18 Sep 2018

Announcing Windows 10 Insider Preview Build 17760

Author: Dona Sarkar
Go to Source

Hello Windows Insiders!

Today, we are releasing Windows 10 Insider Preview Build 17760 (RS5) to Windows Insiders in the Fast ring.

Meeting the challenge of game compatibility

The Windows Compatibility Team is pleased to announce that the Windows 10 October 2018 Update will be fully compatible with all major Tencent games. Game compatibility can be challenging due to the complexity of the games and reliance on anti-cheat services. We’ve done this by partnering closely with Tencent to test these games, investigate issues and produce fixes. Our hard work has paid off: we are pleased to say that this will be a successful release for our shared customers! We encourage all game developers or partners that produce anti-cheat software to reach out to us so that we can ensure compatibility for your products as well.

General changes, improvements, and fixes for PC

  • The build watermark at the lower right-hand corner of the desktop is no longer present in this build. This does not mean this is the final build as we are not done yet. We’re just now beginning the phase of checking in final code to prepare for the final release.
  • We fixed the issue causing apps that use .NET 4.7.1 to not work correctly in previous builds.
  • We fixed an issue resulting in rendering issues in certain types of PDFs in Microsoft Edge.
  • We fixed an issue that could cause a crash when using swipe to navigate back in Microsoft Edge.
  • We fixed an issue resulting in Microsoft Edge crashing after pressing F12 on certain webpages if certain extensions were enabled.
  • We fixed an issue resulting in the icons on Microsoft Edge error pages not being visible on localized builds.
  • We fixed an underflow in the Windows Security app that could result in the UI unexpectedly showing a very large number of threats had been found.

Known issues

  • There are currently no major known issues to report but if anything pops up from Insiders, we’ll add it here as appropriate!

No downtime for Hustle-As-A-Service,
Dona <3

Go to Source

Share this
17 Sep 2018
17 Sep 2018
17 Sep 2018

Windows 10 Tip: Get mobile with Microsoft Edge

Author: Athima Chansanchai
Go to Source

Four devices, two tablets and two smartphones, showing the Microsoft Edge browser

Microsoft Edge on iPhone, iPad and an Android tablet and phone

Want to enjoy Microsoft Edge while you’re on-the-go? You can do that, thanks to the Windows 10 April 2018 Update.

To get Microsoft Edge on your Android phone, tablet, iPhone or iPad, head over to the apps store on your device and download Microsoft Edge for free.

Gif shows search for Microsoft Edge in App Store, downloading

Then use Microsoft Edge on your phone or tablet to read EPUB books you’ve saved. Or start reading a webpage on phone or tablet, send the page to your PC and pick up reading right where you left off.

You must download Microsoft Edge on iOS and Android phones, follow setup prompts and link the mobile phone to the PC in PC settings.

If you find this helpful, check out more Windows 10 Tips.

Go to Source

Share this
17 Sep 2018

Run Ubuntu virtual machines made even easier with Hyper-V Quick Create

Author: Clint Rutkas
Go to Source

Today, we’ve made running Linux even easier on Windows 10. With the Hyper-V Quick Create feature added in the Windows 10 Fall Creators Update, we have partnered with Ubuntu and added a virtual machine image so in a few quick minutes, you’ll be up and developing. This is available now – just type “Hyper-V Quick Create” in your start menu!

The Hyper-V Quick Create in your start menu.

Please note, this feature does require Hyper-V. Please head over to the docs to learn more about Hyper-V and enabling it.

On top of running Ubuntu in a virtual machine, you can use Windows Subsystem for Linux. WSL is a Windows 10 feature that enables you to run native Linux command-line tools directly on Windows. WSL is an extremely easy to install feature on Windows 10, and you can run Ubuntu, Suse, Debian and other distros as well. And if you want to build your own distro and use that, you can too!

Go to Source

Share this
16 Sep 2018

The role of standards in accelerating innovation

Author: Alex Simons, Vice President of Program Management, Microsoft Identity Division
Go to Source

Howdy folks,

Today I’m going to blog about something a bit different: the important role identity open standards play in accelerating innovation. If you’re an identity geek or an open standards geek, or just interested in understanding where we believe the future of identity is headed, I think you’ll find it interesting.

At Microsoft, we firmly believe that open identity standards accelerate innovation. Some of you might think this is an oxymoron. Let me explain why it isn’t.

