Jump to content

Search the Community

Showing results for tags 'bug'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 22 results

  1. Microsoft is working on a fix for 'Error code 6' crash on Microsoft Edge for Mac Microsoft has acknowledged an issue on Microsoft Edge for Mac that is causing the web browser to crash with 'Error code 6'. Earlier this week, users took to Microsoft Answers forum (via Techdows) to report the issue with Edge on macOS Catalina. According to users, Microsoft Edge started crashing after updating to Safari 14. The browser crashes after opening a new tab, settings, and even Edge extensions, with the error, "The page is having a problem. Try coming back to it later”. It also suggests users to refresh the page or open a new tab but none of the workarounds solves the problem. Fortunately, the Microsoft Edge Dev Twitter account has now confirmed that the culprit has been found and they are working on a fix that will roll out to Edge users in all the channels. In the meantime, the Edge Dev team has suggested rebooting Mac as a temporary fix to the problem. Some users have tried reinstalling Microsoft Edge but that does not fix the problem and hence, is not advised. Unfortunately, we don't know what exactly caused the problem but we do expect Microsoft to shed light on the problem once the fix has rolled out to Mac users. Microsoft is working on a fix for 'Error code 6' crash on Microsoft Edge for Mac
  2. Recent Windows 10 version 2004 Patch Tuesday updates are reportedly breaking WSL 2 Microsoft released its regular suite of Patch Tuesday updates to all supported versions of Windows 10, Windows 8.1, and Windows 7 ESU customers yesterday. However, users of Windows Subsystem for Linux 2 (WSL 2) have begun reporting that the updates are causing issues with the environment. The troublesome update seems to be the one released for the May 2020 Update (version 2004), filed under KB4571756. Installing the cumulative update that bumps up the build to 19041.508 supposedly causes WSL2 to not load and display an “Element not found error”. It is not clear how widespread the issue is, and if there are any specific configurations that are causing the issue. Users on GitHub report that the problems began surfacing after installing the update, and that uninstalling the quality update fixed the problem. Interestingly, though users claim to be able to get WSL 2 working post uninstalling KB4571756, the problem with WSL prompting an error has existed since late July and also plagues users when they try to upgrade from WSL 1 to WSL 2. Another thread suggests that the errors are being served in Insider Preview builds, suggesting that the problem is not specific just to current production versions of the OS. It is not clear what exactly causes the issue since it affects multiple versions of the OS. It is also not clear if it was fixed with a previous patch for the production versions that reappeared with the latest round of updates. There are no reports on whether the error is seen on Windows 10 versions 1903 and 1909 since WSL 2 was backported to those versions last month. While the known issues on the KB article does not list the WSL 2 problems, a response on GitHub suggests that the company is working on a fix. For those running production builds that rely on WSL 2, it is best to pause the latest updates from installing. The only workaround for those that are facing issues after the update is to uninstall the cumulative patch by heading to Settings > Update & Security > Windows Update > View update history > Uninstall updates and uninstalling KB4571756.. Source: GitHub via Techdows Recent Windows 10 version 2004 Patch Tuesday updates are reportedly breaking WSL 2
  3. Some Windows Insiders are seeing build expiration warnings If you're on the Windows Insider Program and you're getting a message that the build you're on is about to expire, you're not alone. Due to an oversight, the build expiration date was set to July 31 all the way up until build 20161, which was released on July 1. Two weeks later, build 20170 was released, changing the expiration date to January 31 of next year. Unfortunately, build 20170 has an issue with AMD processors, so if you're like the user linked to above, you're still stuck on build 20161. The good news is that that bug should be resolved, and you should get a new build long before the expiration date. Builds usually arrive on Wednesdays, so assuming that there is one tomorrow, you'll still have nine days before your build expires. There's another group of users that are going to have issues though, and this has to do with how the Windows Insider Program has been restructured. Previously, the Fast and the Slow rings have been on the same development branch. Now, the Dev channel is in a perpetual state of prerelease builds while the Beta channel is tied to a specific release. When switching from the Fast ring to the Slow ring, or switching from the Dev channel to the Beta channel, the process has been the same for a while. You'll stop receiving builds, and you'll get a new update whenever your channel catches up. This worked fine in the Fast and Slow ring days because they were getting similar builds. It's different now, as the Beta channel is on build 19042 and the Dev channel is on 20xxx. In short, if you switched your machine from the Dev channel to the Beta channel before build 20170 came out, your build is going to expire on July 31. Your options are the same as they've always been. You can temporarily switch back to the Dev channel to get a new build, which will expire next January, or you can do a clean installation of Windows 10. You can, of course, wait for an update. To be clear, expired builds won't put your machine in an unusable state like they did years ago. You'll just keep getting warnings about it, and then those warnings will get more frequent. The problem with waiting for an update is that you're going to be waiting for a while. It seems that 21H1 isn't going to be the major update that we were expecting, so if you thought the Beta channel would catch up in September or October, you're probably wrong. Now that the Windows Insider Program has been completely restructured, albeit gradually over the last year and a half, this is a problem that Microsoft is going to have to sort out going forward. Build expiration dates typically changed every six months or so, and the Dev channel switches to the Beta channel yearly at best. Some Windows Insiders are seeing build expiration warnings
