The End

Posted by Dave Cahill on Aug 9, 2021 in River Net News | 0 comments

River Net Computers, LLC. will be shutting down operations

Yes, you read that correctly, it’s true.  After 11+ years, James and Dave have decided to close down River Net Computers to move in two different directions.  This new move will allow both James and Dave to be able to offer their unique services more effectively.  The past two years has been very difficult for many other small businesses, including River Net Computers.  Although we are moving on, we are looking forward to what the future has to store.  This is a big change for us, but it also presents big opportunities and a catalyst for us both to build something new, something better.

Thank you for letting us serve you and your business, we appreciate your support and understanding during this time.  We hope to reestablish a relationship together in the future. 

/end

Pentagon says its new AI can see events ‘days in advance’

Posted by Dave Cahill on Aug 4, 2021 in Privacy, Security News, Technology | 0 comments

The Pentagon says its new AI can see events ‘days in advance’

The Pentagon and US Military have been trialing the use of an algorithm that anticipates the enemy’s next move in advance.

The US military is testing the use of cutting-edge data gathering tools combined with artificial intelligence to predict enemies’ next moves up to days in advance.  

Speaking at a press conference, the commander of the US Northern Command (NORTHCOM) Glen VanHerck revealed that trials have been ongoing to improve the military’s use of data when making key strategic decisions, with the third part of an initiative called the Global Information Dominance Experiment (GIDE) showing promising results.

GIDE was designed to increase access to real-time information that can help leaders prepare for enemy action and hopefully deter it, rather than react to conflict once it has started.

The latest experiment carried out by the Pentagon saw 11 US commands simulate the takeover of a crucial site such as the Panama Canal.  

VanHerck explained that during the simulated operation, data was gathered from various sensors spread out across the globe, both military or civilian; the information was then run through an AI model capable of detecting patterns and giving the alert when spotting signs like a submarine preparing to leave port, for example. 

Knowing what the enemy might be preparing to do in advance let commanding officers take measures such as deploying troops, in an effort to deter conflict.

“What we’ve seen is the ability to get way further what I call left, left of being reactive to actually being proactive,” said VanHerck. “And I’m talking not minutes and hours, I’m talking days.” 

Deployed to the wider force for real-world situations, the technology could put together information in real-time from existing satellites, radars, undersea sensors, as well as cyber and intel capabilities, and make it available through the cloud for AI models to process.  

“The ability to see days in advance creates decision space. Decision space for me as an operational commander to potentially posture forces to create deterrence options to provide that to the secretary or even the president,” he said.

All of this information is already available, stressed VanHerck, but it currently takes hours and days for dedicated analysts to browse through the mountains of data that are generated every day, before noticing patterns of interest.  

“Keep in mind that it’s not new information. It’s information that today is just not analyzed and processed until later in the time cycle, if you will,” said VanHerck. 

“And all we’re doing is taking and sharing it and making it available sooner. So that our key decision-makers will have options versus being reactive where they may be forced to take some kind of escalation option.” 

The algorithms described by VanHerck could look at the average number of cars in a parking lot in enemy locations, for instance; it could count the airplanes parked on a ramp and trigger a warning when noticing change, and it could even spot missiles being prepared to launch. This could provide the Pentagon with days of advanced warning, according to the commander.  

Using AI to better inform military decisions is a key objective that the Pentagon has made clear for some time, especially as other countries ramp up the use of technology in the defense sector.  

But the growth of automation tools in warfare is raising serious concerns among some advocacy groups that algorithms might be empowered to inform life-and-death decisions, and eventually even to make those decisions themselves. 

The GIDE experiments, in fact, were carried out together with other groups within the US Department of Defense, including Project Maven – an initiative that sparked controversy in 2018, when Google employees rebelled against the company’s involvement in the initiative. 

After Google was contracted to help build the technology for Project Maven, which aimed to develop AI that could spot humans and objects in large amounts of video captured by military drones, thousands of staff signed a petition calling for the company to pull out. Employees cited fears that they would be involved in an initiative that would contribute to identifying potential targets. 

VanHerck, for his part, was keen to address concerns over the use of AI in GIDE trials. “Humans still make all the decisions in what I’m talking about,” he said. “We don’t have any machines making decisions.

“We’re not relying on computers to take us to create deterrence options or defeat options.” 

According to the VanHerck, the software capabilities trialed in GIDE are already available and ready to be fielded across combatant commands. To further improve the impact of the technology, he continued, will also require collaboration with international allies and partners, who are expected to be brought in to participate in what could be a global exchange of real-time intelligence. 

Read the original article courtesy of ArsTechnica.com.

Remote print server gives anyone Windows admin privileges on a PC

Posted by Dave Cahill on Aug 2, 2021 in Security News, Windows | 0 comments

Remote print server gives anyone Windows admin privileges on a PC

 researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.

In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare (CVE-2021-34527) that allowed remote code execution and elevation of privileges.

While Microsoft released a security update to fix the vulnerability, researchers quickly figured out ways to bypass the patch under certain conditions.

Since then, researchers have continued to devise new ways to exploit the vulnerability, with one researcher creating an Internet-accessible print server allowing anyone to open a command prompt with administrative privileges.

Now anyone can get Windows SYSTEM privileges

Security researcher and Mimikatz creator Benjamin Delpy has been at the forefront of continuing PrintNightmare research, releasing multiple bypasses and updates to exploits through specially crafted printer drivers and by abusing Windows APIs.

To illustrate his research, Delpy created an Internet-accessible print server at \\printnightmare[.]gentilkiwi[.]com that installs a print driver and launches a DLL with SYSTEM privileges.

Initially, the launched DLL would write a log file to the C:\Windows\System32 folder, which should only be writable by users with elevated privileges.

Want to test #printnightmare (ep 4.x) user-to-system as a service??
(POC only, will write a log file to system32)

connect to \https://t.co/6Pk2UnOXaG with
– user: .gentilguest
– password: password

Open 'Kiwi Legit Printer – x64', then 'Kiwi Legit Printer – x64 (another one)' pic.twitter.com/zHX3aq9PpM

— ? Benjamin Delpy (@gentilkiwi) July 17, 2021

As some people did not believe his initial print driver could elevate privileges, on Tuesday, Delpy modified the driver to launch a SYSTEM command prompt instead.

This new method effectively allows anyone, including threat actors, to get administrative privileges simply by installing the remote print driver. Once they gain administrative rights on the machine, they can run any command, add users, or install any software, effectively giving them complete control over the system.

This technique is especially useful for threat actors who breach networks for the deployment of ransomware as it allows quick and easy access to administrative privileges on a device that helps them spread laterally through a network.

