Hacker takes out dark web hosting service using well-known exploit

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.   img 20170203 161836

On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.

The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the “dark web” is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked.

Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.

“What we found while searching through your server is more than 50% child porn…” the hacker wrote in the message left on the site. “Moreover, you host many scam sites, some of which are evidently run by yourself to cover hosting expenses.”

In an email to the IDG News Service, the hacker explained how the breach came about. “I just recently read an article about a well-known exploit that some hosting providers fell victims of many years ago,” the person said.

Freedom Hosting II worked as a free service that allowed anyone to sign up and create a site on the dark web. However, starting on Jan. 30, the hacker gained access to its web server, using a 20-step method.

screen shot 2017 02 06 at 9.44.57 amMichael Kan
The method the hacker claims to have used.

The hack essentially involved starting a new site on Freedom Hosting II and creating a link to gain access to the service’s root directory. This allowed the hacker to browse the entire server.

“I was just curious at first,” the person said. “I had reading permissions to everything the web server could get access to just by creating a symlink to.”

After coming across child porn sites, the hacker decided to take over Freedom Hosting II by altering its configuration file to trigger a password reset.

“Once I found out what they were hosting, I just wanted to shut them down,” said the hacker, who’s also been circulating what he stole through a torrent file.

The dump includes 74GB of files and a 2.3GB database from the service, the hacker claims.

“The IP of the server has been leaked, which potentially could reveal the admin’s identity,” the hacker added.

Chris Monteiro, a cybercrime researcher based in the U.K., has been looking through the data dump, which he said appears to be real. The information includes the sites that Freedom Hosting II had been operating, along with the admin credentials to access them.

The dump also appears to contain a client database, meaning that anyone who used Freedom Hosting II might be exposed, Monteiro said.

“We’re going to see emails, usernames, all of which can be used by law enforcement for prosecution of people,” he said.

In addition, the dump contains forum posts from users mentioning sex with minors, the sale of hacked internet accounts, and files that reference botnets and online scamming.

Freedom Hosting II was the largest shared hosting service on the dark web, Monteiro said. It was specifically designed for users who wanted anonymous hosting, but who lacked the know-how to set it up, he said.

However, many of the sites hosted by the service were probably small. “I doubt we’ll find any large sites operating child porn,” he said of the data dump.

According to the hacker’s message, Freedom Hosting II was responsible for 10,613 sites. However, the database dump indicates that a vast majority of those sites had only a few dozen or hundreds of user visits.

Troy Hunt, a data breach expert, said in a tweet that he noticed the database dump contained 381,000 email addresses.

“Law enforcement will absolutely have this data, it’s very public. It also obviously has many real email addresses in it,” he tweeted.

Privacy researcher Sarah Jamie Lewis has also been researching Freedom Hosting II. In October, she wrote that the service had been hosting sites that sold counterfeit documents and stolen credit card numbers, in addition to those that operated as personal blogs and web forums.

Beware! Malware distributors are switching to less suspicious file types

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.LNK and SVG file types are abused to distribute malware.

Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.

PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.

In the recent campaign seen by Microsoft, the malicious LNK files contained a PowerShell script that downloaded and installed the Kovter click fraud trojan. The same technique has been used in the past to distribute the Locky ransomware.

On Thursday researchers from Intel Security warned that PowerShell can also be used in so-called fileless attacks, where the malicious code is launched directly into memory and nothing is saved to disk for endpoint security products to detect.

“You may think that you are protected from fileless malware because your PowerShell execution policies are set to ‘Restricted’ so that scripts can’t run,” the Intel Security researchers said in a blog post. “However, attackers can easily bypass these policies.”

Another file type used to distribute malware in recent months has been SVG (Scalable Vector Graphics). While many people correctly associate .SVG files with images, it’s a little-known fact that such files can actually contain JavaScript.

Attackers have been using SVG files to execute obfuscated JavaScript when users open what they believe to be images inside their browsers. These obfuscated scripts are used to launch malicious file downloads, incident responders from the SANS Internet Storm Center warned in a recent report.

Google plans to block JavaScript file attachments in Gmail starting February 13, regardless of whether they’re attached directly or within archive files like ZIP. Such restrictions from email providers will likely force cybercriminals to find alternative file formats that allows hiding malicious code.

Banning LNK or JS file attachments is easy, because it’s rare for people to send such files via email. However, banning SVG might prove impractical since it’s a widely used image format.