  4. Microsoft releases an update to fix the Windows 10 blue screen issue involving Thunderbolt docks Some users running Windows 10 version 2004 (Windows 10 May 2020 Update) on their PCs faced blue screen error when plugging or unplugging a Thunderbolt dock. In May, Intel and Microsoft found the incompatibility issues causing this blue screen error. All Windows 10 PCs with at least one Thunderbolt port, Kernel DMA Protection enabled and Windows Hypervisor Platform disabled were affected by this issue. To protect users from blue screen errors, Microsoft stopped the roll-out of Windows 10 Version 2004 to these users. Microsoft has recently released the new KB4565503 update that fixes this Thunderbolt dock blue screen issue. Since the issue is resolved, the safeguard hold has been removed. If you are running a Windows 10 PC with Thunderbolt dock connected, you can now download the Windows 10 version 2004 update (Windows 10 May 2020 Update) through Windows Update. Microsoft releases an update to fix the Windows 10 blue screen issue involving Thunderbolt docks
  5. Microsoft acknowledges Windows 10 bug causing forced reboots, fix in the works Microsoft has acknowledged a new issue that affects Windows 10 versions 1809 and newer that causes the Local Security Authority Subsystem Service (LSASS) to fail on some devices, forcing users to reboot the system. Though the problem was reported widely after this month’s Patch Tuesday updates, the company has acknowledged the bug in the known issues section of the KB articles for impacted versions, which also include articles for the May updates. The LSASS process is tasked with enforcing security policies on a system that verifies user logon, password changes, and more. The problem relates to a failure in the LSASS.exe file which leads to users losing access to any accounts currently active on the machine. This forces users to reboot the machine. A Microsoft Tech Community thread (spotted by BleepingComputer) detailing the problem was first posted on May 27. Image: BleepingComputer The only workaround, for now, is to uninstall the June Patch Tuesday cumulative updates, meaning that users will have to uninstall KB4561608 (1809), KB4560960 (1903 and 1909), or KB4557957 (2004). However, those that skipped the June updates and are still sporting the May patches will have to uninstall KB4551853 (1809) or KB4556799 (1903 and 1909). Users that manually installed the fixes that were rolled out last week for the printer issues will need to roll back those patches. One of the support forum responses suggests that the company intends to roll out a fix via its July Patch Tuesday updates. Microsoft says that it is working on a resolution, but has not provided any timelines for when the fix will roll out to affected versions of the OS. Microsoft acknowledges Windows 10 bug causing forced reboots, fix in the works
  6. Debilitating 'Outlook needs to close' bug linked to a bad Windows cumulative update Microsoft has acknowledged that a combination of the June 2-or-later version of Microsoft 365 (nee Office 365) and the June Win10 cumulative updates cause Outlook to disavow its PST files. The source of the problem seems to be a bug in the cumulative updates. Microsoft / lVcandy / Aleksei Derin / Getty Images Internecine conflict seems to be a recurring theme at Microsoft, but this one takes it to new levels. Somehow, somebody forgot to test the latest patched version of Outlook with the latest patched version of Windows. The result is an error message that makes Outlook inoperable. The official announcement appears on the Microsoft 365 support site: After updating to Version 2005 Build 12827.20268 or higher and starting Outlook you may see the following error prompt: The Outlook Team is investigating this issue with the Windows Team. We are not sure yet if the primary fix will come from Outlook or Windows. When we have more information on fix details we will add them here. Microsoft If you click OK, the ScanPST Inbox Repair Tool starts. Go through the repair process, reboot, and - surprise! - you get the error message again. Wash. Rinse. Repeat. No telling how many hours have been wasted over the weekend on this one. The good news, though, is that your PST file is fine – and always has been. As best I can tell, the show-stopper bug only occurs on machines that: Use PST, not OST, files; Run Microsoft 365 version 2005 Current Channel release 12827.20268 (from June 2) or Current Channel release 12827.20336 (from June 9); And have installed the June 2020 Win10 cumulative update (KB 4557957 for version 2004, KB 4560960 for versions 1903 or 1909, or KB 4561608 for version 1809). Microsoft’s solution – published in that Microsoft 365 support article – involves manually editing the Registry to make Outlook disregard the bogus “corrupt” PST file on startup. In fact, the “corrupt” PST file isn’t corrupt at all. It’s just Windows messin’ with Outlook. If you don’t want to pummel your Registry, Diane Poremsky at Slipstick has an easy downloadable solution. The insider report I have says that the bug is actually in the June cumulative updates, but that it’ll be easier for Microsoft to fix the problem by working around it in a new Microsoft 365 Current Channel release. You might expect that the Office people aren’t particularly happy about this one. Tell me once again…, who tests this stuff? Solace for muzzled Outlook devs available on the AskWoody.com Lounge. Debilitating 'Outlook needs to close' bug linked to a bad Windows cumulative update
  7. Microsoft Your Phone bug is reducing volume for other apps on Windows 10 Microsoft announced the Your Phone app for Windows 10 users at Build 2018 and the app became popular pretty quickly. Microsoft has been consistent with the updates and the app recently enabled RCS messaging for Samsung smartphones. However, it looks like the app has a nasty bug that has been causing issues for some users. According to a Redditor, Microsoft Your Phone app “lowers the volume of every single application when I make or receive a call no matter what, and the applications will remain low volume until restarted.” Unfortunately, the bug seems to be caused by a Windows setting that controls the volume when using VoIP. While Microsoft hasn’t addressed the issue officially, disabling the said setting helped a lot of users. If you’re facing a similar issue then you can follow the steps below to fix the problem. Right-click on the speaker icon in the system tray and select Open Volume Mixer. Click on your primary Playback device and navigate to the Advanced tab. Once there, uncheck the option Allow applications to take exclusive control of this device and apply the settings. The aforementioned workaround should fix the issue but it is a temporary solution and you will have to wait for Microsoft to address it officially to completely close the bug. Your Phone app has been consistent for the most part but even the best softwares are not immune to bugs which seems to be the case here. Source: Microsoft Your Phone bug is reducing volume for other apps on Windows 10 (MSPoweruser)
