Capital One, Amazon, Cats, and the Common Infrastructure Play

July 31, 2019

I read “Hacking Suspect Acted Oddly Online.” (Note: the online story is paywalled by Rupert Murdoch. You may  be able to get a peek at the dead tree version of this story in the Wall Street Journal for July 31, 2019.) Yep, Internet cat angle, self incrimination, and public content dissemination. That’s a plot hook which may make a great Lifetime or Netflix program. Amazon is likely to pass on funding the film version of this now familiar story.

Here’s the plot:

There’s the distraught financial institution, in this case, the lovable Capital One. This is the outfit known for “what’s in your pocket”? Good question. The financial outfit teamed up with Amazon in 2015, and according to the “real news” outfit:

In 2015, Capital One Chief Information Officer Rob Alexander said, “The financial services industry attracts some of the worst cyber criminals. So we worked closely with the Amazon team to develop a security model, which we believe enables us to operate more securely in the public cloud than we can even in our own data centers.”

That sounds darned good, but data affecting about 100 million people was breached. That number has not been verified to my satisfaction, and DarkCyber awaits additional data. But 100 million is a good enough number for the story.

Next we have a protagonist with some employment history at Amazon. Remember that this is the cloud service which was in the chain of data compromise. But — and this is important — Amazon was not at fault. The security problem was a is configured bit of “infrastructure.” Plus, the infrastructure which was the point of weakness is “common to both cloud and on premises data center environments.”

The story ends with a suspect. If the program becomes a mini series, we will follow the protagonist with empathy for cats through a trial, and perhaps a variation on the story weaving of “Orange Is the New Black.”

What’s missing from the analysis in the “real news” outlets? Here in Harrod’s Creek, Kentucky, we think of Amazon as an outfit with nifty white Mercedes Benz vans and fast moving van drivers.

But a couple of the pundits lounging in the convenience story / tavern floated some ideas:

  1. Why is Amazon not providing a system to address misconfiguration? It seems that 100 million people are now aware of this dropped ball.
  2. Why is an Amazon person, presumably with Amazon expertise, behaving in a manner that appears problematic? If the person was hired, what’s the flaw in the Amazon hiring process? If the person was terminated for a germane reason, why was the person not given appropriate “support” to make the transition from Amazonian to a person with unusual online activities? How does Amazon prevent information from being used by a former employee? What can be improved? Are there other former Amazon employees who are able to behave in an allegedly problematic way?
  3. Why is the problem “common” to use Capital One’s alleged word quoted in the WSJ story? There are dozens upon dozens of firms which are marketing themselves as cyber safeguard providers. Are these services used by Amazon, or is Amazon relying on home grown solutions. There are indeed Amazon’s own security tools. But are these findable, usable, reliable, and efficacious? Security may be lost in the thicket of proliferating Amazon products, services, and features. In effect, is it possible that Amazon is not doing enough to prevent such security lapses associated closely with its cloud solutions.

Stepping back, let’s think about this incident in a cinematic way:

  1. A giant company offering services which are so complex that problems are likely to result from component interactions, blundering customers, and former employees with a behavior quirk.
  2. A financial services firm confident of its technical competence. (Note that this financial firm with a previous compliance allegation which seemed to pivot on money laundering and ended with a $100 million fine. See “Compliance Weaknesses Cost Capital One $100M”, October 23, 2018. You will have to pay to view this allegedly accurate write up.
  3. A protagonist who seemed to send up distress flags via online communication channels.

What’s the big story?

Maybe there’s a “heart of darkness” with regard to security within the Amazon jungle.

To which jungle was Joseph Conrad, author of the “Heart of Darkness” referring?

“Nowhere did we stop long enough to get a particularized impression, but the general sense of vague and oppressive wonder grew upon me. It was like a weary pilgrimage amongst hints for nightmares.”

Psychological, digital, or financial? With the JEDI contract award fast approaching, will the procurement officials interpret the Capital One breach as a glimpse of the future. Maybe Oracle is correct in its view of Amazon?

