schwit1 shares a report from MIT Technology Review: Early last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase's popular exchange platform. Its blockchain, the history of all its transactions, was under attack. An attacker had somehow gained control of more than half of the network's computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once -- known as "double spends." The attacker was spotted pulling this off to the tune of $1.1 million. Coinbase claims that no currency was actually stolen from any of its accounts. But a second popular exchange, Gate.io, has admitted it wasn't so lucky, losing around $200,000 to the attacker (who, strangely, returned half of it days later).

Just a year ago, this nightmare scenario was mostly theoretical. But the so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry. [...] In short, while blockchain technology has been long touted for its security, under certain conditions it can be quite vulnerable. Sometimes shoddy execution can be blamed, or unintentional software bugs. Other times it's more of a gray area -- the complicated result of interactions between the code, the economics of the blockchain, and human greed. That's been known in theory since the technology's beginning. Now that so many blockchains are out in the world, we are learning what it actually means -- often the hard way.

An AI-enhanced tool that suggests code snippets for Python developers in real time just raised $17 million in VC funding to expand its R&D team "with a focus on accelerating developer productivity."

An anonymous reader quotes VentureBeat: "Our mission is to bring the latest advancements in AI and machine learning (ML) to make writing code fluid, effortless, and more enjoyable," explained [founder Adam] Smith. "Developers using Kite can focus their productive energy toward solving the next big technical challenges, instead of searching the web for code examples illustrating mundane and frequently repeated code patterns...."

Instead of relying on the cloud to run its AI engine, Kite now runs locally on a user's computer, letting developers use it offline and without having to upload any code. (Kite still trains its machine learning models with thousands of publicly available code sources from highly rated developers.) Furthermore, running locally allows Kite to fully operate with lower latencies... In addition to ditching the cloud, the new version of Kite brings a feature the team calls Line-of-Code Completions. Until now, Kite's machine learning models could only suggest the next "token" in a line of code. Line-of-Code Completions can complete entire function calls with a single keystroke... The team boasts that Kite is "the only developer product on the market to offer such advanced completions."
"Today, Kite is used by more than 30,000 Python developers worldwide," reports VentureBeat, adding it locally-based ML plugin is available for top Python IDEs including Visual Studio Code, Atom, Sublime Text, PyCharm, IntelliJ, and Vim.

Kite's investors include the CEO of GitHub, as well as the founders of Dropbox, Paypal, and Twitch.tv, and the company hopes to eventually support more languages, starting with either Java, JavaScript, or Go.

Reuters reports: A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world's superpowers and into the hands of smaller nations. The cyber tool allowed the small Gulf country to monitor hundreds of targets beginning in 2016, from the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen, according to five former operatives and program documents reviewed by Reuters. The sources interviewed by Reuters were not Emirati citizens.

Karma was used by an offensive cyber operations unit in Abu Dhabi comprised of Emirati security officials and former American intelligence operatives working as contractors for the UAE's intelligence services. The existence of Karma and of the hacking unit, code named Project Raven, haven't been previously reported. Raven's activities are detailed in a separate story published by Reuters today. The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits -- it doesn't work on Android devices and doesn't intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.

This year's Sundance Film Festival opened with a new 93-minute documentary crafted entirely from archival footage of NASA's Apollo 11 mission, reports collectSpace -- including some never seen before: In the course of sourcing all of the known imagery, the National Archives (NARA) staff members made a discovery that changed the course of the project -- an unprocessed collection of 65mm footage, never before seen by the public. Unbeknownst to even the NARA archivists, the reels contained wide format scenes of the Saturn V launch, the inside of the Launch Control Center and post-mission activities aboard the USS Hornet aircraft carrier... The resulting transfer -- from which the documentary was cut -- is the highest resolution, highest quality digital collection of Apollo 11 footage in existence. "We knew that the clock was ticking, this material had been sitting around for 50 years," said director Todd Douglas Miller, commenting on the motivation behind the film scanning effort.

The other unexpected find was a massive cache of audio recordings -- more than 11,000 hours -- comprising the individual tracks from 60 members of the Mission Control team. "Apollo 11" film team members wrote code to restore the audio and make it searchable and then began the multi-year process of listening to and documenting the recordings. The effort yielded new insights into key events of the moon landing mission, as well as surprising moments of humor and camaraderie. "Much of the footage in 'Apollo 11' is, by virtue of both access and proper preservation, utterly breathtaking," wrote The Hollywood Reporter's Daniel Fienberg in his review of the film. "The sense of scale, especially in the opening minutes, sets the tone as [the] rocket is being transported to the launch pad and resembles nothing so much as a scene from 'Star Wars' only with the weight and grandeur that come from 6.5 million pounds of machinery instead of CG."

