Over 98% of All WannaCry Victims Were Using Windows 7
Numbers released by Kaspersky Lab on Friday reveal that over 98% of all documented WannaCry infections were running versions of the Windows 7 operating system.
Out of all Windows 7 users, the worst hit were users running Windows 7 64-bit edition, accounting for more than 60% of all infections.
The second and third most targeted OS versions were Windows Server 2008 R2, and Windows 10, respectively.
So! XP wasn’t to blame after all
The statistics come to disprove popular belief that WannaCry hit mostly Windows XP machines. “The Windows XP count is insignificant,” said Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab.
To infect all these computers, the WannaCry ransomware used an SMB worm that spread on its own to new computers that ran vulnerable SMB services.
That SMB worm was powered by an exploit named ETERNALBLUE. The exploit is part of a collection of hacking tools a group of hackers calling themselves The Shadow Brokers have stolen from the NSA and leaked online in April 2017.
ETERNALBLUE never worked properly on XP, only on Windows 7
Initial analysis of ETERNALBLUE revealed the worm could run on platforms from Windows XP up to Windows 8.1 and Server 2012.
It was during the WannaCry outbreak that researchers discovered the worm only worked reliably on Windows 7, causing errors on other platforms, including Windows XP, on which most infosec talking heads falsely blamed for most WannaCry infections.
Following this discovery, a user has patched the ETERNALBLUE exploit to work without errors on 64-bit editions of Windows 8/8.1 and Windows Server 2012.
Currently, WannaCry’s worm modules are still searching for new victims. The latest tally of computers that have been touched by this worm is 416,989, albeit not all computers have had their files encrypted, as WannaCry’s ransomware payload has been defanged by a clever British researcher.
Bleeping Computer has reached out to Kaspersky Labs to inquire on why we see Windows 10 machines in the chart, and any possible scenarios that WannaCry could have used to infect those systems.
Read the original article over at Bleeping Computer.
Two-Factor Authentication: Who Has It and How to Set It Up
Everyone is concerned about online safety. Whether you use Google and Twitter or TeamViewer and Dreamhost, keep your services secure with two-factor authentication.
In 2014, the Heartbleed exploit left everyone’s log-in information potentially up for grabs thanks to one itty-bitty piece of code. But what is a person afraid for their security to do? Well, you should definitely change your passwords—regularly! By sheer brute force or simple phishing, passwords are, to be honest, a pretty laughable way of authentication.
What you really need is a second factor of authentication. That’s why many internet services, a number of which have felt the pinch of being hacked, have embraced two-factor authentication for their users. It’s sometimes called 2FA, or used interchangeably with the terms “two-step” and “verification” depending on the marketing. Even the White House has a campaign asking you #TurnOn2FA.
But exactly what is it?
As PCMag’s lead security analyst Neil J. Rubenking puts it, “there are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.”
The problem is, we are far from ubiquity on having biometric scanners for fingerprints and retinas as that second factor. In most cases, the extra authentication is simply a numeric code; a few digits sent to your phone, which can only be used once.
More and more services support a specialized app on the phone called an “authenticator,” which will do that same job. The app, pre-set by you to work with the service, has a constantly rotating set of codes you can use whenever needed—and it doesn’t even require a connection. The arguable leader in this area is Google Authenticator (free on Android, iOS, and BlackBerry). Twilio Authy (free on iOS including Apple Watch, Android, BlackBerry, macOS, Windows, and the Chrome browser) and Duo Mobile (on iOS, Android, BlackBerry, and Windows Phone) do the same thing, and with far more color and style; both make Google’s app look washed out and ancient. Password manager LastPass launched a 2FA authenticator for iOS and Android as well. The codes in authenticator apps sync across your accounts, so you can scan a QR code on a phone and get your six-digit access code on your browser, if supported.
Here’s a video Google made about two-step verification basics; it provides a good idea of what’s involved.
Be aware that setting up 2FA can actually break the access within some other services. For example, if you have 2FA set up with Microsoft, that’s great—until you try to log into Xbox Live on the Xbox 360. That interface has no facility to accept the second code. In such cases you must rely on app passwords—a password you generate on the main website to use with a specific app (such as Xbox Live). You’ll see it come up with Facebook, Twitter, Microsoft, Yahoo, Evernote, and Tumblr—all of which either are used as third-party logins or have functions you can access from within other services. The need for app passwords is, thankfully, dwindling with the passage of time.
