Forgot your password?

Close
typodupeerror
Security

Attacking Game Consoles On Corporate Networks 79

Posted by Soulskill
from the waggle-the-wiimote-to-lock-it-down dept.
A pair of security researchers speaking at DefCon demonstrated how video game consoles, which are becoming increasingly common break room or team-building toys, can open vulnerabilities in corporate networks. "[They] found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now. In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs."

Comment: Re:I'll follow them here too. :D (Score 4, Interesting) 293

by His name cannot be s (#31785372) Attached to: Microsoft's CoApp To Help OSS Development, Deployment

I do have one question. Why, exactly, do you think that this sort of approach is likely to be easier than doing what Apple did and simply exposing a Posix API that is actually useful?

Because, even if we could get a great POSIX experience on Windows, it leaves out Windows developers.

One of my goals is to get Windows developers in the OSS game.

On top of that, there is a hell of a lot of non-POSIX open source software on Windows that needs fixing too.

Look at it this way: Would you respect someone who told you the best way to get FireFox running on Linux was to use some sort of Windows emulation layer... Like WINE? no, because FireFox *can* compile for Linux. Same thing with nearly all Open Source I encounter. I want to get the OSS quality and experience on Windows to exceed commercial developers... it needs the most love.

Like I tell people:
Working as an open source software developer at Microsoft is like being a preacher in Vegas. I figure I'm in the single most important place in the universe that I can be.

Comment: Re:I'll follow them here too. :D (Score 4, Interesting) 293

by His name cannot be s (#31785036) Attached to: Microsoft's CoApp To Help OSS Development, Deployment

think you had no choice to choose the BSD license instead of the GPL. Had you chosen GPL, it is likely the project would have been immediately rejected by Microsoft.

That's not true actually.

I didn't tell anyone what license I was going to use until a few days ago, by which time they'd already signed the agreement.

In addition to that; as a Microsoft employee for Microsoft, I've contributed code to GPL, LGPL, BSD, PHP and Apache licensed projects.

Comment: Re:I'll follow them here too. :D (Score 4, Informative) 293

by His name cannot be s (#31784892) Attached to: Microsoft's CoApp To Help OSS Development, Deployment

As for the first five points, yes I'm aware of all of that, and I'm working to solve all of them. Some of them are not possible (mixing compilers has a lot of bad mojo) and some are solvable with some really good best practices.

1/ Microsoft are stopping using WinSxS assemblies for managing the C/C++ runtimes as it is complex to manage and get right;

Ah, Visual Studio is backing away from WinSxS. I read their justification. I didn't buy into it. I think it's a solvable issue.

2/ With XP, Microsoft were selling WinSxS as being able to deploy different versions of the binaries, but for Vista/Win7 they are now saying that WinSxS is for archival purposes (see the Engineering 7 blog)

Uh, what? I've been talking to the maintainer of the WinSxS system. He's fully supportive of my plans.

3/ It does not really work as intended in practice -- e.g. comctl32 version 6 is different in Vista/Win7 than in XP, yet the applications that reference the XP version use the Vista/7 version

It works just fine, as long as you use it correctly; if they didn't, it's not my fault. Some of the tools I'm building will make it easier not to screw up.

Comment: Re:I'll follow them here too. :D (Score 2, Informative) 293

by His name cannot be s (#31784836) Attached to: Microsoft's CoApp To Help OSS Development, Deployment

Um, then what are you doing wasting your time here on /.? Shouldn't you be locked in a caffeine fueled coding frenzy, programming until your fingers are bleeding? Open source software won't write itself, you know ;-)

I know!!!!

"His name cannot be s (16831)"

Is that a hint? Does that mean it could be one of the other 25 letters? Or maybe one of the 20 remaining consonants?

Well, ya see... with a five-digit slashdot-id I originally had "His name cannot be Spoken" as my name... then they did some database truncation about 12 or so years ago, and I lost some letters.

And ya can't change your name on Slashdot, and I didn't wanna give up my 5 digit ID. :D

Entropy isn't what it used to be.