Stephen E Arnold, July 31, 2019

Google: Party and Deal Time

July 31, 2019

Were you invited to Google Camp? If DarkCyber were, the invitation did not arrive this year. Google hosts a very exclusive “summer camp” for special people. The venue is Sicily. The 2019 event will be the seventh hoe down. The venue is the Verdura Resort. The Observer newspaper stated:

the guest list is considered top secret; social media posts are forbidden; and all of the hotel staff and security have to sign nondisclosure agreements…

Possible attendees are “IAC owner Barry Diller and his wife, fashion designer Diane Von Furstenberg, former Google chairman Eric Schmidt, New Zealand’s richest man Graeme Hart, DreamWorks Pictures founder David Geffen and German pharmaceutical titan Udo J. Vetter.”

How does one know?

The answer is, “Look at the yachts.”

Stephen E Arnold, July 31, 2019

Pinterest Offers Soothing Activities for Stressed Users

July 31, 2019

Pinterest does send email about “pins that might interest you.” Distressed? Well, that’s different.

A remarkable new feature at Pinterest aims to help distressed users, Geek.com reports in, “New Pinterest Tools Help Calm Anxiety, Reduce Stress.” The soothing activities are accessed by searching for phrases like “stress quotes,” “work anxiety,” or related terms. They will even keep these searches private—a rare mercy these days. Writer Stephanie Mlot reports:

“But don’t expect the usual litany of colorful thumbnails and interspersed ads. These new resources look different from the rest of Pinterest—‘because the experience is kept separate,’ according to product manager Annie Ta. ‘People’s interactions with these activities are private and not connected to their account,’ she explained in a blog announcement. ‘This means we won’t show recommendations or ads based on their use of these resources.’

We noted this “do not track” comment too:

“Pinterest also does not track who uses them; all activity is stored anonymously using a third-party service. And, as always, if someone searches for self-harm-related content, they will be directed to the National Suicide Prevention Lifeline—just two taps away.”

Ta stressed these tools were developed in response to a startling statistic—the Centers for Disease Control reports that more than half of Americans will be diagnosed with a mental disorder or illness at one time or another. The folks at Pinterest also noticed millions of emotional-health-related searches coming across their platform. Though these activities do not take the place of professional care, Pinterest hopes they will help their users cope with distress in their lives.

Cynthia Murrell, July 31, 2019

Factualities for July 31, 2019

July 31, 2019

Heat is making some numericists stumble from the pool to the bar and back to the pool.

The craziest number we spotted in the last week is:

$989,000,000. The amount of money spent on Alphabet Google “moon shot” projects in the last 12 weeks. In the same period, one year ago, the Googlers spent “only” $732,000,000 in 12 weeks. No payoffs from these “investments” yet. Source: Engadget

There were some other interesting numbers, including this gem:

(42%). Gartner’s prediction for the coming price decrease in DRAM pricing. One DRAM dollar today will cost $0.58 soon, real soon. Source: Tech.net

Here are others the DarkCyber team jotted down:

0. Number of bad actors captured in an Amazon assisted Colorado police sting designed to snag package thieves. Source: Techdirt

15. Numbers of workers who went on strike on Amazon Prime Day. Source: Business Insider (may be paywalled).

24. Number of months from today when Intel will deliver 7 nanometer chips. Note: AMD has been shipping 7 nm chips for more than a month. Source: Techquila

45. Average age of a successful startup’s founder. Source: Harvard

66. Percentage of small business owners who believe their businesses are safe from cyber attacks. Source: TechRadar

1,000. Number of private conversations Google’s partners leaked from Google Assistant. Source: Slashdot

10,000. Alleged number of crypto currency holders the IRS is tracking down. Source: Seattle Times

12,500. Number of student identities stolen in a Lancaster University breach. Source: The Register

600,000. Number of daily Tor users in Russia. Source: BBC

1,000,000. The number of hours Google Loon balloons have been aloft. Source: CNet

1,000,000. Number of TV customers AT&T lost after boosting its price for dish service. Source: Arstechnica

$2,848,975.50 The amount lost to cyber crime every minute, an estimate output by TechRadar

$3,920,000. Cost of a data breach. Rate of increase in incidents: +12 percent over five years. Source: ZDNet

$4,533,333. Amount of money lost by Tesla every 24 hours over the last 90 days. Source: Arstechnica

23,000,000. Number of stolen credits being traded / sold on the Dark Web. Source: ZDNet

$700,000,000. Equifax data malfeasance fine. Source: CRN

2.3 billion. Number of files exposed online now. Source: Digital 3Munition

Stephen E Arnold, July 31, 2019

Department of Defense: Procurement and Management in the Spotlight

July 30, 2019

There’s more chatter about Oracle’s attempt to remain relevant at the Pentagon. Almost overlooked is the report by the Department of Defense’s Inspector General. The IG had the delightful task of auditing contractor networks. The idea was that maybe some processes could be improved.

