Feed aggregator

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe

Slashdot -

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.

Read more of this story at Slashdot.

The rest secret

BBC World News -

The results of the world’s largest survey on rest suggest that to feel truly rested, we need to get away from other people.

European Allows Copyright Owners to Demand Open Wifi Networks be Password Protected

EFF's Deeplinks -

The European Court of Justice (ECJ) recently announced its decision in Sony v McFadden with important consequences for open wireless in the European Union. The court held that providers of open wifi are not liable for copyright violations committed by others, but can be ordered to prevent further infringements by restricting access to registered users with passwords. EFF reported on the legal aspects of the case last year and collaborated on an open letter to the ECJ on the costs to economic growth, safety and innovation of a password lockdown.

Free wifi is rare in Germany compared with other EU countries due to legal uncertainty generated by the doctrine of Störerhaftung, a form of indirect liability for the actions of others, which has deterred cafes, municipalities and others from offering free connectivity. Many in Germany hoped that the McFadden case would remove these doubts, but it is now clear that a legislative fix is needed instead.

A Community Wireless Advocate in Court

McFadden, a community wireless activist with Freifunk, offered free wifi from his shop. He received a cease and desist letter from Sony Music after a user shared music from his network, and they also demanded that he pay the lawyer fees for this letter. McFadden successfully argued he was a service provider under the national implementation of the E-Commerce Directive and a 'mere conduit' for his users' traffic. This shielded him from direct liability for his users’ copyright violations but not from Störerhaftung - a liability attaching to any party in a position to ‘terminate or prevent’ the infringements. As a result copyright owners had a claim for injunctive relief against McFadden.

The German court proposed three enforcement options: shutting the network, monitoring all traffic, or ending user anonymity through a registration and password system. According to the ECJ only the last of these is consistent with EU law, but such a ‘solution’ will introduce major administrative overhead for providers. Worse still, they could also be saddled with the legal costs incurred in seeking the injunction. In the face of such burdens many operators will shut down...

A Solution in Sight?

The ECJ found that password based restrictions are consistent with EU law, not that they are required by it. The other options, however, would have would have entailed breaches of the E-Commerce rules and fundamental rights. The good news is that this means a domestic solution compatible with EU law is possible. Ideally German legislators would abolish Störerhaftung altogether. A previous attempt at legal reform last June was supposed [German] to deal with this but is regarded as flawed.

An alternative, less comprehensive approach, would be to shift the legal costs of the injunction to the party requesting it. If the bills are paid by the wifi owner, there is an incentive for lawyers to launch actions against every open wifi node in the country. Copyright trolling has history in Germany, where lawyers have leveraged the 'formal system of notice' for cease and desist letters (abmahnungen) into a shakedown system against millions for alleged copyright infringement online. But if the rightsholders must cover their own costs, orders will only be sought against nodes which are a serious source of infringements.

Universal Access: Forever Deferred?

A day before the McFadden verdict, the head of the EU Commission outlined a goal of free wifi throughout Europe by 2020. This will never be achieved by top-down means alone, but will require a user-based movement of connection sharing. The ECJ did not address the situation of individuals who make wifi available without economic motive, but German activists are protecting themselves against risks by technical means. Freifunk, for example, routes user traffic through a virtual private network so that it appears to originate in the Netherlands or Sweden, countries where Störerhaftung does not exist.

Universal access to the net will ultimately require curbing the power of a copyright industry which sees free networks as a threat to their property, something to be controlled and monitored rather than opened up and shared. In March, the Advocate General, whose reports are intended to guide the ECJ's decisions, rejected the password lockdown approach as inconsistent with a fair balance of the competing fundamental rights involved. He continued:

any general obligation to make access to a Wi-Fi network secure, as a means of protecting copyright on the Internet, could be a disadvantage for society as a whole and one that could outweigh the potential benefits for rightholders.

The ECJ did not follow his advice, and now it's up to legislators to fix what's broken.

Share this: Join EFF

Researcher Modifies Sieve of Eratosthenes To Work With Less Physical Memory Space

Slashdot -

grcumb writes: Peruvian mathematician Harald Helfgott made his mark on the history of mathematics by solving Goldbach's weak conjecture, which states that every odd number greater than 7 can be expressed as the sum of three prime numbers. Now, according to Scientific American, he's found a better solution to the sieve of Eratosthenes: "In order to determine with this sieve all primes between 1 and 100, for example, one has to write down the list of numbers in numerical order and start crossing them out in a certain order: first, the multiples of 2 (except the 2); then, the multiples of 3, except the 3; and so on, starting by the next number that had not been crossed out. The numbers that survive this procedure will be the primes. The method can be formulated as an algorithm." But now, Helfgott has found a method to drastically reduce the amount of RAM required to run the algorithm: "Now, inspired by combined approaches to the analytical 100-year-old technique called the circle method, Helfgott was able to modify the sieve of Eratosthenes to work with less physical memory space. In mathematical terms: instead of needing a space N, now it is enough to have the cube root of N." So what will be the impact of this? Will we see cheaper, lower-power encryption devices? Or maybe quicker cracking times in brute force attacks? Mathematician Jean Carlos Cortissoz Iriarte of Cornell University and Los Andes University offers an analogy: "Let's pretend that you are a computer and that to store data in your memory you use sheets of paper. If to calculate the primes between 1 and 1,000,000, you need 200 reams of paper (10,000 sheets), and with the algorithm proposed by Helfgott you will only need one fifth of a ream (about 100 sheets)," he says.

Read more of this story at Slashdot.


Subscribe to debianHELP aggregator