Odprtokodni pogled

Opensource view

Arstechnica

Syndicate content Open Source – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Posodobljeno: 9 min 0 sek nazaj

Hack in the box: Hacking into companies with “warshipping”

Tor, 08/13/2019 - 22:24

Enlarge / The "warshipping" rig, exposed, with solar recharging panel. (credit: Sean Gallagher)

LAS VEGAS—Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. That's because the people at X-Force Red put a new spin on sneaking in—something they've dubbed "warshipping."

Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.

We've looked at such devices, typically referred to as "drop boxes," before. Ars even used one in our passive surveillance of an NPR reporter, capturing his network traffic and routing a dump of his packets across the country for us to sift through. Covert drop boxes (once a specialty of Pwnie Express) have taken the form of "wall wart" device chargers, Wi-Fi routers, and even power strips. And mobile devices have also been brought to play, allowing "war walking"—attacks launched remotely as a device concealed in a bag, suitcase, or backpack is carried nonchalantly into a bank, corporate lobby, or other targeted location.

Read 22 remaining paragraphs | Comments

Microsoft publishes first Edge for macOS preview, promises to make it truly “Mac-like”

Pon, 05/20/2019 - 23:40

Enlarge (credit: Microsoft)

One of the most important ways that Microsoft wants to make the new Chromium-based Edge different from the current EdgeHTML-based Edge is in its support for other platforms. The original Edge was, for no good reason, tied to Windows 10, meaning that Web developers on platforms such as Windows 7 or macOS had no way of testing how their pages looked, short of firing up a Windows 10 virtual machine.

The new browser is, by contrast, a cross-platform affair. The first preview builds were published for Windows 10, with versions for Windows 7, 8, and 8.1 promised soon; today, these are joined by builds for macOS.

document.createElement('video'); /wp-content/uploads/2019/05/edge-macos-touchbar.mp4

The macOS version resembles the Windows 10 builds that we've seen so far, but it isn't identical. Microsoft wants to be a good citizen on macOS by producing not just an application that fits the platform's standards—using the right fonts, icons, spacing, and so on—but which also adapts to Apple's unique hardware. To that end, the company is working on support for the Touch Bar found on some of Apple's portable systems, using it for media control, tab switching, or access to bookmarks. Microsoft will also work to ensure that Edge's support as a Progressive Web App host properly adopts macOS behaviors with regard to interaction with the Dock, app switcher, and Spotlight.

Read 2 remaining paragraphs | Comments

Windows dual booting no longer looking likely on Pixelbooks

Sre, 05/15/2019 - 23:50

Enlarge / Google's Pixelbook. (credit: Valentina Palladino)

Just under a year ago, there were signs that Google was modifying the firmware of its Pixelbook laptop to enable dual booting into Windows 10. The firmware was updated to give the Pixelbook the ability to boot into an "Alternative OS" ("AltOS" mode). The work included references to the Windows Hardware Certification Kit (WHCK) and the Windows Hardware Lab Kit (HLK), Microsoft's testing frameworks for Windows 8.1 and Windows 10, respectively.

Google now appears to have abandoned this effort. A redditor called crosfrog noticed that AltOs mode was now deprecated (via Android Police). Pixelbooks are going to be for Chrome OS only, after all.

The dual-boot work was being done under the name Project Campfire. There appears to have been little development work on Project Campfire since last December. This suggests that Google actually decided not to bother with dual booting many months ago.

Read 1 remaining paragraphs | Comments

Microsoft open sources algorithm that gives Bing some of its smarts

Sre, 05/15/2019 - 16:51

Enlarge / The Eiffel Tower. (credit: Pedro Szekely)

Search engines today are more than just the dumb keyword matchers they used to be. You can ask a question—say, "How tall is the tower in Paris?"—and they'll tell you that the Eiffel Tower is 324 meters (1,063 feet) tall, about the same as an 81-story building. They can do this even though the question never actually names the tower.