Remember as you panic over how hard this all sounds: being secure isn’t easy. The bad guys count on you being lax in protecting yourself. Implementing 2FA on accounts will mean it takes a little longer to log in each time on a new device, but it’s worth it in the long run to avoid some serious theft, be it of your identity, data, or money.
The following is not an exhaustive list of services with 2FA ability, but we cover the major services everyone tends to use, and walk you through the setup. Activate 2FA on all of these and you’ll be more secure than ever.
Google 2-Step Verification
With access to your credit card (for shopping on Google Play), important messages and documents, and even your videos on YouTube—essentially your whole life—a Google account has to be well-protected. Thankfully, the company has been working on 2FA systems since 2010.
Google calls its system 2-Step Verification. It’s all about identifying you via phone. When you enter a password to access your Google account for almost any service, if 2-Step Verification is on, there are multiple options to get that second step. First among them now: the Google Prompt. You simply add your smartphone to your account, make sure the Google search app is on the phone, and at login, you can go to the phone and simply acknowledge that you were the one signing in. Easy.
If that doesn’t work, you’ll need to enter an extra code. That code is sent to your phone via SMS text, a voice call, or by using an authenticator app. On your personal account, you can opt to register your computer so you don’t have to enter a code during every sign-in. If you have a G Suite account for business, you can opt to only receive a code every 30 days.
Google Authenticator—actually, any authenticator app—can generate the verification code for you, even if your smartphone is not connected to the internet. You must sign up for 2-Step Verification before you can use it. The app will scan a QR code on the desktop screen to give you access, then generate a time-based or counter-based code for you to type in. It replaces getting the code via text or voice calls or email. Authenticator apps also work with other services, like LastPass, WordPress, Facebook, Evernote, Microsoft, IFTTT, Dropbox, Amazon, and Slack.
Once you’ve set up Google 2-Step Verification, access it again by visiting your Google account security settings. There you can select the phone numbers that can receive codes, switch to using an authenticator app, and access your 10 unused codes that can be printed to take with you for emergencies (such as if your phone dies and you can’t get to the authenticator app.)
This is also where you generate app-specific passwords. Let’s say you want to use your Google account with a service or software that doesn’t use the standard Google login (I ran into this with Trillian on iOS). You typically get shut out of such a service if you’ve got 2-Step Verification activated, and will need an app-specific password to get on them using your Google credentials.
Continue reading the entire original article over at PCMag.
How an Accidental ‘Kill Switch’ Slowed Friday’s Massive WannaCry Ransomware Attack
Written by Wired/ Courtesy of
Amid a desperate situation on Friday in which hundred of thousands of WannaCry ransomware attacks pelted computers in nearly 100 countries, one stroke of good fortune hit, too. As the malware analysis expert who calls himself MalwareTech rushed to examine the so-called WannaCry strain, he stumbled on a way to stop it from locking computers and slow its spread. All it took was ten bucks, and a little luck.
WannaCry swept Europe and Asia quickly yesterday, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, and other businesses and institutions around the world, all in record time. Once infected, a victim’s computer denies access, and instead displays a message that demands the equivalent of around $300 in bitcoin.
While many thousands have had their lives impacted—including countless people in need of medical care in the UK—two things have slowed WannaCry’s spread. First, Microsoft released a rare emergency patch to help protect Windows XP devices from its reach. (The company hasn’t officially supported XP since 2014.) That helps the many aging systems with no security resource get ahead of infection, if they can download the patch before WannaCry hits. The other, though, was MalwareTech’s happy accident.
As he worked to reverse-engineer samples of WannaCry on Friday, MalwareTech discovered that the ransomware’s programmers had built it to check whether a certain gibberish URL led to a live web page. Curious why the ransomware would look for that domain, MalwareTech registered it himself. As it turns out, that $10.69 investment was enough to shut the whole thing down—for now, at least.
It turned out that as long as the domain was unregistered and inactive, the query had no effect on the ransomware’s spread. But once the ransomware checked the URL and found it active, it shut down.
There are competing theories as to why WannaCry’s perpetrators built it this way. One possibility: The functionality was put in place as an intentional kill switch, in case the creators ever wanted to rein in the monster they’d created. “Based on the behavior implemented in the code, the kill switch was most likely intentional,” says Darien Huss, senior security research engineer at the security intelligence firm Proofpoint, who was working on real-time WannaCry analysis and mitigation on Friday.
