Microsoft next month will start phasing out Client Access Rules (CARs) in Exchange Online – and will do away with this means for controlling access altogether within a year.
CARs are being replaced with Continuous Access Evaluation (CAE) for Azure Active Directory, which can apparently in “near-real time” pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft’s Exchange Team.
That might be useful if suspicious activity is detected, or a user account needs to be suspended, and changes to access need to be immediate.
“Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023,” the advisory read. “We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.”
CARs is used by Microsoft 365 administrators to allow or block client connections to Exchange Online based on a variety of characteristics set forth in policies and rules.
“You can prevent clients from connecting to Exchange Online based on their IP address (IPv4 and IPv6), authentication type, and user property values, and the protocol, application, service, or resource that they’re using to connect,” according to a Microsoft document from earlier this year.
For example, access can be granted to Exchange resources from specific IP address, and all other clients blocked. Similarly, the system can filter access to Exchange services by department or location, or based on usernames.
Microsoft announced the replacement CAE in January, touting its ability to act fast on account revocation, disablement, or deletion; password or user location changes; the detection of nefarious activity; and other such updates, according to a blog post at the time by Alex Simons, corporate vice president of product management for the Windows giant’s identity and network access division.
“On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy,” Simons wrote. “With CAE, we have introduced a new concept of zero trust authentication session management that is built on the foundation of zero trust principles – verify explicitly and assume breach.”
With this zero-trust focus, session integrity – rather than a set session duration – is what dictates a user’s authentication lifespan, we’re told.
CAE not only aims to give enterprises greater and more immediate control over access and events, but users and managers may appreciate the speed at which changes are adopted, Microsoft claims.
“Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical Azure AD events,” Microsoft added earlier this month. “Those events can then be evaluated and enforced near real time. Critical event evaluation doesn’t rely on Conditional Access policies so it’s available in any tenant.”
Critical events can include a user account being deleted or disabled, a user password is changed or reset, or multifactor authentication is enabled for a user. There also are other events, such as when an administrator explicitly revokes all refresh tokens for a user or a rogue insider is detected by Azure AD Identity Protection.
Finally, for workload identities, CAE enforces token revocation for workloads, among other things, according to Microsoft. ®
Scammers have scammed their fellow cybercriminals out of more than $2.5 million on three dark web forums alone over the last 12 months, according to Sophos researchers.
In a Black Hat Europe session, Sophos threat hunters detailed their investigation, which examined scams on two well-established Russian-language marketplaces, Exploit and XSS. They also looked at BreachForums, which launched in April 2022 after a Europol-led operation shut down the earlier version of the stolen-data souk, RaidForums.
And it turns out that scammers gonna scam, even in the criminal underground.
“We saw referral cons, fake data leaks and tools, typosquatting, phishing, ‘alt rep’ scams (the use of sockpuppets to artificially inflate reputation scores), fake guarantors, blackmail, impersonated accounts, and backdoored malware,” writes Sophos senior security researcher Matt Wixey, in the research posted today. “We even found instances where threat actors got revenge by scamming the scammers who scammed them.”
Scams on these three cybercrime forums are so prevalent that all of them have dedicated “arbitration rooms.”
Exploit, which has about 2,500 reported scams, has two: one for claims and another, the Black List, for confirmed scams. These have been around since the mid-2000s, along with closed Russian attacker forum XSS, which reported around 760 scams on its site, according to Sophos. XSS also keeps a “ripper list” that indexes scam sites.
“Exploit is the worst for scams, both in terms of numbers of reports and money lost to scammers,” Wixey writes. “It does have around twice as many members as XSS, and may also attract more scammers because of its reputation.”
Exploit’s open claims’ room lists 211 claims totaling $1,021,998, while its Black List cited 236 exploits that cost other crooks $863,324.
In one case, an Exploit user opened an arbitration claim in an attempt to negotiate with ransomware gang Conti about decrypting a company’s assets. Exploit admins, however, closed that claim because ransomware is banned on the marketplace, so apparently there are some standards.
Meanwhile, XSS, for comparison, reported 120 open claims valued at $509,901. BreachForums’ arbitration room, which has only been around since that market opened in April, lists 21 claims worth $143,722.