How do they do this? As with everything else these days, they use machine learning. Machine-learning algorithms are used to build vectors—essentially, long lists of numbers—that in some sense represent their input data, whether it be text on a webpage, images, sound, or videos. Bing captures billions of these vectors for all the different kinds of media that it indexes. To search the vectors, Microsoft uses an algorithm it calls SPTAG ("Space Partition Tree and Graph"). An input query is converted into a vector, and SPTAG is used to quickly find "approximate nearest neighbors" (ANN), which is to say, vectors that are similar to the input.

This (with some amount of hand-waving) is how the Eiffel Tower question can be answered: a search for "How tall is the tower in Paris?" will be "near" pages talking about towers, Paris, and how tall things are. Such pages are almost surely going to be about the Eiffel Tower.

Read 2 remaining paragraphs | Comments

Microsoft: The open source company

Pet, 05/10/2019 - 22:51

Enlarge

The news from Microsoft's Build developer conference that surprised me most was that Microsoft will ship a genuine Linux kernel—GPLed, with all patches published—with Windows. That announcement was made with the announcement of Windows Terminal, a new front-end for command-line programs on Windows that will, among other things, support tabs.

Microsoft's increased involvement with open source software isn't new, as projects such as Visual Studio Code and the .NET runtime have operated as open source, community-driven projects. But this week's announcements felt a bit different.

The Linux kernel will be powering Microsoft's second generation Windows Subsystem for Linux (WSL). The first generation WSL contains a partial re-implementation of the Linux kernel API that uses the Windows NT kernel to perform its functionality. In choosing this approach, Microsoft avoided using any actual Linux code, and hence the company avoided the GPL license with its "viral" stipulations that would have arguably forced Microsoft to open source WSL and perhaps even parts of Windows itself.

Read 5 remaining paragraphs | Comments

Windows 10 will soon ship with a full, open source, GPLed Linux kernel

Pon, 05/06/2019 - 21:20

Enlarge (credit: Microsoft)

Earlier today, we wrote that Microsoft was going to add some big new features to the Windows Subsystem for Linux, including native support for Docker containers. It turns out that that ain't the half of it.

The current Windows Subsystem for Linux uses a Microsoft-authored kernel component that provided the same kernel API as the Linux kernel but written from scratch by Microsoft. Essentially, it translated from Linux APIs to Windows NT kernel APIs. That worked pretty well, but the current subsystem had a few shortcomings: there was no ability to use Linux drivers, in particular file system drivers. Its file system performance, layered on top of Windows' own NTFS, was often 20 times slower than a real Linux kernel. It was also a relatively old version of the kernel; it offered approximately the set of APIs that Linux 4.4 did, and that was released in 2016. Some APIs aren't implemented at all, and others are only partially implemented to meet the needs of specific applications.

All is changing with Windows Subsystem for Linux 2. Instead of emulating the Linux kernel APIs on the NT kernel, WSL 2 is going to run a full Linux kernel in a lightweight virtual machine. This kernel will be trimmed down and tailored to this particular use case, with stripped-down hardware support (since it will defer to the host Windows OS for that) and faster booting.

Read 5 remaining paragraphs | Comments

Microsoft’s plan for Edge: Integrated IE compatibility, better privacy

Pon, 05/06/2019 - 17:27

Microsoft has outlined its plans for the next stage of development for the new Chromium-based Edge browser, and those plans include a trio of new features.

The first is a big nod to enterprise customers: a built-in Internet Explorer mode. Chrome has a number of extensions that accomplish much the same thing—they create a new tab in the browser and use the Internet Explorer 11 engine, rather than the Chrome engine, to draw that tab. For Edge, this capability will be built in.

The integrated Internet Explorer tab can be used to provide compatibility for legacy Web applications.

Enterprises can already create a compatibility list, the Enterprise Mode Site List, which the current Edge browser uses to know which (internal, line-of-business) sites should be shown in Internet Explorer 11. The new Edge will use this same list to determine when to use Internet Explorer.

Read 3 remaining paragraphs | Comments

sfy39587f05