Microsoft acknowledged death of Windows Phone

Is it worth "crying about" death of Microsoft Windows Mobile? Let's figure out
11 October 2017   1665

Recently, Microsoft official announced that they stop "building new features" for Windows Mobile 10. This was reported by the Joe Belfiore, Corporate Vice President in the Operating Systems Group at Microsoft.

Also, he said that "as and individual user, I switched platforms." 

The fact that Windows Phone is a "dead" platform is not a new for everyone. Verde ascertained death of the platform in January 2016. They pointed to the constant sales drop Lumia phones and to the fact that such phones were sold for an order of magnitude less than devices on iOS and Android: 110 million versus 4.5 billion (Androids plus iPhones).

In 2015 and 2016, Microsoft conducted massive layoffs of employees from mobile units - the work lost several thousand people.

But Windows 10 Mobile update was released in September 2017. It has some bugfixes and new features, like 2FA. 

The main reason of the platform's death is low quality and quantity of available apps. 

At the end of September, even Bill Gates reported on the rejection of the Windows phone: during an interview about Steve Jobs and new iPhones, he told that he switched to Android "with a bunch of programs from Microsoft." 

So, is it a big pitty that Windows phone died? We've made small research of search engine trends, and here's what we've found.

Search Trends
Search Trends

On a chart above, blue line is a popularity of Andoid, red line - iOs and yellow - Windows Mobile. As you can see, Windows Mobile was on the one level with other operating systems only 10 years ago, at the age of smartphones. So, there is no need to cry about the death of Windows Mobile OS.

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1559

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.