While higher-end scams on all three forums hit six figures — $160,000 on Exploit and XSS are the most lucrative — some victims on these sites have filed claims for as little as $2, according to Wixey. “Threat actors seem to be as indignant about having their money stolen as anyone else, no matter the amount,” he notes.
Perhaps unsurprisingly, the claims processes sometimes descend into name calling, insults and general chaos with the accuser accusing the accused of scamming. In some cases the alleged victims end up getting banned from the sites for being dishonest.
While banning is the most common punishment for ripping off fellow criminals on these forums, BreachForums also publishes banned users’ email address, registration, and last-seen IP address, thus leaving them open for doxxing, the research says.
However, Sophos also cites a few cases “involving serial scammers” who were banned, and simply created new profiles, paid another registration fee, and carried on with their criminal ways.
As Wixey notes: “If there’s a takeaway from all this, it’s that no user is immune; any trade on criminal forums involves an inherent risk of scams.” ®
Prof Sally Ann Lynch talks about the complexity of DNA tests and the work that led to her winning the HRCI Research Impact Award.
Last Thursday (1 December), consultant geneticist Prof Sally Ann Lynch won the inaugural Health Research Charities Ireland (HRCI) Research Impact Award for her contribution to the field of research.
The award highlights the role of health research charities in funding research as well as principal investigators who have participated in the joint funding scheme from HRCI and the Health Research Board.
Lynch’s work, which was supported by the National Children’s Research Centre and the Children’s Health Foundation, Temple Street, was recognised for its real-world impact and for making a positive difference to patients’ lives.
Specifically, Lynch and her team undertook two projects under the scheme, which identified a total of 11 genes that have been responsible for significant health issues for people.
One of these genes, the LARS gene, and its association with a failure to thrive in babies was a brand-new discovery.
With the remaining 10 genes, Lynch discovered new clinical symptoms that were not previously associated with diseases for these genes, from lung disease to neurological conditions.
Lynch told SiliconRepublic.com more about her research, which started 10 years ago.
“We were using new technology to try and make diagnoses in families where routine testing was negative. It was done in collaboration with a team in UCD [University College Dublin],” she said.
“We successfully identified new diagnoses in a number of families using this. Now, this technology forms part of routine diagnostic testing in the investigation of children and adults with various different clinical problems.”
‘I do feel it is important to try and find diagnoses where one hasn’t been found’ – SALLY ANN LYNCH
Lynch said the LARS gene had not been previously recognised as a gene that caused human disease.
“This gene, if it is not working properly, causes children to fail to thrive. Many had evidence of anaemia and liver problems and when these children got a dose of flu or other viral illnesses, they could get very ill and go into liver failure,” she said.
“A colleague working in the metabolic unit in Temple Street had identified a small number of families who had affected children so we collaborated together and received consent from the families to use this new technology to see if we could identify the cause of the liver failure. We found genetic alterations in this gene, LARS.”
The discovery can help many children around the world be diagnosed as well and, while a new treatment has not been developed yet, a greater understanding of the condition can help with day-to-day management.
The challenges around genetic testing
While discoveries such as these can be amazing for diagnostics, medicine and innovations in health, the work is not without its challenges.
Because there is so much variation in DNA, trying to work out if these variations are causing a disease or if they are completely benign can be extremely difficult.
“It is important that due care and attention is paid to genetic test reports as they are not always black and white. The biggest challenge we face is interpreting DNA changes and trying to work out if we have reached a diagnosis or if it still remains elusive,” said Lynch.
She added that DNA tests are often misconstrued as easy to organise and have the ability to give a yes or no answer, when the reality is far more complex.
“DNA tests might give you a diagnosis, they might not give you a diagnosis. Sometimes a gene change is found and no one is sure whether a diagnosis has been reached or not because there is not enough evidence to be completely sure. DNA tests need consent. DNA tests need thought.”
Upon winning the Research Impact Award, Lynch spoke about her passion for solving rare diseases and said that an estimated 300,000 people in Ireland are living with a rare disease.
“Rare diseases undoubtedly get less bite of the funding cherry than other conditions, even though they are more in number and are just as, if not more, challenging. This needs to change.”
She added that identifying new genes is the first step in a long road that will hopefully one day lead to a new treatment.