MalwareTech theorizes that hackers could have included the feature to shield the ransomware from analysis by security professionals. That sort of examination often takes place in a controlled environment called a “sandbox.” Researchers construct some of these environments to trick malware into thinking it’s querying outside servers, even though it’s really talking to a bunch of dummy sandbox IP addresses. As a result, any address the malware tries to reach gets a response—even if the actual domain is unregistered. Since the domain MalwareTech acquired was supposed to be dormant but went live, WannaCry may have assumed it was in the middle of forensic analysis, and shut down.
Building anti-analysis defenses into malware is common, but the WannaCry hackers appear to have botched the implementation. By relying on a static, discoverable address, whoever found it—in this case MalwareTech—could just register the domain and trigger WannaCry’s shutdown defense.
“It was all pretty shocking, really,” MalwareTech says. The kill switch “was supposed to work like that, just the domain should [have been] random so people can’t register it.”
A Temporary Fix
The kill switch doesn’t help devices WannaCry has already infected and locked down. But by registering the domain, and then directing the traffic to it into a server environment meant to capture and hold malicious traffic—known as a “sinkhole”—MalwareTech bought time for systems that hadn’t already been infected to be patched for long-term protection, particularly in the United States where WannaCry was slower to proliferate because its spread had mostly been in Europe and Asia early on.
“Thankfully MalwareTech already had infrastructure in place for the sinkhole,” Huss says. “If someone had sinkholed the domain and had not been prepared then we would be seeing many more infections right now.” If the setup doesn’t have those enough server space and bandwidth, the malware wouldn’t consistently become trapped and, in this case anyway, self-destruct.
With so many security analysts working to reverse-engineer and observe WannaCry, someone else would have eventually found the valuable mechanism MalwareTech spotted. But when infections are spreading as quickly as they were on Friday, every minute counts.
The discovery doesn’t amount to a permanent fix. All it would take to get around it would be a new strain of WannaCry whose code excludes the kill switch, or relies on a more sophisticated URL generator instead of a static address. And the more fundamental problem of vulnerable devices, particularly Windows XP devices, remains. Still, MalwareTech’s find helped turn a bad situation around—and saved people a lot of bitcoin in the process.
Read the original article over at Wired.
Keylogger Found in Audio Driver of HP Laptops
The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
Keylogger found in preinstalled audio driver
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 18.104.22.168 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file “monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys.”
This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at:
Audio driver also exposes keystrokes in real-time via local API
If the file doesn’t exist or a registry key containing this file’s path does not exist or was corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API.
The danger is that malicious software installed on the computer, or a person with physical access to the computer, can copy the log file and have access to historical keystroke data, from where he can extract passwords, chat logs, visited URLs, source code, or any other sensitive data.
Furthermore, the OutputDebugString API provides a covert channel for malware to record real-time keystrokes without using native Windows functions, usually under the watchful eye of antivirus software.
Keylogger feature confirmed in HP laptops
Modzero researchers said they found the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected, but investigators haven’t officially confirmed that the issue affects other manufacturers.
The Conexant HD Audio Driver Package has versions for the following operating systems.
Microsoft Windows 10 32-Bit Microsoft Windows 10 64-Bit Microsoft Windows 10 IOT Enterprise 32-Bit (x86) Microsoft Windows 10 IOT Enterprise 64-Bit (x86) Microsoft Windows 7 Enterprise 32 Edition Microsoft Windows 7 Enterprise 64 Edition Microsoft Windows 7 Home Basic 32 Edition Microsoft Windows 7 Home Basic 64 Edition Microsoft Windows 7 Home Premium 32 Edition Microsoft Windows 7 Home Premium 64 Edition Microsoft Windows 7 Professional 32 Edition Microsoft Windows 7 Professional 64 Edition Microsoft Windows 7 Starter 32 Edition Microsoft Windows 7 Ultimate 32 Edition Microsoft Windows 7 Ultimate 64 Edition Microsoft Windows Embedded Standard 7 32 Microsoft Windows Embedded Standard 7E 32-Bit
HP did not respond to a request for comment from Bleeping Computer in time for this article’s publication.
Modzero researchers say the only way to mitigate the issue is by deleting the MicTray64.exe.
8 Tech Inventions That Are Nothing But Useless
It’s one thing to know that a tomato is a fruit, and another to put it in a fruit salad. Although, the human race has achieved some of the most amazing feats in the field of technology, however, there are moments when our creative minds tend to overdo it, and before we know it, we’re munching tomatoes into our fruit salad.