  8. ROBBINHOOD – THE RANSOMWARE THAT BRINGS ITS OWN BUG Ransomware is one of the most feared cybercrime problems of the modern era. The idea of malware that scrambles your files and demands money to get them back is not new – the first widespread attack happened back in 1989 – but the scale of the threat has changed dramatically in the last few years. Up to about 2010 or 2011, ransomware was little more than a lab curiosity… …until the crooks finally figured out how to extract money from their desperate victims, thanks to the anonymity (more or less) afforded by the Dark Web and the untraceable (more or less) payments offered through the use of cryptocurrencies. Crooks such as the gang behind the Cryptolocker ransomware were able to make millions, perhaps even hundreds of millions, of dollars by infecting hundreds of thousands of users and businesses, and then demanding $300 a time to unlock each user’s files. But that approach has changed recently, with the big-money ransomware criminals carrying out fewer but much bigger attacks. These days, ransomware operations are very often aimed at whole networks, or even at centrally-managed collections of networks. The idea is that the crooks are still planning to scramble hundreds or thousands of computers in an attack, but instead of blackmailing the owner of each computer to pay a few hundred dollars, they blackmail the operators of the entire network to pay a huge lump sum. Those sums typically run from $50,000 to $5,000,000, with the victims sometimes left with little choice but to pay up because their whole business has ground to a halt, not just a few computers here and there. Network-wide attacks The good news is that to mount a network-wide attack, the crooks need to break into your network first. They also typically need full control over one or more computers to use for their reconnaissance; they need to promote themselves to system administrators to attack all your devices; and they need to spend time mapping out your network and setting up for the final assault. In other words, in the process of getting ready for a possible million-dollar payday, the crooks have to take the risk of being spotted, rebuffed, and going away with nothing at all. (The $300-a-time crooks still stand to make some money even if they only succeed against a tiny fraction of their targets.) The bad news is that if the crooks do get in and make themselves sysdamins, they’ve pretty much turned themselves into what you might call “an alternative IT department”, so they can take steps to reduce their risk of being found. The crooks can also try to deactivate any system-wide anti-invasion protections that you’ve put in place – they’re administrators, after all, so in theory they can turn off, reset or reconfigure anything and everything you’ve previously done to lock down your network. However, even with domain administration powers, it’s not easy to take over everything. For example, many security products include tamper-protection that makes it difficult to deactivate the software, at least without leaving a fairly visible trail. Proper patching makes it harder for the crooks to sneak around security protections, because you get rid of software vulnerabilities they might otherwise exploit. Likewise, system services often keep critical files in permanent use, meaning that they can’t easily be deleted or modified, which stops the crooks from scrambling them in a ransomware attack. That could be the difference between a ransom demand that you can’t avoid paying, because everything got scrambled, and a demand you’re comfortable to ignore because your important data didn’t get touched and so your business continuity wasn’t affected. Bring your own bug! Enter the aptly named RobbinHood malware: (Click on the image to see the full text of the demand in the report.) The crooks have come up with a shortcut that makes it much easier for them to bypass your tamper protection and to get access even to locked files. Instead of hunting for unpatched vulnerabilities on your computers… …the crooks simply bring their own bug! The way this works is a fascinating story, told in easy-to-follow detail in a recent research report from SophosLabs, and we urge you to learn more about the way the crooks went about their attack by reading the paper. Briefly put, the crooks have included an old-but-buggy Windows kernel driver along with their malware. The driver itself isn’t malware, but it is an official software component from motherboard maker Gigabyte, so it’s digitally signed by the vendor and the signature is attested as official by Microsoft itself. So, Windows will load the driver because of the signature… …after which the crooks can exploit a bug in the signed driver to trick Windows into letting them load their own, unsigned and malicious kernel driver! And their driver gives them low-level kernel-land access to system processes and files, which means they can kill off programs they’re not supposed to, and delete files that would usually be locked. For what it’s worth, bodging the behaviour of the kernel like that may cause problems, such as programs that stop working properly, or data that gets corrupted, or even – possibly a while later – a Blue Screen of Death. But the crooks don’t care! By the time you notice any transient problems caused by their malicious driver, you’ll almost certainly be facing a very much bigger problem anyway, namely that most – or perhaps all – of your data files, on most – or perhaps all – of the computers on your network will be scrambled. And only the crooks will have the decryption key to unlock the scrambled files. What to do? Fortunately, the modus operandi of loading a buggy kernel driver to load a malicious kernel driver can’t just be carried out at will, so this attack trick of “bring your own bug” doesn’t give any old crook a way to implant any old malware on your computer at any old time. The crooks do need to be administrators on your network already to use this kernel driver treachery. So: Go for defence in depth. In the RobbinHood attack, there are many up-front steps – including loading the suspicious kernel drivers – that the crooks have to take. They need to succeed at each step to get where they want, whereas you can stop them by blocking just one of the precursors. Control your entry points. In many network-wide ransomware attacks we investigate, the crooks sneak in by using remote access portals (notably Windows RDP, short for Remote Desktop Protocol) that you opened up for legitimate purposes but then forgot to secure properly. Prefer two-factor authentication (2FA). A lot of ransomware incursions are made possible by weak or easily-guessed passwords, or passwords that were exposed in a previous data breach. 2FA means that anyone logging in needs a one-time code that is different every time, which strengthens your protection against password-cracking attacks. Revisit your backup strategy. It’s tempting to rely on “live” backups that happen in real-time, such as mirroring files onto network shares or copying changed files into directly-accessible cloud storage. But today’s ransomware crooks go out of their way to find any on-line mirrors or backups you have. They either delete these backups first, or scramble them with the ransomware along with everything else. Keep off-line, off-site backups too – the crooks won’t be able to get at those. Watch your logs. Getting into a network, promoting yourself to administrator and probing for the security tools that are already in place almost always leaves some traces behind. In many attacks we investigate, the crooks were obvious in hindsight due to a combination of firewall alerts, account modification warnings, anti-virus detections, and more. If you aren’t going to look at your logs, you might as well not bother keeping them in the first place. Patch early, patch often. In this case, the crooks “brought their own bug”, but they needed to have sysamdin powers anyway. Don’t make it easy for them by leaving security holes open that help the crooks to get the leg-ups they need. Source
