’s largest technology companies is causing widespread fears. People are afraid that the growth spurt in online commerce that occurred during the coronavirus pandemic may be over — and opportunities for tech employment may never be the same again.

  Firings and separations are certainly ripping through the Internet at a rapid pace. But the impact of all this downsizing may not be exactly what you might expect.

  Read the full story in our Plus Newsletter (19.51.0, 2022-12-19).

  Public Defender Amazon, Facebook, Financial, Google, Microsoft, Netflix, Newsletters, Tesla, Twitter

• Why is Bing worse than Google for finding Windows info?

  Posted on November 7, 2022 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  Microsoft’s Bing search engine has a small but growing market share — chipping away at Google’s 90% dominance worldwide — but the Redmond software giant’s Web crawler can be surprisingly weak in showing you helpful Windows information from technology websites other than Microsoft.com.

  There are thousands of blogs and newsletters that post every possible factoid about Windows, from the fluffiest corporate press releases to obscure technical features you’ve never dreamed of.

  So what might explain the inadequacy of Redmond’s favorite search engine to deliver the Windows info users need to know?

  Read the full story in our Plus Newsletter (19.45.0, 2022-11-07).

  Public Defender Bing, DuckDuckGo, Google, Newsletters, Public Defender, search engines

• Tying up loose ends

  Posted on April 4, 2022 at 02:44 CDT by Fred Langa • Comment in the Forums

  LANGALIST

  

  By Fred Langa

  The last few months have been unusually busy; this column has featured several deep-dive, multi-part installments covering Windows 11, Remote Desktop, and other major topics — along with some truly excellent reader mail spawned by those topics.

  But new information keeps pouring in, especially on Windows 11. So here’s a nonstandard, “catching-up” column that fleshes out and adds to some previous topics — tying up some of the loose ends and opening some new areas to explore!

  Read the full story in our Plus Newsletter (19.14.0, 2022-04-04).

  AskWoody Plus Newsletter, LangaList AskWoody Plus Newsletter, Google, LangaList

• The first Google search result often leads to a virus

  Posted on October 11, 2021 at 02:45 CDT by B. Livingston • Comment in the Forums

  ISSUE 18.39 • 2021-10-11

  PUBLIC DEFENDER

  

  By Brian Livingston

  The top search result in Google is all too often a link to a website that’s been hacked to infect visitors’ devices with a virus.

  The culprit behind these infections is called “Gootloader,” a descendant of years-old malware that just keeps getting worse on Google — the only search engine that’s being targeted.

  Read the full story in the AskWoody Plus Newsletter 18.39.0 (2021-10-11).
  This story also appears in the AskWoody Free Newsletter 18.39.F (2021-10-11).

  AskWoody FREE Newsletter, AskWoody Plus Newsletter, Public Defender AskWoody Plus Newsletter, Google, Google Search, security

• Web presence: Business social networking

  Posted on September 27, 2020 at 21:05 CDT by Tracey Capen • Comment in the Forums

  SMALL-BUSINESS WEBSITES

  By Will Fastie

  The major-league social networks such as Facebook and Twitter can be a big help in establishing your company’s persona on the Web — but often at a cost.

  I have an instructive tale about Facebook. The story is a bit dated, and hopefully the world’s mightiest social network has improved somewhat, but it will give you a small perspective into the intricacies of social networking — and the sorts of trouble they can pose.

  Read the full story in AskWoody Plus Newsletter 17.38.0 (2020-09-28).

  AskWoody Plus Newsletter, Small Business Computing AskWoody Plus Newsletter, Business Web presence, Faceboook, Google, Social networks

• Google comes clean on that “emergency” security patch – and shows how it was used to trigger a Windows 7 0day

  Posted on March 8, 2019 at 07:03 CST by woody • Comment in the Forums

  Now I understand.

  Google releases patches for its Chrome browser all the time. As @b explained about 36 hours ago, Google sent out a special alert to get Chrome updated specifically to head off a 0day attack.

  I didn’t get too excited about it because Chrome automatically updates itself quite reliably, and because the threat didn’t seem to be all that great.

  A few hours ago, Clement Lecigne of the Google Threat Analysis Group added some key details:

  On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.

  To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.

  The second vulnerability was in Microsoft Windows. It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndexwhen NtUserMNDragOver() system call is called under specific circumstances.

  We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.

  Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes. Microsoft have told us they are working on a fix.

  As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available.

  Google’s vulnerability disclosure policy says, to a first approximation, that it gives software manufacturers 90 days to fix a security hole, and if no fix appears, they disclose the details.

  It’ll be interesting to see how Microsoft reacts.

  UPDATE: Catalin Cimpanu has a thorough timeline on ZDNet.

  Windows Patches/Security 0day, Chrome, Google

• Google shuts down Google+ network

  Posted on October 8, 2018 at 12:43 CDT by woody • Comment in the Forums

  Google’s just now confirming that an API bug might’ve exposed private profile data for 500,000 Google+ users. Their response is to shut down Google+.

  I didn’t realize Google+ has 500,000 users.

  Catalin Cimpanu has the details on ZDNet.

  UPDATE: Big revelations coming from the Wall Street Journal. Is it possible that Sundar Pichai didn’t testify in front of the US Congressional Committee because he was afraid of being tripped up by the then-secret breach?

  Other Google

• Microsoft security’s unseemly jab at Google

  Posted on October 19, 2017 at 08:29 CDT by woody • Comment in the Forums

  In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Research team” – no, I didn’t make that up) took aim at Google. There’s a whole lot of technical discussion about the superiority of Edge in that article. There’s also a deep dig at Google.

  Catalin Cimpanu at Bleepingcomputer boils it down:

  The problem that Rabet pointed out was that the fix for the bug they reported was pushed to the V8 GitHub repository, allowing attackers to potentially reverse engineer the patch and discover the source of the vulnerability.

  It didn’t help that it took Google three more days to push the fix to the Chromium project and the Chrome browser, time in which an attacker could have exploited the flaw.

  Taking into account that this happened in mid-September, Microsoft had no reason to detail a bug in a Chrome version that’s not even current. Chrome 62 is the latest Chrome version.

  Paul Thurrott has a great article, turning Microsoft’s old words against itself.

  What Microsoft should have done is take the high ground. Do the right thing for your shared customers and just shut up about it. But it didn’t.

  It’s time for both sides to grow up and work together. Take potshots at each other, sure. But not over security.

  If you’re interested in browser security, I suggest you read it.

  Windows Patches/Security Browser security, Google, Microsoft, security

• The scale of tech winners

  Posted on October 14, 2017 at 16:01 CDT by woody • Comment in the Forums

  Fascinating piece from Ben Evans:

  Microsoft was working on smartphones and mobile devices 20 years ago, and now it’s killed Windows Mobile, acknowledged that the PC is going the way of the mainframe and, like IBM, has to make its way in a market shaped by other companies. There probably won’t be a technology that has 10x greater scale than smartphones, as mobile was 10x bigger than PCs and PCs were bigger than mainframes, simply because 5bn people will have smartphones and that’s all the (adult) people.

  Check it out.

   

  Other Amazon, Apple, Facebook, Google

• EU Anti-Trust investigation hits Google with biggest fine yet

  Posted on June 27, 2017 at 15:30 CDT by Kirsty • Comment in the Forums

  Google has been fined $2.7 Billion US, in its European Union anti-trust ruling, after a 7 year probe.

  From Financial Times:

  “Google’s strategy for its comparison shopping service wasn’t just about attracting customers by making its product better than those of its rivals. Instead, Google abused its market dominance as a search engine by promoting its own comparison shopping service in its search results and demoting those of competitors. What Google has done is illegal under EU antitrust rules”, said EU’s competition commissioner, Margrethe Vestager.

  Google is understood to be considering appealing the ruling. Other reports say that even if the fine is paid, it is unlikely to cripple Google/Alphabet financially, but Alphabet’s share price has dropped since the ruling was announced.

  You can read the European Commission press release here

  Other Anti-trust, EU, Google

• Google discloses actively exploited Win vulnerability

  Posted on November 2, 2016 at 05:43 CDT by woody • Comment in the Forums

  Many of you have asked for my opinion about the “Google endangers us all as an act of hubris” articles making their way around the web. Emil Protalinski at Venture Beat has a good synopsis.

  (One technical note: Emil says “Windows 10 Anniversary Update users are not affected by the vulnerability being exploited in the wild.” In fact, it looks like only those using Edge in version 1607, the Anniversary Update- or Chrome – are immune.)

  Long and short of it: I don’t think we know the pertinent details, and doubt that we ever will. I’ve been in this industry too long to start pointing fingers based on a heated exchange between Microsoft and Google. No doubt both have reason to beef. Who’s right? I dunno. I doubt that anyone does.

  I have just one observation to offer. Terry Myerson, in his damning post Our commitment to our customer’s security, ends the lengthy explanation with this note:

  Special thanks to Neel Mehta and Billy Leonard of Google’s Threat Analysis Group for their assistance in investigating these issues.

  By all accounts, Mehta and Leonard are the ones who discovered the security hole.

  It just strikes me as odd.

  Looks like we’re going to get the fix on Nov. 8, as part of the regular Patch Tuesday.

  UPDATE: Confirming, based on the comments, that if you have Flash patched, you’re fine. The current infection vectors require Flash – although Windows itself needs to be patched, to cover an underlying problem. If that sounds obtuse, it is, but patching Flash (or not using Flash!) takes you out of harm’s way. For now.

  Windows Patches/Security Google, le contest pissant, Strontium

• Can Google and Apple take over the PC market?

  Posted on May 3, 2016 at 07:45 CDT by woody • Comment in the Forums

  Very important post by Paul Thurrott:

  Can Google and Apple take over the PC market?

  And some significant insight from Steve Sinofsky:

  This misses one point

  If you want to see the (bleak) future of Windows, I think they’ve nailed it. Google and Apple are going to roll over the PC market by building their mobile OS’s “up.” Microsoft’s lost by trying to shrink its dinosaur “down.”

  The transition’s going to take a while, but I’m convinced that my son’s going to grow up in a world where “Windows” elicits the same old-fuddy-duddy response as “IBM,” “BlackBerry,” “AltaVista,” and (dare I say it) “Yahoo!”

  BTW: Don’t get me wrong. Windows is going to be around for a long, long time. Microsoft may put the marketing name “Windows” on some other product. But Windows as we know it isn’t going to be at the forefront of worthwhile technological advances – indeed, hasn’t been for some time.

  Other Apple, Google
• « Older Entries