BleepingComputer installed Delpy’s print driver on a fully patched Windows 10 21H1 PC as a user with ‘Standard’ (limited) privileges to test this technique.

As you can see, once we installed the printer and disabled Windows Defender, which detects the malicious printer, a command prompt was opened that gave us full SYSTEM privileges on the computer.

When we asked Delpy if he was concerned that threat actors were abusing his print server, he told us that one of the driving reasons he created it is to pressure “Microsoft to make some priorities” into fixing the bug.

He also said that it’s impossible to determine what IP addresses belong to researchers or threat actors. However, he has firewalled Russian IP addresses that appeared to be abusing the print servers.

Delpy has warned that this is not the end of Windows print spooler abuse, especially with new research being revealed this week at both the Black Hat and Def Con security conferences.

Mitigating the new printer vulnerability

As anyone can abuse this remote print server on the Internet to get SYSTEM level privileges on a Windows device, Delpy has offered several ways to mitigate the vulnerability.

These methods are outlined in a CERT advisory written by Will Dormann, a vulnerability analyst for CERT/CC.

Option 1: Disable the Windows print spooler

The most extreme way to prevent all PrintNightmare vulnerabilities is to disable the Windows Print spooler using the following commands.

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

However, using this mitigation will prevent the computer from being able to print.

Option 2: Block RPC and SMB traffic at your network boundary

As Delpy’s public exploit uses a remote print server, you should block all RPC Endpoint Mapper (135/tcp) and SMB (139/tcp and 445/tcp) traffic at your network boundary.

However, Dormann warns that blocking these protocols may cause existing functionality to no longer work as expected.

“Note that blocking these ports on a Windows system may prevent expected capabilities from functioning properly, especially on a system that functions as a server,” explained Dormann.

Option 3: Configure PackagePointAndPrintServerList

The best way to prevent a remote server from exploiting this vulnerability is to restrict Point and Print functionality to a list of approved servers using the ‘Package Point and print – Approved servers’ group policy.

This policy prevents non-administrative users from installing print drivers using Point and Print unless the print server is on the approved list. 

To enable this policy, launch the Group Policy Editor (gpedit.msc) and navigate to User Configuration > Administrative Templates > Control Panel > Printers > Package Point and Print – Approved Servers.

Then enable the policy and enter the list of servers that you wish to allow to use as a print server and then press OK to enable the policy. If you do not have a print server on your network, you can enter a fake server name to enable the feature.

Using this group policy will provide the best protection against the known exploit but will not prevent a threat actor from taking over an allowed print server with malicious drivers.

Update 8/1/21: Added more information about the Package Point and Print – Approved servers policy. Thx bikerdude!

Read the original article over at BleepingComputer.com.

Pegasus spyware: here’s what we know

Posted by Dave Cahill on Jul 29, 2021 in Security News, Virus Alert Information | 0 comments

Pegasus spyware: here’s what we know

When Pegasus spyware from an Israeli firm was discovered on a number of iPhones used by journalists, critics hit Apple over security and privacy concerns. But in this case, it doesn’t look like the company did anything wrong.

The Pegasus Project reports that journalists, activists, and heads of state could have been infiltrated.

Throughout the past week, we’ve seen story after story about a company called NSO Group, and a piece of spyware called Pegasus. Some of the stories have been shocking, with allegations that fully updated smartphones can be hacked with a single text message, and reports that two women close to murdered journalist Jamal Khashoggi were among those targeted by a government agency using the spy tool.

A coalition of news outlets, including The Washington Post, Le Monde, and The Guardian is behind the reporting, and they’re calling it the Pegasus Project. The project was led by Forbidden Stories, an organization of journalists that works on stories after the original reporters have been silenced in some way. Amnesty International ran detailed forensics on 67 smartphones to look for evidence that they were targeted by Pegasus spyware — and 37 of those phones tested positive. But many crucial details still aren’t clear.

Here’s what we know about the NSO Group and Pegasus so far.

WHAT IS PEGASUS, AND WHO OR WHAT IS NSO GROUP?

Pegasus is spyware developed by a private contractor for use by government agencies. The program infects a target’s phone and sends back data, including photos, messages, and audio / video recordings. Pegasus’ developer, an Israeli company called NSO Group, says that the software can’t be traced back to the government using it — a crucial feature for clandestine operations.

In short, NSO Group makes products that let governments spy on citizens. The company describes the role of its products on its website as helping “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” during terrorism and criminal investigations. But as you might imagine, civil liberties groups aren’t happy about the spyware-for-hire business, and restricting the business to government clients does little to quiet their concerns.

The company told The Washington Post that it works only with government agencies, and that it will cut off an agency’s access to Pegasus if it finds evidence of abuse. In its transparency report released at the end of June, the company claimed it has done that before. Still, an Amnesty International statement raised concerns that the company is providing spyware to oppressive governments, where government agencies can’t be trusted to do right by their citizens.

The Forbidden Stories organization, which helped lead the Pegasus Project’s efforts, has a write-up of the company’s exploits and controversies over the past decade, some of which have inspired lawsuits from journalists and activists arguing that NSO’s software has been used improperly. The Washington Post also has an interview that covers the company’s own story about how it was founded and how it got started in the surveillance industry.

WHO WAS BEING SPIED ON?

We don’t know for sure. However, much of the reporting centers around a list containing 50,000 phone numbers, the purpose of which is unclear. The Pegasus Project analyzed the numbers on the list and linked over 1,000 of them to their owners. When it did so, it found people who should’ve been off-limits to governmental spying (based on the standards NSO says it holds its clients to): hundreds of politicians and government workers — including three presidents, 10 prime ministers, and a king — plus 189 journalists, and 85 human rights activists.

WAIT, WHO MADE THIS LIST?

At this point, that’s clear as mud. NSO says the list has nothing to do with its business, and claims it’s from a simple database of cellular numbers that’s a feature of the global cellular network. A statement from an Amnesty International spokesperson, posted to Twitter by cybersecurity journalist Kim Zetter, says that the list indicates numbers that were marked as “of interest” to NSO’s various clients. The Washington Post says that the list is from 2016.

Amnesty says the Israeli media mis-reported a statement it gave them in Hebrew about the list of 50,000 phone numbers. See here: https://t.co/rhksVHineG

But I obtained the full Hebrew statement they gave reporters, and the Israeli media quoted it correctly. pic.twitter.com/9JNmwC3QW4

— Kim Zetter (@KimZetter) July 22, 2021

The Washington Post says the list doesn’t contain information about who added numbers to it, or whether people linked to the numbers were under surveillance. Was the list curated by a shadowy government agency trying to get on the good side of other governments? Was it maintained by a Slack group of Pegasus users? Was it simply a list of numbers? It’s an essential question that remains frustratingly unclear.