So for today, I have compiled a list of tech inventions that I think are hilarious as well as ridiculous and downright useless in nature. Let’s take a look at them:
1. NVX 200 Speaker Phone – Make your smartphone oldschool
The NVX 200 targets a pretty specific niche – businessmen. It’s basically a dock that converts any mobile phone into a desktop phone. It’s great for conference calls as it has physical buttons for speed dials, easy muting and eliminates distracting microphone noise for better clarity.
Now that’s a good idea… if you lived in the 1950s. I mean it’s great until you realize that the NVX200 is nothing but a glorified bluetooth speaker only your rich uncle upstate would buy. All of its functionality can be replaced by a more decent bluetooth speaker, and you wouldn’t have to spend as much as the NVX costs.
2. USB Pet Rock – Because why not?
An upgrade to the original Pet Rock, the USB upgrade is now smarter. You can simply plug the USB cable into a free port, and let the USB Pet Rock do its magic, and unlike other pets, it doesn’t make noises, doesn’t poop on your sofa, and isn’t needy as hell.
In fact, it doesn’t do anything at all. You just put it there among the stack of papers, introduce it as your pet and tell stories about it. You will love this piece of rock like Patrick Star ever did.
And because it doesn’t do anything, it’s compatible with any operating system, and spec of computer, and any powerbank. Sadly, like your iPhone7, it doesn’t have a 3.5mm jack, so suck it Apple!
3. Ringzero Logbar – A Kickastarter sad story
The Ringzero Logbar was dubbed with the CES Innovation award back in 2015. What does it do? Well, it’s mainly an input device used to control presentations and basic commands using gestures in the air. It can be used on almost all devices and boasts a multitude of actions that can be manipulated using gestures in the air.
I mean it’s great for presenting, but aside from that? It’s actually a weird device. Imagine coming across a person who’s moving his fingers in the air drawing weird squiggly symbols. You’d immediately freak as if he is some kind of wizard.
Plus it has some serious issues…
4. Air-Conditioned Shoes – My favorite
These Air-conditioned shoes promise a refreshing comfort during the summer. They are lightweight and popular, selling 6.7 million pairs between 2003 to 2016. (Wow!) It has features like moisture-permeable outsoles, mesh insoles laced with EVA, deodorizing and antimicrobial elements. It also has a shock absorption system all within this classy natural leather look.
Sounds dope, but think of how ridiculous this is. You are wearing a shoe… with an air condition unit in it. I mean, look at this guy’s face. It seems like he’s enjoying it, right? Right?
If you don’t blow anyone away with every step you take, then I don’t know what’s wrong with you.
PS: It also comes in different designs, and a sandal model too, if you’re into those.
5. Smart water fountain for your cat – who will most likely just ignore it
Pura is a smart water fountain for your pet cat. It’s beautifully crafted and ergonomically designed to fit your cat’s daily hydration needs. You can keep tabs on how much your cat is drinking, and make sure that your little furball gets what he deserves.
It’s a totally great idea, except cats are unpredictable. You’d probably regret buying one after you see your cat running for the box instead of this expensive piece of hardware.
6. Smart wine bottle
Kuvee is a smart wine bottle that makes sure your wine doesn’t get bad due to oxygen. What it does is it seals the bottle so you can get fresh wine when you need it. It’s also smart in a sense that it lets you know what wine you’re tasting, and you can even order using the bottle.
It almost didn’t make this list but I thought long and hard and realized that it’s something that I’ll actually want to have while working that knows how to close itself off and keep its content fresh, right? But then it dawned on me that, well, I have hands and the bottle has a label.
7. Belty, the smart belt
Another object we use on a daily basis that received the ‘smart’ upgrade, this smart belt claims to be the only intuitive and autonomous wearable that uses AI in making you healthier. The website says this product can increase energy levels, improve wellness and ensure you don’t get a ticket from the fashion police.
It also helps you be better when doing simple tasks like walking, climbing stairs, and simply sitting idly. It can even “talk” to you as it sends you, (possibly NSFW) vibrations that will help you act suitably in certain circumstances.
This smells gimmick from the get go. A belt that sends vibrations to your waist to remind you to drink water? Personally, that sounds like a redundant wearable to me. If you have a smartwatch, you can get more functionality, with less gimmicks.
