Ethereum Mining GPU Performance Rounduphttp://wccftech.com/ethereum-mining-gpu-performance-roundup<< What we are doing here with this article isn't going to be a tutorial or guide, we’re not endorsing or encouraging the mining, trading, buying, or selling of Ethereum. We are simply taking a look at the current landscape of GPU mining hashing performance, power draw, and current profitability of taking part in Ethereum Mining. >>
|
|
|
|
digibyte.config
rpcauth=bycag:5drfd59a7d8a7fd953022fcfabf2121$58a7a7myauth8a7b6d203e093db8a30a3c305c9cb5
server=1
listen=1
deamon=1
rpcallowip=127.0.0.1
rpcport=14022
port=12024
maxconnections=10
txindex=1
algo=groestl
my config:
{
"pools" : [
{
"url" : "127.0.0.1:14022",
"user": "bycag",
"pass" : "GHF2qp4Pmypassb99kh1iBM="
}
I think this way. Only RPCauth in digibyte.conf and the user with generated password into your minerconfig.
no work.. 127.0.0.1 slow/down or url or credentials invalid  Same problem here. The rpcauth/username/password part is correct both in digibyte.conf and the miner's config. I'm suspecting this might have something to do with the new rpcallowip format - it used to accept wildcards before so I just used rpcallowip=* (like with all other coin cores). With this version I tried both 127.0.0.1 and 192.168.0.99 (my network address), but neither worked. All ports are open etc. Going back to core version 4.0.3 until the changes introduced to solo mining by the new version are properly documented (or fixed). |
|
|
|
 Here's How To Circumvent Microsoft's Windows Update Block On New CPUs With Windows 7 And 8http://hothardware.com/news/circumvent-microsofts-block-of-windows-update-new-cpusMany long time Windows users have not been pleased with Microsoft’s decision to block updates to Windows 7 and 8.1 for systems running current and future generations of processors. Intel's Kaby Lake and AMD's Ryzen chips are among the first blacklisted casualties of this policy. Microsoft deemed this necessary to improve the deployment cycle of Windows and ease the workload on hardware partners validating their products across multiple generations of Windows. Whether you buy that reasoning or not isn't for us to decide. The fact of the matter is, Microsoft wants every one of its customers locked into Windows 10.At any rate, some users have decided to take matters into their own hands. Namely, github user zeffy noticed a line in Microsoft's changelog stating, "Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update". Zeffy details his process of dissecting the .msu package and analyzing changes in the readme of his github page. His prodding produced two functions - IsCPUSupported(void) and IsDeviceServiceable(void) - behind the processor version check. From there, he was able to create a patched version of the wuaueng.dll which simply returns 1 (CPU is supported) when the IsDeviceServiceable(void) is called. The caveat, he notes, is that wuaueng.dll must be re-patched any time it is updated by Microsoft. Evidently a generous man, zeffy shared his workaround in the form of four scripts, covering Windows 7 x86 and x64 (KB4012218) as well as Windows 8.1 x86 and x64 (KB4012219). All end users need do is download the .bat and .xdelta files corresponding to their system, run the .bat as Administrator, and follow the prompts. Behind the scenes, zeffy's script verifies the offending Microsoft update - KB4012218 or KB4012219 - is installed and double-checks your Windows version. After confirming to install the patch, it first backs up wuaueng.dll, then imports changes from the .xdelta file to wuaueng.dll. Provided no errors occur, everything is ready to rock and roll. If something did go wrong, the script automatically works to restore the original copy of wuaueng.dll. The script can also be rerun at any time to reverse changes, if desired. Naturally, this whole process is not supported by Microsoft so we advise you only attempt this patch only if you fully understand what is taking place and you take full responsibility for your own system. The scripts are fully open-source and can be readily inspected to ensure no malicious behavior is taking place. Furthermore, the success of this simple patch underscores the arbitrary nature of Microsoft's decision here. There's clearly no technical hurdle preventing these chips from running the latest updates. You might think, maybe it's just a line in the sand situation and future updates will not actually play nice, though this really seems to rub salt in the wound if you're of that mindset. On the other hand, the business decision is understandable, from MSFT's perspective, to cut draining validation and support ties with their old OS and pour as many resources into the new baby as possible. Regardless, it will be interesting to see if this evolves into a cat-and-mouse patch fest, so if you do use this approach be sure to always check for updates to the patch process before running. Source: HotHardware |
|
|
|
De-Captcher.com offers an automated captcha solving service (both human and OCR based). API's are available for all major current programming languages and platforms (check the De-Captcher.com website for a list) so that the service can be integrated into any kind of application that needs to solve captchas automatically. I have a balance of US$ 327 on my De-Captcher.com account from the time I used the service and since I can't withdraw that money - once money is deposited, it can only be used to pay for the service - I'm selling it with a massive discount for 0.2 BTC. The buyer will create an account with De-Captcher.com (if he doesn't already have one) and the balance will be transferred from my account to his. Please send me a private message if you're interested. More info on the service: What is DeCaptcher?