  9. Facepalm: It’s been almost two weeks since Microsoft officially ended its extended support for Windows 7, but the Redmond firm is introducing another free update for the OS that fixes a bug it introduced in the final public updates. As reported by The Verge, one of Microsoft’s final free Windows 7 updates—KB4534310—is causing wallpaper problems for some users. After installation, an image can display as black when set to Stretch. The issue only appears to affect stretched wallpapers, fit, fill, tile, or center options still work normally. Microsoft had initially said that the fix would only be available to organizations who pay the expensive Extended Security Updates (ESUs), but it has now decided to offer it for free to everyone running Windows 7 and Windows Server 2008 R2 SP1. While the bug isn’t exactly a major one, the fact Microsoft introduced it just as the company stopped supporting non-paying Windows 7 users is a bad look. Pushing out the fix to everyone will help avoid some negative PR. ESUs aren’t cheap. During the first year, those using Windows 7 Enterprise will pay $25 per machine. This doubles to $50 in the second year and goes up to $100 for the third year. It’s even more expensive for those using Windows 7 Pro. ESUs for this version start at $50 before going up to $100 in year two and $200 during year three. Many businesses have been slow to migrate from Windows 7 to Windows 10, including the German government, which has to pay Microsoft around $886,000 for ESUs. In other Windows 7 news, the Free Software Foundation is demanding that the OS be released as free software. Source: https://www.techspot.com/news/83729-microsoft-issuing-free-windows-7-fix-after-introducing.html
  10. Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks. Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug (CVE-2019-1460) would allow an attacker to perform cross-site scripting (XSS) attacks on the affected systems and run scripts in the security context of the current user, according to Microsoft’s advisory on the bug. XSS occurs when malicious parties inject client-side scripts into web pages, which trick the unsuspecting user’s browser into thinking that the script came from a trusted source. In this case, the computing giant said that the issue exists in the way Microsoft Outlook for Android software parses specifically crafted email messages – thus, an attacker could exploit the vulnerability by sending just such an email. Czech firm Cybersecurity Help said in a posting this week that the problem was an “Improper Neutralization of Input During Web Page Generation” problem that exists due to insufficient sanitization of user-supplied data. The adversary would need to be authenticated to the same network as the potential victim in order to carry out an attack, Microsoft said. A write-up by Symantec said that an attacker can exploit this issue to conduct spoofing attacks, while Cybersecurity Help added that an attacker could “steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.” Users should ensure that they have the latest version of the app, and update it manually if they haven’t received an auto-update. Beyond installing that update, Symantec also noted that mitigation includes running the software as a nonprivileged user with minimal access rights. Researcher Rafael Pablos was credited with finding the bug, which Microsoft rates as “important” in severity. It’s listed as having a 5.6 out of 10 severity rating on the CVSS v.3 vulnerability rating scale. Source
  11. Samsung began rolling out Android 10 based One UI 2.0 Beta builds to Galaxy S10 devices early this month amid reports of a possible delay. The successor to Android 9.0 Pie-based One UI is more of an iterative update that brings with it polishes and improvements to existing features along with Android 10-specific features such as the gesture navigation system. However, users that are running the beta builds were in for a surprise when a recent update locked them out of their devices – refusing to accept any authentication methods. Users running recent One UI 2.0 Beta builds began reporting that they were unable to unlock their devices through the way of a pin, password or biometrics after restarting the phones. The only preventive measure for those that still had access to their device was to disable all lock screen authentication methods through the Lock Screen settings. For those that were locked out, one of the ways to circumvent the issue was by deleting all authentication methods through Samsung’s Find My Mobile service (provided it was enabled). However, if that service was not enabled, there was no other option but to reset the device and roll back to Android 9 Pie through Smart Switch. Some users also reported that they have been unable to set a pin/password even after rolling back to Pie. Considering the severity of the issue, the firm was quick to release a hotfix for the problem that is now rolling out to all One UI 2.0 Beta users. The critical update package is about 131MB in size, carrying build number G970FXXU3ZSL and should be available to all S10 variants running the beta software. It should be noted that users that are currently locked out will have to either delete their authentication presets first or roll back and re-join the beta since the device will not initiate the update if the device is locked. Running beta software always brings a few risks with it, so it is best to have one’s device backed up in case something goes wrong. As a precaution for any such issues in the future, you can turn on Find My Mobile from Settings > Biometrics and Security > Find My Mobile. Source: 1. Samsung rolls out hotfix for One UI 2.0 Beta after update locks out users (via Neowin) 2. Critical Galaxy S10 Android 10 beta update out, fixes device lock issue (via SamMobile)
  12. No more distractions WhatsApp’s latest iOS update stops showing an unread notification badge on its app icon for messages you’ve muted. It’s a minor but welcome change that arrived with version 2.19.110 of the iOS app. The change applies for both individual and group chats. The messaging app’s mute feature is invaluable if you want to reduce distractions, particularly if you’re a participant in any large group chats. Before the update, muting a chat would only stop your phone from vibrating and playing a notification sound when it received a new message, while doing nothing about the anxiety-inducing red notification badge placed on the app’s icon on the home screen. The new update only affects iOS users. On Android, meanwhile, WhatsApp has a separate “Show notifications” toggle which you can either tick or untick when you’re muting a chat. Source: WhatsApp fixes the notification badge on muted iOS chats (via The Verge)