8. Anti-radiation underwear – for when the fallout happens
If you are one of those ultra-paranoid people and would want to protect your sperm or egg cells while removing all the unpleasant odor in your underwear, then this smart underwear is for you.
It’s an all-in-one garment solution made from pure silver-coated polyester threads (great for keeping the werewolves and vampires at bay) that claims to block radiation of cellphones, WiFi Signals, microwaves and more. It also cools your hooha while keeping it clean from bacteria and odor.
There is a lot of good technology out there, and these are the examples of tech that look good at first glance, and when you think about it more and more, it becomes a weird, ridiculous invention.
It only proves that you just don’t buy everything you see on kickstarter, or wish for something that seems to be useful at initial look. Technology should be useful until its replacements arrive, and having a big paperweight may well be a waste of investment.
Read the original article over at Hongkiat.
Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable
PCs can be compromised when Defender scans an e-mail or IM; patch has been issued.
Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
The exploit (officially dubbed CVE-2017-0290) allows for a remote attacker to take over a system without any interaction from the system owner: it’s simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft’s malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned exploits were “wormable,” meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.
Microsoft’s speed in issuing an automatic patch was impressive. Word of the critical flaw first surfaced in a Friday night series of tweets by Ormandy. Tavis called it “the worst Windows remote code exec in recent memory” and warned that an attack “works against a default install, don’t need to be on the same LAN, and it’s wormable.” Most security experts assumed Microsoft would require several weeks to patch it. To their surprise, Microsoft pushed out the patch Monday evening.
Because MsMpEng runs at the highest privilege level and is so ubiquitous across Windows PCs, this vulnerability is about as bad as it gets. Fortunately, the security researchers who discovered it—Natalie Silvanovich and Tavis Ormandy of Google Project Zero—reported it responsibly, and last night Microsoft released a patch. MsMpEng automatically updates every 48 hours, so disaster has probably been averted. The security bulletin notes that Microsoft hadn’t seen any public exploitation of the vulnerability.
The vulnerability itself, though, is worth discussing because it once again calls into question whether antivirus software is a good idea.
There is proof-of-concept code attached to the bug report, but amusingly it will crash MsMpEngine “and possibly destablise your system” if you download it. “Extra care should be taken sharing this report with other Windows users via Exchange, or Web services based on IIS, and so on,” the researchers note.
Microsoft says the risk of remote code execution is lower on Windows 10 and Windows 8.1 because of CFG, a security feature that protects against memory corruption. CFG is an optional compilation flag in Visual Studio 2015.
To check whether your Windows PC has been updated, head to “Windows Defender settings” and note the Engine version number. 1.1.13704.0 or higher means you’ve been patched. And now just sit back and wait for the next vulnerability.
Read the original article over at ArsTechnica.
All your Googles are belong to us: Look out for the Google Docs phishing worm
An e-mail disguised as a Google Docs share is ingenious bit of malicious phishing.
A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target’s Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim’s Gmail address book and adds them to its list of targets.
The phish appears to have been initially targeted at a number of reporters, but it quickly spread widely across the Internet. Some of the sites associated with the attack appear to have been shut down.
The e-mail uses a technique that a Trend Micro report linked last week to Pawn Storm, an ongoing espionage campaign frequently attributed to Russian intelligence operations. The attack uses the OAuth authentication interface, which is also used by many Web services to allow users to log in without using a password. By abusing OAuth, the attack is able to present a legitimate Google dialogue box requesting authorization. However, the authentication also asks permission for access to “view and manage your e-mail” and “view and manage the files in your Google Drive.”
The fake application used in the Pawn Storm phish (which posed as a Google security alert) was named “Google Defender.” Today’s phish asks the target to grant access to “Google Docs”—a fake application using the name of Google’s service. If the target grants permission, the malicious site will immediately harvest contacts from the target’s e-mail and send copies of the original message to them.
Here’s how to spot the fake e-mail:
- Your address will appear in the “BCC:” field, not the “To:” field, of the message, though the message will likely come from the e-mail address of someone you know
- The “To:” address on many of the messages is an address at “mailinator.com”
- The link to the shared document will, if viewed as “source,” appear as a long string of text, including a Google Docs look-alike Web address using a non-standard top-level domain, such as one of these:
[Update, 4:40 pm EDT:] Google has struck hard at the worm. Not only have all the sites associated with the phish been taken offline (their domains appear to have been completely erased), but the permissions associated with the worm have been dropped from victims’ accounts. Attempts to reach the domains used in the attack fail, and a whois lookup returns “No whois server is known for this kind of object.”
