Month: December 2015

(credit: CyberHades)

Today, Microsoft issued three new security advisories and a dozen new patches in the company’s monthly round of security updates. And one of the advisories was apparently the result of a security fumble by Microsoft's internal IT team—the inadvertent disclosure of the private encryption keys for a wildcard SSL/TLS certificate.

The certificate, which was used for Microsoft's xboxlive.com domain, has been revoked on Microsoft's Certificate Trust list, but it could potentially be used to attack systems that haven't been updated in man-in-the-middle attacks that "spoof" the Xbox Live network. Microsoft isn't saying how the certificate was "inadvertently disclosed", but it's likely that the "wildcard" certificate was accidentally shared with a partner. It's unlikely that the certificate will be used for an attack now that it's been revoked, but systems that don't regularly get their certificate trust lists updated might still be vulnerable.

System administrators have a bigger headache to deal with: an update issued today for Microsoft Windows DNS that patches a remote code execution vulnerability. Rated "critical" by Microsoft, the bug in DNS affects Windows Server 2008 and later. It could allow an attacker to send a "specially-crafted" Domain Name Service request to a Windows DNS server that can run commands on the server with the permissions of the Local System account—giving the attackers a wide range of access to the server that could easily be escalated.

Apple today released updates for the operating systems that power iPhones, iPads, Macs, Apple Watches, and Apple TVs. iOS 9.2, OS X El Capitan 10.11.2, WatchOS 2.1, and tvOS 9.1 are all available on their respective devices.

iOS 9.2: Apple Music is now slightly better

Available for devices going back to the iPhone 4S, iPod Touch 5th generation, and iPad 2, this iOS update includes a few minor improvements for Apple Music:

• You can now create a new playlist when adding a song to a playlist
• Your most recently changed playlist is now listed at the top when adding songs to playlists
• Download albums or playlists from your iCloud Music Library by tapping the iCloud download button
• See which songs have been downloaded with the new download indicator next to each song in My Music and Playlists
• See works, composers, and performers while browsing Classical music in the Apple Music catalog

iBooks has a couple of improvements, including support for 3D Touch on the iPhone 6S "to peek and pop pages from the table of contents, your notes and bookmarks, or from search results inside a book." iBooks also now supports listening to an audiobook while you read other books or search for books in your library or the store.

Sounds like we have a few more months to wait for the retail version of this bad boy.

Earlier this year, Valve and HTC insisted that at least a few eager virtual-reality fans would be able to get their hands on the fruits of their partnership, the HTC Vive, by the end of 2015. However, hard news about the system, which combines a headset, two tracking stations, and two handheld wand controllers, proved hard to come by as 2015 drew to a close, and on Tuesday, we learned exactly why.

A post at HTC's official blog (Google cache here) revealed that the company was delaying Vive's retail launch until April 2016. No other hard details about the launch, including an exact release date, pricing information, or number of units shipping across the world, were included in the announcement.

Instead, the news post buried that delay announcement by talking about Vive-related initiatives in the near future, including a Vive-specific conference in Beijing on December 18, a presence at this January's Consumer Electronics Show, and plans to make 7,000 Vive dev kits "available" to creators at the "start" of 2016. HTC will also host VR demos at upcoming expos such as the Game Developers Conference, South by Southwest Interactive, and the Sundance Film Festival.

Art of Fighting 2—and 18 other SNK Neo-Geo classics—can now be played legally and easily in a Chrome or Firefox web browser thanks to this week's killer Humble Bundle sale.

Though we're big fans of getting cheap games via the Humble Bundle service (and giving to charity in the process), it's easy to lose track of its zillions of sales and promotions. But Tuesday saw the service launch a particularly unique sale that we couldn't pass up: a giant bundle of classic Neo-Geo games that comes complete with a portal to immediately emulate and play them in a Web browser.

Shoppers can pay whatever they want to access eight games in this 25th anniversary sale, while paying $10 or more unlocks the bundle's current 20-game selection—including new-to-PC ports like Garou: Mark of the Wolves and Samurai Shodown V Special. Only one game, King of Fighters 2002 Unlimited Match, requires a Windows PC and Steam to launch; the rest can be played on any Firefox or Chrome Web browser via a DotEmu emulator built into Humble's site. Humble recommends at least an i3 processor and 4GB of RAM for play via HTML5, and if you're not sure whether your rig can handle the Web browser versions—or if your favorite PC gamepads work as well in the HTML5 version as ours did (including multiplayer)—Humble's sale site includes the full version of Metal Slug 3 for anyone to try for free.

Offline versions of the remaining 19 games can also be downloaded for Windows, Mac, or Linux in a DRM-free Neo-Geo emulator wrapper; only four of those will also work on Steam. We picked through a few of the sale's downloads to find ROM files that are compatible with the popular Multi Arcade Machine Emulator (MAME), meaning classic-gaming purists with dedicated MAME boxes now have a far more legal and frugal way to load classics like The Last Blade and King of the Monsters in their home arcade cabinets.