Please be advised that the initial setup for this first iteration of the feature is more technical than most other games and requires a computer running Microsoft Windows Pro with Hyper-V in order to run the servers in a Linux Virtual Machine (VM).
Kinda wonder if they are just distributing a Hyper-V machine image; or, if the actual requirement is that it runs on Linux and they assumed their entire userbase is Windows only and won’t be able to spin up a Linux VM on their own?
Microsoft’s partner portal website mysteriously said his account had been deactivated, without specifying why.
My money is on Microsoft’s AI based detections causing false positives again. I spend way too much time chasing ghosts from Defender. Their machine learning based signatures are especially egregious. You get an alert with a name like “Win32/Wacatac.b!ml”. That last “ml” bit denotes that it’s machine learning based. And then you get fuck all to help you determine why the alert fired. Sure, it might actually be a trojan. More likely, it’s a false positive. But who knows, because Microsoft won’t provide enough information to perform a reasonable analysis of the binary.
And MS has been pushing CoPilot hard. It’s in everything and it’s happy to slop up answers for you. The accuracy of those answers though can be a bit spotty. I’d certainly never turn it loose on tools which can have business impact. But, I doubt Microsoft has any such reservations about letting CoPilot slop all over third party devs.
It’s the return of the Glasshole.
Time to bite the bullet and move the phone to Linux as well.
What are you more worried about, third party, MitM interception (e.g. IMSI catcher) or Google knowing who you are communicating with? The former is technically harder for an attacker, but the use of such devices is well documented and poorly controlled. Google is, well Google. And you can expect them to monitize any bit of data they have on you. Also, that data will almost certainly be handed over to local law enforcement, especially if they have whatever the local equivalent of a warrant is.
As with most security, there are trade-offs. You have to decided what risks you are willing to accept and what you are not.
It certainly makes sense. AWS hosts infrastructure specifically for the US FedGov. That infrastructure includes systems for the US DoD. So, that makes it a valid military target. And while cyber attacks can do a lot to degrade command and control, nothing DoS’s a server farm like a few hundred kilos of high explosives.
So, MS is exiting the console market to sell HTPCs with an XBox logo?
The uproar is the same uproar that has always existed when government overreach threatens privacy. The question should never be, “why are you fighting this?” the question is, “why is this needed?” And the answer is that it is not. It’s yet another mnaufactured moral panic which is being pushed by the folks who want to destroy privacy. Some want that destruction for the privacy so that they can spy on and control others, the rest are dimwitted fools who believe that they can give up privacy to obtain some small measure of security. They are wrong and in the end will have neither privacy nor security.
Given the roughly similarly sized drop in Win11 users. I chose to believe that the Win10 jump is from people nopeing out of the Win11 slop.
This one is a mixed bag. KYC regulations are very useful in detecting and prosecuting money laundering and crimes like human trafficking. But ya, if this data needs to be kept, the regulations around secure storage need to be just as tight. This sort of thing should be required to be kept to cybersecurity standards like CMMC Level 3, audited by outside auditors and violations treated as company and executive disqualifying events (you ran a company so poorly you failed to secure data, you’re not allowed to run such a company for the next 10 years). The sort of negligence of leaving a database exposed to the web should already result in business crippling fines (think GDPR style fines listed in percentages of global annual revenue). A database which is exposed to the web and has default credentials or no access control at all should result in c-level exec seeing the inside of a jail cell. There is zero excuse for that happening in a company tasked with protecting data. And I refuse to believe it’s the result of whatever scape-goat techs they try to pin this on. This sort of failure always comes from the top. It’s caused by executives who want everything done fast and cheap and don’t care about it being done right.
While I don’t know the specific post you are referring to, Malware exists for Linux. Here’s a great overview from last year. If someone wants to argue, “oh it’s from a security company trying to sell a product” then let me point you at the Malware Bazaar and specifically the malware tagged elf. Those are real samples of real malware in the Linux specific ELF executable binary format (warning: yes it’s real malware, don’t run anything from this site). On the upshot, most seem to be Linux variants of the Mirai botnet. Not something you want running, but not quite as bad as ransomware. But, dig a bit and there are other threats. Linux malware exists, it has for a long time and it’s getting more prevalent as more stuff (especially servers) run on Linux.
While Linux is far more secure than Windows by design, it’s not malware proof. It is harder for malware to move from user space into root (usually), but that’s often not needed for the activities malware gets up to today. Ransomware, crypto miners and info stealers will all happily execute in user-land. And for most people, this is where their important stuff lives. Linux’s days of living in “security through obscurity” are over. Attackers are looking at Linux now and starting to go after it.