SO DOES THE LIST MATTER?

It seems to. The Washington Post reports that some of the phones analyzed were targeted shortly after they were added to the list. In some cases, only a few seconds separate timestamps that indicate when the phone number was added to the list and incidents of Pegasus attacks on the phones.

According to The Guardian, Amnesty ran its analysis on 67 phones connected to the numbers. It found that 37 of the phones had been at least targeted by Pegasus, and that 23 of those phones had been successfully hacked. The Washington Post details how Pegasus was used to hack a phone belonging to the wife of an imprisoned activist.

WHO ELSE IS ON THE LIST?

A Washington Post report details some of the highest-ranking officials with numbers on the list. According to an analysis done by the Post and other Pegasus Project members, the current presidents of France, Iraq, and South Africa were included, along with the current prime ministers of Pakistan, Egypt, and Morocco, seven former prime ministers, and the king of Morocco.

A separate report from the Post claims that the Moroccan king was not the only royalty whose number appeared on the list — a princess from Dubai was also added, along with some of her friends, as she was trying to gain political asylum. Her attempt failed when she was allegedly kidnapped by armed commandos who boarded the yacht she was using to escape.

Also on the list were two women close to Jamal Khashoggi, a journalist who was murdered in 2018.

WAS KHASHOGGI HIMSELF ON THE LIST?

It doesn’t seem so (though we’ll deal with some nuances in a moment), but people close to him were. The Washington Post has reported that one of those hacked phones belonged to Khashoggi’s fiancé, and that there’s reportedly evidence that his wife’s phone was targeted as well. NSO’s CEO has strongly denied that Khashoggi’s wife was a target.

As to whether NSO targeted Khashoggi himself, that’s a question without a definite answer. NSO strongly denies that it was involved — it did so in 2019, and again recently, with The Washington Post citing a statement from the company that its technology “was not associated in any way with the heinous murder of Jamal Khashoggi.” According to the Post, Khashoggi’s phone is in the custody of Turkish authorities who are carrying out an investigation of the journalist’s homicide.

WHAT DOES PEGASUS DO?

According to The Washington Post, the spyware can steal private data from a phone, sending a target’s messages, passwords, contacts, photos, and more to whoever initiated the surveillance. It can reportedly even turn on the phone’s cameras or microphones to create covert recordings. A document from NSO describes the software’s capabilities in more detail.

Recent versions of it have reportedly been able to do this without having to get the user to do anything — a link is sent to their phone, without a notification, and Pegasus starts collecting information. In other cases, Pegasus has reportedly relied on users to click phishing links that then deliver the Pegasus payload.

WAIT, HOW CAN PEGASUS GET ALL THAT INFO?

Both The Guardian and The Washington Post have articles explaining how even modern phones with the latest software updates can be exploited. (Amnesty has shown that even some of the most recent versions of iOS are vulnerable to methods used by NSO.) The summary is that no software is perfect. Where there’s complicated software, like iMessage or WhatsApp, there will be bugs, and some of those bugs will give hackers access to way more than many would think is possible. And, with millions of dollars at stake, hackers and security researchers are very motivated to find those bugs, even if they’ll only be usable for a short amount of time.

IT CAN DO ALL THAT ON IPHONES? WHAT ABOUT APPLE’S SECURITY AND PRIVACY?

In a statement to The Guardian, Apple didn’t deny NSO’s capability to exploit iPhones, instead saying that attacks like Pegasus are “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” thereby not affecting most Apple customers. Apple did say that it continues “to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Still, as The Washington Post points out, the fact that the iPhone could be so thoroughly compromised by a reportedly invisible message is unfortunate for a company that prides itself on security and privacy, one that put up “what happens on your iPhone, stays on your iPhone” billboards. Security researchers who spoke to the Post mainly lay the blame on iMessage and its preview software — despite the protections that Apple has reportedly implemented recently to try to secure iMessage.

ARE ONLY IPHONES VULNERABLE?

No. A lot of the reporting focuses on iPhones, but that’s only because they’ve proven easier to analyze for signs of a Pegasus infection than Android phones have. Pegasus can, however, infect both, according to an NSO informational document. Both Apple and Google have commented on the situation, with Apple condemning attacks against journalists and activists, and Google saying that it warns users of attempted infiltrations, even those backed by governments.

I THINK I’VE HEARD OF PEGASUS BEFORE?

The spyware has been in the news for years, often in connection with incidents similar to what’s currently being reported. In 2017, reports surfaced that the software had been used in attacks against Mexican reporters and activists. In 2019, WhatsApp sued NSO Group, alleging that the software developer was involved in the hacking of around 1,400 devices using an exploit found in WhatsApp’s code. Microsoft, Google, Cisco, and other tech companies signaled support for WhatsApp’s suit. (As of April 2021, the case was ongoing, according to a report from Politico.)

In 2020, it was reported that NSO was being investigated by the FBI, in connection with the 2018 hack of Jeff Bezos’ cellphone. At the time, NSO denied knowledge of the FBI’s probe, according to Reuters, and the FBI recently declined to comment about the matter to The Washington Post.

WHO’S BEHIND THE TARGETING OF ACTIVISTS AND JOURNALISTS?

We don’t know at the moment, but it’s likely not just one government agency or country. The Washington Post points to a list of 10 countries where many of the phone numbers on the list seem to be from, and says that those countries have been reported to have worked with NSO in the past. But the fact that many of the basic facts about the list remain disputed means there’s really not enough information to draw solid conclusions.

HOW MUCH DOES IT COST TO SPY ON A PHONE?

In 2016, The New York Times reported that NSO Group charged $500,000 to set a client up with the Pegasus system, and then charged an additional fee to actually infiltrate people’s phones. At the time, the costs were reportedly $650,000 to hack 10 iPhone or Android users, or $500,000 to infiltrate five BlackBerry users. Clients could then pay more to target additional users, saving as they spy with bulk discounts: $800,000 for an additional 100 phones, $500,000 for an extra 50 phones, and so on. NSO would also reportedly charge 17 percent of what the clients had paid over the course of a year as an annual maintenance fee. According to Forbidden Stories, NSO’s contract with Saudi Arabia alone is worth up to $55 million.

WHAT DOES NSO SAY ABOUT THE REPORTS?

In an interview with Calcalist, NSO Group’s CEO and co-founder Shalev Hulio broadly denied the allegations, claiming that the list of numbers had nothing to do with Pegasus or NSO. He argued that a list of phone numbers targeted by Pegasus (which NSO says it doesn’t keep, as it has “no insight” into what investigations are being carried out by its clients) would be much shorter — he told Calcalist that NSO’s 45 clients average about 100 Pegasus targets per year.

