This Week In Security: Is RSA Finally Broken? The Push For Cloud Accounts, Encrypted DNS, And More Mobile Mayhem

Ever wondered what “cyberwar” looks like? Apparently it’s a lot of guessing security questions and changing passwords. It’s an interesting read on its own, but there are some interesting clues if you read between the lines. A General in the know mentioned that Isis:

clicked on something or they did something that then allowed us to gain control and then start to move.

This sounds very similar to stories we’ve covered in the past, where 0-days are used to compromise groups or individuals. Perhaps the NSA supplied such an exploit, and it was sent in a phishing attack. Through various means, the U.S. team quietly compromised systems and collected credentials.

The article mentions something else interesting. Apparently the targets of this digital sting had also been compromising machines around the world, and using those machines to manage their efforts. The decision was made by the U.S. team to also compromise those machines, in order to lock out the Isis team. This might be the most controversial element of the story. Security researchers have wanted permission to do this for years. How should the third parties view these incursions?

The third element that I found particularly interesting was the phase 2 attack. Rather than outright delete, ban, and break Isis devices and accounts, the U.S. team installed persistent malware that emulated innocuous glitches. The internet connection is extremely laggy on certain days, certain websites simply don’t connect, and other problems. These are the sort of gremlins that networking pros spend all day trying to troubleshoot. The idea that it’s intentional gives me one more thing to worry about. Continue reading “This Week In Security: Is RSA Finally Broken? The Push For Cloud Accounts, Encrypted DNS, And More Mobile Mayhem”

The Legacy Of The Floppy Still Looms Over Windows

We no longer use floppy disks on the vast majority of computers, but a recent Old New Thing blog post from Microsoft sheds light on one of their possible unexpected legacies. It seems Windows disk cache items expire after two seconds, and as the post explains this has its origin in the development of MS-DOS 2.0.

Disks, especially floppy disks, are slow compared to computer memory. A disk cache is a piece of memory into which the operating system puts frequently loaded items to speed up access and avoid its having to repeatedly access the disk. They have an expiry time to ensure that the cache doesn’t become clogged with data that hasn’t been needed for a while.

IBM PC floppy drives didn’t implement any form of notification for a disk eject, so it became quite possible for a disk to be ejected while the operating system still believed cached data from it to be valid. Thus a pair of Microsoft engineers tried their hardest to swap floppy discs as fast as they could, and it was discovered to be an impossible task in under two seconds. This became the cache expiry time for a Microsoft OS, and thus we’re told the floppy’s legacy lives on as more than just the ‘save’ icon.

As this is being written the Internet is abuzz with a viral Tweet about railroad gauges having an origin in the width of a Roman horse, that rail historians are debunking with a reference to the coal tramways of [George Stephenson’s] Northern England. It’s thus sometimes dangerous to take simple soundbite origin stories at face value, but since in this case our source is Microsoft themselves we think we can take it as being close to the horse’s mouth. Even if it isn’t a Roman horse.

IBM floppy drive image: Michael Holley [Public domain].

Finally, An Open Source Calculator

Microsoft has released the code for the Calculator app. This move is the latest in Microsoft’s efforts to capitalize on the Open Source community. Previous efforts have been the Open Sourcing of an extremely old version of DOS, and shoehorning Linux into Windows somehow in a way that’s marginally more user-friendly than spinning up a VM or popping over to your Linux partition. Oh yeah, Microsoft bought Github. Can’t forget that.

The release of the code for the Calculator app means now you too can truly verify all your calculations are correct. To build the Calculator app, you’ll need a Windows 10 computer and Visual Studio. You might think that this is the same code that’s been shipping for 30 years — it’s a simple calculator, right? Not so: the Calculator for Windows 8 had a strange and odd bug where the square root of 4, minus two, did not equal zero. Floating point is hard, kids.