An anonymous reader quotes a report from Phys.Org: Friedrich Simmel and Aurore Dupin, researchers at the Technical University of Munich (TUM), have for the first time created artificial cell assemblies that can communicate with each other. The cells, separated by fatty membranes, exchange small chemical signaling molecules to trigger more complex reactions, such as the production of RNA and other proteins. Scientists around the world are working on creating artificial, cell-like systems that mimic the behavior of living organisms. Friedrich Simmel and Aurore Dupin have created such artificial cell assemblies in a fixed spatial arrangement. The highlight is that the cells are able to communicate with each other.

Gels or emulsion droplets encapsulated in thin fat or polymer membranes serve as the basic building blocks for the artificial cells. Inside these 10- to 100-micron units, chemical and biochemical reactions can proceed uninhibited. The research team used droplets enclosed by lipid membranes and assembled them into artificial multicellular structures called micro-tissues. The biochemical reaction solutions used in the droplets can produce RNA and proteins, giving the cells a of a kind of gene expression ability. Small signal molecules can be exchanged between cells via their membranes or protein channels built into the membranes. This allows them to couple with each other temporally and spatially. The systems thus become dynamic, as in real life. Chemical pulses thus propagate through the cell structures and pass on information. The signals can also act as triggers, allowing initially identical cells to develop differently. "Our system is the first example of a multicellular system in which artificial cells with gene expression have a fixed arrangement and are coupled via chemical signals. In this way, we achieved a form of spatial differentiation," says Friedrich Simmel, Professor of Physics of Synthetic Biosystems at Technical University of Munich.

secwatcher quotes a report from Threatpost: Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the proof-of-concept attack. "The team was able to escape the container and run code remotely right on the host, which has obvious security implications," wrote researchers in a technical write-up posted Monday.

Play-with-Docker is an open source free in-browser online playground designed to help developers learn how to use containers. While Play-with-Docker has the support of Docker, it was not created by nor is it maintained by the firm. The environment approximates having the Alpine Linux Virtual Machine in browser, allowing users to build and run Docker containers in various configurations. The vulnerability was reported to the developers of the platform on November 6. On January 7, the bug was patched. As for how many instances of Play-with-Docker may have been affected, "CyberArk estimated there were as many as 200 instances of containers running on the platform it analyzed," reports Threatpost. "It also estimates the domain receives 100,000 monthly site visitors."

Researchers at the University of Maryland have managed to trick Google's reCaptcha system by using Google's own speech-to-text service. "[The researchers] claim that their CAPTCHA-fooling method, unCaptcha, can fool Google's reCaptcha, one of the most popular CAPTCHA systems currently used by hundreds of thousands of websites, with a 90 percent success rate," reports Motherboard. From the report: The researchers originally developed UnCaptcha in 2017, which uses Google's own free speech-to-text service to trick the system into thinking a robot is a human. It's an oroborus of bots: According to their paper, UnCaptcha downloads the audio captcha, segments the audio into individual digit audio clips, uploads the segments to multiple other speech-to-text services (including Google's), then converts these services' responses to digits. After a little homophone guesswork, it then decides which speech-to-text output is closest to accurate, and uploads the answer to the CAPTCHA field. This old method returned an 85% success rate.

After the release of that version of unCaptcha, Google fixed some of the loopholes that made it work, including better browser automation detection and switching to spoken phrases, rather than digits. The researchers claim that their new method, updated in June, gets around these improvements and is even more accurate than before, at 90 percent. "We have been in contact with the ReCaptcha team for over six months and they are fully aware of this attack," the researchers write. "The team has allowed us to release the code, despite its current success."

dmoberhaus shares a report from Motherboard: A team of Japanese researchers from Keio University in Tokyo have demonstrated that an amoeba is capable of generating approximate solutions to a remarkably difficult math problem known as the "traveling salesman problem." The traveling salesman problem goes like this: Given an arbitrary number of cities and the distances between them, what is the shortest route a salesman can take that visits each city and returns to the salesman's city of origin. As these Japanese researchers demonstrated, a certain type of amoeba can be used to calculate nearly optimal solutions to the traveling salesman problem for up to eight cities. Even more remarkably, the amount of time it takes the amoeba to reach these nearly optimal solutions grows linearly, even though the number of possible solutions increases exponentially. The reason this amoeba is considered especially useful in biological computing is because it can extend various regions of its body to find the most efficient way to a food source and hates light.