“SOMEBODY HAS TO DO THE DIRTY WORK”

Hulio also claims that NSO has investigated its clients’ use of the software, and hasn’t found evidence that they targeted any of the phone numbers NSO had been given, including the one linked to Khashoggi’s wife. He also says that it’s NSO policy to cut off clients’ access to Pegasus if it discovers that they are using the system outside of its intended use.

Hulio told The Washington Post that the reports were “concerning,” and that the company would investigate. He told Calcalist that NSO had been running checks with present and past clients for the past week.

HOW WOULD NSO KNOW WHETHER THESE PEOPLE HAVE BEEN TARGETED, OR KEEP THEM FROM BEING TARGETED, IF IT HAS NO IDEA WHO ITS CLIENTS ARE TARGETING?

Great question. Hulio tries to answer it in his interview with Calcalist, mentioning an ability to analyze a client’s systems, but doesn’t really provide enough detail to be reassuring.

ALSO, HOW DOES HULIO’S CLAIM OF PEGASUS CLIENTS HAVING AN AVERAGE OF 100 TARGETS A YEAR SQUARE WITH THE BULK DISCOUNTS NSO REPORTEDLY PROVIDES?

Again, great question.

WHY MAKE SOFTWARE LIKE THIS?

According to NSO, it builds Pegasus solely for use in counterterrorism and law enforcement work. The company reportedly only sells the software to specific government agencies that have been approved by the Israeli Ministry of Defense.

NSO seems to see its software as a necessary, if unpleasant, part of modern surveillance, with its CEO telling The Washington Post that “somebody has to do the dirty work” and that Pegasus is “used to handle literally the worst this planet has to offer.”

ARE THERE OTHER COMPANIES OUT THERE MAKING TOOLS LIKE PEGASUS?

Absolutely. The Economic Times has a good rundown of some of the higher-profile companies working in the space, along with an explanation of how the pattern of Israeli cyberintelligence agents leaving military service and founding startups leads to Israel being the home of many of these companies.

WHAT CAN I DO TO KEEP MYSELF SAFE AND MY INFORMATION PRIVATE?

Despite Amnesty’s report that versions of iOS from July are vulnerable to Pegasus, keeping your phone up to date will ensure that your phone is susceptible to fewer exploits, as updates are continually patched out by phone manufacturers. There’s also the standard set of security best practices: using strong, unique passwords (preferably with a password manager), turning on encryption, not clicking on links from strangers, etc.

Of course, Pegasus has been shown to bypass most of these security measures — a leaked copy of NSO informational material brags that installation “cannot be prevented by the target” — but they will help protect you from less sophisticated hackers.

HOW CAN I CHECK IF MY PHONE WAS COMPROMISED?

Amnesty International has actually released a tool that can be used for analysis, and you can read our guide on how to use it here.

HOW WORRIED SHOULD I ACTUALLY BE?

Assuming you’re not a journalist working on sensitive stories, a world leader, or in some position that could threaten governmental powers, the odds are that someone hasn’t paid thousands or tens of thousands of dollars to target you with Pegasus. That said, it’s obviously concerning that these types of attacks are possible, and that they could potentially fall into the hands of hackers looking to target a much broader range of people.

As with all security-related measures, it’s important to be realistic about the threats that you’re facing, and what you should do about them. For most people who aren’t likely to be targeted by an actor on the level of a nation-state (which hopefully includes you), the bigger threat to privacy comes from data brokers, which operate legally and at a larger scale. On the flip side, if you actually are being targeted by governments, with all the resources at their disposal, there’s probably not a whole lot you can do to keep your digital data private.

I’VE HEARD THE SOFTWARE CAN’T BE USED AGAINST PEOPLE WITH +1 COUNTRY CODE NUMBERS, LIKE THOSE FOUND IN THE US OR CANADA.

NSO has claimed many times that the software is technically incapable of targeting phones with US +1 phone numbers. This, of course, doesn’t protect Americans who are using international phone numbers, but it’s also something that’s hard for the company to actually prove. According to The Washington Post, the investigation didn’t find evidence that any American numbers had been hacked, but they only checked 67 phones.

The rest of the countries using the +1 code at the start of their phone numbers, such as Canada, Jamaica, and others, are largely unmentioned in the new wave of NSO reporting, though Canada was mentioned in a 2018 report.

Read the original article over at TheVerge.com.

Oculus Quest 2 VR face liners recalled by Facebook over “rashes and hives”

Posted by Dave Cahill on Jul 28, 2021 in Gaming, Health | 0 comments

Oculus Quest 2 VR face liners recalled by Facebook over “rashes and hives”

All Oculus Quest 2 systems pulled from shelves ahead of August price, storage refresh.

Facebook’s VR division is recalling every single foam facial liner included in its Oculus Quest 2 VR headset in North America, the company confirmed, as part of a US CPSC recall notice. An investigation found 5,716 reports of “skin irritation” from system owners, along with “approximately 45 reports of consumers that required medical attention.”

The recall applies to “about 4 million” customers, which is the closest public estimate we’ve yet seen for Quest 2 hardware sales in the US since the system went on sale in late 2020. Since this estimate includes standalone purchases of face covers, it’s not an exact measure, but considering how ho-hum the default face masks are, we’re confident that few people were rushing to buy duplicates of it, as opposed to superior third-party options.

In light of the recall, Facebook is also taking the extreme measure of pausing all Oculus Quest 2 sales in North America, in addition to offering silicone-liner replacements to all existing owners. This news comes after UploadVR confirmed Facebook’s plans to launch a new price point for the VR system in August: $299 for a 128GB model (up from 64GB), along with the existing 256GB model at $399. Facebook now says that the August 24 relaunch will mark the system’s return to retail outlets with an updated silicone face cover packed in by default.

One of many serious Quest 2 downgrades

Consumer complaints began piling up shortly after the system’s October 2020 launch regarding rashes, burning sensations, red facial marks, and hives experienced while wearing the VR headset. These complaints often said that the users hadn’t felt particularly warm temperature-wise, so they were not building up sweat within the VR headset’s goggle portion. (My own review of Quest 2 mentioned so many complaints that I barely touched on my disdain for the cheap-feeling foam face liner, which felt like a serious downgrade from the Quest 1’s fabric. Quest 2 is marked by a number of downgrades from its predecessor, arguably to scrape back savings to make room for its spec upgrades.) By early 2021, Facebook posted a minor acknowledgment of the issue and described the problem as affecting “about 0.01 percent” of system owners.