|
|
|
|
 Microsoft Faces Class Action Suit Over Damaging, Forced Windows 10 Upgradeshttp://hothardware.com/news/microsoft-class-action-suit-over-damaging-forced-windows-10-upgradesA class-action lawsuit filed in Illinois accuses Microsoft of being too aggressive in its campaign to get Windows users to upgrade to Windows 10. Plaintiffs in the lawsuit allege that after upgrading, which in some cases occurred without their permission, their PCs were inoperable, forcing them to either pay for repairs or upgrade to a brand new system. The lawsuit also complains of lost data. "The Windows 10 system often installs itself without any action being taken by the consumer. The first the consumer knows of the installation is a message on the computer screen, 'DO NOT TURN OFF YOUR COMPUTER WHILE WINDOWS 10 IS BEING DOWNLOADED'. In fact, the only way to stop the download is do what the message forbids and turn off your computer - immediately", the lawsuit states. When Microsoft released Windows 10 to the public on July 29, 2015, it advertised that Windows 7 and Windows 8/8.1 users could upgrade their PCs at no cost for the first year. Many users took advantage of the free upgrade offer, though rather than leave things to chance, Microsoft pushed the free upgrade pretty hard. Some of its methods have come under scrutiny in the class-action lawsuit. One of the those methods is a pop-up message that seemingly gave users no choice but to upgrade. These pop-up boxes would advertise the free upgrade offer to Windows 10 with two buttons, "Upgrade Now" or "Upgrade tonight". This seemingly indicated that upgrading was mandatory, though clicking on the small "X" in the upper-right corner would dismiss the pop-up. "However, even when a user clicks on the 'X', the pop-up box will appear autonomously and of its own volition during the course of the day. More recently, a new pop-up box has appeared which also expects to 'select and upgrade' - more or less presuming the consumer wants one", the class-action lawsuit adds. Plaintiffs in the class-action lawsuit also take Microsoft to task for the way it checks the condition of a PC prior to upgrading. They allege that while the Windows 10 installer genie checks PCs for compatibility, it does not consider the condition of the system or make any attempt to see if the hard drive "can withstand the stress of the Windows 10 installation". According to the lawsuit, many consumers were stuck with a failed HDD due to installing Windows 10. The class-action lawsuit seeks unspecified damages, both actual and punitive, along with attorney costs and any other relief a judge may deem proper. Source: HotHardwareHow to completely avoid upgrading to Windows 10... foreverSpybot Anti-Beacon for Windows |
|
|
|
 Microsoft Hit Hard For Enabling Windows 10 built-in Keylogger Featurehttp://www.guru3d.com/news-story/microsoft-hit-hard-for-enabling-windows-10-built-in-keylogger-feature.htmlhttp://www.myce.com/news/massive-uproar-alleged-windows-10-built-keylogger-feature-81685/There is a bit of an uproar on the web about Microsoft - it seems they introduced a feature in the privacy settings that acts and behaves like a key-logger, and they enabled it by default, for everybody. The privacy setting "Send Microsoft info about how I write to help us improve typing and writing in the future" is reportedly enabled by default and users now fear Windows 10 has become one big keylogger, reports myce: It's not the first time there are concerns about Windows 10's data collections methods. Microsoft therefore announced it would give users more control over their privacy in the upcoming Creators Update. Microsoft states in a FAQ that keystrokes are collected to improve handwriting and pronunciation recognition and that it can be turned off by going to Start -> Settings > Privacy > General and then disable "Send Microsoft info about how I write to help us improve typing and writing in the future". Some users report that they turned the setting off to find it automatically enabled again. Meanwhile, Reddit has labeled the story as "Misleading". Nevertheless, more than 15,200 Redditors upvoted the story and the story received more than 1,800 comments. Sources: Guru3D, MyceHow to completely avoid upgrading to Windows 10... foreverSpybot Anti-Beacon for Windows |
|
|
|