To turn this natural feeding mechanism into a computer, the Japanese researcher placed the amoeba on a special plate that had 64 channels that it could extend its body into. This plate is then placed on top of a nutrient rich medium. The amoeba tries to extend its body to cover as much of the plate as possible and soak up the nutrients. Yet each channel in the plate can be illuminated, which causes the light-averse amoeba to retract from that channel. To model the traveling salesman problem, each of the 64 channels on the plate was assigned a city code between A and H, in addition to a number from 1 to 8 that indicates the order of the cities. To guide the amoeba toward a solution to the traveling salesman problem, the researchers used a neural network that would incorporate data about the amoeba's current position and distance between the cities to light up certain channels. The neural network was designed such that cities with greater distances between them are more likely to be illuminated than channels that are not. When the algorithm manipulates the chip that the amoeba is on it is basically coaxing it into taking forms that represent approximate solutions to the traveling salesman problem.

Steve Dower, a Python developer at Microsoft, describes how the language become popular internally: In 2010, our few Pythonistas were flying under the radar, in case somebody noticed that they could reassign a few developers to their own project. The team was small, leftover from a previous job, but was chipping away at a company culture that suffered from "not invented here" syndrome: Python was a language that belonged to other people, and so Microsoft was not interested. Over the last eight years, the change has been dramatic. Many Microsoft products now include Python support, and some of the newest only support Python. Some of our critical tools are written in Python, and we are actively investing in the language and community....

In 2018, we are out and proud about Python, supporting it in our developer tools such as Visual Studio and Visual Studio Code, hosting it in Azure Notebooks, and using it to build end-user experiences like the Azure CLI. We employ five core CPython developers and many other contributors, are strong supporters of open-source data science through NumFOCUS and PyData, and regularly sponsor, host, and attend Python events around the world.
"We often felt like a small startup within a very large company" Downer writes, in a post for the Medium community "Microsoft Open Source Stories."

Thursday a bug report complained that the source code for OpenJDK, the free and open-source implementation of Java, "has too many swear words." An anonymous reader writes: "There are many instances of swear words inside OpenJDK jdk/jdk source, scattered all over the place," reads the bug report. "As OpenJDK is used in a professional context, it seems inappropriate to leave these 12 instances in there, so here's a changeset to remove them."
IBM software developer (and OpenJDK team member and contributor) Adam Farley responded that "after discussion with the community, three determinations were reached":

• "Damn" and "Crap" are not swear words.

• Three of the four f-bombs are located in jszip.js, which should be corrected upstream (will follow up).

• The f-bomb in BitArray.java, as well as the rude typo in SoftChannel.java, *are* swear words and should be removed to resolve this work item.

He promised a new webrev would be uploaded to reflect these determinations, and the bug has been marked as "resolved."

"The Rust programming language team has announced the first major edition of Rust since 1.0 was released in 2015," reports SD Times -- specifically, Rust 1.31, the first edition of "Rust 2018," described by Rust's developers as "the culmination of feature stabilization."

An anonymous reader writes: The Rust team is working hard to maintain backwards compatibility, for example with the way they're handling the ongoing addition of an async/await feature. "Even though the feature hasn't landed yet, the keywords are now reserved," notes the Rust Team. "All of the breaking changes needed for the next three years of development (like adding new keywords) are being made in one go, in Rust 1.31." The keyword "try" has now also been reserved, but "Almost all of the new features are 100% compatible with Rust as it is. They don't require any breaking changes... New versions of the compiler will continue to support "Rust 2015 mode", which is what you get by default... [Y]ou could think of Rust 2018 as the specifier in Cargo.toml that you use to enable the handful of features that require breaking changes."

The Rust language's blog adds, "Your 2018 project can use 2015 dependencies, and a 2015 project can use 2018 dependencies. This ensures that we don't split the ecosystem, and all of these new things are opt-in, preserving compatibility for existing code. Furthermore, when you do choose to migrate Rust 2015 code to Rust 2018, the changes can be made automatically, via cargo fix." Tooling improvements include faster and smarter "incremental" compilation (along with better IDE support), plus the addition of function-like and attribute-like (procedural) macros. There's also a rustfmt tool which can automatically reformat your code's style "like clang format does for C++ and Prettier does for JavaScript," plus an optional diagnostics linter named clippy, and automated code fixes via rustfix. There's even upgrades to Rust's module system and other path clarity improvements.
But this is only the beginning, SD Times reports: With the release of Rust 2018, the team is now starting to look at Rust's future. The team is asking developers to reflect on what they liked, didn't like or hoped to see in Rust during the last year, and propose any goals or directions for the upcoming year.