That Facebook post was updated in April to confirm that the company had detected in the liners “trace substances” that “were already at levels below the industry standard,” without clarifying what those substances were or what industry standard it was referencing. Did Facebook mean “as compared to commonplace facial gear like ski goggles,” or did the company mean “with regard to virtual reality masks,” an industry that has yet to receive decades of product-review scrutiny?

In either case, Facebook pledged to “change our process to reduce [trace substances] further,” but the company didn’t remove the material entirely from the liner that makes constant contact with users’ faces. That action may have still run afoul of the CPSC’s rules about appropriately labeling anything that counts as an “irritant,” which the US agency defines as something that “causes a substantial injury to the area of the body that it comes in contact with. Irritation can occur after immediate, prolonged, or repeated contact.” Facebook has yet to clarify the exact source of the existing face mask’s irritation—including whether the culprit was the foam itself or any chemical treatment sprayed onto the foam ahead of being shipped to customers.

Tuesday’s recall follows a related disappearance of Oculus Quest 2 headsets across European Union nations in May, which Facebook confirmed was related to an EU commission looking into the system’s foam face mask amid users’ reports of irritation and worse. The headset has not yet returned to European retailers as of press time.

Thanks to Quest 2’s forced integration with Facebook accounts, it stands to reason that Facebook could begin targeting all Quest 2 owners with notices or advertisements about facial irritation, rashes, and hives across all connected Facebook services, including Instagram and Whatsapp. However, Facebook says it will contact affected users about this week’s recall via email, or they can go directly to a recall-related site and request a replacement of their own.

Read the original article over at ArsTechnica.com.

Windows 10 July security updates break printing on some systems

Posted by Dave Cahill on Jul 27, 2021 in Security News, Windows | 0 comments

Windows 10 July security updates break printing on some systems

Microsoft says customers may experience printing and scanning issues on devices using smart card (PIV) authentication after installing July 2021 Windows 10 security updates on a domain controller (DC).

“After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication,” Microsoft explained.

According to Microsoft, all affected smart card authenticating devices should work as expected when using username and password authentication.

Impacted Windows versions include include:

• Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Issue caused by security flaw hardenings

This known issue is caused by hardening changes for CVE-2021-33764, and it affects smart card authenticating printers, scanners, and multifunction devices which “don’t support DH or advertise support for des-ede3-cbc (“triple DES”) during the Kerberos AS request.”

Windows 10 users who encounter this issue are advised to first check if they have the latest drivers and firmware installed on the non-compliant and misbehaving printing or scanning devices.

If the known issue still appears even though the devices are up-to-date, affected customers should contact the device manufacturer and ask for setting changes or updates to make the printer or scanner compliant with CVE-2021-33764 hardenings deployed via July Windows 10 security updates.

Microsoft is currently working on temporary mitigation that provided with a future update to re-enable printing and scanning on impacted devices.

“This will allow time for device manufacturers to release compliant firmware and drivers for their devices,” Microsoft added.

“Further, it should allow time to update settings, firmware, and drivers in your environment and make them compliant.”

Other printing problems addressed this year

Redmond addressed Windows 10 printing issues caused by changes introduced in the June 2021 cumulative update preview earlier this month.

Users also encountered printing issues in March after installing the March 2021 Patch Tuesday updates, reporting that Windows 10 would crash when printing or print jobs would be missing graphics elements, blank pages, or other issues.

To resolve these issues, Microsoft released two out-of-band emergency updates for Windows 10 one week later: KB5001567 on March 15 to fix blue screen crashes when printing and KB5001649 on March 18 to fix the printing issues.

One day later, the company released yet another emergency update to fix additional printing issues besides blue screen crashes, including blank pages, document elements missing or printed as block boxes, and alignment or formatting issues.

Read the original article over at BleepingComputer.com.

Hackers got past Windows Hello by tricking a webcam

Posted by Dave Cahill on Jul 19, 2021 in Security News, Windows | 0 comments

Hackers got past Windows Hello by tricking a webcam

‘Windows Hello’ bested by researchers who used infrared photos & third-party hardware to trick the facial-recognition tech.

Biometric authentication is a key piece of the tech industry’s plans to make the world password-less. But a new method for duping Microsoft’s Windows Hello facial-recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn’t.

Services like Apple’s FaceID have made facial-recognition authentication more commonplace in recent years, with Windows Hello driving adoption even farther. Apple only lets you use FaceID with the cameras embedded in recent iPhones and iPads, and it’s still not supported on Macs at all. But because Windows hardware is so diverse, Hello facial recognition works with an array of third-party webcams. Where some might see ease of adoption, though, researchers from the security firm CyberArk saw potential vulnerability.

That’s because you can’t trust any old webcam to offer robust protections in how it collects and transmits data. Windows Hello facial recognition works only with webcams that have an infrared sensor in addition to the regular RGB sensor. But the system, it turns out, doesn’t even look at RGB data. Which means that with one straight-on infrared image of a target’s face and one black frame, the researchers found that they could unlock the victim’s Windows Hello–protected device.

By manipulating a USB webcam to deliver an attacker-chosen image, the researchers could trick Windows Hello into thinking the device owner’s face was present and unlocking.

“We tried to find the weakest point in the facial recognition and what would be the most interesting from the attacker’s perspective, the most approachable option,” says Omer Tsarfati, a researcher at the security firm CyberArk. “We created a full map of the Windows Hello facial-recognition flow and saw that the most convenient for an attacker would be to pretend to be the camera, because the whole system is relying on this input.”

Microsoft calls the finding a “Windows Hello security feature bypass vulnerability” and released patches on Tuesday to address the issue. In addition, the company suggests that users enable “Windows Hello enhanced sign-in security,” which uses Microsoft’s “virtualization-based security” to encrypt Windows Hello face data and process it in a protected area of memory where it can’t be tampered with. The company did not respond to a request for comment from WIRED about the CyberArk findings.

Tsarfati, who will present the findings next month at the Black Hat security conference in Las Vegas, says that the CyberArk team chose to look at Windows Hello’s facial-recognition authentication, in particular, because there has already been a lot of research industrywide into PIN cracking and fingerprint-sensor spoofing. He adds that the team was drawn by the sizable Windows Hello user base. In May 2020, Microsoft said that the service had more than 150 million users. In December, the company added that 84.7 percent of Windows 10 users sign in with Windows Hello.

While it sounds simple—show the system two photos and you’re in—these Windows Hello bypasses wouldn’t be easy to carry out in practice. The hack requires that attackers have a good-quality infrared image of the target’s face and have physical access to their device. But the concept is significant as Microsoft continues to push Hello adoption with Windows 11. Hardware diversity among Windows devices and the sorry state of IoT security could combine to create other vulnerabilities in how Windows Hello accepts face data.

