×
Microsoft

How Microsoft's Windows Red Team Keeps PCs Safe (wired.com) 83

Wired has a story on Windows' red team, which consists of a group of hackers (one of whom jailbroke Nintendo handhelds in a former life, another has more than one zero-day exploit to his name, and a third signed on just prior to the devastating Shadow Brokers leak), who are tasked with finding holes in the world's most used desktop operating system. From the story: The Windows red team didn't exist four years ago. That's around the time that David Weston, who currently leads the crew as principal security group manager for Windows, made his pitch for Microsoft to rethink how it handled the security of its marquee product. "Most of our hardening of the Windows operating system in previous generations was: Wait for a big attack to happen, or wait for someone to tell us about a new technique, and then spend some time trying to fix that," Weston says. "Obviously that's not ideal when the stakes are very high."

[...] Together, the red teamers spend their days attacking Windows. Every year, they develop a zero-day exploit to test their defensive blue-team counterparts. And when emergencies like Spectre or EternalBlue happen, they're among the first to get the call. Again, red teams aren't novel; companies that can afford them -- and that are aware they could be targeted -- tend to use them. If anything, it may come as a surprise that Microsoft hadn't sicced one on Windows until so recently. Microsoft as a company already had several other red teams in place by the time Weston built one for Windows, though those focused more on operational issues like unpatched machines. "Windows is still the central repository of malware and exploits. Practically, there's so much business done around the world on Windows. The attacker mentality is to get the biggest return on investment in what you develop in terms of code and exploits," says Aaron Lint, who regularly works with red teams in his role as chief scientist at application protection provider Arxan. "Windows is the obvious target."

United Kingdom

Digital IDs Needed To End 'Mob Rule' Online, Says UK's Security Minister (independent.co.uk) 510

Digital IDs should be brought in to end online anonymity that permits "mob rule" and lawlessness online, the security minister of United Kingdom has said. From a report: Ben Wallace said authentication used by banks could also by employed by internet firms to crack down on bullying and grooming, as he warned that people had to make a choice between "the wild west or a civilised society" online. He also took aim at the "phoniness" of Silicon Valley billionaires, and called for companies such as WhatsApp to contribute to society over the negative costs of their technology, such as end-to-end encryption. It comes after Theresa May took another step against tech giants, saying they would be ordered to clamp down on vile attacks against women on their platforms. The prime minister will target firms such as Facebook and Twitter as she makes the pitch at the G7 summit this weekend, where she will urge social media firms to treat violent misogyny with the same urgency as they do terror threats. Mr Wallace told The Times: "A lot of the bullying on social media and the grooming is because those people know you cannot identify them. It is mob rule on the internet. You shouldn't be able to hide behind anonymity."
E3

Microsoft is Working on its Own Game Streaming, Netflix-Like Service (theverge.com) 73

Phil Spencer, Microsoft's gaming chief, revealed the company is building a streaming game service for any device. Our cloud engineers are building a game streaming network to unlock console gaming on any device, he said, adding this service will offer "console quality gaming on any device." From a report: "Gaming is now at its most vibrant," he said. "In this significant moment we are constantly challenging ourselves about where we can take gaming next." He said that Microsoft is recommitting and harnessing the full breath of the company to deliver on the future of play. That includes experts in Microsoft research working on developing the future of gaming AI and the company's cloud engineers building a game streaming network. He added that the company is also in the midst of developing the architecture for the next Xbox consoles. Further reading: Microsoft Acquires Four Gaming Studios, Including Ninja Theory, As It Looks To Bolster First-Party Catalog.
E3

Microsoft Acquires Four Gaming Studios, Including Ninja Theory, As It Looks To Bolster First-Party Catalog (venturebeat.com) 44

Microsoft has never had as many internal studios as Sony or Nintendo, and that has prevented it from having many first-party exclusives this generation. That changes today. From a report: At E3 trade show in Los Angeles on Sunday, the company's gaming chief Phil Spencer announced the creation of a new studio called The Initiative led by industry veteran Daryl Gallagher. He then followed up with revealing the Microsoft acquisitions of Ninja theory, Playground Games, Compulsion Games, and Undead Labs. This bolsters the company's first-party efforts, and Spencer said it is evidence of his dedication to Xbox and its fans. Ninja Theory is best known for producing 2017's break out indie hit Hellblade: Senua's Sacrifice. Playground has long overseen the Forza Horizon series for Microsoft. Compulsion is responsible for We Happy Few. Undead Labs created State of Decay. Also at E3, Microsoft teased Halo Infinite, and announced Forza Horizon 4. It also announced the availability of Automata, and unveiled FromSoft's Sekiro: Shadows Die Twice, a new Battletoads game, new downloadable content for its exclusive platforming shooter Cuphead, a crossover game that features some of the biggest anime franchises, including Dragon Ball, One Piece, and Naruto, Devil May Cry 5 , a skating game called Session, Tom Clancy's The Division 2 is hitting PC and consoles, Bethesda's Fallout 76, Ori and the Will of the Wisps, and improvements to Xbox Game Pass.
Government