On a rural industrial estate five miles outside Honiton, under the flight path of a nearby aerodrome, sits a rather nondescript warehouse. Only one feature marks it out: in front is a graveyard of stripped arcade cabinets, slowly rotting in the cold and damp.
I am here to visit Play Leisure, a company that restores and sells old arcade games. It has a compelling TikTok account where it shares new discoveries – a recent post showed off a Deadstorm Pirates machine with its enormous sit-in cabinet and giant cinematic display. I’ve dragged my friend and fellow arcade fanatic Joao Sanches along, and now I’m feeling nervous and responsible because, walking up to the unmarked entrance, I’ve no idea if they will have anything interesting in stock after our 90-minute drive.
But peering inside, I spot it immediately, sat there in the cramped reception area amid piles of cardboard boxes: a pristine 1992 Street Fighter II machine, the backboard sporting a wild illustration of Ryu kicking Ken, each special feature on the playfield named after famous Street Fighter attacks. I almost gasp.
Matt Conridge, the owner of Play Leisure, has always been interested in arcade machines. “Like a lot of us in our 30s and 40s, it comes from back when I was a kid,” he explains as he comes to greet us. “I used to visit arcades at seaside resorts – places like Dawlish and Lynmouth.”
Three years ago, Conridge was running a video game bar in Bideford, north Devon, when Covid hit. Facing disaster, he decided to close up and use his contacts in the arcade scene to pivot into a new project: restoration. He rented a warehouse, employed a small team of specialist engineers and started buying up all the old coin-ops he could get his hands on. The plan was to repair them and sell them on to private collectors and retro theme bars, after the pandemic.
“Back then, we were only buying small quantities so it usually came from collectors. Now we take them on an industrial scale,” says Conridge. “At the moment, with what’s happening in the economy, arcades are cutting costs, getting rid of some of the lower performing machines that cost them more to run than they make in revenue. We get clearances from arcades, play centres, trampoline parks … ”
Another problem is that older coin-ops require specialist engineers to maintain them. “A lot of the people who used to build and service these machines have retired,” says Conridge. “That knowledge is dying.”
Matt takes us through to the main warehouse space, where we’re momentarily stunned again. Crammed into a space about the size of a tennis court are 200-odd arcade machines from throughout gaming history. The first thing I spot is the twin cabinet version of Sega’s brilliant 1995 racing game Manx TT Super Bike, which allowed players to sit on reproduction motorcycles and compete against each other along narrow country lanes. Nearby there’s Konami’s thrilling Silent Scope 2: Fatal Judgement, complete with its authentic sniper rifle controller, and further back in this electronic labyrinth is a twin cab of Final Furlong, the crazy Namco horse racing game that you control by sitting on a plastic horse and jumping up and down.
I’m taken back to the first time I visited Japan in 2000 to attend the Tokyo Game Show. I walked into an arcade in Akihabara and saw salarymen on their lunch hour, dozens of them in rows playing this game, grimacing with effort in the darkness.
The machines arrive in huge shipping containers and Conridge is never quite sure what games he’ll find or what condition they will be in. “The problem is, arcade operators don’t generate any more money by keeping machine internals clean,” he says. “If you open it up and start cleaning the inside you may end up causing issues. We’ve opened them and found coins, tools … We found a porno mag in the back of a machine once. We’ve just got one from Blackpool, a crane machine that dispensed sweets – it’s been left for a few years and the sweets have fallen inside and rotted, then the flies got in there … ugh.”
Will they clean that? “No,” laughs Conridge. “We’ll sell it off and let someone else deal with it.”
Conridge is however, conscientious about whom he sells brittle older machines to. “There are some retro machines that we advise people not to buy unless they’re technically minded,” he says. “There’s a pinball machine, a 1966 electromechanical model we’re just about to put on sale, and we’ll refuse to sell that to nine out of 10 people who contact us because we know it won’t be suitable for them. These machines are like classic cars: they are specialist pieces of equipment and need constant care. If I sell it to someone who just wants a working machine, they’ll be fed up after five minutes – we’ve got to choose the right customer for it. Someone who is able to tinker.”