“A really motivated attacker could do those things,” says Tsarfati. “Microsoft was great to work with and produced mitigations, but the deeper problem itself about trust between the computer and the camera stays there.”

There are different ways to take and process images for facial recognition. Apple’s FaceID, for example, only works with the company’s proprietary TrueDepth camera arrays, an infrared camera combined with a number of other sensors. But Apple is in a position to control both hardware and software on its devices in a way that Microsoft is not for the Windows ecosystem. The Windows Hello Face setup information simply says “Sign-in with your PC’s infrared camera or an external infrared camera.”

Marc Rogers, a longtime biometric-sensor security researcher and vice president of cybersecurity at the digital identity management company Okta, says that Microsoft should make it very clear to users which third-party webcams are certified as offering robust protections for Windows Hello. Users can still decide whether they want to buy one of these products versus any old infrared webcam, but specific guidelines and recommendations would help people understand the options.

The CyberArk research fits into a broader category of hacks known as “downgrade attacks,” in which a device is tricked into relying on a less secure mode—like a malicious cell phone tower that forces your phone to use 3G mobile data, with its weaker defenses, instead of 4G. An attack that gets Windows Hello to accept static, prerecorded face data uses the same premise, and researchers have defeated Windows Hello’s facial recognition before getting the system to accept photos using different techniques. Rogers says it’s surprising that Microsoft didn’t anticipate the possibility of attacks against third-party cameras like the one CyberArk devised.

“Really, Microsoft should know better,” he says. “This attack pathway in general is one that we have known for a long time. I’m a bit disappointed that they aren’t more strict about what cameras they will trust.”

Read the original article over at ArsTechnica.com.

WooCommerce Urges Store Owners to Immediately Update Their Store to Fix Security Vulnerability

Posted by Dave Cahill on Jul 15, 2021 in Security News, Web & Graphic Design News | 0 comments

WooCommerce Urges Store Owners to Immediately Update Their Store to Fix Security Vulnerability

WooCommerce sent out an email to store owners to immediately update their store to the latest version to fix a security vulnerability involving versions 3.3 to 5.5 and the WooCommerce Blocks feature plugin versions 2.5 to 5.5.

According to the email, stores hosted on WordPress.com and WordPress VIP have already been secured. WC is working with the WordPress.org Plugin Team to automatically update as many stores as possible to secure versions.

In addition, WooCommerce urges store owners to take the following added precautions to safeguard their site:

• Update to the latest version (5.5.1) or the highest number possible in the release branch.
• Store owners running the WooCommerce Blocks feature plugin should update it to the latest version (5.5.1).

WooCommerce did not provide many details on this security vulnerability and said its investigation is ongoing and it would share updates about the issue on its blog.

However, they did reveal that affected stores may have order, customer, and administrative data exposed. Therefore, while it doesn’t appear to include critical customer payment and financial data, it may include proprietary and competitive information most businesses would not want to share.

WooCommerce said it jumped on the information once it learned about on Tuesday it and has been working around the clock to investigate the issue, audit all related codebases, and release a patch for every impacted version (90+ releases).

At the time of publishing, only 7.2% of WooCommerce installations are using version 5.5+. More than half of stores (51.7%) are running on a version older than 5.1. WordPress.org doesn’t offer a more specific breakdown of the older versions, but it’s safe to say without these backported security fixes, the majority of WooCommerce installs might be left vulnerable.

The security announcement indicates that WooCommerce cannot yet confirm that this vulnerability has not been exploited:

Our investigation into this vulnerability and whether data has been compromised is ongoing. We will be sharing more information with site owners on how to investigate this security vulnerability on their site, which we will publish on our blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.

For those who are concerned about possible exploitation, the WooCommerce team is recommending merchants update their passwords after installing the patched version as a cautionary measure.

The good news for WooCommerce store owners is that this particular critical vulnerability was responsibly disclosed and patched within one day after it was identified. The plugin’s team has committed to being transparent about the security issue. In addition to publishing an announcement on the plugin’s blog, WooCommerce also emailed everyone who has opted into their mailing list. Concerned store owners should keep an eye on the WooCommerce blog for a follow-up post on how to investigate if their stores have been compromised.

World record for most expensive video game auction is now $1.56 million

Posted by Dave Cahill on Jul 12, 2021 in Fun Stuff, Gaming | 0 comments

World record for most expensive video game auction is now $1.56 million

World Record beats the price set by a rare Legend of Zelda copy, which only lasted 48 hours.

Update, July 11: Two days after our original report went live, Heritage Auctions’ latest slate of game-related auctions concluded with a staggering highlight: a boxed, sealed copy of Super Mario 64 selling for a new world-record auction bid of $1.56 million. This copy of the N64 classic doesn’t include any indication about being a special or rare print of the game; rather, it comes with an uncommon Wata Games rating of 9.8 out of 10, making it as pristine a box of the 25-year-old game as you might ever find in the wild.

Original report:

The world record for most expensive video game sold at auction has now been surpassed by a staggering amount, thanks to a sealed, “9.0”-rated copy of 1987’s The Legend of Zelda.

A boxed copy of the game’s first printing on the American NES sold on Friday via Heritage Auctions at a staggering $870,000, soundly surpassing the previous gaming-auction high of $660,000. That honor went to a rare, sealed copy of the original Super Mario Bros., also for the American NES, only three months ago.

This week’s Zelda auction began with an astonishing opening bid of $110,000, yet that amount was merited by its particular rarity. The copy in question was part of a late-1987 production run dubbed “NES R,” which preceded the game’s wider initial production run in early 1988 (dubbed “REV-A,” as per a marking on its box). The latter was a much wider run that coincided with the console’s explosion in American popularity, and it, too, featured a foil-gold cartridge. Thus, don’t assume that your shiny Zelda cartridge in an old drawer is somehow worth close to a million dollars—especially since this auction happens to come in a sealed, original box.

Gaming historians know of one other production run that came before NES R, but it’s unclear whether those “NES TM” copies ever left Nintendo HQ or were stored in similarly boxed-and-sealed fashion. As Heritage itself claims in the auction’s listing page: “Essentially, this copy is the earliest sealed copy one could realistically hope to obtain.” (The company forgot to add the crucial “unless your dad works for Nintendo” tag there, of course.)

This NES R copy of Zelda was the highlight in Heritage’s latest gaming auction spree, which, as of press time, includes the following jaw-dropping results, all for boxed-and-sealed gaming classics. This list of particularly high prices is largely attached to special indicators of a game’s earliest production run, with two crucial “circles” in mind: the circular Nintendo Seal of Quality on early NES games, and a round Nintendo-branded sticker that guaranteed the box in question hasn’t been opened yet.