ExecutiveGov noted:

DoD OIG found that the agency’s contracting offices have not developed approaches that will help validate contractual requirements, send contractor notifications, mark CUI documents and confirm implementation of CUI security controls. In addition, the report confirmed that the Defense Threat Reduction Agency did not take prompt action to mitigate the leak of information from a DoD contracting office.

FedScoop pointed out:

The report also cites some communication failures. A failure to properly mark controlled but unclassified information, for example, blinded contractors to what steps they needed to take to ensure information security. DOD contracting offices “inconsistently tracked” which contractors had what type of information, leaving both sides of the contracting process in the dark, the report states.

Interesting reading because the report may be helpful to different DoD centric entities. There are some redactions, but the main points are clear. DarkCyber found the comments about “no oversight” interesting. Without oversight, is cost control possible? Can scope creep be limited?

Stephen E Arnold, July 30, 2019

Amazon Flaw Presented Gently, Very Gently

July 30, 2019

If you are an avid Amazonoid, you don’t want to hear bad news. “Amazon as Experiment” tries to explain a flaw, but the write up goes about the task carefully.

The main idea is that if you know what you want and know the terms used to describe that which you want to buy, view, or listen to — Amazon delivers.

The write up points out:

Amazon, of course, is the Sears Roebuck of our time, but it’s more than that. Amazon is systematically going through every branch of the idea tree around what retail is, and doing it without any pride.

I agree. The Bezos bulldozer is doing old things more MBA-ishly. (I pronounce this em-bee-a-ish-lee. The term means get money and skate as close to the edge of appropriate behavior as humanly possible. I love those MBAs, don’t you?)

The write up draws a parallel with the Google, another outfit which does things and then tries to figure out how to maximize return.

Now the flaw, presented gently:

This has always been the gap in the Amazon model. It’s ever more efficient at finding what you already know you want and shipping it to you, but bad at suggesting things you don’t already know about, and terrible whenever a product needs something specific—just try finding children’s shoes by size. This is probably inherent in the model.

What’s this mean? The experience of wandering around an olive market in Paris or poking into stalls in Istanbul’s indoor market are not part of Amazon.

In short, without a mechanism that allows finding something, deciding it has value, and in some cases touching the product — Amazon has become sterile.

Now, Amazonoid, does that matter? Wall Street wants to see growth. Discovery to an MBAish person means more money. What about Amazon’s competitors? Are they able to deliver discoverability?

Why do people wander around looking at stuff in cities? Why do professionals attend conferences and visit booths? Why do people expose themselves to different contexts?

The answer is, DarkCyber believes is to discover. An algorithm does not discover. It presents probable matches.

What will Amazon do to remediate this problem presented gently?

Stephen E Arnold, July 30, 2019

Google and Local Business: Understanding an Issue?

July 30, 2019

Google My Business (GMB) is a boon to many organizations, allowing them to be easily found online. However, not all businesses fit neatly into the platform’s algorithm. Search Engine Land asks, “What Do You Do if Google My Business Doesn’t Understand Your Business?” Writer Adam Dorfman observes:

“According to the most recent Moz Local Search Ranking Factors report, your GMB page is the biggest local ranking factor. It also functions as a website now, with rich content, visuals and customer ratings/reviews that make it possible for people to learn more about you without leaving Google’s search results. At the same time, Google My Business is not a perfect service. It often struggles with businesses that don’t fall into the two most common business types: storefronts where customers come to a permanent business location and service area businesses, where the business comes to the customer.”