You can now make smart gadgets and IoT devices that use Bluetooth 5

In a few months, Bluetooth 5 will finally arrive in smartphones and tablets. But you can already test the technology on developer boards being shipped by hardware makers.launchxl cc2640r2 launchxl cc2640r2

Bluetooth 5 is a major step ahead for the venerable technology, which was introduced in 1999 to hook up devices wirelessly. It is two times faster than predecessor Bluetooth 4.2, has four times longer range, and boasts cool new connectivity features.

It can transfer data at speeds of up to 2Mbps (bits per second) and has a realistic range of 120 meters. The range could be even longer in a clear line of sight, the standards setting organization Bluetooth Special Interest Group said.

That’s good news for those who pair mobile devices or PCs to peripherals like wireless speakers. There will be fewer connection drops.

A Bluetooth device will also transmit data from one device to many, a feature that will be beneficial in smart homes. For example, if a surveillance system detects a thief, it could use Bluetooth 5 to simultaneously activate the safety light and the alarm system.

The new wireless standard can also broadcast richer data, like location information and URLs. That could be useful in retail stores or even self-driving cars, which transfer navigation data.

Bluetooth 5 will reach devices in two to six months, the Bluetooth SIG said in December. Some of the first devices could be smartphones and tablets with Qualcomm’s Snapdragon 835 chips, which has Bluetooth 5 in the chipset.

But you can start testing Bluetooth 5 with wireless boards now shipping. The boards will be particularly handy for tinkerers prototyping gadgets or developing internet of things devices for automation or industrial settings.

Wireless boards like Particle and Espressif Systems—which primarily use Wi-Fi—are extremely popular, but other boards with Bluetooth 5 functionality are available or are coming soon.

If you’re developing prototype gadgets, Abelon Systems’ Internet of Things Reference Platform will offer a range of wireless connectivity technology, including support for Bluetooth 5. It will also support ZigBee and the emerging low-bandwidth IoT connectivity technologies like SIGFOX or LoRaWAN. On-board sensors include an accelerometer, gyrometer, and magnetometer, but other sensors could be attached through interfaces. It has the popular I2C and UART connector interfaces. It will ship later this year, and the price wasn’t immediately available.

Nordic’s nRF52840 Preview Development Kit, which is priced between US$40 and $50, is a development board on which small electronics can be developed. The board is compatible with Arduino Uno Revision 3, a popular electronics development environment. It has a 64Mhz Cortex-M4F processor, 1MB of integrated flash storage, and 256KB of RAM. It supports ARM Mbed, a cloud-based development platform. It also has an NFC interface and a wide number of connectors. It also has a USB 2.0 interface.

Texas Instruments was one of the first to jump on the Bluetooth 5 bandwagon, and its $29 Launchpad Board wireless development kit is designed to test Bluetooth 5 applications in IoT settings. The board will be upgradeable to Bluetooth 5 when the full firmware stack is released. It has a 48Mhz ARM Cortex-M3 processor and a set of inputs to connect sensors. It is available on TI’s website.

TV maker Vizio pays $2.2M to settle complaint that it spied on users

Popular smart TV maker Vizio will pay US $2.2 million to settle complaints that it violated customers’ privacy by continuously monitoring their viewing habits without their knowledge.TV maker Vizio will pay $2.2 million to resolve a privacy complaint.

Beginning in February 2014, the California TV maker tracked what TV shows customers were watching on 11 million TV sets sold in the U.S., the U.S. Federal Trade Commission and the Office of the New Jersey Attorney General said in a complaint, released Monday.

Vizio smart TVs captured “second-by-second” information about video displayed, including video from consumer cable service, broadband, set-top boxes, DVDs, over-the-air broadcasts, and streaming devices, according to the complaint.

A stipulated federal court order requires Vizio to prominently disclose and obtain consent for its data collection and sharing practices, and it prohibits the company from misrepresenting the privacy and confidentiality of consumer information it collects. The order also requires Vizio to delete data collected before March 1, 2016.

The settlement will set a new standard for “best industry privacy practices” for smart TVs and other home devices, Vizio said in a statement. Vizio’s data collection program “never paired viewing data with personally identifiable information such as name or contact information,” Jerry Huang, the company’s general counsel, added in the statement.

The FTC’s complaint “made clear that all smart TV makers should get people’s consent before collecting and sharing television viewing information and Vizio now is leading the way,” Huang added.