• Super Mario World, SNES: $360,000
• Super Mario Bros., NES (“No Rev-A”): $228,000
• Final Fantasy, NES: $204,000
• Mario Bros., NES: $156,000
• Contra, NES: $150,000
• Super Mario Bros. 3, NES (a rare print of the “Bros.” text aligned to the left): $120,000
• Final Fantasy III, SNES: $96,000
• Legend of Zelda: A Link to the Past, SNES: $96,000
• Mike Tyson’s Punch-Out!!, NES: $84,000
• Tecmo Bowl, NES: $45,600
• Battletoads, NES: $38,400
• Tengen Tetris, NES: $33,600

Additionally, a rare Nintendo World Championship cartridge sold in today’s auction for $180,000, and its listing alleges that its owner traded a rare Tom Brady rookie trading card for the cart. The same listing points out that said rookie card has been sold at auction for as much as $555,000. That’s some real salt in the collector wound there, Heritage.As of press time, the full gaming auction in question is still ongoing, and it includes every console generation imaginable, with opening bids in the tens and hundreds of thousands for the likes of Super Mario 64, Legend of Zelda: Ocarina of Time, Crash Bandicoot 1, Tomb Raider 1, and more.

Windows 11 insider build is surprisingly unpolished and unfinished

Posted by Dave Cahill on Jul 9, 2021 in Windows | 0 comments

Windows 11 insider build is surprisingly unpolished and unfinished

Windows 11 looks to be a decent upgrade, but not one to lose sleep over missing.

Microsoft made early Windows 11 builds available via its Windows Insider program the week after its first major announcement, and we’ve spent quite a few hours kicking the tires. When Windows 11 publicly releases, it’s likely to be a fine operating system—but right now, it’s an unpolished, unfinished mess.

Of course, this isn’t a surprise—Windows 11 is still only available in the Dev channel of the Insider program. The three Insider channels are Release Preview, Beta, and Dev; Dev roughly corresponds to a software alpha, and Microsoft itself describes it as “the newest code,” with “rough edges and some instability.”

Windows 11 is upgrade only (for now)

The first disappointment we encountered with Windows 11 is a puzzling one—it can’t (yet) be cleanly installed as a new operating system. To install Windows 11 Build 22000.51, you must begin with a fully patched and up-to-date Windows 10 installation, then flight it into the Dev channel, then upgrade it to Windows 11 via Windows Update. (If you’re not already on Windows 10 20H2 or newer, you’ll need to get through that upgrade first.)

We had no real problems updating either a well-used Windows 10 VM or a brand-new one—but we strongly advise against upgrading to Windows 11 on a machine or VM that matters to you, unless you have a guaranteed method of recovery you both trust and are prepared to use. Although one of our test VMs is a “daily driver” we rely on, it’s sitting on top of a ZFS dataset—and we took a manual snapshot prior to the upgrade, for easy rollback.

Ironically, the first look anyone gets at Windows 11 itself right now is the dreaded BSOU (Blue Screen Of Updates)—after flighting our Windows 10 VM into the Dev channel and one very quick download, it rebooted. During the reboot, we get the usual “don’t turn off your computer” message—but it’s in a new font and possibly on a slightly different shade of blue background.

Although the initial download in Windows Update is over rather quickly, the “working on updates” phase is not. This phase took about an hour on each of the Windows 10 VMs we upgraded—one reasonably well-used, and one brand new.

Alpha means alpha

It took almost no time to find our first and second nasty Windows 11 bugs—the DNS resolver was strangely and inconsistently broken, and the network configuration dialog under Settings was broken as well.

You can see the DNS resolver issues in the first screenshot above. We can ping 8.8.8.8—Google’s anycast DNS provider—without issue, so we know that general connectivity is fine both inside the LAN and outside of it. But attempts to ping google.com fail! The confusion only gets worse when we use nslookup to query our DNS server directly—it answers our queries just fine. Nevertheless, attempting to ping the same hostname directly fails, as do most attempts to browse with Edge or Chrome.

The second bug came while trying to troubleshoot the first—attempting to set IP address configuration directly using Windows 11’s Settings dialog fails miserably, with a cryptic message to “check one or more settings and try again.” There’s nothing actually wrong with the settings—the dialog is just broken. Next question—is Control Panel still there?

Thankfully, Control Panel hasn’t yet been done away with in Windows 11, and its tried-and-true network adapter configuration dialog works just as expected. Unfortunately, that didn’t resolve the original DNS issue—which turns out to be some conflict between Windows 11 and the VirtIO network driver we’re using.

Changing the VM’s network adapter to emulated Intel e1000 resolved the DNS issue—as does, hilariously, leaving the NIC as VirtIO and just using a DNS server on the far side of a WireGuard tunnel. (WireGuard has its own virtual NIC, so we’re technically not using our “real” network card to access the DNS server on the far side of the tunnel.)

Over the week or so we’ve been playing with Windows 11, we’ve also had the entire VM lock up and require a hard reset several times. Did we mention that this is still alpha software, and nobody should be running anything they care about on it yet?

Snap layouts and snap groups

Snap layouts and snap groups are features we particularly look forward to in Windows 11—finally, a tiling window manager for the rest of us! Unfortunately, they’re not as useful or intuitive as they ought to be yet. In order to add an application to a snap layout, hover over that app’s maximize button, and the snap layout selection drops down. Clicking a specific box inside one of the four snap layouts offered will resize, reshape, and move the application to fit.

Once you’ve added several apps to a single snap layout, snap grouping becomes available—but it’s not very easy to discover, and the current clumsiness of its use sharply decreases the value of this promising feature. In order to access snap groups, you hover over the taskbar button for any of the snapped groups. After a moment or two, this spawns the familiar Aero-style application preview bubble over the app’s taskbar icon—but in this case, it also spawns a second Aero bubble for the group as a whole.

Interacting with the snap group from here requires right-clicking the group’s Aero bubble, which allows you to restore, minimize, or close the group as a whole. It also offers “Group settings”—which turns out not to be settings for that particular snap group, but a link to the Multitasking section of Windows 11’s Settings dialog.

Task view, aka virtual desktops

Virtual desktops receive an updated treatment in Windows 11, bringing them front-and-center in the attempt to get more Windows users interested in them. If you’re not already familiar with the concept, the idea is that you create additional desktop workspaces, which are accessed via the Task view button on the taskbar.