In the Trump Administration, Science Is Unwelcome. So Is Advice. (nytimes.com) 708

Anonymous readers share a report: As President Trump prepares to meet Kim Jong-un of North Korea to negotiate denuclearization, a challenge that has bedeviled the world for years, he is doing so without the help of a White House science adviser or senior counselor trained in nuclear physics. Mr. Trump is the first president since 1941 not to name a science adviser, a position created during World War II to guide the Oval Office on technical matters ranging from nuclear warfare to global pandemics. As a businessman and president, Mr. Trump has proudly been guided by his instincts. Nevertheless, people who have participated in past nuclear negotiations say the absence of such high-level expertise could put him at a tactical disadvantage in one of the weightiest diplomatic matters of his presidency.

"You need to have an empowered senior science adviser at the table," said R. Nicholas Burns, who led negotiations with India over a civilian nuclear deal during the George W. Bush administration. "You can be sure the other side will have that." The lack of traditional scientific advisory leadership in the White House is one example of a significant change in the Trump administration: the marginalization of science in shaping United States policy. There is no chief scientist at the State Department, where science is central to foreign policy matters such as cybersecurity and global warming. Nor is there a chief scientist at the Department of Agriculture: Mr. Trump last year nominated Sam Clovis, a former talk-show host with no scientific background, to the position, but he withdrew his name and no new nomination has been made.

Technology

The One-Name Email, a Silicon Valley Status Symbol, Is Wreaking Havoc (wsj.com) 255

In Silicon Valley, first-name-only email addresses have long been the ultimate status symbol, indicating a techie was an early hire at a new company. Now that startups are growing, the one-namers are wreaking havoc -- and the competition to snag them is fierce. From a report on WSJ: When Peter Szabo heard he and his co-workers would receive new email addresses after his tech company was launched from an incubator, he ran to his boss and confirmed he would get the "Peter" first-name email address. After years of failing to arrive at companies early enough to bag the prized address, Mr. Szabo negotiated getting the single-name email at the earliest opportunity. "As companies get bigger, if you can be the original Peter, absolutely that's bragging rights," said Mr. Szabo, who is chief revenue officer of mobile-entertainment network startup Mammoth Media. "It's huge."

[...] Startups are growing faster than at any time since the dot-com boom thanks to a flood of venture capital. The system of using first names is leading to more email misfires at tech companies the more successful, and larger, they get. {...] Even techies are having a hard time figuring out how to disrupt the naming convention of corporate email. The growing pains usually set in when startups reach 25 to 50 employees, as names begin to overlap, according to Josh Walter, who has designed email services for companies for the past eight years. "That's when companies say, 'Oh no, what do we do now?'" Mr. Walter says. He is currently IT engineer at Second Measure, a Silicon Valley startup that analyzes consumer spending.

Earth

The Icelandic Families Tracking Climate Change With Measuring Tape (undark.org) 88

Gloria Dickie, writing for Undark Magazine: A 30-meter Komelon-branded measuring tape, a pencil, and a yellow paper form are all Hallsteinn Haraldsson carries with him when he travels to the Snaefellsnes Peninsula in western Iceland. But unfurling the measuring tape before me at his home in Mosfellsbaer, a town just outside of Reykjavik, he says it is a significant upgrade from the piece of marked rope he used to bring along. With 11 percent of the landmass covered in ice, rapidly ebbing glaciers are threatening to reshape Iceland's landscape, and Haraldsson, 74, is part of a contingent of volunteer glacier monitors who are at the frontlines of tracking the retreat. Every autumn, Haraldsson, often accompanied by his wife and son, sets off on foot to measure the changes in his assigned glacier.