The primary example here is the increasingly common pop-up shop—a type of business that does not maintain a permanent address. Since GMB relies on snail-mail postcards to verify listings, these entities may be unable to establish one in the first place. If they do, the app may show them as “permanently closed” when they move on to another location, implying they have gone out of business altogether. Not good for reeling in customers. Dorfman writes:

“Because of this quirk in Google’s approach, pop-up stores are generally beyond the reach of GMB. Their customers need to find them via word of mouth or via social sites such as Facebook, where they may operate pages without a verified location. In the above scenario, everyone loses. The store loses potential customers. Google loses traffic to social sites such as Facebook. And customers lose because it becomes harder to find a store that might interest them. Because Google Maps and Waze draw data from GMB listings, those popular apps cannot offer users accurate directions to these types of stores.”

Verification is important, but GMB must be able to adapt to shifting business trends. The company seems willing, but it remains to be seen how it will address this growing issue. The August 13, 2019, DarkCyber references the ease with which a person can create a fake business in Google’s online system. A plus or a minus? The answer depends on one’s point of view.

Cynthia Murrell, July 30, 2019

DarkCyber for July 30, 2019, Now Available

July 30, 2019

DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.

This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.

Other stories in the July 23, 2019, program are:

First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.

Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.

Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, July 30, 2019

Amazonia for July 29, 2019

July 29, 2019

Summertime, the bulldozing is easy. Money is flowing, and regulators are hopping. There was some Amazon news despite the heat waves and the rumblings of impending monopoly investigations in the US and elsewhere.

JEDI Excitement

President Donald Trump, according to the semi paywalled, “insider” news service delivered a stunning rumor in “President Donald Trump Reportedly Wants to ‘Scuttle’ the $10 Billion Pentagon Cloud Contract That Amazon and Microsoft Are Fighting Over.” Let’s assume this report is spot on, accurate, and wrapped in factualities. Several questions pop up:

  • How happy will Oracle be with this decision?
  • How unhappy will Amazon be if it receives zero Department of Defense JEDI work?
  • How will Microsoft make Azure sort of work? (DarkCyber asks this question because some of Microsoft’s software has been — how shall I phrase it? — problematic?)

More than a week ago, Nextgov reported that “Trump ‘Looking Into’ Pentagon’s JEDI Contract.” There was swamp mist swirling around an assertion that some Republicans wanted the JEDI contract issued. Why? Love of Amazon? Love of Microsoft? Love of DoD procurement processes? Nope. “National security.”

Also, Amazon allegedly snapped up a modest 270,000 square feet of office space in lovely, 21st century Herndon, Virginia. There is no congestion near Sunrise Drive, some told DarkCyber. The company has a modest 400,000 square feet on the Dulles Access Road between Dulles Airport and the once sylvan Reston, Virginia. Source: Biznow

Fox News (an outstanding “real” news outfit published “Lawmakers Urge Trump to Delay $10B Defense Contract over Amazon Conflicts Probe.” The write up states:

The lawmakers who signed Tuesday’s letter are all Republicans and include Florida Rep. Matt Gaetz and Wisconsin Rep. Sean Duffy. Florida Sen. Marco Rubio sent a similar letter to national security adviser John Bolton last Thursday, seeking a delay to the awarding of the JEDI contract due to a “lack of competition.”

The article did not include a quote from Amazon’s Washington, DC executive. Non government gray would have been enriched with local color.

Amazon Quarterly Report

Amazon’s quarterly revenue was $63 billion. The number of interest to DarkCyber is that AWS revenue was up 37 percent to $8.4 billion which works out to a $30 billion plus business for a 12 month period. MarketWatch has some additional details. Net net: Amazon will tighten the thumbscrews on merchant partners, vendors, and AWS customers. The Bezos bulldozer needs a new coat of paint, so price hikes will be needed.

DarkCyber wants to point out that the Gartner Group, an outstanding crystal ball outfit, predicts that Amazon can deliver a surprise for customers who don’t keep their eye on:

  • Amazon costs and prices
  • Amazon’s features
  • Amazon’s competitive behavior.

Does Gartner Group advise the Secretary of the Treasury?

