Microsoft’s lightweight version of Windows 8 for tablets and ultra-low-end PCs, Windows RT, has apparently been hacked to allow desktop applications to run, albeit only those compiled for the ARM platform. An article from CIO reports that a hacker known as “clrokr” has developed a method for circumventing Windows RT’s code signing restrictions. This would allow programs other than those from the Windows Store to be run, even those that use the Windows desktop rather than the new Metro UI.
A blog post by clrokr explains the technical details of the hack. The effect is that Windows RT’s “minimum signing level” is adjusted to allow programs to be run that are not digitally signed by Microsoft (or by anyone). This effect is only temporary; UEFI Secure Boot forces the change to be reverted on every reboot, so the hack would have to be reapplied each time the device is powered on. The main limitation, however, is that only software compiled for the ARM processor architecture will run.
Facebook has recently released an update to its iPhone Messenger app that allows free VoIP mobile calls. Currently the feature is only available on iOS and only in Canada.
Also receiving a lot of coverage recently is Facebook’s new voice message feature, designed for short, one-way messages and available worldwide.
The Toronto Sun gives a brief summary, and references a more thorough article from The Next Web that also discusses the recent release of Facebook Poke as part of Facebook’s larger mobile messaging strategy.
Google has reported that Chrome detected a fraudulent digital security certificate for the *.google.com domain. This could have potentially allowed whoever possessed the certificate to impersonate Google. The problem originated with a mistake by a Turkish Certificate Authority. From the Google blog post by software engineer Adam Langley:
TURKTRUST told us that based on our information, they discovered that, in August 2011, they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates.
The post from Google is a bit on the technical side, but The Register has a more straightforward explanation of the situation. To protect yourself against any potential misuse of these certificates, Microsoft recommends ensuring you have all the latest updates installed; Chrome and some other browsers update automatically.
Microsoft has issued an advisory warning of a 0-day vulnerability in Internet Explorer 6, 7, and 8 that could allow malicious code to be executed on a victim’s computer as soon as they visit a compromised web site. More recent versions of Internet Explorer are not affected.
Symantec describes the means of infection as a “watering hole” attack as it involves exploiting a site the victim is likely to visit.
A temporary fix has been made available until a permanent one can be prepared for Windows Update. While the effect appears to be limited to the United States at present, it would be a good idea to apply the fix if you are still running Internet Explorer 6, 7, or 8. Microsoft has also recommended upgrading Internet Explorer to version 9 or 10, but Windows XP does not support these versions.
I’d like to take this opportunity to wish everyone a happy and prosperous 2013, and am pleased to announce the release of our new web site for the new year. In addition to the new look, we’ve added web site development and electronics recycling to our stable of services and have much more tightly integrated social networks into the site, with links to the company’s Facebook and Twitter accounts, to my personal LinkedIn account, and to the site’s new RSS feed. In addition, sharing options have been added to each page and post to make it easier to get the word out about us.
As for the company itself, our emphasis for unlucky ’13 will be to engineer good luck for our customers through verifiable on- and off-site backups. We’re also introducing server and backup monitoring services on a prepaid monthly basis.
The overall goal is to do an even better job of serving our customers in 2013, and to continue our mission of bringing enterprise-class solutions to small and medium business.