And I have aunt from Brazil, where there are a lot of many wild monkeys. But there really are very beautiful girls. It's true that I would not like to live there. There wildlife is very cruel. You clearly don't know the first thing about Brazil. I have lived here for over 30 years and never saw a monkey. Maybe your aunt was looking in the mirror when she saw it. |
|
|
|
 Microsoft Edge: Most Hacked Browser At Pwn2Own 2017http://www.tomshardware.com/news/pwn2own-2017-microsoft-edge-hacked,33940.htmlMicrosoft Losing Its EdgeMicrosoft created the Edge browser by rewriting most of it from scratch (some parts were forked from Internet Explorer). The company's goal was to have a browser that's much more secure and that can keep up with Chrome and Firefox when it comes to supporting the latest web standards. Edge even implemented sandboxing technologies that were similar to what Chrome was using, which put it ahead of Firefox, which is still trying to play catch-up in this regard. However, despite these improvements in code cleanness and security technologies, it hasn't quite proven itself when faced with experienced hackers at contests such as Pwn2Own. At last year's edition of Pwn2Own, Edge proved to be a little better than Internet Explorer and Safari, but it still ended up getting hacked twice, while Chrome was only partially hacked once. Things seem to have gotten worse, rather than better, for Edge. At this year's Pwn2Own, Microsoft's browser was hacked no less than five times. (...) Windows 10 didn't do too well either, as every successful browser attack on Windows seemed to have a matching successful attack against the Windows kernel. The conclusion we can draw from the latest Pwn2Own is that Microsoft still has much work to do for the security of both Edge and Windows 10, perhaps coupled with getting better at finding and then fixing bugs more quickly. How to completely avoid upgrading to Windows 10... foreverSpybot Anti-Beacon for Windows |
|
|
|
Microsoft's heavy-handed Windows 10 tactics may be its undoinghttp://www.theinquirer.net/inquirer/opinion/2454935/microsofts-heavy-handed-windows-10-tactics-may-be-its-undoingSoftware's tarnished reputation could see a repeat of "XP Forever" phenomenon.<< The danger for Microsoft is that there are perfectly good alternatives to Windows these days. Linux distributions such as Ubuntu or Linux Mint now offer an ease of use comparable with Windows, and many tech-savvy users, including yours truly, will be tempted simply to ditch Windows in favour of Linux because Windows 10 is starting to seem more trouble than it's worth. And this could turn into a real problem for Microsoft if the next generation of techies grows up with more experience of using Linux than Windows. Windows 10 was seen by many as a make-or-break release for the future of Microsoft. It would be ironic if the firm has sabotaged this through its own stupidity and heavy-handed tactics. >>
|
|
|
|
 Microsoft Disables Windows Updates For Ryzen And Kaby Lake PCs Running Windows 7/8.1http://hothardware.com/news/microsoft-disables-windows-update-on-ryzen-kaby-lake-pcs-running-windows-7-windows-8When it comes to supporting legacy operating systems on new hardware, Microsoft has just unleashed the mother of all nuclear options. We already knew that Microsoft and its hardware partners - namely Intel and AMD - will not provide official support for the newest generation of PC processors on operating systems released prior to Windows 10. "To achieve the highest confidence in the performance of our AMD Ryzen desktop processors, AMD validated them across two different OS generations, Windows 7 and 10", said AMD with respect to Ryzen support. "However, only support and drivers for Windows 10 will be provided in AMD Ryzen desktop processor production parts". Intel's stance on the matter pretty much mirrors AMD's comments. Microsoft is taking the drastic step of shutting down ALL access to Windows Update for Ryzen and Kaby Lake processors running Windows 7 or Windows 8.1. This isn't a matter of just missing out on driver updates to fully support the latest generation of processors on older operating systems - we're talking about a complete blackout of Windows Update on all fronts. No product updates, no security updates, nada. As pointed out by the Dark Side Of Gaming, Microsoft updated its support pages on March 9th, 2017 to reflect this policy change. Users running Ryzen or Kaby Lake on these unsupported operating systems will see one of the following two messages when attempting to use Windows Update: Your PC uses a processor that isn't supported on this version of Windows and you won't receive updates.