Amazon Health Care

Curious as to Dr. Jeff Bezos’ medical acumen? There’s some information tucked into “Amazon Web Services Exec Partovi on Where the Biggest AI Opportunities Are in Healthcare.” In the interview / essay, we spotted this statement:

On the patient side, the value that cloud brings is that you can do predictive modeling. By applying machine learning and predictive modeling to data, it allows you to predict patient health events.

Perfect for health insurance and other services which could benefit from smart software and some cross correlation.

To put this interview in context, Amazon has rolled out a Web services center in Houston. Wasn’t that city interested in IBM Watson before those using the system realized it did not work the way doctors did? Source: Houston Chronicle

Retail on the US Government’s Mind

About that Department of Defense JEDI contract? What happens if the current Administration continues to find fault with Amazon? What about real estate values in Alexandria, Arlington, and other “close to the jungle” locations?

We noted “US Treasury Secretary Steven Mnuchin Says Amazon Has Destroyed Retail.” At the same time, US government professionals are gearing up for inquiries.

The write up stated:

Treasury Secretary Steven Mnuchin said he supports the Justice Department’s formal antitrust review of the country’s largest tech companies, particularly Amazon, which he said has ruined retail. In an interview Wednesday with CNBC, Mnuchin said the company has “destroyed the retail industry across the United States” and said there’s “no question they’ve limited competition.”

DarkCyber does not speculate about procurement, but could the JEDI deal go to Microsoft?

Big News: Amazon Offers Sellers a Deal

I worked in New York City sort of for several years. I was from a small town in Illinois, and I had to learn how to speak “New York.” One of the first phrases I learned was, “Such a deal.”

Amazon may be offering “a deal” to its sellers. The Wall Street Journal (paywall, gentle reader) appears to have blown the whistle on a new program for sellers and merchants who use the Amazon ecommerce site to move their products. The idea is simple:

  1. Independent merchants can get Amazon’s help with marketing
  2. Amazon can then purchase the merchant’s brand for $10,000
  3. The merchant gets to find another product to convert into a winner.
  4. Jump to Line 2

Such a deal.

Amazon’s Accelerator will accelerate all right. A faster path to monopolistic dominance of whatever product sells. I also learned another New York phrase, “Have I got a deal for you.” Sure you do.

A related item is that Amazon’s suspension policy contributes to “partner” stress. See this link.

Amazon Facial Recognition Leaves Disneyesque Orlando

Orlando Police Department has allegedly ended its Amazon Rekognition facial recognition test. The Orlando Weekly reported:

 

Orlando’s two-phase pilot with Amazon to try out real-time facial recognition software ended Thursday, capping 15 months of technical lags, bandwidth issues and uncertainty over whether the controversial face-scanning technology actually works.

The termination was allegedly due to resources. DarkCyber believes that this statement is accurate, but it may not include a spectrum of issues associated with facial recognition.

We noted the inclusion of this statement as well:

Matt Cagle, a technology and civil liberties attorney at the ACLU, congratulated OPD for “finally figuring out what we long warned – Amazon’s surveillance technology doesn’t work and is a threat to our privacy and civil liberties.” “This failed pilot program demonstrates precisely why surveillance decisions should be made by the public through their elected leaders, and not by corporations secretly lobbying police officials to deploy dangerous systems against the public,” Cagle said.

The report noted:

Orlando is the only city in the country to openly test Amazon’s fledgling real-time facial recognition software. Washington County Sheriff’s Office in Oregon is the only other known client using a variant of the software, where deputies can upload a photo of an unidentified suspect and run it through a database of images for a possible match long after an incident occurred.

Was Orlando a success or failure? It seems the thrill ride may have ended.

Amazon India: Bulking Up

AWS Can Be a Great Enabler for India to Jump a Tech Gen in AI and ML: Amazon Internet Services’ Rahul Sharma” is a rah rah article about Amazon’s growing interest in India. The write up reports:

AWS wants to lead India into becoming a cloud-first economy. From providing streams of open data and offering easy-to-use AI/ML services to skilling millions of youth, the company is out to service its biggest customer: the Indian citizen.

DarkCyber ignored the social good handwaving and focused on the meat of the push into India: Govtech.