Read the original article over at ArsTechnica.
This Site Will Show You All Nearby Cafes with WiFi Hotspots
Written bHongkiat/ Courtesy of
Picture this scenario: you’re currently exploring your new city, relying on your mobile data to get you through the day. However, your mobile data has a cap and you wish to conserve it for emergency purposes.
Your best bet is to rely on a free Wi-Fi hotspot, although those can be hard to find depending on where exactly you are. If this sounds like something you face on a regular basis, then Cafe Wi-Fi will prove to be really handy.
Available as both an iOS app and a web-based service, with an Android app currently in the works, Cafe Wi-Fi is a map that shows off any available Wi-Fi hotspots at any given area.
Much like the Airport Wi-Fi map, Cafe Wi-Fi relies on a combination of user contributions and third-party sources like FourSquare to populate its map with Wi-Fi hotspots.
Besides listing down available Wi-Fi hotspots in an area, Cafe Wi-Fi has also taken advantage of the crowdsource-nature of the service to provide users with more details about the hotspots.
All hotspots are color-coded depending on the quality of the Wi-Fi connection, with green being excellent while red represents a poor quality hotspot. Grey colored ones, on the other hand, are hotspots that have yet to be rated.
Aside from connection quality, other information that can be found about the hotspot includes some standard location information, as well as connection speed.
The other cool feature of Cafe Wi-Fi is its ability to give you directions to the hotspot of choice. Tapping on the “Get Directions” button will cause Cafe Wi-Fi to boot up your device’s default map application and set the destination to the hotspot’s location.
If there is one major drawback that Cafe Wi-Fi has, it would have to be the fact that the map can prove to be underpopulated in its current form. As Cafe Wi-Fi relies on user submitted information to update its map, some places may contain little to no Wi-Fi hotspots listed, while other places may be highly populated with available hotspots.
That being said, this particular problem tends to be solved over time as more people are made aware of the service.
Read the original article over at Hongkiat.
You Can Activate Windows 10 Creators Update with Old Windows License Keys
License keys for Windows 7, 8, and 8.1 can be used to activate a fresh copy of the Windows 10 Creators Update, even if Microsoft has “officially” stopped offering free upgrades to Windows 10 back in the summer of 2016.
This means that users who want to update from Windows 7, 8, and 8.1 to the latest Windows 10 version don’t need to buy new license keys to activate their new Windows OS.
All they have to do is install a fresh copy of the Windows 10 Creators Update, enter their old license key, and enjoy their new OS.
Upgrade mechanism continued to work past June 2016
When Microsoft launched Windows 10, it allowed users of older Windows versions a one-year grace period to upgrade to Windows 10 for free.
When that timeframe closed, users found that Microsoft didn’t disable this feature, and they were still able to perform clean Windows 10 installs and use older license keys to activate Windows 10.
Microsoft didn’t block this mechanism with the Anniversary Update last summer and didn’t shut it down last week with the release of the Creators Update.
Trick used to cut costs when updating to Windows 10
Windows users have used this trick to save money when updating to Windows 10. Users buy cheap Windows 7, 8, or 8.1 licenses from various online stores, usually ranging between $10 and $40, instead of the more pricey Windows 10 product keys that can vary in price between $119 and $199.
This tactic is quite popular, but Microsoft has not moved in to shut down the activation of older product keys that have not been updated to Windows 10 in the one-year timeframe after Windows 10’s release.
At this point, Microsoft is probably more happy about people still being interested in updating to Windows 10, an operating system for which the company has taken a lot of heat, especially for its intrusive user telemetry gathering, which is currently under scrutiny in the EU.
Read the original article over at Bleeping Computer.
Windows 10 Creators Update – What’s New
Written bHongkiat/ Courtesy of
Microsoft’s next major and much-awaited update for Windows 10, the Creators Update, is now available for manual download for those interested in getting the update early. Alternatively, said update would be made available as an automatic download beginning on April 11th.
Much like the Anniversary Update, the Creators Update introduces a number of new features to Microsoft’s latest operating system, and while most of it are easily accessible, some of it can be a bit harder to find.
For those who are looking to take advantage of Windows 10’s latest update, here are some of the key features of the Creators Update and how you’ll be able to activate and use them.
As the name implies, Paint 3D is a version of Microsoft’s own Paint application that operates in the 3D space. Available immediately once the Creators Update is installed, Paint 3D lets users create 3D projects via its built-in tools, or by converting 2D images into 3D objects.