By building upon widely implemented industry standards, innovators are free to focus on the innovative aspects of their work, letting existing standards do the heavy lifting for the needs of their projects that standards already address. The potential for use of cryptographic and digital identity standards in decentralized systems illustrates this point.

Microsoft is deeply engaged with a ton of innovative members of the identity community, and we’re all working together to design and prototype an open standardsbased approach to decentralized public keybased identity systems. Needless to say, we are VERY excited by the potential here.

We love what’s happening and the way innovators are coming together to enable new digital identity possibilities. All of us want these possibilities to achieve their promise as quickly as possible. Integrating and maintaining interoperability with existing identity management systems—all based on standards—will be key to accelerating this process.

Standards play a huge role in enabling innovation in decentralized public keybased identity systems. By using widely adopted industry cryptographic and data representation standards as an agreed framework, innovators in this space can achieve laser focus on the unique value that they’re adding. Furthermore, use of standards, where applicable, will facilitate faster adoption as decentralized public keybased systems move from prototypes to production systems.

To make things concrete, we believe that use of the following standards will accelerate innovation when building decentralized identity systems:

  • JWK [RFC 7517] is a widely deployed representation of cryptographic keys.
  • JWS [RFC 7515] is a simple, flexible representation of digital signatures.
  • JWE [RFC 7516] is a no-nonsense JSON-based representation encrypted content.
  • JWA [RFC 7518] defines an initial set of algorithms for use with all the above.
  • JWT [RFC 7519] is a simple, powerful, widely deployed representation of claims (including that JWT is often used for representing verified claims).
  • CBOR [RFC 7049] defines a compact binary data representation, which can be used as an alternative to JSON [RFC 8259] when size is at a premium.
  • COSE [RFC 8152] is the CBOR equivalent of JWK, JWS, JWE, and JWA.
  • CWT [RFC 8392] is the CBOR equivalent of JWT, providing a binary claims representation.
  • W3C Web Authentication and FIDO Client to Authenticator Protocol (CTAP) employ the building blocks above for public keybased authentication.

Great standards not only solve current use cases but enable solving new ones. The JOSE [RFC 7515-7518] and JWT [RFC 7519] standards and their binary equivalents explicitly enable innovation while still using the standards. How is this possible?

While JWA [RFC 7518] defined how to a set of commonly used cryptographic algorithms with JWS, JWE, and JWK, it also established the IANA JOSE Algorithms registry to enable additional algorithms to be used for new use cases, without having to revise the JOSE standards. For instance, RFC 8037 defined how to use new elliptic curves with JWS, JWE, and JWK. Microsoft is currently working with decentralized systems implementers on registering the secp256k1 algorithm for use with JWS and COSE. And when new cryptographic algorithms are invented, new identifiers can and will be registered for them in the IANA JOSE Algorithms registry.

Microsoft is building a proof of concept for decentralized identities based on these robust industry standards. We’d like to invite others to join us using this approach. Together we can dramatically accelerate innovation and rapid adoption using this approach.

We’re excited to see what we’ll achieve together!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division

The post The role of standards in accelerating innovation appeared first on Microsoft 365 Blog.

Go to Source

Share this
16 Sep 2018

It’s time for token binding

Author: Alex Simons, Vice President of Program Management, Microsoft Identity Division
Go to Source

Howdy Folks,

The last few months have been some VERY exciting times in the world of identity and security standards. Due to the efforts of a broad set of experts across the industry, we’ve made incredible progress in finalizing a broad set of new and improved standards that will improve both the security and user experiences of a generation of cloud services and devices.

One of the most important of these improvements is the Token Binding family of specifications which is now well on its way towards final ratification at the Internet Engineering Task Force (IETF). (If you want to learn more about token binding, watch this great presentation by Brian Campbell.)

At Microsoft, we believe that the Token Binding can greatly improve the security of both enterprise and consumer scenarios by making high identity and authentication assurance broadly and simply accessible to developers around the world.

Given how positive we believe this impact can be, we have been and continue to be deeply committed to working with the community for creation and adoption of the token binding family of specifications.

Now that the specifications are close to ratification, I’d like to issue two calls to action:

  1. Begin experimenting with token binding and planning your deployments.
  2. Contact your browser and software vendors, asking them to ship token binding implementations soon if they aren’t already.

And I’m happy to report that Microsoft is just one of many industry voices saying that token binding is an important solution whose time has come.

