24 stories
·
1 follower

Doom Eternal joins this year’s game-delay club, will launch March 2020

1 Comment

Doom Eternal—the highly anticipated sequel to the hell-shooter series' 2016 reboot—has left our list of most anticipated games of 2019. On Tuesday morning, game publisher Bethesda announced that Doom Eternal needs another four months in the oven. That means it will launch on PC, Xbox One, and PlayStation 4 on March 20, 2020.

That list of supported platforms is missing a big name: Nintendo Switch. Tuesday's delay includes an additional, indefinite delay of the sequel's port to Nintendo's weaker console, thus breaking the developer's original promise that Switch buyers would get to rip and tear into Doom Eternal the same day as everyone else. "We will announce [the Switch port's] date in the future," the company's statement vaguely reads.

Publisher Bethesda took the opportunity to delay another related game out of November 2019, as well: Doom 64. This first-ever port of the 1997 shooter onto non-N64 platforms is still coming to PC and modern consoles, Bethesda says, but it too will launch on March 20, 2020. Now, at least, that port will become a free pre-order bonus for buyers of Doom Eternal. But we're not sure why Bethesda and id Software couldn't get Doom 64 ready by this holiday season to tide series fans over during the bigger game's delay. (In the meantime, if you own a legitimate copy of the N64 original, we suggest ripping its files and launching them on PC via the incredible Doom 64 EX mod.)

Read 5 remaining paragraphs | Comments

Read the whole story
spongbeaux
12 days ago
reply
Well hopefully it's to remove idiotic macrotransactions in anticipation of a huge sales drop.
Share this story
Delete

Microsoft Launches New .NET Core Video Series

1 Share

Microsoft today released a new series of developer videos explaining the entire .NET Core stack.

The post Microsoft Launches New .NET Core Video Series appeared first on Thurrott.com.

Read the whole story
spongbeaux
26 days ago
reply
Share this story
Delete

Microsoft’s Your Phone service is down just days after the Galaxy Note 10 release

1 Comment
Photo by Tom Warren / The Verge

Microsoft’s new Your Phone service that helps connect Android phones to Windows has stopped working for users today. “We’ve identified an issue causing connection problems for the Your Phone app,” explains a Microsoft service outage page. “Users may receive ‘Can’t connect’ or other error banners when using the app. We’re actively investigating to identify the cause of the problem and develop a remediation plan.”

The timing of the outage is particularly unfortunate for Microsoft as Your Phone is a big part of the company’s new partnership with Samsung. The new Galaxy Note 10 comes with a unique version of Your Phone, dubbed “Link to PC,” built into the handset that went on sale last week. Your Phone has not been working on the Note 10 and...

Continue reading…

Read the whole story
spongbeaux
55 days ago
reply
Who even knew it was a service? Could've just been a direct connection...
Share this story
Delete

Microsoft’s OneNote app is getting dark mode support

1 Comment

Microsoft is planning to update its OneNote app on Windows 10 with a new dark mode option. The software maker is adding dark mode to many of its popular apps, including Outlook for iOS and Outlook on the web. Italian blog Aggiornamenti Lumia has managed to get an early look at the OneNote dark mode, and Microsoft VP of OneNote, Laura Butler, has confirmed dark mode and a “majorly” improved navigation system is on the way.

It’s still early work for the OneNote dark mode, but it appears that if you enable it on a Windows 10 PC it will carry over to the mobile versions for iOS or Android. Microsoft also appears to be keeping the main sheet that you add notes to white, probably to ensure it’s a little more readable for existing notes.

...

Continue reading…

Read the whole story
spongbeaux
192 days ago
reply
Dark mode schmark mode... Give me unlock section with Windows Hello
Share this story
Delete

Remote Use of Local Accounts: LAPS Changes Everything

1 Comment

 

Long overdue post revisiting the question about whether and when to block the use of local accounts, particularly for remote administration.

Beginning in 2014 with our baselines for Windows 8.1 and Windows Server 2012R2, our security baselines have been blocking remote use of local accounts. Back then, Windows had yet to offer anything resembling secure management of administrative local account credentials. It was typical for an entire organization to have an administrative local user account with the same username and password on every Windows computer. One problem with that is that the common password often becomes a well-known secret over time with no way to revoke access from anyone who ever received it. But by far the biggest problem is that an attacker with administrative rights on one machine can easily obtain the account’s password hash from the local Security Accounts Manager (SAM) database and use it to gain administrative rights over the other machines using “pass the hash” techniques.

In May 2015, Microsoft released the Local Administrator Password Solution (LAPS). LAPS is an elegant and lightweight mechanism for Active Directory domain-joined systems that periodically sets each computer’s admin account password to a new random and unique value, storing the password in a secured confidential attribute on the corresponding computer object in Active Directory where only specifically-authorized users can retrieve it.

LAPS changes everything.