Of special interest to the community, it’s now possible to disable telemetry sent from the Calculator app to Microsoft servers. Yes, the Calculator app knows you forgot how to divide, and wow man, six times nine, you needed help with that?  Fortunately, telemetry can be disabled in developer’s builds by disabling the SEND_TELEMETRY build flag. Now Microsoft won’t know you don’t do math so good.

At the time of this writing, we could not be bothered to contact Microsoft to find out when the pinball game or Ski Free will be updated and Open Sourced.

New Kinect Sensor Switch Focus From Gamers To Developers

Microsoft’s Kinect may not have found success as a gaming peripheral, but recognizing that a depth sensor is too cool to leave for dead, development continued even after Xbox gaming peripherals were discontinued. This week their latest iteration emerged and we can get it in the form of Azure Kinect DK. This is a developer’s kit focused on exploring new applications for this technology, not a gaming peripheral we had to hack before we could use in our own projects.

Packaged into a peripheral that plugs into a PC via USB-C, it is more than the core depth sensor module announced last year but less than a full consumer product. Browsing its 10-page specification (PDF) with comparisons to second generation Kinect sensor bar, we see how this technology has evolved. Physical size and weight has dropped, as has power consumption. Auxiliary capabilities has improved with an expanded microphone array, IMU with gyro in addition to accelerometer, and the RGB camera has been upgraded to 4K resolution.

But the star of the show is a new continuous-wave time-of-flight depth sensor, presented at the 2018 IEEE ISSCC conference. (Full text requires IEEE membership, but a digest form is available via ResearchGate.) Among its many advancements, we expect the biggest impact to be its field of view. Default of 75 x 65 degrees is already better than its predecessors (64 x 45 for first generation Kinect, 70 x 60 for second) but there is an option to trade resolution for coverage by switching to a wide-angle mode of 120 x 120 degrees. Significantly wider than other depth cameras like Intel’s RealSense D400 series or Occipital’s Structure.

Another interesting feature is built-in synchronization. Many projects using multiple Kinect sensors ran into problems because they interfered with each other. People hacked around the problem, of course, but now they don’t have to: commodity 3.5 mm jacks allow multiple Azure Kinect DK to be daisy chained together so they play nicely and take turns.

From its name we were worried this product would require Microsoft’s Azure cloud service in some way and be crippled without it. Based on information released so far, it appears developers have access to all the same data streams as previous sensors. Azure tie-in takes the form of optional SDKs that make it easier to do things like upload data for processing in Azure cloud-based recognition services.

And finally, Azure Kinect DK’s price tag of $399 is significantly higher than a Kinect game peripheral, but it is a low volume product for developers. Perhaps high volume consumer products built on this technology will cost less, but that remains to be seen. In the meantime, you have alternative tools for solving similar problems. For example if you are building your own AR headset, you might use Intel’s latest RealSense camera for vision based inside-out motion tacking.

Interfacing The Sidewinder Joystick To AVRs

The Sidewinder line was a series of gaming peripherals produced by Microsoft, starting in the 1990s. After some initial stumbles, several cutting edge joysticks were released, at a time when the home computer market was in a state of flux, transitioning from legacy interfaces like serial and parallel to the more modern USB. In this interim period, Sidewinder joysticks used a special method to communicate digitally over the game port interface, which more typically used a kludge to read joysticks in an analog manner. [MaZderMind] managed to reverse engineer this protocol, and implemented the interface on an AVR microcontroller.

The technology is loosely described in US Patent 5628686, which discusses the method used to communicate bidirectionally with the Sidewinder joystick. [MaZderMind] found that the patent documents didn’t correspond exactly with how the Sidewinder Precision Pro communicated, but it was close enough that the operation could be reverse engineered.

The plan is to use the vintage joystick to control a quadcopter, so the interface was implemented on an AVR, and a graphical LCD installed to act as a display for testing the operation. [MaZderMind] also captured data on an oscilloscope to indicate in detail the quirks of the joystick’s operation.