  13. Signal Users on Android Need to Update Right Now Image: Signal Signal, a popular encrypted messaging app, has recently patched a flaw that left Android users’ audio calls vulnerable to bad actors. Basically, the bug would’ve let someone answer calls for you—and it could all happen without you even knowing. Google’s Project Zero team reported the bug on September 27, and Signal fixed it in version 4.47.7, which was released last week. According to the bug report, the gist is a logic error in the Android client. There’s a method called “handle CallConnected” which allows a call to finish connecting. In normal usage, it’s employed when you accept an incoming call and when the caller’s device is notified that you’ve accepted the call. With a modified client, a bad actor could “send the ‘connect’ message to a callee device when an incoming call is in progress, but has not yet been accepted by the user,” Project Zero researcher Natalie Silvanovich wrote in the bug report. “This causes the call the be answered, even though the user has not interacted with the device.” This particular bug is somewhat similar to that FaceTime flaw that popped up earlier this year, in which users could eavesdrop on others before a call was answered. Both involve tricking the programs into thinking a call has been accepted when they haven’t. Unlike the FaceTime bug, however, the Signal bug is limited to audio calls—thankfully, Signal requires users to manually enable video. As the Next Web points out, the iOS version of Signal has a similar problem to the Android app; however, a UI quirk means it can’t be exploited in quite the same way. Still, Silvanovich recommends “improving the logic in both clients, as it is possible the UI problem doesn’t occur in all situations.” An iOS update is not available as of publication, but Signal users on Android should make sure they’re running the most current version of the app. Source: Signal Users on Android Need to Update Right Now
  14. Microsoft released non-security updates for Microsoft installed-based versions of Microsoft's Office suite on May 7, 2019. These updates address and fix issues in supported versions of Office but sometimes, they introduce issues of their own. Turns out, KB4462238 for Microsoft Office 2016 falls in that category of updates. Released to fix synchronization issues in OneNote 2016, the update introduces a bug of its own that affects any installed Office application. It appears that it breaks hyperlinks in any Office application. Microsoft notes that clicking on hyperlinks may cause the Office application to stop working altogether. After this update is installed, clicking a hyperlink in an Office application, such as Word, PowerPoint, Excel, or Outlook, may cause the application to stop working. Microsoft suggests that the update is uninstalled from the system to resolve the issue. If you experience this issue, you can uninstall the update by following the instructions in the "More information" section. The company provides removal instructions for the update. You may want to check out our in-depth tutorial on uninstalling Windows updates (including Office updates). One has to wonder how a major bug like this one slipped through the testing cracks. It is certainly possible that the bug is affecting only a tiny number of machines; Microsoft would have pulled the update, probably, if it would affect all Office installations it is installed on or the majority of them. Then again, Microsoft has a track record of releasing buggy updates. Windows 10 version 1809 is a prime example of this; the whole Windows community, at least those on Windows 10, hopes that Microsoft gets Windows 10 version 1903 right the first time it is released later this month. Closing Words A bug that stops any Office application dead in its track is quite serious; Office administrators and users who have not installed the patch yet may want to consider skipping it until the issue is resolved. OneNote 2016 users who require Sync may want to try installing the patch. Those who don't click on hyperlinks or can avoid clicking on them may do so as well. Source: Microsoft releases buggy Office 2016 Patch KB4462238 (gHacks - Martin Brinkmann)
  15. Some Firefox users started to notice that installed browser extensions were all disabled in the web browser suddenly. Extensions would display "could not be verified for use in Firefox and has been disabled" messages in the add-ons manager of the browser. Firefox would display "One or more installed add-ons cannot be verified and have been disabled" at the top as a notification next to that. Affected extensions include LastPass, Ghostery, Download Manager (S3), Dark Mode, Honey, uBlock Origin, Greasemonkey, NoScript, and others. Only options provided were to find a replacement and to remove the extension in question; this left affected users puzzled. Was this some kind of preemptive strike against policy violation extensions? Mozilla did announce that it would enforce policies more strictly. The answer is no. Turns out, the issue is caused by a bug. If you read carefully, you notice that verification is the issue. A new thread on Bugzilla suggests that this has something to do with extension signing. Firefox marked addons due signing as unsupported, but doesn't allow re-downloads from AMO → All extensions disabled due to expiration of intermediate signing cert. All Firefox extensions need to be signed since Firefox 48 and Firefox ESR 52. Firefox will block the installation of extensions with invalid certificates (or none), and that is causing the issue on user systems. Related issues have been reported: some users cannot install extensions from Mozilla's official Add-ons repository. Users get "Download failed. Please check your connection" errors when they attempt to download any extension from the official repository. Solution Nightly, Dev and Android users may be able to disable signing of extensions; some users reported that this resolved the issue temporarily on their end. You need to set the preference xpinstall.signatures.required to false on about:config to disable signing. You could change the system date to the previous day to resolve it temporarily as well, but that can lead to other issues. The issue can only be resolved on Mozilla's end. The organization needs to renew the certificate or create a new one to resolve the issue. I'd expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users. Users should not remove affected extensions from their installations; the issue will resolve itself once Mozilla fixes it. Source: Your Firefox extensions are all disabled? That's a bug! (gHacks - Martin Brinkmann) Poster's note: It's affecting my Firefox, most extensions are now disabled. Grrr...