Apps opened on one virtual desktop don’t show up on other virtual desktops—the apps can still talk to one another, should they need to; this isn’t an entire separate user session. But visually, they’re segregated onto different spaces. This makes it easy to, e.g., have one “work” desktop with your work email, a selection of work-related websites, and professional applications; and a second “play” desktop with shortcuts to all your favorite games, your personal email open, and so forth.

Once you’ve created and populated your virtual desktops, the Task view button also helps you manage and switch between them. Hovering over Task view shows you the virtual desktops you have open; clicking it gives you a list of running applications on the current desktop as well as a list (and previews) of the virtual desktops themselves. You can also right-click an individual desktop in Task view to rename it—so your virtual desktops can really be “work” and “play” rather than the default “Desktop 1” and “Desktop 2.”

Unlike earlier versions of Windows virtual desktops, you can set wallpaper individually per virtual desktop in Windows 11. Unfortunately, this doesn’t extend to the entire theme—if we change one virtual desktop from Windows (light) to Glow, all virtual desktops changed to the Glow theme. We were, however, able to set one desktop to Windows (light) and another to Windows (dark). So this may still improve before Windows 11 reaches release status.

Microsoft Store

We have to be honest—we never spent much time in the Microsoft Store in Windows 10. Before Windows 11, the Microsoft Store was limited to a special class of application called Universal Windows Platform apps, which limited its appeal. Those apps have a separate installation and uninstallation procedure than “normal” win32 or win64 applications, and frankly it’s just not how most of us are accustomed to finding applications on Windows in the first place.

Windows 11 aims to change that, with sweeping changes to the Store allowing win32, win64, UWP, PWA, and even Android apps to be purchased and installed. We were especially interested in the Android app sideloading—which Microsoft says should happen by way of Amazon’s app store, which can itself be installed via the Microsoft store. Unfortunately, Android app functionality is either not in Windows 11 yet, or we just couldn’t find it.

That left the Solitaire situation to check out. Searching the new Start menu for FreeCell got us initially excited, when we saw screenshots of the classic app—but unfortunately, those turned out to be from Wikipedia results!

Limiting the Start menu’s search results to Apps only got rid of the misleading screenshot and presented us with nothing but a link to search the Microsoft Store itself—which is a separate action. The Store’s results, unfortunately, do not populate the Start menu’s own results.

All of this is a bit of an unintentional red herring—as it turns out, Windows 11 does ship with a card game application called Microsoft Solitaire Collection that includes FreeCell. We found this app slow, clunky, and unsatisfying. It’s loaded with frippery like selectable graphics for the back side of cards (many of which require purchase) and “leveling up” as a player, but dragging cards was slow and tended to overshoot the mark.

Beware of “featured free games”

Before we spotted the Microsoft Solitaire Collection, we noticed that the front page of the Microsoft Store itself offered Solitaire: Treasure of Time as a featured free game. We gave that a spin and almost immediately regretted it.

Treasure of Time is, unfortunately, a naked cash grab which will look familiar to anyone who’s taken a bored trip through a mobile application store. Although the gameplay mechanic is based on a variant of Solitaire, the application itself revolves around a magical, mystical quest with all of the familiar free-to-play, pay-to-win hallmarks: bizarrely overanimated women, time-limited “energy,” and in-game currency.

We’re disappointed to find a generic cash-grab listed as one of Microsoft’s top-three featured free games in its new Store. Treasure of Time isn’t even a particularly good example of the genre—the storylines are complete throwaway nonsense, the “energy” necessary to play a round dissipates rapidly (we were done in less than a half-hour, unless we wanted to buy “diamonds” with real money), and we found the animated characters disturbing—all the way down to misogynistic touches like the primary character holding her binoculars backward.

We don’t want to burn time reviewing a god-awful free game—but “featuring” cash grabs like this one isn’t a good sign for Microsoft’s new Store. Careful, effective app curation which exposes the best apps and hides the worst is perhaps the single biggest element such a store can provide in the first place—without trustworthy curation, a user might as well go back to downloading apps directly from vendor websites.

Uninstalling Solitaire: Treasure of Time was also a frustrating experience—there was no uninstall link in its Store page or in the Microsoft Store’s “Library” page, where you can see all of the apps and content you’ve installed from the Store. It also wasn’t present in Programs and Features—only in Apps and Features, which is the Settings version of the application management dialog.

Thankfully, you can also uninstall Store apps directly in the Start menu’s “Recommended” section—once you’ve found it inside the Start menu, right-clicking for a context menu offers Uninstall as an option.

Windows Subsystem for Linux

This wouldn’t be Ars Technica if we didn’t put the Windows Subsystem for Linux through its paces as well. We were happy to discover that WSLg—the new upgrade to WSL which allows graphics and audio from Linux applications—installs by default along with WSL itself now.

A single command was sufficient to install WSL with graphics and audio, along with an Ubuntu userland—wsl -d Ubuntu --install is all it takes. Rebooting as requested during the installation presented us with the first of many whole-VM lockups, unfortunately—in the second screenshot, you can see the CPU utilization pegged at 100 percent on all cores for several minutes straight.

Forcibly restarting the VM resolved whatever random lockup we’d encountered, and WSL finished its installation within a few milliseconds, after which everything “just worked.”

In the final screenshot above, you can see my Windows 11 virtual machine running virt-manager—the same app I use on my Ubuntu workstation to manage and access the VM in the first place. For some extra fun, I’m using an SSH connection from the Windows 11 guest to the Ubuntu host, which allows me to pull a console on Windows 11 guest I’m inside in the first place.

Conclusion

First of all, we want to stress that bugs and even system lockups in this early build should not be taken as foreshadowing the final, released product—Windows 11 is still alpha software, so bugs and weirdness are to be expected. Although Windows 11 is clearly nowhere near ready for prime time yet, the early build gives us a good idea of where it’s headed.

Windows 11 doesn’t seem much, if any, more resource hungry than Windows 10—at first boot to the desktop, a Windows 11 VM with 4GiB of RAM is using 2.3GiB. It also boots quickly—in general, it seems a bit quicker to get to the login screen than Windows 10 was, though a little slower to reach the actual desktop. But we expect this will vary more widely by what applications users have installed than it does by operating system version.

Once the bugs are fixed, we expect Windows 11 to be a worthwhile upgrade from 10—an upgrade of approximately the same magnitude as the one from Windows 7 to Windows 10. It’s difficult to imagine any of 11’s new features confusing many users, although users may need a dash of extra help discovering those features in the first place.

On the flip side, users with older systems that don’t meet Windows 11’s notoriously stringent hardware requirements shouldn’t feel too left out—while 11’s new features are nice, we didn’t see anything we couldn’t live without.

Read the original article courtesy of ArsTechnica.com.