Vizio added specific demographic information to the viewing data it collected, including gender, age, income, marital status, household size, education level, home ownership, and household value, the agencies alleged. Vizio sold this information to third parties, who used it for purposes such as targeting advertising to consumers across devices, according to the complaint.

Vizio touted its “Smart Interactivity” feature that “enables program offers and suggestions,” but the company failed to inform consumers that the settings also enabled the collection of consumers’ viewing data, the agencies alleged. The data collection was unfair and deceptive, in violation of U.S. and New Jersey consumer protection laws, the agencies said.

Abut $1.5 million of the settlement will go to the FTC and $1 million to the New Jersey Division of Consumer Affairs, with $300,000 suspended.

Smart TVs from Samsung and LG Electronics have also been accused of monitoring their users in recent years.

This story was updated to include Vizio’s comments in the fifth to seventh paragraphs.

Microsoft’s Email Insights finally adds some useful search smarts to Outlook

Email Insights, a new experimental app from the Microsoft Garage, is the answer to a problem Google’s Gmail solved more than a decade ago: how to search Outlook and find exactly what you want.email insights search

Google’s Gmail gained enormous traction in part because it allowed a quick, convenient way to search emails. Today, you can search Outlook, but it arranges the results in order with no real preference given to what might be most relevant.

Email Insights works with both your Microsoft Outlook desktop application as well as Gmail, and attempts to bring the three most relevant results to the top of your inbox via an “intent pane.” The tool also provides contextual autocomplete, spelling correction and a fuzzy name search that will pull up the name of a contact, even if you’re not entirely sure how to spell it.

email insights intent pane

The “intent pane” within Email Insights brings up relevant search results to the top of your inbox.

Users can open tabs within Email Insights to perform multiple searches. The search box can also be used to fire off a quick, one-line email to a contact, or even set up a quick meeting—functions that are becoming more common in the notifications window within smartphones.

If you’d like, you can even “detach” the Email Insights toolbar from Outlook itself and drag it down to your taskbar, Microsoft said.

 Let’s face it: Gmail is still easier to use than Outlook, at least where everyday email searches are concerned. If Email Insights proves as useful as it sounds, maybe Outlook will incorporate it into a future release. The problem, though, is that this app is being published via Microsoft Garage, Microsoft’s online home for app experiments. If you like Email Insights, encourage others to download it, too. Otherwise, Microsoft could kill it, as it recently did with Cache, its erstwhile Google Keep killer.

Final Android Wear 2.0 Developer Preview lands, bringing iOS support

As promised last year, Google has released the fifth and final version of the Android Wear 2.0 Developer Preview, paving the way for the full release of the wearable OS and urging developers to get their apps ready for next month’s launch.Android Wear

While the release mostly brings bug fixes and general performance improvements, there are a few standout features. Most notably, the new version brings iOS support for the new on-watch Play Store, letting iPhone users enjoy the same standalone application experience as Android users. Additionally, Android Wear apps running on watches paired with iOS devices will be able to perform phone “hand-off flows” for launching web pages on the linked iPhone. The new update also optimizes the available network bandwidth for standalone apps, in an effort to save battery life.

android wear ios
The final release of the Android Wear 2.0 Developer Preview brings full iOS support.

Also included is a new navigation drawer feature, which lets you “flip a flag to toggle to the single-page, icon-only action drawer,” providing faster navigation to different views inside apps. Furthermore, the new update brings support for NFC Host Card Emulation to open up Android Pay support on supported watches.

Google has already announced that Android Wear 2.0 will be launching in early February, so developers who want to support it at launch need to submit their apps as soon as possible. As Google explains, “The final developer preview includes an update to the Wearable Support Library. Apps compiled with API level 25 and this support library are considered ready for deployment in the Google Play Store.”

It’s almost here! We’ve been waiting patiently for the release of Android Wear 2.0 since we first laid eyes on it last May at Google I/O, and it’s finally ready to launch in just a few weeks. If you own one of the supported watches, you’ll be able to play with it soon enough (though Android Pay support will be limited to models with NFC chips), and a whole new crop of wearables is sure to take advantage of the new features, starting with Google’s own offering.

This story, “Final Android Wear 2.0 Developer Preview lands, bringing iOS support” was originally published by Greenbot.