  16. Avitar

    Broken Links

    The link to the requested file isn't working. I don't know who took over nsane management from shought and lite... but you need to step up your game. Other links to various hosted files do not work as well. I don't know if this is intentional but you're killing the very essence of nsanedown and nsaneforums. This IS the digital frontier and freedom of digital information was the founding principle of this site. For the less fortunate, the ones who couldn't pay and the ones who couldn't access credit cards, all software were made free on this site. Skill was the great equalizer between corporate greed and free interest. Whoever was given the power here has clearly been paid off by corporate entities and spit upon the very foundation of this site. Make a U-turn and make this site great again.
  17. Twitter announced today that an issue in its app for Android exposed some users’ protected tweets for over four years if they made certain changes to their account settings. As a result, content intended only for approved followers became publicly visible. Bug survived since late 2014 The problem caused the “Protect your Tweets” feature to become disabled for users of Twitter for Android that had it turned on and also made some modifications to their account, such as updating the associated email address. Users fitting this profile between November 3, 2014, and January 14, 2019 - the day the issue got fixed - may be impacted by the bug, Twitter says in a post on its Help Center. iOS and Web clients are not impacted. The company has already alerted the people known to the affected and enabled the “Protect your Tweets” setting for them. However, the exact number of accounts touched by the issue remains unestablished, and that’s why they published the announcement. “We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted,” Twitter says. For the same reason, the social network tweeted about the issue to the almost 5.8 million followers of its Support account. The message does not seem to have propagated well, though, with just 73 retweets and 170 likes recorded at the moment of writing. Twitter encourages its users to verify the current status of the tweet-protection setting in their account to make sure it is in accordance with their preferences. A full review is underway to make certain that such a problem does not occur again. The company promises to provide more information when it becomes available and if it is sufficiently important. Source
  18. Claps and cheers: Apple stores' carefully managed drama Those ‘geniuses’ in the bright, sleek Apple store are underpaid, overhyped and characters in a well-ma Steve Jobs wanted customers to understand the Apple store “with one sweep of the eye,” as if gods standing on Mount Olympus. Indeed, the outlets seem to speak for themselves. Bright, uncluttered, and clad in glass, they couldn’t contrast more sharply with the big-box labyrinths they were designed to replace. Neither could their profit margins. Since launching in 2001, the instantly recognizable stores have raked in more money – in total and per square foot – than any other retailer on the planet, transforming Apple into the world’s richest company in the process. Yet the very transparency of the Apple store conceals how those profits are made. When we think of “tech”, we rarely think of retail stores, and when we think of “tech workers” we rarely think of the low-waged “geniuses” who staff them. Most media coverage of tech companies encourages us to forget that the vast majority of their employees are not, in fact, coders in Silicon Valley: they’re the suicidal assemblers of your phone, the call-center support staff, the delivery drivers and the smiling shop floor staff who make up the majority of Apple’s workforce. The Apple store was explicitly designed as a brand embassy rather than a dedicated source of technical knowledge. As Ron Johnson, the former Target executive who came up with the concept, told the Harvard Business Review, “People come to the Apple store for the experience – and they’re willing to pay a premium for that … Apple is in the relationship business as much as the computer business.” Johnson and Jobs wanted ambassadors whose ostensible role was not to sell products – uniquely, Apple store employees receive no commission – but to create positive customer sentiment and repair trust in the brand when it broke. That was hard to do if your stuff was lumped in with everyone else’s in a big electronics store, overseen by third-party staff lacking any special expertise or interest in what you wanted to sell. The goal was to take full control of the brand image while humanizing it. The problem, however, was that humans can be rather unruly. Fortunately for Apple, someone had been hard at work fixing that bug. In 1984, a group of professors at Harvard Business School published a book, Managing Human Assets, aimed at updating workplace organization for a new era. The book was based on the first new compulsory course at the Harvard Business School in a generation, launched in 1981. Ron Johnson started his MBA at Harvard the next year, graduating as the book itself was released. Previously, the book argued, labor discipline could be achieved in a relatively straightforward top-down manner, but now it required something else. “The limitations of hierarchy have forced a search for other mechanisms of social control,” the authors said. The mechanisms they proposed consisted, at root, of treating employees as nominal stakeholders in business success, but within narrow limits that would increase rather than challenge shareholder profitability. Johnson put many of these ideas into practice. He found the first cohort of Apple store employees by personally interviewing every manager and offering jobs to upbeat staff working for competitors. He sent the first five managers through the Ritz-Carlton training program to learn concierge skills. Then he developed a training program for the in-house production of “geniuses”. (Jobs reportedly hated the term at first, finding it ridiculous. True to form, he asked his lawyers to apply for a trademark the following day.) How do you create an engaged, happy, knowledgable workforce that can pass, however implausibly, as an entire battalion of geniuses in towns across the country? More importantly, how do you do all of that without the stick of the authoritarian boss or the carrot of a juicy commission? Apple’s solution was to foster a sense of commitment to a higher calling while flattering employees that they were the chosen few to represent it. By counterintuitively raising the bar of admission, crafting a long series of interviews to weed out the mercenary or misanthropic, Johnson soon attracted more applicants than there were posts. Those keen enough to go through the onerous hiring process were almost by definition a better “fit” for the devotional ethos of the brand, far more receptive to the fiction that they weren’t selling things but, in an oft-repeated phrase, “enriching people’s lives”, as if they’d landed a job at a charity. “When people are hired,” Johnson explained, “they feel honored to be on the team, and the team respects them from day one because they’ve made it through the gauntlet. That’s