Flaws Archives - Shapiro Consultants

Windows 11 is about to fix two of its most frustrating flaws

February 15, 2024
No Comments

We're always keeping an eye on the early preview versions of Windows 11 to see what's coming down the pipe, and so we're pleased to see two small but useful fixes on the way that should be rolling out to everyone soon.

First up, at long last it looks as though Microsoft will add the option to hide the news feed from the widgets box. This has been enabled in build 26058 (via XDA Developers), so you can check up on the weather or sports scores without being bombarded by the latest headlines from across the web.

The new view is simply called My Widgets, and the thinking is that it may have been introduced in part to appease EU regulators – regulators who are keen to give users as much flexibility as possible. Based on the Dev and Canary channels of Windows 11 though, this tweak will be available worldwide.

You can access widgets by clicking the widgets icon on the taskbar. It should be to the left of the other icons, and might already be showing some dynamic information (like the weather or a traffic alert) – otherwise it's a white rectangle next to a blue rectangle.

Clearer cutting, copying, and pasting

A laptop screen on a pink background showing a new crosshair cursor in Windows 11 — (Image credit: Microsoft)

Second, and sticking with Build 26058 (via MSPowerUser), Windows 11 is adding text labels to the cut, copy, and paste icons that appear when you right-click in File Explorer. If you've ever squinted at this pop-up menu to try and figure out exactly where to click, you'll know how useful these labels will be.

Of course, you can still use the familiar keyboard shortcuts if you prefer, but for those of us going through the context menus in File Explorer, this should make a significant difference – and avoid files being moved or copied to the wrong place.

For more details, you can check out Microsoft's blog post on the latest update. Other features to look out for include a new crosshairs mode for the cursor (see above), which is intended to help low vision users select items more accurately.

As always, Microsoft's plans can change, and features that appear in preview versions of Windows don't always make it out to everyone. However, these fixes seem to have a good chance of making it so we're looking forward to seeing them appear.

TechRadar – All the latest technology news

March 8, 2022
No Comments

The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
Threatpost

March 4, 2022
No Comments

Microsoft 365 may finally have sorted out one of the most irritating aspects of using its web apps.

Previously, users looking to work across different Microsoft 365 accounts, whether work or personal, had to sign out and then sign back in when they wanted to switch.

Now, a new update looks set to banish this problem by adding account switching for Microsoft 365 web apps, saving huge amounts of time and lowering blood pressure across the platform's global user base.

Microsoft 365 account switching

In its official entry in the Microsoft 365 roadmap, the company notes how the update will simplify working across different accounts going forward.

Users will now be able to sign into multiple work and personal accounts on Microsoft 365 web apps in the same browser, with Microsoft saying they will be able to “seamlessly switch” between accounts without needing to sign out and sign back in again.

The feature is currently in development, but has a predicted release date of April 2022, meaning users could see it within just a few weeks. Upon release, Microsoft says account switching will be generally available to all Microsoft 365 web users across the world.

> Microsoft Office 365 is getting a handy upgrade that will streamline your workflow

> Microsoft Defender for Office 365 is taking no chances with dodgy attachments

> Microsoft wants to make sure you don't get caught out by Office 365 email scams

Microsoft 365 has been pushing hard to attract new customers in recent months as companies around the world look to adapt their technology stack as they gradually return to the office.

The company has aimed to poach customers from Google Workspace or other Microsoft Office alternatives with the promise of cheap deals and more flexibility, especially as some users are unhappy at Google's move to end a free tier of its software.

It has also made several moves to boost the security of Microsoft 365, adding a new layer of email security to make sure all emails sent through Exchange Online will only be delivered through connections that have both authentication and encryption.

The company also allowed Microsoft Defender for Office 365 to customize a new authentication mechanism in a bid to further extend its anti-spoofing protection.

We’ve also highlighted the best online collaboration tools and the best hybrid working tech

TechRadar – All the latest technology news

February 17, 2022
No Comments

Being plagued with annoying Gmail notifications could soon be a thing of the past if a new feature being tested by Google comes to fruition.

9to5Google has spotted a new addition to Google's email service that allows users to pause mobile notifications while the Gmail desktop client is being actively used.

This should mean that users won't get pinged for every new email message they receive if they have Gmail running on a desktop PC somewhere.

Gmail silence

The site reported seeing the feature on a test account, where it was advertised in a pop-up alert.

The feature would allow your browser to “detect if you're active or away”, meaning Gmail would be able to identify when a user is actively using the service.

9to5Google notes that it doesn't appear that the service can be enabled or disabled through Gmail settings, but instead has to be accessed through the Google Chrome settings menu itself, potentially meaning it is a closely-linked tool between the company's browser and email platforms.

The tool doesn't appear to be rolling out publicly as of yet, with no sign in the Google support pages, so it may be part of a beta test ahead of a wider launch later this year.

The news comes as Google is in the midst of rolling out a major overhaul for Gmail which brings together Google Chat, Spaces and Meet into a new, integrated view to provide users with a one-stop shop for all their communication needs.

> Gmail on mobile just hit a massive milestone

> Exclusive: Most people use Gmail but don't know how full their inbox is

> Google Workspace is getting a major upgrade to rival Microsoft 365

As well as this integrated view, the new Gmail will allow users to view specific app menus in a collapsible panel, and get alerts for new Chat and Space messages through notification bubbles.