For more on why token binding matters, I’ll turn things over to Pamela Dingle – a leading industry voice who many of you already know – who is now Microsoft’s Director of Identity Standards on the Azure AD team.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

—————————————————————————————————————————–

Thanks Alex and hi everybody,

I share Alex’s excitement! Years of time and effort have been put into the specifications you will see celebrated as new RFC standards in a very short time. The time is right for architects to dig in to the specific identity and security advantages that Token Binding represents.

What is so great about token binding, you might ask? Token binding makes cookies, OAuth access tokens and refresh tokens, and OpenID Connect ID Tokens unusable outside of the client-specific TLS context in which they were issued. Normally such tokens are “bearer” tokens, meaning that whoever possesses the token can exchange the token for resources, but token binding improves on this pattern, by layering in a confirmation mechanism to test cryptographic material collected at time of token issuance against cryptographic material collected at the time of token use. Only the right client, using the right TLS channel, will pass the test. This process of forcing the entity presenting the token to prove itself, is called “proof of possession”.

It turns out that cookies and tokens can be used outside of the original TLS context in all sorts of malicious ways. It could be hijacked session cookies or leaked access tokens, or sophisticated MiTM. This is why the IETF OAuth 2 Security Best Current Practice draft recommends token binding, and why we just recently doubled the rewards on our identity bounty program. By requiring proof of possession, we turn the opportunistic or pre-meditated use of cookies or tokens in ways they were not intended into something difficult and expensive for an attacker to attempt.

Like any proof of possession mechanism, token binding grants us the ability to build defense in depth. We can work hard to never lose a token, but we can also verify just to be safe. Unlike other proof of possession mechanisms such as client certificates, token binding is self-contained and transparent to the user, with most of the heavy lifting done by the infrastructure. We hope that this eventually means anyone can choose to operate at a high level of identity assurance, but we expect to see strong demand from the government and financial verticals at the beginning, as they have immediate regulatory requirements to do proof of possession. As one example, anyone who requires NIST 800-63C AAL3 categorization requires this kind of technology.

Token binding represents a long road. We are three years in, and while the ratification of the specifications is an exciting milestone, as an ecosystem we still have a lot to build, and this specification needs to work across vendors and platforms to be successful. We are very excited over the coming months to start sharing in depth the security benefits and best practices that have come from our embrace of this functionality, and we hope you will join us in advocating for this technology wherever you need it.

Cheers,

— Pam

The post It’s time for token binding appeared first on Microsoft 365 Blog.

Go to Source

Share this
14 Sep 2018

Announcing Windows 10 Insider Preview Build 17760

Author: Brandon LeBlanc
Go to Source

Hello Windows Insiders!

Today, we are releasing Windows 10 Insider Preview Build 17760 (RS5) to Windows Insiders in the Fast ring.

Meeting the challenge of game compatibility

The Windows Compatibility Team is pleased to announce that the Windows 10 October 2018 Update will be fully compatible with all major Tencent games. Game compatibility can be challenging due to the complexity of the games and reliance on anti-cheat services. We’ve done this by partnering closely with Tencent to test these games, investigate issues and produce fixes. Our hard work has paid off: we are pleased to say that this will be a successful release for our shared customers! We encourage all game developers or partners that produce anti-cheat software to reach out to us so that we can ensure compatibility for your products as well.

General changes, improvements, and fixes for PC

  • The build watermark at the lower right-hand corner of the desktop is no longer present in this build. This does not mean this is the final build as we are not done yet. We’re just now beginning the phase of checking in final code to prepare for the final release.
  • We fixed the issue causing apps that use .NET 4.7.1 to not work correctly in previous builds.
  • We fixed an issue resulting in rendering issues in certain types of PDFs in Microsoft Edge.
  • We fixed an issue that could cause a crash when using swipe to navigate back in Microsoft Edge.
  • We fixed an issue resulting in Microsoft Edge crashing after pressing F12 on certain webpages if certain extensions were enabled.
  • We fixed an issue resulting in the icons on Microsoft Edge error pages not being visible on localized builds.
  • We fixed an underflow in the Windows Security app that could result in the UI unexpectedly showing a very large number of threats had been found.

Known issues

  • There are currently no major known issues to report but if anything pops up from Insiders, we’ll add it here as appropriate!

No downtime for Hustle-As-A-Service,
Dona <3

Go to Source

Share this
14 Sep 2018
13 Sep 2018

© 2010-2018 Alt-Tech Inc. All rights reserved.

Click Me