very different from trying to find somebody at the lowest cost who’s available on Saturdays from 8 to 12.” While not the lowest, the cost of these eager staff was still low – relative to industry averages, to the amount they made for the company, and to the $400m that Johnson earned in his seven years at Apple. Lower wages also had another, less obvious effect. As Apple store managers explained to the New York Times, the lack of commissions meant that the job didn’t pay well enough to support those with dependents: older workers were functionally excluded from representing the brand without the need for a formal policy – or the attendant specter of discrimination lawsuits that it would raise. Deploying psychology, not the maximizing calculus of economic rationality (money), allowed Apple to turn hiring and wages into managerial props. The sense of higher calling and flattery doesn’t stop with the hiring process, of course. Make it through the gauntlet and you are “clapped in” by existing workers: given a standing ovation as if receiving a prize. The clapping, according to employees, continues until new hires, perhaps after a confused delay, begin clapping too, graduating from outside spectator to part of the performance – part of the team. Leave the company and you’re “clapped out”. Products are clapped, customers waiting overnight to buy them are clapped, their purchases are clapped, claps are clapped. Clap, clap, clap. “My hands would sting from all the clapping,” said one manager. Claps, cheers, performances of rapturous engagement provided, by design, a ready-mixed social glue to bind teams together, reaffirming both the character of the brand and employees’ cultish devotion to it. It might be expected that Apple store employees are, as their name implies, tech gurus with incredible intellects. But their true role has always been to use emotional guile to sell products. The Genius Training Student Workbook is the vaguely comical title of the manual from which Apple store employees learn their art. Prospective geniuses are taught to use empathetic communication to control customer experience and defuse tension, aiming to make them happy and relax their purse strings. One of the techniques the book teaches is the “three Fs”: feel, felt, found. Here’s an example from the book, meant to be role-played by trainees: Customer: This Mac is just too expensive. Genius: I can see how you’d feel this way. I felt the price was a little high, but I found it’s a real value because of all the built-in software and capabilities. When customers run into trouble with their products, geniuses are encouraged to sympathize, but only by apologizing that customers feel bad, lest they implicate Apple’s products as the source of the trouble. In this gas-lit performance of a “problem free” brand philosophy, many words are actually verboten for staff. Do not use words like crash, hang, bug, or problem, employees are told. Instead say does not respond, stops responding, condition, issue, or situation. Avoid saying incompatible; instead use does not work with. Staff have reported the absurdist dialogues that can result, like when they are not allowed to tell customers that they cannot help even in the most hopeless cases, leading customers into circular conversations with employees able neither to help nor to refuse to do so. Apple’s “geniuses” perform on a stage that’s as carefully managed as they are. Jobs and Johnson wanted to control every aspect of the Apple stores, down to the specific color of the bathroom signs. Almost every detail is trademarked, from stairs to display tables to storage racks. Even the supposedly “intuitive” layout, so obvious that it can be understood by all, is considered unique enough to warrant a suite of intellectual property protections. In part to counter the falling sales volume of a saturated market, Apple has spent the past two years overhauling its stores to work even harder. Potted trees have been added to give a green splash to the signature grey and, in a move so ridiculous it’s almost certain to be a hit, the Genius Bar has been rebranded the “Genius Grove”. Windows are opened to blur the distinction between inside and outside, and the stores are promoted as quasi-public spaces. “We actually don’t call them stores any more,” the new head of retail at Apple, former Burberry executive Angela Ahrendts (2017 salary: $24,216,072), recently told the press. “We call them town squares.” The town square. It’s an almost-quaint symbol of participatory civic life – a world away from the big-box sprawl that characterized the retail imaginary of the late 20th century, or even the digital isolation of the 21st. Apple’s goal has been to create spaces for people to just hang out in, extending the original insight that focusing on everything other than cold hard cash will paradoxically be the best way to rake it in. In Ahrendts’s vision, “the store becomes one with the community”. But the real hope seems to be closer to the opposite, that the community will become one with the store. After Apple recently won the race to surpass a $1tn valuation, CEO Tim Cook emailed staff to explain, “Financial returns are simply the result of Apple’s innovation, putting our products and customers first, and always staying true to our values.” While seductive, this story is, like the Apple store itself, a managed fiction. Apple’s system of operation is less the result of genius than of capture and control. Semiconductors, microprocessors, hard drives, touch screens, the internet and its protocols, GPS: all of these ingredients of Apple’s immense profitability were funded through public dollars channeled into research through the Keynesian institution called the US military. They are the basis of Apple’s products, as the economist Mariana Mazzucato has shown. The company’s extraordinary wealth is not simply a reward for innovation, or the legacy of “innovators” like Steve Jobs. Rather, it flows from the privatization of publicly funded research, mixed with the ability to command the low-wage labor of our Chinese peers, sold by empathetic retailers forbidden from saying “crash”. The profits have been stashed offshore, tax free, repatriated only to enrich those with enough spare cash to invest. But, as the public well from which it has drawn past innovations runs dry, the company’s ability to repeat the success of the iPhone is evaporating. Federal funding for scientific research is in deep decline, and Apple isn’t likely to make up the gap. To keep profitability high, Apple is moving to ever-more-luxury price tags for ever-more-marginal improvements (like the iPhone XS Max) and expanding its ability to extract rent by controlling the creativity of others (through Apple Music or the App Store, both impossible to sign out of without landing in pop-up purgatory). All the while its brand embassies sell a different story with a smile. Source