Lenovo tunes N23 Yoga Chromebook for Android apps with ARM processor

Some Chromebooks released this year will be able to run Android apps from the Google Play Store. Lenovo has tuned its new N23 Yoga Chromebook 2-in-1 to effectively run Android mobile apps.lenovo N23 Yoga Chromebook

PC makers are taking a page from smartphones and tablets and adding touchscreens to Chromebooks. Many new models can be interchangeably used as laptops or tablets.

More Chromebooks are also getting ARM processors — which dominate in smartphones and tablets — to effectively run Android apps. Most Chromebooks today have Intel x86 chips, which dominate in PCs, but Android apps best run on ARM processors.

Lenovo, for the first time, is using an ARM chip in the N23 Yoga Chromebook 2-in-1, breaking its long-time reliance on x86 chips. The device has an 11.6-inch touchscreen, and it can be used as a tablet or laptop thanks to a hybrid design.

The N23 Yoga is “optimized to run the Google Play Store apps,” Lenovo said in a blog entry.

The device will start shipping in April, with the price starting at US$279. It will first ship in the U.S. and then worldwide.

In addition to Lenovo, Samsung and Acer have also plugged ARM chips into 2-in-1 Chromebooks designed to support Android apps. Samsung at CES announced new Chromebook Plus, which uses an ARM-based homegrown six-core Exynos chip, and Acer last year announced its Chromebook R13, which uses another ARM chip, the MediaTek’s MT8173c chip.

Chromebooks can deliver a better mobile experience with Android application compatibility, so using ARM processors makes sense, said Jim McGregor, principal analyst at Tirias Research.

Chromebooks with Intel chips will be able to run Android apps, but they come from a PC background. ARM chips have a mobile heritage, and that is why Lenovo may have put the MediaTek chip in the N23 Yoga, McGregor said.

The N23 Yoga has serious horsepower with the MediaTek chip, which is based on ARM’s latest Cortex-A72 core. The MT8173c chip was originally designed for smartphones and tablets, and it has an integrated PowerVR graphics core, which can handle 3D gaming and high-definition video.

The device offers 10 hours of battery life, weighs 1.35 kilograms and has up to 4GB of RAM and 32GB of storage. The screen displays images at a 1366 x 768-pixel resolution. It also has HDMI, USB Type-C, and USB 3.0 ports.

But Lenovo hasn’t entirely ignored Intel. It separately announced an N23 Chromebook with Intel’s “next-generation” Celeron chip, which may be the processor code-named Apollo Lake. It’s a standard laptop with an 11.6-inch 720p screen. It also has two USB 3.0 ports, an HDMI port, and a 2-in-1 card reader. It will be available next month starting at $199.

The PC maker also announced the rugged ThinkPad Chromebook 11e family of rugged laptops with Intel’s latest quad-core Celeron chip. The Chromebook Yoga 11e has a 2-in-1 hybrid design, while the ThinkPad Chromebook 11e has a standard laptop design. The devices have up to 32GB of storage and up to 8GB of RAM. The devices have USB-C ports, one USB 3.0 slot, and offer 10 hours of battery life.

The ThinkPad 11e Chromebook will start at $369, while the ThinkPad 11e Yoga Chromebook will start at $449, and both will ship in May.

GPG Suite updated for secure email on OSX Sierra

GPG Suite, an application that brings encrypted email to Mac OS, is now available in public beta for Sierra.code programming software bugs cybersecurity

The software package had been compatible up to El Capitan but wasn’t working with Sierra, which was released by Apple in September. The new software can now be downloaded from the GPG Tools website.

It adds support for the OpenPGP encryption standard, which is an open-source version of the PGP encryption package first developed in 1991.

Four software apps are contained in the package:

— GPG Mail is a plugin for Apple Mail that allows users to encrypt, decrypt, sign, and verify mails sent using OpenPGP.

— GPG Keychain is a manager for encryption and decryption keys. GPG Services is a plugin that adds GPG encryption to many other applications, and MacGPG is the software that ties it all together.

— OpenPGP is a public-key encryption system, which requires users to create two keys. A public key which is shared widely and a private key which is kept confidential.

Under the system a user, Alice, encrypts a message to a second user, Bob, using Bob’s public key. Once done, it can only be decrypted using Bob’s private key.

Macworld published a guide to setting up the software in 2015.

In the last several months, encrypted messaging has gotten a higher profile. WhatsApp began encrypting all messages by default in 2016, and secure SMS app Signal has seen a rise in users in the weeks since Donald Trump was elected president of the U.S.