Their rudimentary tools are a far cry from the satellites and time-lapse photography deployed around the world in recent decades to track ice loss, and lately, there's been talk of disbanding this nearly century-old, low-tech network of monitors. But this sort of ground-truthing work has more than one purpose: With Iceland's glaciers at their melting point, these men and women -- farmers, schoolchildren, a plastic surgeon, even a Supreme Court judge -- serve not only as the glaciers' guardians, but also their messengers. Today, some 35 volunteers monitor 64 measurement sites around the country. The numbers they collect are published in the Icelandic scientific journal Jokull, and submitted to the World Glacier Monitoring Service database. Vacancies for glacier monitors are rare and highly sought-after, and many glaciers have been in the same family for generations, passed down to sons and daughters, like Haraldsson, when the journey becomes too arduous for their aging watchmen. It's very likely one of the longest-running examples of citizen climate science in the world. But in an age when precision glacier tracking can be conducted from afar, it remains unclear whether, or for how long, this sort of heirloom monitoring will continue into the future. It's a question even some of the network's own members have been asking.

Cloud

EA, Touting 'Profound Impact' of Streaming and Subscription, Announces Origin Access Premier (gamesindustry.biz) 73

EA CEO Andrew Wilson announced that the game publisher is making a big move into cloud gaming. The company is also planning to launch a new version of its Origin Access subscription service on PC called Origin Access Premiere that will introduce games like Madden, FIFA, and more the same day they launch at retail. From a report: During the publisher's E3 2018 press conference, CEO Andrew Wilson descried the combination of streaming and subscription as "the greatest disruption" to the world of entertainment of the past five years. He pointed to how this business model for movies, TV and books has changed those markets, and believes this combination will have "a profound impact" on the games industry in the years to come. Wilson's comments echoed those of his CFO Blake Jorgensen, who said back in November that a combination of live services, such as FIFA Ultimate Team, and subscriptions will lead to "uncapped" monetisation of its players over the longest possible period of time.

In its latest financials, EA revealed that 40% of its revenue last year came from live services, while full game downloads and physical game sales are dropping. Wilson reminded conference attendees of the publisher's recent acquisition of GameFly's Israel-based cloud gaming team, predicting a future where players can enjoy high-end games on any device anywhere with an internet connection. While there are tech demos for EA's streaming service out there, Wilson stressed that it's "not quite ready for full market primetime," but pitched it as a "promise of what we hope to bring you in the future." In the meantime, Electronic Arts took the opportunity to announce a new subscription system that shows the publisher continuing to push towards a service-based economy for video games. Origin Access Premier is a new addition to the firm's PC-based games service: a premium subscription that gives players access to even more titles.

Security

Hackers Crashed a Bank's Computers While Attempting a SWIFT Hack (bleepingcomputer.com) 53

An anonymous reader writes: Hackers have used a disk-wiping malware to sabotage hundreds of computers at a bank in Chile to distract staff while they were attempting to steal money via the bank's SWIFT money transferring system. The attempted hack took place at the end of May when hackers wiped the HDD MBR of over 9,000 computers and over 500 servers. Fortunately the hackers failed to steal money from the bank (an estimated $11 million). This is the same hacker group who failed last month when they tried to steal over $110 million from a Mexico bank. Further reading: Ripple and SWIFT slug it out over cross-border payments.
Android

BlackBerry Key2 is the 'Most Secure Android Smartphone', Company Claims (betanews.com) 53

The Key2 smartphone, which BlackBerry unveiled earlier this week, is the "most secure Android smartphone," the Canadian company claims. Brian Fagioli, writing for BetaNews: While BlackBerry no longer makes smartphones, it does license its name to a company called TCL which makes Android devices that carry the branding -- and sometimes, a physical keyboard. It isn't just slapping the BlackBerry name on a random low-quality Android phone, however. Actually, these TCL devices have been fairly well received thanks to an adherence to traditional BlackBerry designs. Today, TCL unveils its latest such smartphone, called "KEY2," and it looks quite nice. In fact, the company says it is "the most secure Android smartphone."
Bitcoin

Bitcoin Tumbles Most in Two Weeks Amid South Korea Hack (bloomberg.com) 87

Bitcoin extended losses for a third day, tumbling as much as 6 percent Sunday as South Korean cryptocurrency exchange Coinrail said there was a "cyber intrusion" in its system. From a report: The largest cryptocurrency declined 4.6 percent to $7,277 as of 10 a.m. time, the biggest drop since May 23, according to data compiled by Bloomberg from Bitstamp pricing. That widens Bitcoin's losses for the year to 49 percent. Peer cryptocurrencies Ethereum and Ripple fell 5 percent and 6.6 percent, respectively.
Businesses