Paint 3D will also play well with Remix 3D, a website that lets people download 3D projects onto their devices or upload their own onto the website.
Is Paint 3D the most sophisticated tool when it comes to 3D projects? No. That being said, the application is certainly the most accessible considering the fact that it is both easy to use and free for anyone who has the Creators Update installed.
New Privacy Dashboard
Privacy is one of the biggest concerns that many people have when Microsoft first rolled out Windows 10, and with the Creators Update, the company has taken its first steps to rectify that by introducing a new privacy dashboard.
Upon successfully installing the Creators Update to Windows 10, users will be brought to the new privacy dashboard where they can choose the amount of data Microsoft collects from their devices. From here, users can opt to give Microsoft full access to all of the data, or limit them to just the basics.
Should the user wish to modify the privacy settings later, they can opt to do so via the Settings menu.
While it is true that the new privacy dashboard doesn’t give users fine control over the data that Microsoft is able to receive, the inclusion of this feature does show that Microsoft is, at the very least, serious about addressing any privacy concerns that Windows 10 users have.
Windows Update Improvements
Every Windows user has experienced the… displeasure of having the OS reboot without warning in order to install an update. With the Creators Update, Microsoft is giving Windows 10 users some control over these unscheduled restarts.
For Windows 10 Home users, you will now be given access to the “Active Hours” setting. With it, you can now dictate the timeframe in which Windows would not restart in order to install an update. As for Windows 10 Professional, Education and Enterprise users, you will be given the additional option to hold off on new updates for up to 35 days.
Apart from update schedules, the Creators Update also brings with it Microsoft’s new Universal Update Platform which promises smaller, more streamlined updates moving forward.
Start Menu Folders
If you’ve ever wanted to group together multiple apps on the Start Menu into a single folder, you’ll be able to do that with the Creators Update.
All you have to do is drag and drop an app onto another to form a folder. Once a folder is formed, clicking on it will cause the folder to collapse, displaying all the apps found within said folder. For those who like to keep their Start Menu clean and organized, this feature will be something you will enjoy.
For those who like to tinker with Windows itself, you’ll be pleased to know that Microsoft has made PowerShell the de facto shell with the Creators Update, relegating the old Command Prompt to the background.
Once the update is installed, you will be able to launch PowerShell by right-clicking on the Start button and selecting the PowerShell option.
As for Command Prompt, you’ll still be able to access it manually.
Deleting temporary files in order to free up more space on your computer is a tedious job, so why not delegate it to Windows instead. With the Creators Update, Microsoft has introduced a feature called Storage Sense that automatically removes temporary files on your computer.
It will also assist you in clearing files that have been sitting in your Recycle Bin for over 30 days.
Apple isn’t the only one that has introduced a F.lux-like feature of its own as Microsoft has introduced a similar feature with the Creators Update.
Called Night Light, this feature will cause Windows 10 to automatically reduce the output of blue light during a set period of time, making it easier on your eyes.
For those who sleep near their computers, the reduction of blue light also means that you’ll be able to fall asleep easier.
Microsoft Edge Improvements
With the Creators Update, Microsoft has brought two new features to its Edge browser.
The first of the two new features is Tab Preview, and it can be seen by clicking on the arrow located next to the New Tab button. Clicking on the arrow would open up a bar that showcases previews of all of your currently opened tabs. Alternatively, hovering over a tab will also give you a preview of it.
Set Aside Tabs
The second new feature is called Set Aside Tabs. This feature is activated via the buttons on the upper left hand corner of the Edge browser. By clicking on the right button, all current tabs are minimized and stored in the browser for later use.
In order to reopen the tabs, clicking on the left button will bring up a list of tabs that have been set aside. From there, you can choose to restore the tabs individually or all in one go.
Windows 10 Holographic Shell
Rounding up the list of features that comes with the Creators Update, we have the Windows 10 Holographic Shell. Unlike the rest of the features showcased in this post, the Windows 10 Holographic Shell will be a feature that many will have no access to.
Why is that the case? Because in order to leverage it, you’ll need to own either a Virtual Reality headset, or Microsoft’s own HoloLens, both of which are still prohibitively expensive at the time of writing.
However, if you do in fact own a VR headset, the Creators Update would allow you to experience Windows VR, a virtual reality/augmented reality take on Windows 10.
Read the original article over at Hongkiat.