It’s not just ancient pinball machines that are problematic. The big video arcade games of the 1990s – the technical peak of the industry – often used proprietary hardware that is simply impossible to replace or reproduce. “The Sega Model arcade boards used custom Lockheed Martin chips, which you just can’t source,” explains Chris, the lead engineer. “We have to decide whether to harvest parts from less interesting games and use them to resupply classics like Sega Rally.” Around the outskirts of the warehouse space, there are shelves groaning under the weight of esoteric parts, haphazardly piled or collected in boxes.
Adding to the value of these machines now is the fact that arcades historically dumped old units when they stopped being profitable. “Ten to 15 years ago companies just didn’t foresee that there would be any interest from collectors,” says Conridge. “We just sold an Addams Family pinball machine for £10,000 – that would have been chucked in a skip 15 years ago. People didn’t expect anyone would want them.”
This was especially true of larger speciality machines, such as rhythm action games, with their bulky floor pads and complicated controllers, and driving games with their realistic race car cabinets. Not only did they take up valuable floor space, they were expensive to maintain. Their growing rarity represents an interesting challenge for Play Leisure, because games like Dance Mania and Guitar Hero are exactly the sorts of machines that the new era of retro gaming bars – such as the NQ64 chain, which has just taken on £2m of funding – are looking for: not only are they fun to play in a bar environment, they’re fun to watch, too. “Dance Mania is now a £3k machine,” Conridge says.
When cabinets arrive, their condition is assessed. For Conridge there is a delicate balance between restoration and preservation. He shows me a Point Blank machine that’s just come in: Namco’s entertaining light gun shooter, which was also popular on the PlayStation, is a currently a hit with buyers. He will aim to repair these machines whatever state they arrive in – even though the guns themselves, with their delicate recoil mechanic, are often busted beyond repair (“they get really smashed by kids in the arcade”).
On this cabinet, the lavishly illustrated decals on the sides are peeling off: do they change the artwork for a modern reproduction? “If we do, it will look better but it won’t be original,” says Conridge. “It’s a challenge. We don’t tend to sell perfect-looking machines. When we went into arcades as children, the machines would have cigarette burns – that’s how you remember them. There’s a certain charm to that.”
Some arcade cabinets are not economically viable to repair, but that doesn’t mean they’re unsellable. “We sell quite a lot of project machines,” he says. “For a collector working in their garage, that’s fine. We had a Star Wars 1982 Atari machine come in about 14 months ago. We put it on TikTok and Facebook – someone rang and they were desperate for it. It was nice to save this original machine from being scrapped.”
If they can’t be repaired, they’re stripped for parts: circuit boards, cathode ray monitors, joysticks, motors. Almost none of these are manufactured any more, so they’re all saved. Even completely stripped cabinets can have value: people often use them as a shell for their own arcade machines, using a PC and LED monitor. “Our customers can be really creative,” says Conridge. “We have people turning them into cocktail cabinets, stands for DVD players and games consoles. It’s nice because they’re not ending up in a landfill site – they’re getting another life.”
Conridge reckons half his machines go to retro bars and modern arcades. The rest are bought by private collectors. There’s a highly active arcade-collecting community, based around Discord servers and forums such as UKVAC, and Covid brought in a lot of new customers who started building gaming dens in the midst of lockdown.
Besides retro pinball tables and 1990s hits, the big sellers are attached to film or TV licences. Play Leisure has sold three Star Wars Battle Pods, really big immersive machines, for £10,000 each. An Aerosmith-branded arcade game named Revolution X will sell for £1,500, an X-Files pinball table for £3,500. There’s an odd market too for old coin-pushing machines, mostly thanks to the TV quiz show Tipping Point and the growing popularity of TikTok accounts that specialise in coin-pushing live streams.
Joao and I spend the whole day here, snaking between the machines, peering into their exposed innards. We photograph everything. A long time ago we worked together on the video game magazine Edge, often reporting on arcade shows – these machines, which are now antiques, were the newest, hottest tech when we started our careers.
And before that, as a kid, I hung out in arcades in the 1980s. Donkey Kong, Defender, Space Harrier, Out Run; a pocket full of 10 pence coins, a whole day to waste. It is bittersweet to see the machines here, their CRT monitors cracked or missing, light gun holsters worn and split.
It is good that these things are being saved. To many of us, these are more than just disposable commercial products: they are works of art containing within them the experiences of thousands of players, my own included.