All that said, is it worth having a bloated A/V engine doing full on-access scanning? That depends on how you view the risk. Many of the drive-by type attacks (e.g. ClickFix, fake tech-support scams) all heavily target Windows and would fail on a Linux system. The malware and backdoors that come bundled with pirated software are likely to fail on a Linux system, though I’ll admit to not having tested that sort of thing with Wine/Proton installed. For those use cases, I’d suggest not downloading pirated software. Or, if you absolutely are going to, run those file through ClamAV at minimum.
Personally, I don’t feel the need to run anything as heavy as on-access file scanning or anything to keep trawling memory for signatures on my home systems. Keeping software up to date and limiting what I download, install and run is enough to manage my risk. I do have ClamAV installed to let me do a quick, manual scan of anything I do download. But, I wouldn’t go so far as to buy A/V product. Most of the engines out there for Linux are crap anyway.
Professionally, I am one of the voices who pushed for A/V (really EDR) on the Linux systems in my work environment. My organization has a notable Linux footprint and we’ve seen attackers move to Linux based systems specifically because they are less likely to be well monitored. In a work environment, we have less control over how the systems get (ab)used and have a higher need for telemetry and investigation.
I’d just be happy to see “evil” choices which weren’t cartoonishly silly. So many of these game end up offering you choices like:
There’s never anything like:
Really well done “evil” should be loved by the people, seem outwardly good while using that as cover to do selfish things. But that is much harder than “Press X to murder an innocent for no reason”.
Rather than interact with a machine, you’ll just be walking around, sipping coffee, having thoughtful conversations with a bot laughing along with your jokes as it writes your letter and does your taxes.
So, basically the computers from Star Trek: TNG. I’d go for that, but unfortunately, what we’ll get instead is enshitified AI slop which exists to suck a subscription fee out of you every month while pushing ads.
They are chopping the development teams and titles up into convenient bite-sized chunks. Ubisoft will hang onto the large titles in the Vantage Studios vertical, and the rest will be spun off or sold off. Any spun off studios will be saddled with crippling debt.
So, the layoffs didn’t cause the change to smaller expansions. The change to smaller expansions made the layoffs easier.
I mean, no shit? Part of the Snowden leaks was information that the NSA had intercepted Cisco routers and backdoored them before they were shipped on to international customers. So, even without willing actions by US vendors, there is that to worry about. And the idea that a private company would install a backdoor for US Spy agencies in their infrastructure isn’t new. The fact that any Chinese company is using US hardware/software just seems incredibly stupid. And no one should be using CheckPoint.
It’s the same reason Huiwei was thrown out of US infrastructure. You cannot build trusted architecture with hardware/software from a nation which you know wants to hack you. I work for a US based company in cybersecurity, we treat WeChat as Chinese State spyware, because it is. We wouldn’t consider a router or firewall from a Chinese based company and we treat any software from China with outright suspicion. Sure that all sucks and we may be missing out on some great stuff which isn’t malicious. But, the risks far outweigh the costs. I’d expect my Chinese counterparts to be making the exact same risk calculation for US based tech.
You could try using Autopsy to look for files on the drive. Autopsy is a forensic analysis toolkit, which is normally used to extract evidence from disk images or the like. But, you can add local drives as data sources and that should let you browse the slack space of the filesystem for lost files. This video (not mine, just a good enough reference) should help you get started. It’s certainly not as simple as the photorec method, but it tends to be more comprehensive.
As @[email protected] pointed out, this seems to be a cover for c’t magazine. Specifically it seems to be for November 2004. heise.de used to have a site which let you browse those covers and you could pull any/all of them. But, that website seems to have died sometime in 2009. Thankfully, the internet remembers and you can find it all on archive.org right here. You may need to monkey about with capture dates to get any particular cover, but it looks like a lot of them are there.
Also, as a bit of “teach a person to fish”, ImgOps is a great place to start a reverse image search. It can often get you from an image to useful information about that images (e.g. a source) pretty quick. I usually use the TinEye reverse image search for questions like this.
LinkedIn is basically a public resume. Using it for anything more demonstrates that you do not have a basic grasp of privacy or security. As such, there shouldn’t be anything up there which is all that bad to have leaked. Sure, if the password database gets dumped, rotate your LinkedIn password (it should already be unique, so no worries about it being reused elsewhere). And having an email address get added to every spam list everywhere kinda sucks. But, what else is the attacker going to get, my name and work history, which are already public on the site?
I mean, yes LinkedIn should be raked over the coals for shit security practices. And we really need something like the GDPR here in the US to actually do that. But, I’m also not going to get terribly worked up about my public CV being leaked. The leak is kinda redundant.