authorization Archives

Tech Optimizer

May 1, 2026

All-in-one privacy bundle handles your VPN, antivirus, and data broker removal for $92

Surfshark One+ with Incogni is a comprehensive online privacy solution that combines a VPN, antivirus protection, and personal data removal services. The two-year plan is currently priced at .99, reduced from its regular price of 9.40. The Surfshark component includes a VPN, real-time antivirus protection, and Surfshark Alert for data breach notifications, while Incogni handles the removal of personal information from over 420 data brokers. Incogni has processed over 245 million removal requests, verified by Deloitte, and offers identity theft coverage of up to million. The service supports up to five devices and is compatible with various operating systems.

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

Winsage

April 16, 2026

Windows 11’s Recall tool has been cracked open again, and Microsoft doesn’t see that as a problem

Alexander Hagenah has developed a tool called TotalRecall Reloaded that exploits a vulnerability in Microsoft's AI feature, Recall, which manages data. Recall was designed to store AI-generated insights but was found to potentially store sensitive information in plain text, prompting Microsoft to delay its rollout. The vulnerability lies in AIXHost.exe, which lacks essential security measures, allowing unauthorized processes to extract sensitive data, such as decrypted screenshots and metadata, after user authentication via Windows Hello. Microsoft has downplayed the risks, asserting that existing security controls mitigate unauthorized access. TotalRecall Reloaded is available on GitHub for further exploration.

AppWizard

April 10, 2026

PC Gamer’s ‘first can’t-miss cozy game of 2026’ has gone missing on Steam, and some players think Tetris is to blame

PC Gamer's Mollie Taylor praised the Starsand Island demo in December 2025, while Lauren Morton called it "the first can't-miss cozy game of 2026" in February. The game is currently unavailable on Steam due to the developer, Seed Sparkle Lab, using unauthorized visual elements from a classic title in their mini-game section. They apologized for this oversight and are working on a new build to remove the contentious content. Fans speculate the classic title might be Tetris, but this is unconfirmed. Seed Sparkle has decided to temporarily delist Starsand Island and will reward current owners with the "Shining Star" outfit set once the revised version is approved. Players' progress will remain intact. The studio is enhancing its internal review processes following this incident and a previous wave of fake positive user reviews. A specific return date for the game on Steam has not been disclosed, but it is still available on the Xbox Store.

Winsage

April 7, 2026

What is the Microsoft Windows game that Iran is ‘using’ to tease Donald Trump

The United States and Iran are engaging in digital tensions, with Iranian embassies using social media for pointed critiques of President Trump. A notable instance occurred when the Iranian consulate in Mazar-i-Sharif shared a satirical video combining gameplay from the 90s game Minesweeper with a map of the Strait of Hormuz, humorously highlighting Trump's navigation efforts. The video features animated explosions and sarcastic text, emphasizing the risks associated with US navigation in the strategically important waterway. Iran has stated it deployed mines in the Strait of Hormuz to control maritime traffic, and the use of Minesweeper in this context serves to illustrate the dangers of navigating these waters.

Winsage

April 6, 2026

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code for a Windows privilege escalation vulnerability, named BlueHammer, has been released, allowing attackers to gain SYSTEM or elevated administrator permissions. This zero-day vulnerability was disclosed by a researcher, Chaotic Eclipse, who expressed frustration with Microsoft's handling of the issue. The exploit combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, granting local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts. While the exploit is confirmed to work, it has been found unsuccessful on Windows Server due to bugs that hinder its effectiveness. Attackers can gain local access through various means, raising significant security risks. Microsoft has not yet responded to inquiries about the BlueHammer flaw.

Winsage

April 3, 2026

Man admits to locking thousands of Windows devices in extortion plot

A former core infrastructure engineer, Daniel Rhyne, admitted to locking Windows administrators out of 254 servers during an extortion attempt against his employer in Somerset County, New Jersey. Rhyne accessed the company's network without authorization from November 9 to November 25, deleting network admin accounts and altering passwords for 13 domain admin accounts and 301 domain user accounts to "TheFr0zenCrew!". He also scheduled tasks to modify passwords for two local admin accounts affecting 3,284 workstations and planned to shut down random servers and workstations in December 2023. On November 25, he sent a ransom email demanding 20 bitcoin, claiming IT administrators were locked out and server backups erased. Forensic investigators found he used a concealed virtual machine to plan his actions. Rhyne was arrested on August 27 and faces charges related to hacking and extortion, with a potential maximum sentence of 15 years in prison.

Winsage

March 31, 2026

The March Windows 11 Insider Update adds 9 fresh features and improvements worth knowing

- Microsoft has introduced several enhancements for Windows 11 through its Windows Insider Program, including previews for versions 25H2, 26H1, 26H2, and anticipated version 27H2. - The Pointer Indicator feature, starting with build 26300.8085, helps users with low vision locate the mouse pointer by overlaying a crosshair effect and offers customizable color options. - A redesigned Feedback Hub app aligns with Windows 11 aesthetics and improves user experience for feedback submission, including Bluetooth LE Audio device connections and main volume controls in Quick Settings. - The File Explorer context menu now displays application icons alongside the "Open" option for certain file types, available in the Canary Channel with build 28020.1743. - The Administrator Protection feature, introduced in builds 26300.8142 and 26220.8138, prompts an authorization dialog for unsigned or untrusted applications seeking privilege elevation, enhancing security. - Windows 11 now allows customization of the right-click zone size on touchpads, available under Settings > Bluetooth & Devices > Touchpad, for touchpads with a pressable surface. - Task Manager updates include new columns for "NPU" and "NPU Engine" on various pages, as well as columns for "NPU Dedicated Memory" and "NPU Shared Memory" on the Details page. - A new icon in printer settings indicates which printers support Windows Protected Print mode, enhancing printing security. - The Windows Console is undergoing significant changes, merging improvements from Windows Terminal, including an optional Direct3D rendering path and enhanced Find dialog functionality.

AppWizard

March 21, 2026

Russia thwarts protests over the blocking of a popular messaging app, but frustration persists

Authorities in nearly a dozen Russian regions have employed various justifications to cancel demonstrations against internet censorship and the blocking of Telegram, including citing "tree inspections," snow removal issues, and COVID-19 restrictions. Activists have largely refrained from unauthorized rallies due to increased crackdowns, opting instead for court challenges or smaller indoor gatherings. Telegram, with approximately 93.6 million users in Russia, is crucial for communication among government agencies and military bloggers, despite the government's push for a state-backed alternative. Protests against Telegram's restrictions have occurred, even among groups typically supportive of the Kremlin, with some activists being detained during attempts to demonstrate. Instances of small pickets have emerged, although many requests for rally permits are denied. Legal actions against the government regarding Telegram's restrictions have also begun, with a growing number of plaintiffs challenging the measures as violations of free speech and privacy rights.

AppWizard

March 13, 2026

F-Droid says Google’s Android developer verification plan is an ‘existential’ threat to alternative app stores

Developers distributing apps outside of Google's Play Store will be required to register with Google in certain countries starting in September, with plans for global expansion by 2027. This policy aims to enhance security by removing anonymity from developers but comes with a registration fee and the need for government identification. F-Droid, an open-source app repository, has raised concerns that this policy could threaten its existence by mandating a single signature for all apps. F-Droid initiated a public campaign against these changes, garnering support from various organizations. Despite some interest from regulators, progress is slow, and there are fears that Google's verification program may be implemented before any regulatory action occurs. F-Droid encourages developers to avoid signing up for the early access program and has launched a petition to voice concerns.