An anonymous reader writes from a report via ZDNet: Three academics from Northeastern University and three researchers from IBM Research have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code. The vulnerability, which researchers codenamed SplitSpectre, is a variation of the original Spectre v1 vulnerability discovered last year and which became public in January 2018. The difference in SplitSpectre is not in what parts of a CPU's microarchitecture the flaw targets, but how the attack is carried out. Researchers say a SplitSpectre attack is both faster and easier to execute, improving an attacker's ability to recover code from targeted CPUs. The research team says they were successfully able to carry out a SplitSpectre attack against Intel Haswell and Skylake CPUs, and AMD Ryzen processors, via SpiderMonkey 52.7.4, Firefox's JavaScript engine. The good news is that existing Spectre mitigations would thwart the SplitSpectre attacks.

An anonymous reader quotes a report from The Intercept about Google's secretive plans to build a censor version of its search engine for China: The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government.

Scott Beaumont, Google's head of operations in China and one of the key architects of Dragonfly, did not view Zunger's concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company's security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses. Google's leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google's 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly.

China's government ordered a halt Thursday to work by a medical team that claimed to have helped make the world's first gene-edited babies, as a group of leading scientists declared that it's still too soon to try to make permanent changes to DNA that can be inherited by future generations. AP reports: Chinese Vice Minister of Science and Technology Xu Nanping told state broadcaster CCTV that his ministry is strongly opposed to the efforts that reportedly produced twin girls born earlier this month. Xu called the team's actions illegal and unacceptable and said an investigation had been ordered, but made no mention of specific actions taken. Researcher He Jiankui claims to have altered the DNA of the twins to try to make them resistant to infection with the AIDS virus. Mainstream scientists have condemned the experiment, and universities and government groups are investigating. His experiment "crossed the line of morality and ethics adhered to by the academic community and was shocking and unacceptable," Xu said. A group of leading scientists gathered in Hong Kong this week for an international conference on gene editing, the ability to rewrite the code of life to try to correct or prevent diseases.

Slashdot reader theodp shares some thoughts from Virginia-based cloud architect Forrest Brazeal, who believes that switching jobs or teams makes you -- at least temporarily -- a worse programmer: "When you do take a new job," Brazeal writes, "everybody else will know things you don't know. You'll expend an enormous amount of time and mental energy just trying to keep up. This is usually called 'the learning curve'. The unstated assumption is that you must add new knowledge on top of the existing base of knowledge you brought from your previous job in order to succeed in the new environment.

"But that's not really what's happening. After all, some of your new coworkers have never worked at any other company. You have way more experience than they do. Why are they more effective than you right now? Because, for the moment, your old experience doesn't matter. You don't just need to add knowledge; you need to replace a wide body of experiences that became irrelevant when you turned in your notice at the old job. To put it another way: if you visualize your entire career arc as one giant learning curve, the places where you change jobs are marked by switchbacks."

He concludes, "I'm not saying you shouldn't switch jobs. Just remember that you can't expect to be the same person in the new cubicle. Your value is only partly based on your own knowledge and ingenuity. It's also wrapped up in the connections you've made inside your team: your ability to help others, their shared understanding of your strengths and weaknesses, and who knows what else. You will have to figure out new paths of communication in the new organization, build new backlogs of code references pertaining to your new projects, and find new mentors who can help you continue to grow. You will have to become a different programmer.

"There is no guarantee you will be a better one."
This seems counter-intuitive to me -- but what do Slashdot's readers think? Does switching jobs make you a worse programmer?

An anonymous reader writes: Forbes magazine has an in-depth piece on Joe Liemandt. As you may be aware, Liemandt was the founder of Trilogy, a startup which has been credited to help put Austin on the tech map. He is also founder of ESW Capital, a private equity firm that is scooping up software startups left and right. Forbes called him "one of the most mysterious and innovative figures in technology."

But the story explores the approach Liemandt and his team took to acquire enterprise software companies, install new leadership, lay off staff and hire significantly cheaper tech labor abroad. And the numbers are compelling -- $15 an hour C++ programmers. Those are Amazon warehouse wages -- and those $15 programming gigs don't come with much for benefits. Plus, they require you to install software to your computer that tracks surfing, keystrokes and even takes screen grabs and photos via your computer's camera -- and this is typically on a gig worker's personal computer, not an employers' machine. The story opens with this: From an office suite on the 26th floor of the iconic Frost Bank Tower in Austin, Texas, a little-known recruiting firm called Crossover is searching the globe for software engineers. Crossover is looking for anyone who can commit to a 40- or 50-hour workweek, but it has no interest in full-time employees. It wants contract workers who are willing to toil from their homes or even in local cafes. "The best people in the world aren't in your Zip code," says Andy Tryba, chief executive of Crossover, in a promotional YouTube video. Which, Tryba emphasizes, also means you don't have to pay them like they are your neighbors. "The world is going to a cloud wage."

