Dell’s eDellRoot certificate screw-up – what dazed admins need to know

Image result for Dell eDellRoot certificate screw-up – what dazed admins need to know

For PC users it’s a case of here we go again. Earlier in 2015, PC giant Lenovo was infamously caught shipping Windows computers with a piece of useless adware containing a self-signed root certificate that opened a massive security hole for customers. This week, it was Dell’s turn. Crowdsourced researchers revealed that the company had suffered the same egregious weakness not once, but twice, this time inside a pair of tools used for remote support.

Lenovo’s issue was more embarrassing than Dell’s – the vulnerability was part of a program called Superfish witlessly put there to serve adverts inside browser sessions – but frankly from a security point this sort of distinction makes no odds. Embedding a self-signed SSL certificate with the private key in an application shipped to large numbers of users is asking for trouble and should not have happened. This sort of configuration would be normal for a development application, not the final software, which should have used a signed certificate in the filestore from a Certificate Authority (CA).

The problem in more detail: Dell’s Foundation Services remote support tool was discovered to have installed a self-signed root certificate identifying itself as ‘eDellRoot’. In common parlance, that offered anyone aware of the issue the possibility of extracting the certificate’s private key to create a means to impersonate any HTTPS website connection they fancied as part of a TLS man-in-the-middle compromise. This is very bad – browsers would accept this borrowed certificate as genuine and in most cases throw up no browser warning. Criminals could also sign malware to make it appear legitimate not to mention delve into encrypted data such as website logins by sniffing laptops connecting through public Wi-Fi.

The size of the risk? Potentially huge for any system lacking remediation (see below). This must be addressed urgently.

That all? Apparently a second tool, Dell System Detect (DSD), has been discovered trying the same insecure trick with a self-signed certificate called DSDTestProvider. The Dell private PKI keys used to create these certificates are now insecure.

How was it discovered? Technical users and interested researchers talking to one another on Reddit and other sites.

 

[Source:- Techworld]

 

Overwatch: 5 Characters That Need Nerfs & 5 That Need Buffs

Overwatch: 5 Characters That Need Nerfs & 5 That Need Buffs

To help Blizzard make its online shooter Overwatch a more balanced experience, we name five characters that could use a buff, and five others that should be nerfed.

In the digital age of gaming, developers have the benefit of improving games long after they hit store shelves. For online multiplayer games, these improvements often come in the form of balancing updates that “nerf” (weaken) or “buff” (boost) characters or weapons in an attempt to make the game fairer for everyone playing. Like many other modern day shooters, the 2016 Game of the Year, Overwatch, has had its fair share of balancing updates since its launch last May.

Almost a year after Overwatch released to the masses, and Blizzard is still tweaking characters to balance the game. Sometimes these tweaks consist of simple stat changes, but other times Blizzard significantly reworks characters, giving them new abilities or taking away broken ones.

Despite the many updates that have already been released for the game, Blizzard is still trying to figure out how to make Overwatch as balanced as possible. While there are likely many other changes that could be made to achieve that goal, buffing and nerfing the following 10 characters could help Blizzard in its quest to balance Overwatch.

 

 

 

[Source:- GR]

Overwatch: 5 Characters That Need Nerfs & 5 That Need Buffs

Overwatch: 5 Characters That Need Nerfs & 5 That Need Buffs

To help Blizzard make its online shooter Overwatch a more balanced experience, we name five characters that could use a buff, and five others that should be nerfed.

In the digital age of gaming, developers have the benefit of improving games long after they hit store shelves. For online multiplayer games, these improvements often come in the form of balancing updates that “nerf” (weaken) or “buff” (boost) characters or weapons in an attempt to make the game fairer for everyone playing. Like many other modern day shooters, the 2016 Game of the Year, Overwatch, has had its fair share of balancing updates since its launch last May.

Almost a year after Overwatch released to the masses, and Blizzard is still tweaking characters to balance the game. Sometimes these tweaks consist of simple stat changes, but other times Blizzard significantly reworks characters, giving them new abilities or taking away broken ones.

Despite the many updates that have already been released for the game, Blizzard is still trying to figure out how to make Overwatch as balanced as possible. While there are likely many other changes that could be made to achieve that goal, buffing and nerfing the following 10 characters could help Blizzard in its quest to balance Overwatch.

As it stands, Mercy’s healing and damage boosts seem to be at acceptable levels, but the problem is with her ultimate ability, Resurrect. In its current form, Resurrect has too small of a radius, meaning that if the team is even slightly spread out when they die, Mercy can only hope to resurrect one or two allies at best. Mercy’s ultimate can be a game-changer, so Blizzard shouldn’t buff it too much, but a slight increase in radius could make it much more useful in the thick of battle.


Sombra

Blizzard itself realizes that Sombra needs a buff, and is already testing a couple of buffs that should be added to her in the coming weeks. One makes it so Sombra can hack enemies quicker and another reduces the charge time on her abilities, but we think it should be taken a step further. Even though Sombra is listed as an offense character, right now she doesn’t do enough damage to be used effectively in that role. Many players, outside of those that are exceptionally skilled when it comes to using her abilities, struggle with Sombra, and a slight damage increase could see her become more commonly used in Competitive play.


