El portapapeles de Gboard hace más fácil compartir tus capturas de pantalla: así puedes probarlo

El portapapeles de Gboard hace más fácil compartir tus capturas de pantalla: así puedes probarlo

Google no para de potenciar el portapapeles de tu teclado Gboard. Si hace unas semanas lo hacía más inteligente con sus nuevas sugerencias ahora vemos a través de su última versión beta la llegada de otra importante novedad a su portapaleles.

Ahora si tienes que compartir una o varias capturas de pantalla lo podrás hacer fácilmente con Gboard. El teclado de Google integra las capturas de pantallas en su portapapeles.

Continue reading

Microsoft Patch Tuesday, May 2021 Edition

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser.

While May brings about half the normal volume of updates from Microsoft, there are some notable weaknesses that deserve prompt attention, particularly from enterprises. By all accounts, the most pressing priority this month is CVE-2021-31166, a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to remotely execute malicious code at the operating system level. With this weakness, an attacker could compromise a host simply by sending it a specially-crafted packet of data.

“That makes this bug wormable, with even Microsoft calling that out in their write-up,” said Dustin Childs, with Trend Micro’s ZDI program. “Before you pass this aside, Windows 10 can also be configured as a web server, so it is impacted as well. Definitely put this on the top of your test-and-deploy list.”

Kevin Breen from Immersive Labs said the fact that this one is just 0.2 points away from a perfect 10 CVSS score should be enough to identify just how important it is to patch.

“For ransomware operators, this kind of vulnerability is a prime target for exploitation,” Breen said. “Wormable exploits should always be a high priority, especially if they are for services that are designed to be public facing. As this specific exploit would not require any form of authentication, it’s even more appealing for attackers, and any organization using HTTP.sys protocol stack should prioritize this patch.”

Breen also called attention to CVE-2021-26419 — a vulnerability in Internet Explorer 11 — to make the case for why IE needs to stand for “Internet Exploder.” To trigger this vulnerability, a user would have to visit a site that is controlled by the attacker, although Microsoft also recognizes that it could be triggered by embedding ActiveX controls in Office Documents.

“IE needs to die – and I’m not the only one that thinks so,” Breen said. “If you are an organization that has to provide IE11 to support legacy applications, consider enforcing a policy on the users that restricts the domains that can be accessed by IE11 to only those legacy applications. All other web browsing should be performed with a supported browser.”

Another curious bug fixed this month is CVE-2020-24587, described as a “Windows Wireless Networking Information Disclosure Vulnerability.” ZDI’s Childs said this one has the potential to be pretty damaging.

“This patch fixes a vulnerability that could allow an attacker to disclose the contents of encrypted wireless packets on an affected system,” he said. “It’s not clear what the range on such an attack would be, but you should assume some proximity is needed. You’ll also note this CVE is from 2020, which could indicate Microsoft has been working on this fix for some time.”

Microsoft also patched four more security holes its Exchange Server corporate email platform, which recently was besieged by attacks on four other zero-day Exchange flaws that resulted in hundreds of thousands of servers worldwide getting hacked. One of the bugs is credited to Orange Tsai of the DEVCORE research team, who was responsible for disclosing the ProxyLogon Exchange Server vulnerability that was patched in an out-of-band release back in March.

Researcher Orange Tsai commenting that nobody guessed the remote zero-day he reported on Jan. 5, 2021 to Microsoft was in Exchange Server.

“While none of these flaws are deemed critical in nature, it is a reminder that researchers and attackers are still looking closely at Exchange Server for additional vulnerabilities, so organizations that have yet to update their systems should do so as soon as possible,” said Satnam Narang, staff research engineer at Tenable.

As always, it’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any kinks in the new armor.

But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

from Krebs on Security https://ift.tt/3tKJLsI

Quadrapassel: una implementación del Tetris para tu Linux

Quadrapassel Tetris Linux

El Tetris fue un videojuego de lógica diseñado por el ruso Alekséi Pázhitnov de la Unión Soviética. Su lanzamiento se produjo en 1984, mientras trabajaba en el Centro de Computación de Dorodnitsyn de la Academia de Ciencias de la Unión Soviética en Moscú.

Su nombre proviene del prefijo griego tetra, ya que las piezas del juegos se conocen como tetrominós. Todos están compuestos por 4 segmentos distribuidos de diferente manera para generar formas diferentes que tendrás que ir colocando para completar líneas y que éstas desaparezcan con el objetivo de no saturar la pantalla…

Creo que la dinámica del juego está bastante vista ya, pero por si hay algún usuario que haya nacido más tarde a este videojuego y aún no lo conocía…

Dicho esto, el videojuego fue tan popular que se transformó en uno de los clásicos más jugados de la historia. Y, a lo largo de la historia, han ido apareciendo muchas implementaciones y variantes de todo tipo. Todas ellas muy adictivas, ya que, pese a la simple dinámica del juego, tiene algo que genera una atracción total.

Su popularidad es tal que se ha implementado para multitud de equpos, desde los Apple II, pasando por los Commodore 64, máquinas Atari, Amiga, Amstrad, ZX Spectrum, hasta nuevos Mac, PCs, videoconsolas antiguas y modernas, dispositivos móviles, para navegadores web, e incluso integrado como huevo de pascua en aparatos como los osciloscopios, para editores como Emacs, etc.

Pues bien, si quieres sentir tú mismo esa esencia que tanto atrae, y si tienes tiempos libres en los que te apetece liberar tu mente del trabajo o de los estudios y echarte una partida a algún videojuego, qué mejor que estos simples. Por eso, deberías conocer Quadrapassel.

Quadrapassel es una nueva implementación del clásico Tetris perteneciente al software de GNOME. Puedes instalarlo fácilmente en tu distro con GNOME, pero también funciona perfectamente en otros entornos de escritorio, simplemente se deberán satisfacer las dependencias de las bibliotecas y funcionarán sin problema alguno.

from Linux Adictos https://ift.tt/3w247yP