Tryba's video has 61,717 views, but he is no random YouTube proselytizer. He worked in sales at Intel for 14 years before serving in the White House as an advisor to President Obama's Council on Jobs and Competitiveness. Since 2014, Tryba has been the right-hand man of Joe Liemandt, one of the most mysterious and innovative figures in technology. In the 1990s Liemandt was the golden boy of enterprise software, a 30 Under 30 wunderkind before there was a Forbes 30 Under 30 list. Like Bill Gates before him, he dropped out of college, in his case Stanford, to start a company, Trilogy, and build his fortune. In 1996, at the age of 27, he made the cover of Forbes, and a few months later he appeared as the youngest self-made member of The Forbes 400, with a $500 million net worth.

Catalin Cimpanu, reporting for ZDNet: Academics from the Vrije University in Amsterdam, Holland, have published a research paper this week describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data inside storage units named cells, which are arranged on the physical silicon chip in multiple rows, in the form of a grid. [...] In research [PDF] published today, named ECCploit, academics expanded the previous Rowhammer techniques with yet another variation. This one, they said, bypasses ECC memory, one of the memory protections that hardware makers said could detect and prevent Rowhammer attacks in the past.

ECC stands for Error-Correcting Code and is a type of memory storage included as a control mechanism with high-end RAM, typically deployed with expensive or mission-critical systems. ECC memory works by protecting against rogue bit flips, like the ones caused by Rowhammer attacks. Surprisingly, it wasn't developed to deal with Rowhammer. It was initially developed in the 90s to protect against bit flips caused by alpha particles, neutrons, or other cosmic rays, but when Rowhammer came out, it also proved to be effective against it, as well. But after spending months reverse engineering the designs of ECC memory, the Vrije University team discovered that this protection mechanism has its limits.

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees. From a report: Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack -- two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995. Researchers say they've discovered the seven new CPU attacks while performing "a sound and extensible systematization of transient execution attacks" -- a catch-all term the research team used to describe attacks on the various internal mechanisms that a CPU uses to process data, such as the speculative execution process, the CPU's internal caches, and other internal execution stages. The research team says they've successfully demonstrated all seven attacks with proof-of-concept code. Experiments to confirm six other Meltdown-attacks did not succeed, according to a graph published by researchers. Update: In a statement to Slashdot, an Intel spokesperson said, "the vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research."

An anonymous reader writes: The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for .NET and PHP applications as well. Researchers published proof-of-concept code this week showing how to exploit serialization/deserialization operations supported by the built-in features of the Ruby programming language itself.

"Versions 2.0 to 2.5 are affected," researchers said. "There is a lot of opportunity for future work including having the technique cover Ruby versions 1.8 and 1.9 as well as covering instances where the Ruby process is invoked with the command line argument --disable-all," the elttam team added. "Alternate Ruby implementations such as JRuby and Rubinius could also be investigated."

The deserialization issues can be used for remote code execution and taking over vulnerable servers. While .NET and PHP were affected, it was Java until now that has faced the biggest issues with deserialization, earlier this year, Oracle announcing it was dropping deserialization support from the Java language's standard package.

Exploit developers Yushi Laing and Alexander Kochkov have teased a zero-day exploit for Microsoft's Edge browser that can allow a malicious actor to run commands on a user's machine. "Laing teased the 'stable exploit' for the Microsoft-developed web browser last week with an image that appeared to show the Windows Calculator app launched from a web browser, after working on the project for just under a week," reports IT PRO. From the report: The researcher had initially been looking into three remote code execution bugs for Firefox as part of an 'exploit chain', but struggled to establish code for the third. He then found two similar flaws on Microsoft Edge using the Wadi Fuzzer app developed by SensePost. Laing told BleepingComputer the pair wanted to develop a stable exploit for Microsoft Edge and escape the sandbox, termed as an exploit that force-crashes and incorrectly reloads an app with manipulated permissions.

This would allow a user to run functions, and access other apps, beyond its normal permissions, as well as access data from other applications. They were also looking for a way to effectively seize control of a machine by escalating execution privileges to "system." They published a proof-of-concept for the Edge exploit in a short clip which shows the team using the browser to open the landing page for Google Chrome via Firefox.