Torbjorn

On consoles, Torbjorn is a well-balanced character, and can be devastating on Defend maps in the right hands. On PC, Torbjorn is another story entirely, with the character dying too quickly and his turrets easily destroyed by enemy players. When it comes to Torbjorn on PC, it would be nice to see him get a buff that increases his health or armor, as well as makes his turrets a bit sturdier.

 

 

[Source:- GR]

Yes, You Need a Pattern Library… Just Not Yet.

featured_pattern

Designer guilt.

I feel it all the time, I’m sure you do too. I feel this guilt when I fail to do something that the design community has insisted that all designers must do.

When I jump right into high-fidelity prototypes, I feel guilty. When I rely too much on my own assumptions rather than user insights, I feel guilty. And, when I fail to start a pattern library at the outset of a new project, I feel guilty.

For the first two points, sure, you should feel guilty. These are best practices for reasons I won’t get into here. (Don’t believe me? Take a look here, and here.)

But should you feel guilty for not starting a pattern library?

I’ve realized that the answer is No. You shouldn’t.

I’m not suggesting you don’t need a pattern library at some point. You do. Just maybe not right now. In fact, creating an obligatory pattern library too early in your project could be slowing down your process.

How? Well, at the beginning of a project it’s beneficial to be a little messy. Keeping things loose is key to a Lean UX process as you test assumptions to determine what your users need. Now is not the best time to focus on your pattern documentation.

After a while, though, the strain of not having a pattern library will set in. You’ll know that it’s time to start investing in your pattern library when these four signs emerge:

YOU’RE HAVING THE SAME DISCUSSIONS OVER AND OVER AGAIN

Developers will often tell you they abide by the principle of DRY — Don’t Repeat Yourself. This keeps their code clean, and free of redundancies.

Pattern libraries can help product teams follow this principle as well.

By the time we were a few months into building our app, my team was feeling a sense of deja-vu when discussing our designs. What pattern do we use for opening a modal again? What should the text field look like on this page?

A shared pattern can help avoid these cyclical discussions. Now, when the question of what pattern to use comes up, we have a reliable point of reference.

YOUR TEAM IS REFERRING TO THE SAME PATTERNS BY FIVE DIFFERENT NAMES

“Let’s use the modal that fades as it shoots up and has a typeahead search field.”

Yes, I said this in a meeting. No joke. This was one of those moments when the stark realization of our need for a pattern library set in.

Pattern libraries can help create a common language across your team, and departments. When you say “frying pan”, you can assume I have the appropriate image in my head. In the same way, you could say “Modal List Picker” and your team will know exactly what you’re talking about.

SMALL INCONSISTENCIES ARE MOUNTING

It’s an unfortunate reality, but your app will have a few tiny fissures at the start. An outcast font here, some renegade margins there. That’s OK. You’re still figuring things out.

Over time, though, these tiny fissures begin to add up to more serious cracks in the user experience. Your app may start to feel unpolished, asymmetrical.

Malcolm Gladwell once wrote how people can detect fraudulent art within seconds. You don’t want to risk your users writing off your app in the same, unconscious manner.

The process of creating pattern library can help your team focus on identifying and fixing these inconsistencies before they get out of hand.

NEW TEAMS ARE WORKING ON THE PRODUCT

During the initial stages of a new product, it’s common for a small team to take complete ownership. This keeps everyone focused, so they’re able to react to customer needs and insights as fast as possible.

As the product grows, the amount of teams and contributors will grow as well. Without pattern documentation, new teams may rekindle the pattern debates you thought were over.

A pattern library can help in communicating the what, how and why behind your patterns to new teams and stakeholders.

It’s best to remember that pattern libraries are tools, not dogma. Yet, if you’re designing a product, you’ll feel the guilt. You’ll worry you’ve ignored practical advice and have let your team down.

That’s OK. It’s more important to take some big leaps of faith, watch your ideas fail, and keep on learning and iterating.

You’ll build a pattern library someday, don’t worry. The time will come when you can’t ignore strain. Best of all, it won’t feel like an obligation.

It’ll feel like an epiphany.

 

 

[Source:- webdesignerdepot]

Destiny April Update: Everything You Need to Know

image description

The Destiny April Update has now gone live. What’s the best way to prepare? How big is the update? What’s the first thing you should do? Find the answers here.

The first substantial content drop since The Taken King has now launched for Destiny. Here’s everything you need to know to get ready and get the most of the Destiny April Update.

 

Is it free?

The April Update is free for anyone who owns The Taken King expansion.

How big is the update?

  • PS4: 1718 MB
  • PS3: 1040 MB
  • Xbox One: 1736 MB
  • Xbox 360: 793 MB

Destiny April Update

What’s in the April Update?