Amazon and Israel

A new data center and a play for Israeli government contracts? Seems logical. Data Center Dynamics reports:

In September, Israel’s Finance Ministry and the Government Procurement Administration said that they planned to issue a tender in 2019-2020 for the supply of services based on a public cloud platform, servicing multiple government organizations

Amazon Chatbots: Still Chattering

ZDNet report that Amazon has rolled out a chatbot which issues system alerts to developers, through Slack and its own Chime app. The write up states:

Under the current AWS Chatbot Beta, notifications can be provided from Amazon Cloud Watch, AWS Health, AWS Budgets, AWS Security Hub, Amazon GuardDuty, and AWS CloudFormation.

Yep, notifications.

AWS Lightsail How To

Want to build a virtual machine in AWS Lightsale. The “real news” outfit TechRepublic has published a how to in “How to Create a Virtual Machine Using Lightsail in AWS.” The write up is a very upbeat presentation of Amazon help page content. We liked this phrase too: “…Just a few mouse clicks.” There’s a free white paper available too. Just click this link. Plus, Lightsail is a deal, just $3.50 per month. DarkCyber believes that each customer’s costs will vary. TechRepublic is quite helpful to Amazon. DarkCyber wonders if there is any “consideration” or “inclusion” assessment associated with this story. Probably not. Just “real news”.

Reeling from Surprise AWS Costs?

Some help may be on the way. According to Silicon Angle, DarkCyber learned that EC2 Resource Optimization Recommendations helps users to optimize the Amazon Elastic Compute Cloud resources they use. Allegedly the new service:

[will] find idle or underused instances so customers can adjust their usage patterns to save on costs. Should the tool find an idle instance, which Amazon defines as one that has less than 1% maximum central processing unit utilization, it will recommend that users simply shut it down. And when it finds an underused instance, it will recommend different-sized instances to which customers can switch to fit their usage pattern better and get more bang for their buck.

Yes, You Can Control a Car with Amazon

DarkCyber spotted this video: “Controlling a Car with Artificial Intelligence – AWS Deep Racer.” If you are a fan of serial content acquisition in non text form, here’s the url you need. For Amazon’s explanation of the use of its smart software, navigate to “Developers, Start Your Engines.” Vroom, vroom.

Amazon and Financial Information

We read “Amazon Echo Banking: Get Alexa to Check Your Balance, Make Payments and More.” DarkCyber liked the word “more.” How much more? One can imagine if the online bookstore has access to one’s bank accounts: Checking, savings, home loans, etc. Shove these data into any other personal information Amazon has. What pops out of the Alexa enabled microwave? How about a competitor to Oracle’s data service?

The write up ignores the big picture and states:

Linking your Echo to your account is quick and private. Don’t worry, you’re not sharing your personal banking info with Amazon when you connect it to the Alexa app. Just make sure you feel comfortable with the people who might be within earshot when Alexa responds.

There you go. Secret info from the outfit which records and retains data transmitted via Echo. How useful would such “unretained” data be to an investigator, an outfit doing a credit check, or to an insurance company? Probably above average.

Surfing on Weaveworks?

TechRepublic, an outfit which writes very positively about IBM, has turned its reportorial rapier on Amazon. “The Clearest Sign of AWS’ Open Source Success Wasn’t Built by Amazon” seems negative at first glance. But, no, TechRepublic seems to love Amazon as much as it does IBM. We noted this statement in the write up:

As AWS executive Matt Wilson put it, “As a very early adopter of Free and open source software (going back to migrating from Unix to Linux in 2002!), folks at Amazon have extensive understanding of Open Source, and also how developer communities of all types grow around technology.”  With Firecracker, this shows, because Weaveworks, not AWS, built Weave Ignite. That’s how good open source ecosystems grow.

A new jungle to bulldoze.

Pop That Trunk for Deliveries

DarkCyber wonders if law enforcement officers will find this Amazon delivery option helpful?

Amazon Will Now Deliver to the Trunk of Your Honda” states:

Amazon keeps on expanding its delivery options, perhaps to ensure that you won’t have an excuse not to buy that thing you’ve just carted. In 2018, it launched an in-car delivery service for GM and Volvo owners, which it also eventually offered to Ford and Lincoln vehicles. Now, the e-commerce giant is giving select Honda models access to Key by Amazon In-Car delivery, as well, so you can have your package dropped right inside your car wherever it is you’ve parked.

