Windows 10 October 2018 Update is at last being pushed automatically

Who doesn't love some new Windows?

Enlarge / Who doesn't love some new Windows? (credit: Peter Bright / Flickr)

The ill-fated Windows 10 October 2018 Update has hitherto been offered only to those Windows users that manually sought it, either by using the dedicated upgrade and media creation tools or by manually checking for update in Windows Update. Three months after its initial release, Microsoft has at last started pushing it to Windows users automatically.

The update was originally withdrawn because of a data loss bug. A month after the initial release, the bug was fixed and the fixed update was made available. Even this release was limited, with a number of blocks in place due to known incompatibilities. As described above, it was then only offered to those taking certain manual steps to update their machines. One month ago, these blocks were largely removed.

Even with automatic deployment and installation now enabled, the beleaguered update is still rolling out in phases. Initially, it will be offered to spaces where Microsoft is most confident that the update will be trouble-free—machines with configurations already known and tested. As the tap is slowly opened more and the update is made available to a wider range of hardware, the company will use operating system telemetry to detect any lingering incompatibilities with device drivers or unusual software.

Read 1 remaining paragraphs | Comments

Windows 10 October 2018 Update is back, this time without deleting your data

This message, shown during Windows upgrades, is going to be salt in the wound.

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound.

Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The update was withdrawn shortly after its initial release due to the discovery of a bug causing data loss.

New Windows 10 feature updates use a staggered, ramping rollout, and this (re)release is no different. Initially, it'll be offered only to two groups of people: those who manually tell their system to check for updates (and that have no known blocking issues due to, for example, incompatible anti-virus software), and those who use the media-creation tool to download the installer. If all goes well, Microsoft will offer the update to an ever-wider range of Windows 10 users over the coming weeks.

For the sake of support windows, Microsoft is treating last month's release as if it never happened; this release will receive 30 months of support and updates, with the clock starting today. The same is true for related products; Windows Server 2019 and Windows Server, version 1809, are both effectively released today.

Read 8 remaining paragraphs | Comments

How Soviets used IBM Selectric keyloggers to spy on US diplomats

(credit: Etan J. Tal)

A National Security Agency memo that recently resurfaced a few years after it was first published contains a detailed analysis of what very possibly was the world's first keylogger—a 1970s bug that Soviet spies implanted in US diplomats' IBM Selectric typewriters to monitor classified letters and memos.

The electromechanical implants were nothing short of an engineering marvel. The highly miniaturized series of circuits were stuffed into a metal bar that ran the length of the typewriter, making them invisible to the naked eye. The implant, which could only be seen using X-ray equipment, recorded the precise location of the little ball Selectric typewriters used to imprint a character on paper. With the exception of spaces, tabs, hyphens, and backspaces, the tiny devices had the ability to record every key press and transmit it back to Soviet spies in real time.

A “lucrative source of information”

The Soviet implants were discovered through the painstaking analysis of more than 10 tons' worth of equipment seized from US embassies and consulates and shipped back to the US. The implants were ultimately found inside 16 typewriters used from 1976 to 1984 at the US embassy in Moscow and the US consulate in Leningrad. The bugs went undetected for the entire eight-year span and only came to light following a tip from a US ally whose own embassy was the target of a similar eavesdropping operation.

Read 7 remaining paragraphs | Comments

Google extends vulnerability bounties to Android; offers up to $30,000

Google's "Vulnerability Reward Program" has been incentivizing people to report security bugs to the tech giant for its Web services, apps, extensions, Chrome, and Chrome OS for some time now. Today the company announced that it's extending the cash-for-bugs program to its biggest operating system: Android.

The program doesn't cover any Android device, just new devices that Google is 100% responsible for: current, for sale, Nexus devices. For now, that means the Nexus 6 and Nexus 9. Google says that this "makes Nexus the first major line of mobile devices to offer an ongoing vulnerability rewards program."

Google will pay researchers not only for bug disclosures—it offers additional rewards tiers for test cases submitted with the bug, CTS tests that catch the bug, and AOSP patches that fix the bug. "CTS" is Android's "Compatibility Test Suite," the continually updated battery of tests all devices must pass in order to gain access to the Google Play Store. CTS tests ensure that a device and its software are Android-compatible and free of known vulnerabilities, ensure platform API correctness, and follow Google's mandatory (and minimal) UI practices for readability and consistency.

Read 2 remaining paragraphs | Comments