Microsoft Press Books and eBooks

Microsoft Press books, eBooks, and online resources are designed to help advance your skills with Microsoft Office, Windows, Visual Studio, .NET and other Microsoft technologies.

Monday, January 8, 2018

Intel’s processors have a security bug and the fix could slow down PCs

A security flaw in Intel processors has led to a redesign of Linux and Windows kernels. Programmers have been busy for the past two months patching the Linux kernel’s virtual memory system to protect against a hardware bug in Intel CPUs that could let attackers exploit security weaknesses and access security keys, passwords, and files cached from a disk. The Register reports that software updates are required for both Windows and Linux systems, and performance of a machine will be affected.
Reports suggest information around the specific bug has been kept confidential between software and hardware vendors, and patches for the Linux kernel include comments that have been redacted to prevent attackers discovering the precise weakness. The security bug could be present on Intel processors manufactured over the past 10 years, meaning many systems will require updates.
The exact bug is related to the way that regular apps and programs can discover the contents of protect kernel memory areas. Kernels in operating systems have complete control over the entire system, and connect applications to the processor, memory, and other hardware inside a computer. There appears to be a flaw in Intel’s processors that lets attackers bypass kernel access protections so that regular apps can read the contents of kernel memory. To protect against this, Linux programmers have been separating the kernel's memory away from user processes in what’s being called “Kernel Page Table Isolation.”
The problem with this isolation is that some programmers are reporting performance hitsafter systems are patched. The Register reports that the slowdowns could be between 5 and 30 percent depending on the exact Intel processor. While Linux patches have been rolling out over the past month, a Windows 10 patch is not yet available. Some are speculating that Microsoft will deliver this in an upcoming Patch Tuesday, as the company started separating the NT kernel memory with Windows 10 beta builds in November. “We have nothing to share at this time,” says a Microsoft spokesperson, in response to a query from The Verge.
It’s still unclear how these patches will affect regular Windows, Mac, and Linux machines. AppleInsider reports that Apple has already deployed a partial fix for the security bug in macOS 10.13.2, which was released last month. Citing multiple sources at Apple and developer Alex Ionescu, who publicly identified code that points to the fix, the report says Apple has mitigated the flaw by altering existing programming requirements related to the kernel memory data in macOS. More changes are expected to come with 10.13.3 soon, AppleInsider reports.
Still, one researcher speculates that virtual machines and cloud providers will be most affected by the security problem and resulting performance hits. Microsoft’s Azure cloud will experience maintenance next week, and Amazon Web Services has warned that a big security update is coming on Friday. AMD has confirmed that its own processors are not affected by this security bug. “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” explains Tom Lendacky, an AMD engineer. AMD stocks have soared this morning as a result of Intel’s processor flaw. Intel has not yet publicly commented on the security problem.
Update, 1:30PM ET: Article updated with a statement from Microsoft.
Update, 2:38PM ET: Article updated with information about an Apple fix for the flaw.

Wednesday, November 29, 2017

Password Hacking and You


There are 2 primary methods to hack passwords: Brute Force and Password Guessing. Of the 2, believe it or not, it is easier to guess someone’s password than to try every combination of letters, numbers and symbols. In a brute force attack, password attempts would progress from: a, b, c; to aa, ab, ac; to aaa, aab, aac; and so on.  
The core question is not, “Can my password be hacked?”, but rather “How long would it take?”. That’s where password entropy comes into play for our (the user’s) benefit. Loosely defined, entropy is disorder. Since a brute force attack is a very orderly attack, the more disorder you have in your password = better.  
Numbers Game
With 5 lower case characters, an online attack would get your password right in an average of 1 hour, 21 minutes. However, by introducing say a capital letter, a number, and a special character, that time rises to around 1.5 months.
With 7 lower case characters, a brute force attack would consume ~3.2 months, but if you introduce those other random characters, it rockets up to an average of 11 centuries! Taking it even further, at 8 characters the online crack time goes to 1,000 centuries which is effectively long enough to be considered near impossible under current computing capabilities.  
That said, if the hacker is able to do an offline, or massive cracking array scenario, the password can again be deduced in a matter of hours. As such, even though the typical minimum / safe password length is 8 characters, what you use as your password matters even more.
Simplicity Opens the Door
Every attempt to get your password will begin with guessing. According to a released “hack file” of 5 million passwords, we know what the most common passwords are, so hackers will start there.
Top passwords for 2016:

123456, password, 12345, 12345678, football, qwerty, 1234567890, 1234567, princess, 1234, login, welcome, solo, abc123, admin, 121212, flower, passw0rd, dragon, sunshine, master, hottie, loveme, zaq1zaq1, password1
4% of the passwords were “123456”! That’s 200,000 people in the sample set with that password!

Friday, October 27, 2017

More than 75% of Windows Phones in active use no longer receiving security updates


AdDuplex has posted their monthly market share numbers gathered from their cross-promotional ad network.
The numbers give us the best view of the market running Windows Store apps, and would, therefore, be particularly accurate for Windows Phones, which can only run store apps.
This month’s Windows Phone OS numbers are interesting for one reason – the fact that 79.1% of Windows Phone users run a pre-Windows 10 Mobile OS, the vast majority Windows Phone 8.1.
Windows Phone has exited support on the 11th July 2017, which means, according to Microsoft;
As of July 11, 2017, Windows Phone 8.1 users are no longer eligible to receive new security updates, non-security hotfixes, free assisted support options, or online technical content updates from Microsoft for free. Third parties or paid support programs may provide ongoing support, but it is important to recognize that Microsoft support will not publicly provide updates or patches for Windows Phone 8.1.
This month device backup became unsupported, with Microsoft saying:
Automatic or manual creation of new device backups for setting and some applications will continue for 3 months, ending October 11, 2017. Other services including photo uploads, restoring a device from an existing device backup and the Store will continue to work for at least another 12 months from end of support, after which time, services will start to be discontinued.
What is interesting is that these users are actively using apps and presumably the web with handsets which must be at least two years old. A bit like Windows XP, these devices are likely not being patched for a variety of recently discovered exploits such as KRACK but are probably protected by security through obscurity.
Given the risks of using outdated software, should Windows Phone 8.1 users be encouraged to move to better supported operating systems? Let us know below.

Tuesday, October 18, 2016

microsoft office 2010 free download

Featured Documents

Windows

View more

Microsoft Office

View more

Servers

View more

Programming

View more

Certification & Training

View more

Specials

View more