Month: December 2017

No file-based malware—or balaclava—was required for most of the attacks CrowdStrike investigated in the past year.

Despite the rise of massive crypto-ransomware attacks, an even more troubling trend emerged in data gathered by the security firm CrowdStrike this past year and published in the company's 2017 "Intrusion Services Casebook." The majority of attacks the company responded to did not leverage file-based malware but instead exploited a combination of the native software of victims' systems, memory-only malware, and stolen credentials to gain access and persist on the targeted networks. And the average attack persisted for 86 days before being detected.

"We found that 66 percent of the attacks we had investigated were file-less or malware free," said Bryan York, director of services at CrowdStrike, in an interview with Ars. "These attacks had either leveraged some sort of compromised credentials or some sort of malware that runs in memory only."

Some of these attacks used malware that was implanted in the memory of a targeted system by exploiting a software vulnerability on a system reachable from the Internet as a beachhead, or they used poorly configured Web systems to gain access—and then in some cases leveraged Windows features such as PowerShell or Windows Management Instrumentation (WMI) to establish persistent backdoors and spread laterally throughout targeted networks without leaving a malware footprint detectable by traditional antivirus screening. "Obviously, memory-only malware is pretty challenging to protect against," York said.

As various creators look toward the new year, December seems to bring with it a new trailer every day (Batman Ninja? Altered Carbon? Black Mirror just this morning before a December 29 launch). But one teaser stood out from the fray this morning—because when you invoke WarGames, we nerds pay attention.

Before some readers instantly panic, no, the 1983 Matthew Broderick hacker classic is not being rebooted verbatim for the big screen. Instead, Her Story writer/dev Sam Barlow will modernize the tale for 2017-2018 and turn it into an "experimental interactive series" (which is how Barlow describes Her Story).

“With #WarGames I was thrilled to take the questions raised by the original movie and ask them again in a world where technology has fundamentally changed our lives," Barlow said in the game's press release. “I am excited to introduce viewers to the new hacker protagonist, Kelly, who represents the breadth of modern hacker culture and its humanity. As viewers help steer her story, I hope they will fall in love with her as much as the #WarGames team did.”

Enlarge / The Chrome Web Store.

More than a year ago, Google announced that Chrome Apps would be removed from Windows, Mac, and Linux versions of Chrome (but not Chrome OS) some time in 2017, and it seems we've come to that point today. Google has shut down the "app" section of the Chrome Web Store for those platforms, meaning you can't install Chrome Apps anymore. Google has started sending out emails to Chrome app developers telling them that Chrome Apps are deprecated, and while previously installed apps still work, the functionality will be stripped out of Chrome in Q1 2018.

As Google explained in its blog post last year, Chrome apps are being killed because no one uses them. In the post, Google said that "approximately 1 percent of users on Windows, Mac and Linux actively use Chrome packaged apps." Chrome Apps came in two varieties: "packaged apps" and "hosted apps." Hosted apps were basically glorified bookmarks, which makes little sense on a real desktop OS but gave Chrome OS users a way to pin important webpages to certain parts of the UI. The more powerful Chrome Apps were "packaged apps," which could run in the background and access hardware like USB ports. Both were desktop-only features, and now both will exist as Chrome OS-only features.

There's also Chrome Extensions, which are still desktop only and aren't going anywhere. Extensions are also installed through the Chrome Web Store and usually live next to the address bar as buttons. This is the plug-in point for password managers, script and ad blockers, mail checkers, and even the occasional fully fledged app, like Google Hangouts for Chrome.

Enlarge / Supporters of net neutrality protest outside a Federal Building in Los Angeles, California on November 28, 2017. (credit: Getty Images | NurPhoto )

Net neutrality supporters plan a nationwide series of protests starting Thursday outside Verizon stores, where they will express their opposition to the pending repeal of net neutrality rules.

You can find local protests by going to this webpage and searching by ZIP code.

Verizon stores aren't the only places where there will be protests. In Washington, DC, for example, there will be a protest at the annual FCC Chairman's Dinner on Thursday. There will be another protest outside the FCC building on December 13, one day before the vote to repeal net neutrality rules. Many protests will be happening on Saturday as well.

Video shot and edited by Justin Wolfson. Click here for transcripts. (video link)

LOS ANGELES—I'll be honest with you: this year's Los Angeles Auto Show was not the most mind-blowing car show I've been to. Most of the big reveals were cars that had already broken cover elsewhere, earlier, and the proximity to CES (which is now a car show) and then Detroit in January has had a bit of a negative effect. But that's not to say there's nothing to see at the LA Convention Center (where the show runs until December 10th). What follows are some highlights of the neatest design and engineering we saw during the two-day press preview.

Infiniti’s very clever new engine

We already looked at Infiniti's new variable-compression ratio engine earlier this week. but it deserves another call-out as one of the most interesting advances for the internal combustion engine in decades. A multilink can vary the distance the pistons travel within each cylinder, allowing it to operate at compression ratios between 8:1 and 14:1. The engine first ships in the new QX50 SUV.