The encryption used in all the systems means messages are kept secure as they traverse the internet and telecom networks to their recipient.

In PC comeback, ARM will battle Intel in Chromebooks and Windows 10

ARM tried to break into the PC market but had a disastrous outing starting with Linux-based smartbooks and then tablets with Windows RT.Lenovo's N23 Yoga Chromebook

But ARM is launching a comeback in PCs, and the third time could be a charm. ARM chips could emerge as a threat to Intel’s x86 as super thin laptops get smartphone-like usability with cellular connectivity and long battery life.

The comeback for ARM is starting with Chromebooks, with more models hosting the chip architecture. Lenovo’s new N23 Yoga Chromebook — a 2-in-1 with an 11.6-screen — has MediaTek’s quad-core MT8173c chip, based on ARM.

At CES, Samsung announced Chromebook Plus, which uses an ARM-based Exynos chip. Acer last year shipped the Chromebook R13 with the MediaTek MT8173c chip. The ARM-based Chromebooks have flexible designs and can be used as laptops or tablets.

All Chromebooks due for release this year will be compatible with Android mobile apps in the Play Store. That’s where ARM holds an advantage over x86 — most Android apps are designed for ARM, which dominates in mobile devices.

Most Android smartphones and tablets have ARM chips, so it’s common sense to put them in Chromebooks, said Jim McGregor, principal analyst at Tirias Research.

Later this year, ARM will appear in Windows 10 laptops powered by Qualcomm’s Snapdragon 835. The laptops are being called “cellular PCs,” which will include smartphone-like capabilities of cellular connectivity and long battery life.

ARM has ruled the mobile market but has failed to make a dent in laptops and desktops, despite multiple attempts by PC makers to introduce products. The most notable failures are around the tablets with Microsoft’s Windows RT OS, which found no adopters.

But as more data moves into the cloud, the time is ripe for ARM to make a comeback to Windows PCs and Chromebooks, McGregor said.

Application compatibility was a big reason Windows RT devices failed, McGregor said. At the time, ARM could not support most of the legacy Windows applications, but that won’t be an issue anymore.

The ARM-based Windows 10 PCs coming later this year will have an emulator to run legacy Windows apps. Any application that runs on x86 chips will also run on ARM chips, said Cisco Cheng, a Snapdragon evangelist at Qualcomm.

Qualcomm’s Snapdragon 835 chip will also bring new features to laptops. The chip has a superfast cellular modem that can download data at speeds of up to 1Gbps (bits per second). It also has quick charging features, Bluetooth 5, and 4K graphics. Laptops will be thin and offer long battery life.

But PC makers are cautious and don’t want to commit to releasing an ARM-based Windows 10 PC quite yet. But PC makers are showing enthusiasm for the idea of superthin laptops with long battery life that can remain connected to mobile networks all day.

Dell is waiting to test the hardware before committing to releasing an ARM-based Windows 10 laptop, said Raza Haider, vice president for commercial client products at Dell.

But the idea of an ARM-based cellular PC is attractive, and Dell wants to offer all kinds of laptop options to its clients, Haider said.

HP declined to comment on whether it wants to release an ARM-based Windows 10 PC. However, the company already offers the Elite X3, a Windows 10 Mobile smartphone with an ARM chip that can double as a PC in a pinch. That could open the door for an ARM-based Windows 10  laptop in the future.

Lenovo declined to comment on its plans for an ARM-based Windows 10 PC. Lenovo has been shy about adopting ARM-based chips for its laptops and desktops, but the N23 Yoga is its first Chromebook with a non-x86 chip.

Microsoft today is mostly reliant on x86 for the Windows OS, and is turning to ARM because it wants to compete in the mobile world, Jack Gold, principal analyst at J. Gold Associates, said in a research note.

It’s in Microsoft’s best interests to make Windows 10 compatible with ARM, and cellular PCs may be just the way to break the long-standing Wintel alliance, Gold said. It will also give Microsoft more flexibility to deploy the Windows OS.

For device makers, competition between ARM chips and x86 is a good scenario. It gives PC makers more choices to add to their product mix and gives them more leverage in negotiations with Intel.

In the end, the adoption of ARM boils down to the price of laptops. Lenovo’s N23 Yoga Chromebook is aggressively priced starting at US$279, but the ARM-based Windows 10 cellular laptops may be much more expensive.