DarkCyber has heard that certain other models are supported in Europe.

There are some limitations, but the upside seems evident to Engadget’s expert:

While the HondaLink app itself is free, the Remote Services package will set you back $110 per year after a 3-month trial. Key by Amazon doesn’t cost anything on top of that, though, so it’s a nice perk if you’re already paying for the add-on.

Yes, a nice perk. Particularly if an authority watches the delivery person open a trunk long enough for the officer to peer inside.

Amazon Accused for Requiring Officers to “Shill” Rekognition

Vice seems unhappy with Amazon. The company provides a trial system so law enforcement can get some hands on (better yet, eyes on) time with the Rekognition imaging system. Vice points out: “Amazon Requires Police to Shill Surveillance Cameras in Secret Agreement.”

The write up states:

The Lakeland, Florida police department is required to “encourage adoption” of Ring products as part of a secret agreement with the company.

We noted:

Amazon is convincing people to self-surveil through aggressive, fear-based marketing, aided by de facto police endorsements and free Ring camera giveaways. Consumers are opting into surveillance. And police are more than eager to capitalize on this wealth of surveillance data. The result of Ring-police partnerships is a self-perpetuating surveillance network: More people download Neighbors, more people get Ring, surveillance footage proliferates, and police can request whatever they want.

China’s government has implemented this type of approach. In the US, Amazon appears to be providing a similar service to the government. DarkCyber is interested in this approach to generating data for the Bezos bulldozer’s policeware platform.

Now the “secret”. A contract is a document which may have terms and conditions. If Vice obtained such a document; therefore, the document is not secret. Or is it?

Partners / Resellers
  • Brightloom uses AWS for its restaurant services business. Starbucks just signed up, not just for the service but for an ownership stake. Source: Forbes
  • Equinix has increased the bandwidth of its AWS direct connections. Source: SDxCentral
  • Sigma rolls out support for live debugging in its integrated development environment for AWS. Source: Yahoo
  • Stackery streamlines AWS server development on local machines. Source: GeekWire
  • Uptime has developed a single sign on service for AWS. Source: Yahoo
  • Zendesk makes ASW customer support services more actionable. Source: Yahoo

Stephen E Arnold, July 29, 2019

Elastic App Search Ready for On-Premise Deployment

July 29, 2019

One of the most successful enterprise search companies, Elastic, is bringing its cloud-based App Search platform down to Earth. The company announces this development in its blog post, “Elastic App Search: Now Available as a Self-Managed Download.” Their director of product marketing, Diane Tetrault, writes:

“Empowered with valuable feedback from the community over the last few months’ beta program, the team has worked hard to bring the simplicity and power of the Elastic App Search Service to any infrastructure. It’s now available to download and deploy at scale, alongside the default distribution of Elastic Stack 7.2 (or later), anywhere.

We noted:

“While Elastic App Search has been around for over a year as a cloud-based solution, this release represents an important milestone. It highlights our commitment to offer the greatest flexibility in how and where developers deploy next-generation search experiences. Whether it be an online store, a geolocal directory, a vast music collection, or a SaaS application, Elastic App Search is the quickest way to build fluid and engaging search experiences. … “It is no secret that Elasticsearch is a powerhouse for search use cases of all kinds. That said, with great power comes great configurability. Our team worked relentlessly to channel the limitless potential of Elasticsearch into a streamlined package, purpose-built for application search use cases. In other words, you can now bring the relevance, scale, and speed of Elasticsearch to any application you’re building.”

App Search is free to use alongside the default distribution of the Elastic Stack. Naturally, the platform includes features Elastic users have come to rely on, like schema-free indexing, language-specific text analysis, pre-configured algorithms, relevance tuning, astute analytics, and impressive APIs and UI frameworks. In addition, they are introducing new user-management features that allow for easy-to-use role-based access controls or the built-in user management. Interested readers can check out the free trial.

Elastic began as Elasticsearch Inc. in 2012, simplified its name in 2015, and went public in 2018. The company is based in Mountain View, California, and maintains offices around the world. It also happens to hiring for quite a few positions at the time of this writing, in case any readers are interested.

Cynthia Murrell, July 29, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta