New Windows 11 toys, fresh new CVE pops out
Microsoft has released a number of Windows 11 updates even as it acknowledges yet more holes found in its flagship operating systems by researchers.
Build 22000.132 hit the Windows Insider Dev Channel overnight. The usual raft of tweaks and improvements included a fix for an explorer.exe crash in the Windows Sandbox and Chat from Microsoft Teams was made available to customers in the Beta Channel.
The emission was accompanied by updates for some of the apps that remain in the Windows 11 box (for Dev Channel Insiders only at present). The old Snipping Tool and Snip & Sketch apps have been replaced by a new Snipping Tool app “that represents the best experiences of both apps in the next evolution of screen capture for Windows,” according to Microsoft. The Mail and Calendar apps have been given the Windows theme and rounded corner treatment. Finally, the open-sourced Calculator app has been warmed over.
While Windows supremo Panos Panay was getting all pumped about screenshots, that Calculator app will come in handy to count the costs incurred due to Windows’ Swiss Cheese security.
A neverending [Insert Microsoft Service Name Here] Nightmare
Despite Microsoft attempting to deal with the multiple issues in Windows suffixed with the word “Nightmare”, the cock-up train kept rolling this week. After slapping a requirement for administrative privileges on Point and Print driver installations, Microsoft admitted that holes remained in its code and, yes, it was time to fire the Print Spooler Service into the Sun once again as it warned of a fresh Remote Code Execution vulnerability via CVE-2021-36958.
Security expert Benjamin Delpy told The Register earlier this week that Microsoft’s efforts at patching things hadn’t dealt with all the problems, and so here we are again.
Other researchers including Will Dormann, vulnerability analyst at CERT, piled on the pain for the Windows giant.
Still, as administrators wait for Microsoft to come up with a solution for the issues other than killing the Print Spooler Service, at least when they look at the next emergency missive, the window corners will be rounded. So that’s alright then. ®
Other stories you might like
I was offered $500k as a thank-you bounty for pilfering $600m from Poly Network, says crypto-thief
Blockchain exchange biz says it’s working to have all the purloined assets returned
The mysterious miscreant who exploited a software vulnerability in Poly Network to drain $600m in crypto-assets, claims the Chinese blockchain company offered them $500,000 as a reward for discovering the weakness.
Most of the digital funds have been returned over several transactions. “We appreciate you sharing your experience and believe your action constitutes white hat behaviour … Since, we believe your action is white hat behaviour, we plan to offer you a $500,000 bug bounty after you complete the refund fully,” the thief wrote in their transaction metadata, seemingly quoting or paraphrasing a message received from Poly Network.
The miscreant claims Poly Networks offered the money as part of a “completely legal bounty reward,” and the biz told him it believed the massive heist “is white hat behavior.” However, it appears the thief won’t accept the bounty, and may instead send back the rest of the digital dosh.
Tired: What3Words. Wired: A clone location-tracking service based on FOUR words – and they are all extremely rude
A tour of UK tech HQs courtesy of some saucy Anglo-Saxonisms
NSFW Some internet clown has satirised current UK controversy over mapping app What3words by making a version that uses four swearwords to name each 3×3 metre block of Great Britain.
FourKingMaps, which appears to have been put together using the same basic principles as What3Words, copies the same basic approach as W3W but uses four words – and very sweary words at that.
Both sites work by breaking the UK up into 3x3m squares and assigning a unique combination of words to each one. For example, the tourist entrance to the Houses of Parliament is located at “fiddlesticks.busty.suckmyass.barfface” or, in the W3W version, “lions.banana.using”.
Jury tells Apple to cough up two days of annual profit in 4G/LTE patent damages retrial
And US trade judge reckons Google ripped off Sonos’s tech
This week ended with two separate patent-related blows against Apple and Google in the United States.
On Friday, a jury in Texas awarded $300m in damages to Optis Wireless and its constellation of companies, to be paid by Apple because the 4G/LTE tech in its iPhones, iPads, and Watches were deemed to have infringed Optis’ communications patents.
Optis last year scored $506m in damages from the Cupertino giant. Apple later persuaded District Judge Rodney Gilstrap to order a retrial. Specifically, a retrial to come up with a damages figure that properly took FRAND into account – the notion that standards-essential patents are licensed on a fair, reasonable, and non-discriminatory basis.
Once again, Facebook champions privacy … of its algorithms: Independent probe into Instagram shut down
AlgorithmWatch ends newsfeed study after ‘thinly veiled threat’
AlgorithmWatch, a non-profit group based in Germany, said it has been forced to end its efforts to monitor Instagram’s newsfeed after parent company Facebook intervened.
In July, the advocacy organization shuttered its Instagram transparency project, launched in March, 2020, because of alleged veiled legal threats after Facebook claimed the group’s data-collecting browser extension violated its Terms of Service and Europe’s GDPR.
“On 13 July, we took the decision to terminate the project and delete any collected data (media partners still have fully anonymized versions of the data),” said Nicolas Kayser-Bril, a data journalist with AlgorithmWatch, in a blog post published on Friday. “Ultimately, an organization the size of AlgorithmWatch cannot risk going to court against a company valued at one trillion dollars.”
Amazon Game Studios to its own devs: All your codebase doesn’t belong to us
E-goliath’s subsidiary drops ‘draconian’ contract terms that absorbed personal work, demanded license rights
Analysis Amazon Game Studios has reportedly dropped terms in its employment contract that gave the internet giant a license to the intellectual property created by employees, even to games they develop on their own time.
The expansive contractual terms received some attention last month when James Liu, a software engineer at Google, recounted via Twitter how in 2018 he turned down a job offer at Amazon “due to absolutely draconian rules regarding hobbyist game dev.”
His Twitter post from July 6, 2021, since deleted, included a screenshot of a contractual agreement that laid out specific terms by which employees were allowed to develop or release “Personal Games.”
Starliner takes off … back to the factory and not space
This isn’t Boeing very well, is it?
Boeing’s troubled CST-100 Starliner capsule, once expected to ferry astronauts to and from space, is heading back to the workshop after suffering mechanical failures.
The spacecraft’s second unmanned flight test was supposed to take place this month though that launch was delayed, and now scrapped, after 13 of the valves controlling the propulsion system used for maneuvering failed a pre-flight check. Although attempts were made to fix the issue on-site, in a press conference on Friday Boeing said it was decoupling the capsule from its Atlas V booster and will be going back to the shop for a rethink.
“Mission success in human spaceflight depends on thousands of factors coming together at the right time,” said John Vollmer, vice president and program manager of Boeing’s Commercial Crew Program. “We’ll continue to work the issue from the Starliner factory and have decided to stand down for this launch window to make way for other national priority missions.”
Russia: Forget about the Nauka incident. Who punched the hole in the Soyuz, hmm?
Borked module and fingerpointing puts space relationship with US under strain
Opinion NASA’s relationship with its Russian International Space Station (ISS) partner is under a similar strain to, say, an orbiting outpost that has been given a surprise spin by a malfunctioning module.
The module in question is, of course, the long-delayed Nauka, which made an automatic docking to the ISS on 29 July before sending the complex on a wilder-than-desired ride a few hours later.
Despite reassuring noises from NASA, the incident was a near-disaster for the ISS as Nauka’s thrusters began firing, slowly rotating the station.
Taxpayers foot the bill: HMRC signs up Cognizant for £150m low-code, automation project
Brit tax collection agency’s IT estate contains ‘significant risk’
Britain’s tax collection agency has handed £150m in contracts to integrator and consultant Cognizant, including work to assist with the implementation of Pega low-code and automation systems.
Her Majesty’s Revenue & Customs (HMRC) split that deal in two, awarding a £90m portion for building and supporting the Case Management Delivery Group’s (CMDG) Pega Technology Stack.
“The majority of the projected outcome-based work will be ‘build’ related activities funded through relevant business projects,” the tender notice states.
Palantir abandons any attempt at curating nice-guy image with ‘Global Information Dominance Experiments’
COO also talks of recruiting and irradiating the next David Banners of the tech world
For an AI biz associated with the CIA and the much-criticised US immigration agency ICE, whose founder helped finance impeached ex-president and alleged insurrectionist Donald Trump, it might be fair to assume Palantir would endevour to avoid giving the wrong impression.
For example, publicising a project under the title “Global Information Dominance Experiments”, run by the US Airforce, might not be first on the list to create a friendlier image. But that’s not for Palantir.
As if inviting comparison with Bond villains only a Bacofoil bodysuit and height-challenged sidekick would add to, the project “was designed to enable cross-combatant command collaboration to generate globally-integrated effects using artificial intelligence-enabled information,” according to the US military description.
Fancy joining the SAS’s secret hacker squad in Hereford as an electronics engineer for £33k?
Hey MoD, nice to hear from you. What? Not secret any more, you say?
A job ad blunder by the UK’s Ministry of Defence has accidentally revealed the existence of a secret SAS mobile hacker squad.
The secretive Computer Network Operations (CNO) Exploitation Unit had its cover blown on the MoD’s external job ad website, as spotted by the ever eagle-eyed Alan Turnbull of Secret Bases.
Based in Hereford, the £33k-per-year post was to be filled by an “extraordinary talented electronics engineer” [sic] to “work alongside some of the best scientists and engineers within defence and will be tasked with delivering prototype solutions directly to the soldiers and officers of a unique and specialised military unit.”
UK’s United Utilities water company to splash a possible £270m on analytics, control and monitoring platforms
‘Ethical insight and competitive advantage’ in the pipes if project goes to plan
UK water company United Utilities is in the market for control, monitoring and analytics platforms in a deals that could be worth up to £270m.
In a tender document, the £1.8bn-revenue company said its ambition was “to drive digital transformation, systems thinking and improved service for our stakeholders, customers and community by development of our advanced analytics and information management capabilities, using data tools and skills to deliver ethical insight and competitive advantage.”
The utility firm, which supplies around 1.8 billion litres of water every day, said that with increasing complexity and variety of data available and rapid technological development of sensor and data technology, it needed “to facilitate the processing and analysis of more data in more complex forms.”