The Snapdragon 835 is an expensive, top-line chip that will appear in smartphones priced above $500, and there’s no way laptops including the chip will cost less than that, Gold said.

Intel will still offer x86 PC chips for low-cost PCs and continue to dominate that market. Another threat for Intel is coming from AMD’s Ryzen chips in the high-performance x86 PC market.

The failure of Windows RT on ARM-based tablets is also fresh on the minds of PC makers. If PC makers find a considerable amount of application compatibility issues on ARM-based Windows 10 PCs, that could affect the adoption. Microsoft has demonstrated applications on ARM-based Windows PCs, but extensive independent tests haven’t yet been conducted.

ARM licenses chip designs but isn’t aggressively chasing the PC market. It’s the chip and device makers licensing ARM designs that want to put the chips in as many devices as possible. But the opportunity to strike a blow to x86 in Chromebooks and Windows PCs is real this time round, and PC makers will investigate it, McGregor said.

If you want to be an Xbox Insider, Microsoft says you’ll now have to earn it

If you want Microsoft to let you through the velvet of rope of its Xbox Insider programs, be prepared to earn it—and up through four different tiers of beta access, to boot.Creators Update updated home xbox one

A Microsoft support post from Monday night confirms that there are now four rings of beta access within the Insider program, not one, and that applicants will literally be judged on how they participate to earn access. Only the most worthy will get to try out upgrades like the excellent Creators Update features for the Xbox One being rolled out now.

Users who are already part of the Xbox Insider program won’t have to do anything. They will find themselves automatically moved over and assigned to the new hubs over the next several weeks, Microsoft said.

The new rings of Xbox Insiders include the highest-priority ring, Alpha, followed by Beta, Ring 3, and Ring 4. Microsoft’s description of the new program utilized both the velvet glove as well as the iron fist: Users were concerned with the frequent updates that Microsoft pushed to Insiders, so the new tiers offer users a way to match the availability of new beta experiences to what users prefer.

There’s a catch, naturally: If you to advance through the ranks, so to speak,you’d better actually use the new software, test it, and provide enough feedback to justify including you. And if you take a break, sorry—your Xbox could drop to a lesser-priority ring while you relax on the beach.

 This is an enormous change to the way Microsoft treats its Insiders, allowing the true believers better access. There’s no indication that those fans will receive any news or information early, but it certainly allows those with an extra box or a real lust to be rewarded for their loyalty. It’s too early to tell, though, how Xbox Insiders will respond. Another question hanging in the air: Will Microsoft set up a similar program for Windows Insiders?

Creators Update updated guide xbox one

Microsoft

The new Creators Update for the Xbox One includes a new Guide, which Insiders have already.

Microsoft explains the rings in this way:

 The Alpha ring is the “cutting edge,” Microsoft says, and members will receive two to three updates per week, gaining access to new features and fixes “at the expense of potential bugs.”

 The second Preview ring will receive just one to two updates per week, with slightly less risk of encountering bugs.

The third Preview ring will receive about two to three updates per month, with system updates arriving even less frequently.

The fourth and final Preview ring typically receives new system updates about once per month. These builds are just about ready for public release, so will be the least buggy.

xbox clubs

Upgrades like Clubs have rolled out to Insiders first.

Naturally, the way in which users advance and fall back through the rings is the most interesting aspect of the whole program.

To confirm their ring ranking, Xbox One owners can open the Xbox Insider Hub on the Xbox One and check the System tab. That tab will also allow users to apply for upper-echelon rings, but only if their participation has potentially qualified them. If they’re nowhere near worthy, that option won’t appear.

“Xbox Insiders earn the right to participate in the respective Preview rings based on their activity, which is judged by Xbox Insider XP, forum activity, and overall console usage,” Microsoft’s post says. Users can move up through the four rings by completing quests, surveys, quick polls, and ratings within the Hub app; participating in games and betas, providing feedback via the official forums; reporting bugs, and simply using the console.

The three top-tier rings have limited capacity, according to Microsoft. The company said it will review each user’s status regularly and invite them to join a higher tier via a system message.

Naturally, users can also fall from grace. If your account drops significantly due to inactivity, you’ll be bounced to Ring 4, the lowest-tier ring, and be forced to work your way back up. Ring 4 is as far as you’ll fall, though, unless you voluntarily opt out of the Xbox Insider program entirely.

Thoughts? Microsoft knows this is a big change and wants your feedback. Presumably, posting in the support thread could boost your Insider standing as well.

To comment