Yes, it’s entirely possible to use a more modern microcontroller with a USB joystick. However, there are few that measure up to the standards of the old Sidewinder hardware, and sometimes the best tool for the job is the one you’ve got with you. A traditional single joystick is a different take on quadcopter control, but there’s other options – gesture control is possible, too.

 

The Mac That Helped Build The Xbox Rides Again

The original Xbox, released in 2001 by Microsoft, was notable for being built out of largely off-the-shelf PC components. With a custom Pentium III CPU and IDE peripherals, the console was much closer to a contemporary desktop computer than any of the dedicated game consoles which had come before it. Which of course makes perfect sense if you think about it. Microsoft would want to use technology they were intimately acquainted with on their first foray into gaming market, and if there’s anything Microsoft knows better than forced system updates, it’s x86 computers.

But for their follow-up system, the Xbox 360, Microsoft decided to go with a PowerPC processor they co-developed with IBM. Naturally this meant they needed PowerPC development systems to give to developers, which is how Microsoft ended up briefly distributing PowerMac G5’s. [Pierre Dandumont] came into possession of one of these oddball Microsoft-branded Macs, though unfortunately the hard drive had been wiped. But with the help of a leaked drive image and some hardware sleuthing, he’s now got the machine up and running just like it was when Microsoft was sending them to developers between 2003 and 2005.

Since you’re reading this on Hackaday, you might have guessed there was a little more to the story then just downloading an ISO and writing it to the hard drive of a PowerMac G5. There’s apparently some debate in the community about whether or not it’s some form of rudimentary DRM on Microsoft’s part, but in any event, the development kit operating system will only run on a G5 with very specific hardware. So the challenge is not only figuring out what hardware the software is looking for, but finding it and getting it installed over a decade after its prime.

Most of the required hardware, like the Intel 741462-010 network card or 160 GB Seagate ST3160023AS hard drive were easy enough to track down on eBay. But the tricky one was finding a Mac version of the ATi Radeon X800 XT. [Pierre] ended up getting a much more common ATi FireGL X3 and flashing it with the Mac X800 firmware. This is a little easier said than done as depending on which manufacturer made the memory on your specific video card you have to fiddle with the clock speeds to get a usable image, but in the end he found the winning combination and the development kit OS booted up with his hacked graphics card.

So what does all this get you in 2019? [Pierre] admits nothing terribly useful, but it’s still pretty cool. The system lets you run Xbox and Xbox 360 binaries, and even features the old Xbox 360 “blade” style dashboard. He says that he’s only had limited success getting retail games to actually run on the thing, but if your goal was running Xbox 360 games in 2019 there’s certainly better ways to do that anyway. Like, buying an Xbox 360.

We’ve previously talked about the Xbox 360’s rather unusual processor, but around these parts we more often see projects which involve tearing Microsoft’s sophomore console apart than digging into how it actually worked.

Continue reading “The Mac That Helped Build The Xbox Rides Again”

You Won’t Hear This Word On The Street

The simplest answer to a problem is not necessarily always the best answer. If you ask the question, “How do I get a voice assistance to work on a crowded subway car?”, the simplest answer is to shout into a microphone but we don’t want to ask Siri to put toilet paper on the shopping list in front of fellow passengers at the top of our lungs. This is “not a technical issue but a mental issue” according to [Masaaki Fukumoto], lead researcher at Microsoft in “hardware and devices” and “human-computer interaction.” SilentVoice was demonstrated in Berlin at the ACM Symposium on User Interface Software and Technology which showed a live transcription of nearly silent speech. A short demonstration can be found below the break.

SilentVoice relies on a different way of speaking and a different way of picking up that sound. Instead of traditional dictation in which we exhale while facing a microphone, it is necessary to place the microphone less than two millimeters from the mouth, usually against the lips, and use ingressive speech which is just whispering while inhaling. The advantage of ingressive over egressive speech is that without air being blown over the microphone, the popping of air gusts is eliminated. With practice, it is as efficient as normal speaking but that practice will probably involve a few dizzy spells from inhaling more than necessary.

Continue reading “You Won’t Hear This Word On The Street”