Windows could not search for new updates.
An error occurred while checking for new updates for your computer.
Error(s) found: Code 80240037 Windows Update encountered an unknown error.
Microsoft then provides the following "cause" for the error messages: This error occurs because new processor generations require the latest Windows version for support. For example, Windows 10 is the only Windows version that is supported on the following processor generations:
Intel seventh (7th)-generation processors
AMD "Bristol Ridge"
Qualcomm "8996"
Because of how this support policy is implemented, Windows 8.1 and Windows 7 devices that have a seventh generation or a later generation processor may no longer be able to scan or download updates through Windows Update or Microsoft Update. As you might expect, the only solution according to Microsoft is to upgrade to Windows 10. That’s a pretty tough pillow to swallow for those that still want to cling on to Windows 7 (for whatever reason), and is likely a move that won't sit well with many consumers and businesses. It is also a bit perplexing to some considering that mainstream support for Windows 8.1 does not end until January 9th, 2018 (mainstream support for Windows 7 ended on January 13th, 2015). Extended support for Windows 7 and Windows 8.1 end on January 14th, 2020 and January 10th, 2023 respectively. Source: HotHardwareHow to completely avoid upgrading to Windows 10... foreverSpybot Anti-Beacon for Windows |
|
|
|
I have not continued using the free upgrade of Windows 10 offered last year because my PC could not contain the upgraded OS for reasons I don't know why...I suspect it is because I have an old PC. I doubt it that it was your computer's fault. Cancer 10 is a work in progress and there are just too many bugs and rough edges to mention. Current users are essentially beta testers for Microsoft. Add to that the fact that it will never be a finished OS (MS doesn't even call it an OS anymore, they call it a service). You may even get to like it at some point, but Microsoft will be changing things all the time, and you will be stuck with whatever they decide to push down your throat. |
|
|
|
 Microsoft Sneaks OneDrive Ads Into The Windows 10 File Explorerhttp://hothardware.com/news/microsoft-sneaks-onedrive-ads-into-the-windows-10-file-explorerWhen Microsoft announced that it would provide Windows 10 as a free upgrade for Windows 7 and Windows 8.x users during the first year of availability, you knew that there had to be some strings attached. As we've seen over the past year and a half, Microsoft has come under fire for its privacy policies, allegations of "spying" on users and its penchant for placing advertising within Windows 10. It's that last point that is once again rearing its ugly head for Windows 10 users. A redditor has noticed that Microsoft is now placing ads within the oft-used Windows File Explorer interface. It's one thing to see ads pop into view when you're browsing the internet with Microsoft Edge or Google Chrome, but you don't expect (or want) to see advertisements in well-trafficked areas of your operating system of choice. In this case, Microsoft is trying to get users to try out the paid version of its OneDrive cloud storage service. Interestingly enough, the redditor in question is already paying for OneDrive. OneDrive is integrated into Windows 10 and allows you to easily share files and user settings across devices. (...) After doing some digging around on the internet, it appears that the only way to remove these OneDrive advertisements is to [while within Windows Explorer] navigate to View —> Options —> View —> Advanced settings. From there you will need to uncheck the "Show sync provider notifications" box, and you'll be set free. Thankfully, this is a rather quick fix to get rid of annoying ads from within Windows 10. With that being said, it's probably easier for Microsoft to beg for forgiveness than to ask for permission. Source: HotHardwareHow to completely avoid upgrading to Windows 10... foreverSpybot Anti-Beacon for Windows |
|
|
|
WikiLeaks says it will help Silicon Valley defend against CIA hackinghttp://www.latimes.com/business/technology/la-fi-tn-wikileaks-cia-20170309-story.htmlWikiLeaks will work with technology companies to help defend them against the CIA's hacking tools, WikiLeaks founder Julian Assange said Thursday. The approach sets up a potential conflict between Silicon Valley firms eager to protect their products and an agency stung by the radical transparency group's disclosures. In an online news conference, Assange acknowledged that some companies had asked for more details about the CIA cyberespionage toolkit whose existence he purportedly revealed in a massive leak published Tuesday. "We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out", Assange said. Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public. Assange said some of the small fixes could be issued by tech companies "potentially in two to three days", but problems that affected more critical aspects of computer codes, such as those in televisions or phones, could take a lot longer. So far, the CIA has declined to comment directly on the authenticity of the leaked documents. On Thursday a CIA spokesman said Assange "is not exactly a bastion of truth and integrity", but he reiterated an agency statement issued Wednesday that suggested the release had equipped adversaries "with tools and information to do us harm". Assange began his news conference with a dig at the agency for losing control of its cyberespionage arsenal, saying that all the data had been kept in one place. "This is a historic act of devastating incompetence", he said, adding: "WikiLeaks discovered the material as a result of it being passed around". Assange said the technology was nearly impossible to keep under wraps - or under control. "There's absolutely nothing to stop a random CIA officer or even a contractor from using the technology", Assange said. "The technology is designed to be unaccountable, untraceable; it's designed to remove traces of its activity". On Tuesday, after WikiLeaks posted the documents, public advocacy groups raised questions about whether the CIA was doing enough to tell technology companies about vulnerabilities in their products. Source: LA Times
|
|
|
|
 WikiLeaks publishes "biggest ever leak of secret CIA documents"https://www.theguardian.com/media/2017/mar/07/wikileaks-publishes-biggest-ever-leak-of-secret-cia-documents-hacking-surveillanceThe 8,761 documents published by WikiLeaks focus mainly on techniques for hacking and surveillanceThe US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices. Thousands of documents focus mainly on techniques for hacking, including how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices. The leak, dubbed "Vault 7" by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age. It follows disclosures about Afghanistan and Iraq by army intelligence specialist Chelsea Manning in 2010 and about the National Security Agency and Britain's GCHQ by Edward Snowden in 2013. The documents appear to be from the CIA's 200-strong Center for Cyber Intelligence and show in detail how the agency's digital specialists engage in hacking. According to the documents: - CIA hackers targeted smartphones and computers.
- The Center for Cyber Intelligence is based at the CIA headquarters in Virginia but it has a second covert base in the US consulate in Frankfurt which covers Europe, the Middle East and Africa.
- A programme called Weeping Angel describes how to attack a Samsung F8000 TV set so that it appears to be off but can still be used for monitoring.
The CIA declined to comment on the leaks beyond the agency’s now-stock refusal to verify their contents. "We do not comment on the authenticity or content of purported intelligence documents", wrote CIA spokesperson Heather Fritz Horniak. But it is understood the documents are genuine and a hunt is under way for the leakers or hackers responsible for the leak. Source: The Guardian |
|
|
|
 New "Humble Freedom Bundle" Donates Money To Civil Rights Groups, For Obvious Reasonshttp://kotaku.com/new-humble-freedom-bundle-donates-money-to-civil-rights-1792317945OVER US$ 2.6 MILLION RAISED IN LESS THAN 24 HOURS!!!UPDATE: US$ 3.3 million nowUPDATE 2: total raised = US$ 6.73 millionRight now, you can spend $30 and receive $600 worth of video games, books and comics in return, with 100% of the money going to organisations cleaning up the mess left after President Trump's (stalled) attempt at immigration bans. Available for a week, the "Humble Freedom Bundle" sees 100% of the money spent on games and books go to the American Civil Liberties Union, the International Rescue Committee and Médecins Sans Frontières. In addition to the money you lot are contributing, Humble Bundle will also match the first $300,000 spent. There are some very good video games available in the bundle. There's The Witness, Invisible Inc, Stardew Valley, Day of the Tentacle, Nuclear Throne, The Stanley Parable, Sword & Sworcery, Super Hexagon and Mini Metro. And that's not even half of them. "We humbly remember that the United States is a nation of immigrants, and we proudly stand with developers, authors, and charities that champion liberty and justice for all", reads a statement on Humble's site. "We chose these three organizations because of the inspiring work they do in providing humanitarian assistance to refugees and displaced people as well as in defense of justice, human rights, and civil rights". You can see the full list of games/books/comics here: https://www.humblebundle.com/freedom |
|
|
|
 Security researchers to AV vendors: "Stop intercepting HTTPS traffic"http://www.myce.com/news/security-researchers-av-vendors-stop-intercepting-https-traffic-81436Google, Mozilla, Cloudflare, and researchers from two Universities have criticised the interception of HTTPS traffic by antivirus software. According to the researchers and companies this has far-reaching consequences for the safety of users and their internet connection. By default it's not possible for antivirus software to access HTTPS traffic. By installing an own root certificate on the user's computer, the antivirus applications have found a way to be able to analyze the content of encrypted internet connections. This method is frequently used by antivirus vendors. However, the way the software intercepts HTTPS traffic decreases the security of it. Even worse, the virus scanners introduce all kinds of new vulnerabilities, according to a report