  19. Website owners should move quickly to patch a critical vulnerability in the OpenSSL cryptographic software library. The flaw, which was disclosed Monday, can be exploited to compromise the secret keys used to identify service providers and encrypt traffic, usernames, passwords and content. Dubbed 'Heartbleed' because the bug is in OpenSSL implementation of the TLS/DTLS heartbeat extension (RFC6520), the vulnerability was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on March 14, 2012. OpenSSL versions 1.0.1 through 1.0.1f are vulnerable, but the latest version released Monday - 1.0.1g - is not. "Looking only at web servers, it seems that OpenSSL 0.9.8 and 1.0.0 are still the most popular versions, which are not affected," said Mark Schloesser, security researcher for Rapid7. "However, we count at least a few hundred thousand servers using affected library versions, so it poses a significant threat. As the same problem affects other protocols/services such as mail servers and databases, we assume that, overall we're looking at millions of vulnerable systems connected to the public Internet." According to an advisory from the OpenSSL Project, the issue comes down to a missing bounds check in the handling of the TLS heartbeat extension that can reveal up to 64K of memory to a connected client or server. However, the researchers that discovered the bug added that there technically is no 64K limit to the attack, as that limit applies only to a single heartbeat. According to researchers at security vendor Codenomicon, who discovered the bug along with Neel Mehta from Google, an attacker can either keep reconnecting or keep requesting arbitrary numbers of 64 kilobyte chunks of memory content during an active TLS connection until enough secrets are revealed. "We have tested some of our own services from attacker's perspective," Codenomicon noted in an FAQ on the findings. "We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication." TLS client certificate authentication does not mitigate the issue, nor does OpenSSL's FIPS mode, according to Codenomicon. However, using Perfect Forward Secrecy (PFS) should keep past communications from retrospective decryption. A proof-of-concept exploit for the vulnerability has already made its way online. According to Fox-IT, Yahoo is among the sites vulnerable to attack. "It is possible to detect successful exploitation of this vulnerability by inspecting the network traffic," blogged Joost Bijl of Fox-IT. "We have developed Snort signatures to detect succesful exploitation of the ‘heartbleed bug’." "This bug," he added, "affects both sides of the connection. Not only will client certificates not save you from having to update your server certificate, they can be read from the client (along with your username, password etc.) by any server you connect to. DNS poisoning, MitM etc. can be used to direct clients to a malicious server – it seems that this vulnerability can be exploited before the server has to authenticate itself." “OpenSSL is runs atop two of the most widely used Web servers, Apache and nginx, as well as email servers and chat services, VPN and other software that use the code library," Ken Westin, a security researcher with Tripwite told SecurityWeek. "Many devices that use embedded Linux including routers and other devices may also be susceptible," Westin said. "Attackers who exploit the vulnerability can monitor all data passing between a service and client, or decrypt historical encrypted data that has been collected. Many modern operating systems use vulnerable versions of Open SSL including Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2.” Source
  20. Hackers could take control of Philips ‘smart TVs’ and broadcast their own ‘shows’ to watching famlies, thanks to a ‘fixed’ password which allows nearby attackers easy access to the set’s Wi-Fi adapter. A hacker within Wi-Fi range of any 2013 Philips Smart TV can replace the image on screen with video or images of his choosing (useful, for instance, for phishing attacks, by creating a bogus login screen), and can read files on USB devices attached to the set. Researchers ReVuln demonstrated the attack in a video, showing how private data such as browser cookies for sites used by the set’s owner could be remotely accessed. Ars Technica’s Dan Gooodin described the attack as leaving televisions “wide open” – and said that the attack occurred in seconds, without anything being visible to the user, even as the attacker plundered files from USB sticks and the TV’s browser. “Once someone has connected to the Miracast-enabled Wi-Fi network, they can use publicly available software to download any personal files that may be contained on USB drives plugged in to the Philips Smart TV. More troubling, connected devices can steal the highly sensitive browser cookies that many websites rely on to authenticate users when they access their private accounts.” The vulnerability (a video demonstration is shown here) cropped up in new firmware for Philips 2013 Smart TVs, which include a hard-coded password for the devices’ “Miracast” access point, which annot be changed by users. This means hackers within range have a ‘key’ to access affected sets. Independent security researchers ReVuln say, “The recent firmware released by Philips for their 2013 models of SmartTV (6/7/8/9xxx) have the WiFi Miracast feature enabled by default with a fixed password and no PIN or request of permission for new WiFi connections. The impact is that anyone in the range of the TV WiFi adapter can easily connect to it and abuse of all the nice features offered by these SmartTV models.” TP Vision, the vendor of Philips Smart TV range says, “We recognize the security issue as reported by ReVuln linked to Miracast on the high end 2013 Philips TVs. Our experts are looking into this and are working on a fix . In the meantime we recommend customers to switch off their Miracast function of the TV to avoid any vulnerability. ( Quick help: Press the HOME button – navigate to Set up – select Network Settings – Select Miracast – set to OFF).” The company is currently working on a more permanent fix for the issue – but sets from other manufacturers may also be vulnerable. The ‘screen mirroring’ function used to gain access is certified by the Wi-Fi Alliance, and Miracast is merely Philips’ brand for a technology present in several brands of ‘smart’ TV. Source
  21. I have recently suffered a BSOD phenomenon in my notebook running windows 8 pro x64. After loading the boot logo, a black screen appears and never goes off. I'm not being able to find out its cause. I have recently completed installing all windows updates - so, is there any particular update responsible for causing this phenomenon?I was not intending to use UxThemePatcher but at last decided to and patched the system with it - Could it be the reason?Or is it any other reason told/untold/foretold by M$?
  22. SO it seems the guys at Tonec Inc. didn't lie when they said that the latest patch would break the application. A few days ago users of this popular application were greeted with an annonying popup cautioning then against using patched versions of the program. The activation runtime was embedded in the file IDMGrHlp.exe. Recent patches to jump this instruction segment have since been found to cause CPU leaks and resource hogging, locking up CPU's with less than two cores. While the guys at Internet Download Manager seem to have some brilliant anti piracy scheme in order, making your program into a virus that will seize up a computer and sabotage the CPU is certainly not the way to combat piracy.
×
×
  • Create New...