Not only does LAPS neutralize both the pass-the-hash and well-known-secret problems, it creates new opportunities for remote management. With LAPS – or in fact, with any solution that makes local account passwords unique and not guessable – using local accounts for remote computer management actually offers some advantages over using domain accounts. They can, that is, provided that their use isn’t blocked by security policy – which our baselines do today.

It’s all about credential hygiene. Good credential hygiene means not exposing credentials on a potentially-compromised system when those credentials can be used to compromise another system. Credentials can be a plaintext password, an account’s NTLM hash, or a Kerberos TGT. Microsoft’s Pass the Hash whitepapers go into detail about which remote logon types and tools expose credentials and which ones don’t.

Let’s say your helpdesk technicians each have a domain account that is granted administrative rights on all workstations in the domain. User Umberto reports computer issues, so Helen helpdesk technician logs on remotely to the workstation using her privileged domain account, not realizing that the workstation has been compromised with credential theft malware. Depending on how Helen logged on, her account credentials could be stolen and the thief can now gain administrative control over all workstations. All the technicians might follow the whitepapers’ recommendations, but they must do it the right way every single time. One technician with a privileged account making one mistake just one time can lead to a domain-wide compromise.

Let’s say instead of using a privileged domain account, Helen helpdesk technician retrieves the LAPS password for the workstation and uses the LAPS-managed administrative local account to log on. Credential theft is not a problem. If the thief gets the hash or even the plaintext password, it’s useful only on the computer that the thief already controls. So Helen can use whichever logon type or remote tool is most convenient for the work being performed.

Note: One caveat about using remote desktop: do not enable drive redirection for your local volumes when connecting to a potentially-compromised system. And avoid clipboard redirection as well. This caveat applies whether you’re using a LAPS-managed account, /restrictedAdmin, or anything else.

If you have deployed LAPS or another local account password management solution and you want to use local accounts for the remote administration of Windows computers, you need to change three of the Computer Configuration settings that we recommend in the baselines for Windows client and Windows Server in the Member Server role. We recommend these changes only if you plan to use LAPS-managed local accounts for remote administration. Note also that the local-policy scripts included with the Windows 1803 and 1809 baseline packages include “Non-Domain” options that implement these same changes.

Policy path

Windows Settings\Security Settings\Local Policies\User Rights Assignment

Policy name

Deny access to this computer from the network

Baseline setting

Win client: NT AUTHORITY\Local Account

Win Server: NT AUTHORITY\Local account and member of Administrators group

Updated setting

[empty]

 

Policy path

Windows Settings\Security Settings\Local Policies\User Rights Assignment

Policy name

Deny log on through Remote Desktop Services

Baseline setting

NT AUTHORITY\Local Account

Updated setting

[empty]

 

Policy path

Administrative Templates\MS Security Guide (*)

Policy name

Apply UAC restrictions to local accounts on network logon

Baseline setting

Enabled

Updated setting

Disabled

(*) “MS Security Guide” is a collection of custom settings that comes with the security baselines and is represented in SecGuide.admx. You can configure the updated setting directly by configuring the registry value LocalAccountTokenFilterPolicy to REG_DWORD value 1 in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

Read the whole story
spongbeaux
313 days ago
reply
Implement LAPS today if you haven't already. (for AD on-premises Domains)
Share this story
Delete

Indirect Detection

7 Comments and 17 Shares
I'm like a prisoner in Plato's Cave, seeing only the shade you throw on the wall.
Read the whole story
spongbeaux
339 days ago
reply
popular
342 days ago
reply
Share this story
Delete
7 public comments
Covarr
342 days ago
reply
I had a friend a couple months ago ranting about how awful the pro-pedophilia movement was, and all I could think was "what pro-pedophilia movement?"
Moses Lake, WA
chrisamico
342 days ago
reply
This is pretty much the social web in 2018.
Boston, MA
rraszews
342 days ago
reply
Fred Clark, the Slacktivist, has written a bunch of times before about the "Anti-Kitten-Burning Coalition". Long story short, probably no one is burning kittens or hunting shelter animals for sport; claiming such (and in many cases, convincing yourself you believe it too) is a way to make yourself feel like a hero for opposing something evil (Without having to do much work, since you can't actually go out there and fight the kitten-burners as said burners do not exist), and get other people to sign on to support your side because otherwise they're siding with the kitten-burners.
Columbia, MD
corjen
342 days ago
reply
Sharing for the alt text.
Iowa
ireuben
342 days ago
reply
I totally thought this was going to be a “my hobby is...” post (or maybe that’s just what the friend is doing!).
alt_text_at_your_service
342 days ago
reply
I'm like a prisoner in Plato's Cave, seeing only the shade you throw on the wall.
alt_text_bot
342 days ago
reply
I'm like a prisoner in Plato's Cave, seeing only the shade you throw on the wall.
Next Page of Stories