The World Isn't Prepared for Retirement (bloomberg.com) 319

An anonymous reader writes: Most online quizzes are relatively mindless, promising to reveal which vegetable, sandwich or rock band best represents your personality. That was not the case for a short online test given to 16,000 people in 15 countries this year. It revealed just how unprepared a good chunk of the world is for retirement. The three-question test, given as part of the Aegon Retirement Readiness Survey 2018, measured how well people understand basic financial concepts. Many of the participants failed the quiz, with big potential consequences for their future security.

Beyond the sobering lack of financial literacy, there were some rather curious data in Aegon's annual survey, published on Tuesday. For example, some 20 percent of workers surveyed in China envisioned spending retirement with a robot companion. But before we get to that, take a look at this question -- which only 45 percent of people around the world got right: Q. Do you think the following statement is true or false? "Buying a single company stock usually provides a safer return than a stock mutual fund."

The possible answers? True, false, do not know and refuse to answer. Sixteen percent of people got it wrong. "Do not know" was chosen by 38 percent. In the U.S., 46 percent of workers got it right. Good for you, America -- though Germany beat you handily. (The answer, in case you were wondering, is false.) It was an inflation question that had the highest percentage of wrong answers, however. More than 20 percent of workers didn't grasp how higher inflation hurts their buying power. Given that declining health was the most-cited retirement worry, at 49 percent, and health care is an area (in the U.S., especially) with high cost inflation, well, that makes the subject something older folks should have down cold.

Desktops (Apple)

Clear Linux Beats MacOS in MacBook Pro Benchmark Tests (phoronix.com) 155

To celebrate its 14th birthday, Phoronix.com used a 15-inch MacBook Pro to run system benchmarking tests on the following operating systems:

- Windows 10 Pro

- The latest macOS 10.13 High Sierra

- Windows 10 Windows Subsystem for Linux (WSL) using Ubuntu 18.04

- Ubuntu 18.04 LTS with the Linux 4.15 kernel, GCC 7.3.0, and an EXT4 file-system.

- Clear Linux 22780 with the Linux 4.16 kernel, GCC 8.1.1, and EXT4.

- Fedora Workstation 28 with updates is the Linux 4.16 kernel, GCC 8.1.1, and EXT4.

- OpenSUSE Tumbleweed with the Linux 4.16 kernel, GCC 7.3.1, and default file-system configuration of Btrfs root file-system with XFS home partition.

The results? When it came to outright wins and losses, Clear Linux 22780 was the front-runner 59% of the time followed by macOS 10.13.4 finishing first 21% of the time and then Fedora Workstation 28 with winning 10% of the time.

For losses, to little surprise considering the I/O overhead, Windows 10 was in last place 38% of the time followed by Ubuntu 18.04 being surprisingly the slowest Linux distribution 30% of the time on this 2016 MacBook Pro.

The article also reminds readers that "For those looking for a Linux laptop, there are plenty of better options..."
Medicine

University Seeks Volunteers For 'Hotel Influenza' (fortune.com) 51

The National Institutes of Health is paying a St. Louis university to study the effectiveness of flu vaccines. An anonymous reader quotes Fortune: The university wants volunteers to live in "hotel influenza," where they'd be either given a vaccine or a placebo, be exposed to the flu, and be quarantined for 10 days in the Extended Stay Research Unit. Compensation for such an experiment is around $3,500 (for time and travel), according to a SLU release... "In a traditional flu study, we vaccinate people and see if their immune systems respond by creating antibodies that fight flu," Dr. Hoff said in a release. "In a human challenge study, we vaccinate people, then deliberately challenge their bodies by exposing them to flu to see if they get sick"...

The 24 volunteers living in the "hotel influenza" would have private rooms and bathrooms, common areas with with chairs and TVs, along with exercise equipment, and catered meals in a dining room. They will be observed, "have blood and lung tests and nose swabs to see if they are infected with flu and shedding the virus." If they come down with the flu, they won't be able to leave until they've tested negative for the virus for two days. Nurses would be available around the clock.

One St. Louis newspaper jokes that it will either be a "sickathon" -- or "an indoor vacation complete with catered meals, TV, internet, a gym and views of the Arch".

Slashdot Top Deals