Wait, what ?
There are undocumented Windows logs ?
After all these years and hundreds of millions of users, Borkzilla still manages to create log files that nobody knows about ?
Infosec outfit Cybereason says it's discovered a multi-year – and very successful – Chinese effort to steal intellectual property. The company has named the campaign "Operation CuckooBees" and attributed it, with a high degree of confidence, to a Beijing-backed advanced persistent threat-slinger going by Winnti – aka APT 41, …
If you know what they did with actually-useful WindowsUpdate.log by ditching the text and converting it to some mystery binary format (probably this one) that could not be read by any of their existing tools (like Message Analyser), and requires a stinking powershell command (the command, not powershell) to convert into a readable format, meaning it can't be tailed in real time, this is 100% no surprise whatsoever.
I wonder if this will stop MSFT inventing all manner of logs that are unreadable by consumers, are also apparently zero use for diagnostics (never once had a support engineer request anything of that nature, admittedly I don't work with desktop systems), and which consume considerable amounts of space at times. I get the need for faster logging at times, but the ETL type should be very limited in size and meaningful output sent to the existing event logs (zillions of those these days too) or a text file.
Including some of their monitoring apps, like the ATP sensor service. One of them DOES log to a text file, and seemingly is a spew of all the .NET activity inside the app with absolutely no way of configuring it to "error only" or something that doesn't churn away constantly.
They had used these resources to produce better quality knock offs rather than to steal IP, imagine how far ahead of us the Middle Kingdom could be right now. I'd say trying to keep up with the west was an opportunity squandered. They could have had Quantum computing and fusion working by now.
They are presumably following the playbook used by Japan and Taiwan, etc. Didn't the US also start out that way, ignoring European IP protection for books, music, etc early on before they started to produce their own IP as well which needed protection?
Copy / emulate earlier on, then start creating your own once you got your industry moving.
Give them a few more years, and they will need IP protection for their own stuff, at which point they will also protect other's IP as well.
>They could have had Quantum computing and fusion working by now.
Maybe a DiY space station and a Mars rover as well, you never know.
Seriously, though, the metric to watch is how many Chinese institutions and people are working on advanced technologies. This is what politicians are belly aching about -- academics have been working with Chinese counterparts for many years but instead of seeing this as a mutually beneficial partnership its obviously our precious IP being leaked to the Middle Kingdom.
As anyone who actually works on the bleeding edge will tell you its not the actual technology that's the issue, its the commercialization that's the important bit. Politicians tend to be like screenwriters -- they figure that 'the blueprint' is all you need to know to duplicate a machine or process.
... an undocumented file format that can be accessed through APIs but can't be parsed. "
Who'd create a binary logging system that could hide data from admins?
Glad Linux continues to use text logs and hasn't bought into this hard to read logging concept.