  • Increased Light Level cap to 335
  • Two new Prison of Elders modes: (1) a Level 41 version and (2) the new Challenge of the Elders
  • New “Blighted Chalice” Strike
  • Remixed “Takenified” Winter’s Run Strike
  • Updated Light level drops in King’s Fall and Court of Oryx
  • Updated 1-for-1 Infusion System
  • New Chroma and Taken armor sets
  • Updated Year 1 Legendaries and Exotics
  • New Eververse emotes and items
  • “No HUD” Mode
  • Balance changes to select weapons and the Warlock class
  • Updated, higher Light Trials of Osiris gear
  • Higher Light Iron Banner gear
  • Increased Vault Space
  • Fixes a bug that didn’t allow certain Ghost shells to display in menus

Full Patch Notes will be posted by Bungie when the April Update is pushed to Destiny, which will include other minor changes not yet announced by Bungie.

What’s the best way to prepare for the update?

First off, make sure there’s room on your console (see above), although it shouldn’t be a problem except for those really hurting for hard drive space.

Bungie announced today that all the vendor weapons in the Tower will be getting a perk refresh, meaning while the weapons will stay the same, all the perks will be rerolled. So if there are any weapons you still need to pick up, do so now. Some fan favorites are Hung Jury from Dead Orbit, Apple of Discord from the Vanguard Quartermaster, Hawksaw from the Crucible Quartermaster, and The Villainy from Future War Cult.

The other thing lots of players do before an update is called “edging” Faction ranks. That means running Patrol missions or other missions that credit faction reputation and taking it right to the edge before a new rank. That way, once the new gear has been added to the faction rank up packages in the update, players can quickly rank the rest of the way and get a drop.

The last way to prep is to farm engrams. That means going into any PvE activity and shooting stuff. Lots of stuff. Look for and hold onto Legendary Engrams. Also, if you have Three of Coins, pop those on every named yellow-bar enemy for a chance to get an Exotic engram. Hold onto those until after the patch as well. While Bungie hasn’t confirmed whether current engrams will decrypt into new gear post-update, they’re worth holding onto just in case they do.

Destiny April Update Titan

What’s the first thing to do?

Head to the Reef. Variks is the primary quest giver for this update, and he will have a quest or two waiting for all players. Play through the new quest(s).

What’s the fastest way to the new level cap?

If you’re 320 Light, pick up an Elders’ Sigil scorecard from Variks and start running Challenge of the Elders. Reach the score goals and then return it to Variks for one high-level weapon and armor piece per week, per character.

Also, run Court of Oryx tier three for a chance at a maxed 335-Light artifact.

Shaxx’s Weekly Crucible Bounty can also drop 335 Light gear. Pick the bounties up from Shaxx and complete them.

Trials of Osiris will also drop high-level gear. Competing and completing the bounties can net up to 330 gear while going Flawless can net up to 335 Light items.

What if I’m not 320 Light yet?

Run the new Level 41 version of Prison of Elders. It will drop gear that will help players reach 320 Light. Once there, start running Challenge of the Elders.

King’s Fall Normal Mode will also drop 320 Light items, so that is another path up to 320 Light.

How do I earn the updated Year 1 Legendary weapons?

The Year 1 Legendaries being refreshed to the new Year 2 levels will only drop from Vanguard and Crucible faction rank up packages. But Bungie has increased reputation gains from numerous sources and activities so players should be getting more packages more often.

Where do I get new gear?

The new Chroma-enabled and Taken armor drop from Sterling Treasure, a new item. They will drop at Level 3, so they’ll need to be infused to be viable. Here’s how to get Sterling Treasure:

  • One will be delivered weekly via the Postmaster
  • Completing one match in the Weekly Crucible Playlist
  • One will be awarded for completing Challenge of the Elders, once per week

Are Nightfalls worth running anymore?

Drops from Nightfalls are being increased to end-game 335 Light levels. Add them back to the weekly rotation schedule.

Destiny Taken Guardians April Update

A note about leveling:

It’s been a while since players have been on the level grind, but don’t forget how the leveling system works in The Taken King. Engrams will often decrypt at a level slightly higher than your current level. So do not just blaze through a bunch of engrams. Check after each one, and if the new gear is a higher Light level, equip it before decrypting more. This will help stair-step players up the Light ladder a bit.

What about those PlayStation exclusives?

Those playing on PlayStation 3 and 4 get an exclusive quest and some items, including the Zen Meteor exotic sniper rifle. Pick up the quest from Petra Venj in the Reef.

Also, be on the lookout for Sublime Engrams. They are Legendary engrams, but called Sublime. They are guaranteed to drop the new PlayStation-exclusive class armor.


That should get most players started on the Destiny April Update.

Have any tips to share on how to get the most out of the Destiny April Update? Share them in the comments below!

 

[Source:- Gamerant]

The 10 Windows group policy settings you need to get right

 

One of the most common methods to configure an office full of Microsoft Windows computers is with group policy. For the most part, group policies are settings pushed into a computer’s registry to configure security settings and other operational behaviors. Group policies can be pushed down from Active Directory (actually, pulled down by the client) or configured locally.

I’ve been doing Windows computer security since 1990, so I’ve seen a lot of group policies. In my work with customers, I scrutinize each group policy setting within each group policy object. With Windows 8.1 and Windows Server 2012 R2, for example, there are more than 3,700 settings for the operating system alone.

 
[Source:- Computerworld]