Going forward, all Google apps in Gmail will be situated in a single menu on the left of the screen. Users can switch between them by clicking on an app's menu, or point to an icon to see a preview, with the new collapsible panel able to be hidden or displayed with a click at any time.

Google also notes that individual and group chat messages can be accessed from the Chat tab, including opening into a small pop-up window at the bottom of your screen.

Google is currently rolling out the updated Gmail to select users now, with a wider rollout taking place over the next few weeks. Scheduled Release domains will reportedly begin receiving the new look from February 28.

These are the best online collaboration tools around today

TechRadar – All the latest technology news

January 19, 2022
No Comments

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.

Threatpost

December 7, 2021
No Comments

The latest version of Mozilla Firefox is including a welcome security upgrade that the company hopes can keep its browser safe from code-based attacks.

Available now, the desktop and mobile editions of Firefox 95 will come with RLBox technology, which looks to prevent and limit any damage caused by code security flaws or bugs.

The “novel sandboxing tool” will look to make Firefox the most secure browser option around, the company claims.

Firefox security

RLBox was developed by Mozilla alongside researchers at the University of California San Diego and the University of Texas.

The tool uses WebAssembly to isolate potentially buggy code, ensuring no possible infections or flaws are able to launch or execute without the user knowing.

Mozilla notes that although all major browsers, including Firefox, run web content in their own sandboxed process, hackers often chain together two vulnerabilities to break through -one to compromise the sandboxed process containing the malicious site, and another to escape the sandbox.

This has previously meant having to hoist subcomponents of a browser into a separate process, but this has some limitations – which is where RLBox comes in.

“Rather than hoisting the code into a separate process, we instead compile it into WebAssembly and then compile that WebAssembly into native code,” Mozilla says.

Although not suitable for every component, Mozilla says it is working on expanding the reach of RLBox as much as it can – including to other browsers. The company shipped a prototype to its Mac and Linux users to test in 2020, showing it can operate effectively across different operating systems.

“RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream,” Mozilla's Bobby Holley wrote in a blog post announcing the news.

“This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing, and we look forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects.”

Stay secure online with the best firewall options around

TechRadar – All the latest technology news

November 22, 2021
No Comments

Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.

Threatpost

May 12, 2021
No Comments

Paper ballots and source-code transparency are recommended to improve election security.
Threatpost

June 20, 2020
No Comments

Netgear has issued patches to fix security vulnerabilities in two of its routers which can be exploited by an attacker to take full control of the devices remotely.

The two devices that have received patches are the R6400v2 and R6700v3. However, 77 of Netgear's other routers reportedly still remain vulnerable to a zero-day vulnerability that was reported to the company back in January of this year.

The vulnerability, which lies in the HTTPD daemon used to manage the routers, was discovered independently by both Grimm's Adam Nichols and d4rkn3ss from Vietnam's VNPT ISC through the Zero Day Initiative (ZDI).

Netgear Nighthawk M5 Mobile Router brings 5G to your workplace
Where to buy a router: work remotely without interruption
Need additional security? These are the best secure routers

ZDI has released a report that includes some information about the vulnerability while Nichols has written a lengthy blog post describing it in detail, a Proof of Concept (PoC) exploit and even scripts to find vulnerable routers online.

Zero-day vulnerability

Based on the reports about the vulnerability, affected router models have an HTTPD daemon which does not adequately check the length of data supplied by a user and this allows an attacker to create a buffer overflow when data is copied to a fixed-length variable.

To exploit the flaw in Netgear's routers, an attacker would need to create a specially crafted string capable of executing commands on the device without having to authenticate first. In his blog post, Nichols explained that while stack cookies would normally be able to mitigate this vulnerability, many of Netgear's routers don't use them, saying:

“In most modern software, this vulnerability would be unexploitable. Modern software typically contains stack cookies which would prevent exploitation. However, the R7000 does not use stack cookies. In fact, of all of the Netgear products which share a common codebase, only the D8500 firmware version 1.0.3.29 and the R6300v2 firmware versions 1.0.4.12-1.0.4.20 use stack cookies. However, later versions of the D8500 and R6300v2 stopped using stack cookies, making this vulnerability once again exploitable.”

By default, the HTTPD Daemon these routers is only accessible via LAN, although router admins can enable it so it can be accessed remotely over the internet. However, attackers can still create malicious websites using JavaScript to perform DNS rebinding attacks which would allow them to execute commands remotely on routers that are not accessible over the internet.

If you have Netgear's R6400v2 or R6700v3 router you can download hot-fixes for the vulnerability now but if you have one of the 77 other affected routers, you're out of luck until the company releases patches for them.

We've also highlighted the best small business routers

Via BleepingComputer

TechRadar – All the latest technology news

Posts tagged "Flaws"

Windows 11 is about to fix two of its most frustrating flaws

Clearer cutting, copying, and pasting

You might also like

Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure

One of the most annoying Microsoft 365 flaws could finally be fixed

Microsoft 365 account switching

Gmail may have solved one of its most annoying flaws

Gmail silence

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

Firefox 95 wants to keep itself safe from code security flaws

Firefox security

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Researchers Flag e-Voting Security Flaws

Netgear router security flaws finally patched after six months

Zero-day vulnerability