released by the researchers and companies. For the report, the researchers analyzed 8 billion secured connections to the Firefox update servers, to several popular e-commerce websites and to Cloudflare's content distribution network. About 4% of the connections to the Firefox servers was intercepted, 6.2% of the e-commerce websites and 10.9% of the connections to Cloudflare was intercepted. The researchers also analyzed the security impact of the intercepted connections. About 97% of Firefox, 32% of e-commerce, and 54% of Cloudflare connections that were intercepted became less secure. "Alarmingly, not only did intercepted connections use weaker cryptographic algorithms, but 10–40% advertised support for known-broken ciphers that would allow an active man-in-the-middle attacker to later intercept, downgrade, and decrypt the connection", according to the researchers. While it was already known that security software intercepted HTTPS traffic, the researchers were still surprised, "while the security community has long known that security products intercept connections, we have largely ignored the issue, believing that only a small fraction of connections are affected. However, we find that interception has become startlingly widespread and with worrying consequences." Thy hope that security vendors will start using alternatives to HTTPS interception as, "interception products drastically reduce connection security." Source: Myce.com |
|
|
|
New vulnerability in Windows 10 allows attackers to crash your PChttp://www.guru3d.com/news-story/new-vulnerability-in-windows-10-allows-attackers-to-crash-your-pc.htmlA new vulnerability in Windows 10 has been detected by researchers from the Carnegie Mellon University. It allows attackers to be able to crash computers. It seems that Microsoft has no fix for this issue just yet. The vunerability is affecting the latest versions of Windows 8.1 and Windows 10. The issues is related to the Windows SMB network protocol that connects Windows computers with network drives, printers and other devices. SMB will not not properly handle certain types of data. Creating a malicious SMB device and connecting a computer to it will result in your PC crashing. It is a little unclear how the vulnerability can be exploited as you need to perform this within a local LAN and this be in the same building as the PCs are. However if you have setup an open DMZ zone on your router or have opened TCP ports 139 and 445 along with UDP ports 137 and 138, you could be vunerable. Other than the crash, no data is compromised. Source: Guru3DHow to completely avoid upgrading to Windows 10... foreverSpybot Anti-Beacon for Windows
|
|
|
|
 Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spyinghttp://www.tomshardware.com/news/microsoft-thai-government-root-certificate,33505.htmlPrivacy International, a UK-based nonprofit founded in 1990, released a report showing that Microsoft is the only operating system vendor to have approved the Thai military government's root certificate by default, which is managed by the Electronic Transaction Development Agency (ETDA). The nonprofit worries that the Thai government could now perform "man-in-the-middle" (MITM) attacks against Thai citizens. Thai Government's Tight Grip On Internet CompaniesAccording to Privacy International, the political environment in Thailand right now is such that it would be difficult for companies to deny a data request, because there isn't a strong legal framework in place that's also well enforced. In other words, companies can't bet on having the law on their side over there. (...) Windows Only OS To Approve Thai Government Root CertificateThe interception would be unnoticed by the target if the root certificate is trusted by default on an operating system such as Windows or macOS. Privacy International said it noticed that Windows does include the Thai government certificate, whereas macOS does not. Privacy International then asked Microsoft how its root certificate approval works, considering it's been the only one to approve the Thai government's root certificate so far. Microsoft seems to have replied more than two months later, saying it can't disclose how it decided exactly to approve the Thai government certificate, but that the overall approval strategy is found on its website. (...) Microsoft's Silent Root Certificate UpdatesMicrosoft has added dozens of new root certificates over the past few years, usually without making it public, and with only a few security researchers discovering when it happened. Some of the silently added root certificates have been attributed to the now infamous WoSign Chinese Certificate Authority (CA). That's the same CA that was punished by Google and Mozilla late last year over backdating of SHA1 certificates and failing to disclose that it bought another CA. Microsoft's decision to hide, or at least not announce when it added more root certificates to Windows, is quite strange. Root certificates are a highly important component of the overall security of an operating system, and more importantly, it defines how much trust users can place in one. Microsoft refusing to say how exactly it approves root certificates isn't helping matters much either. (...) Source: Tom's Hardware |
|
|
|
|
Show Posts
