Microsoft Security? Just Super Duper
December 31, 2021
I installed software on one of my test machines. Windows’ Defender tool told me I had malware. Not true. To see what would happen, I clicked the offered Defender button and Windows killed a program from a developer doing business as Chris-PC. Helpful? You bet.
I mention this because I think I am the only person in Harrod’s Creek who believes that the Windows 11 release was a way to distract people from Microsoft’s security challenges. I like words like “challenges” and “misstep” because “dumpster fire” is too colorful and “disaster” has been overused.
What’s up with Microsoft security challenges as we creep toward what will be a banner year for some actors? How about these two news stories?
First, we have “Microsoft Teams Bug Allowing Phishing Unpatched Since March.” The main idea is that nine months have bustled by. Teams users could fall victim to some missteps in Microsoft Teams. The write up states:
German IT security consultancy firm Positive Security’s co-founder Fabian Bräunlein discovered four vulnerabilities leading to Server-Side Request Forgery (SSRF), URL preview spoofing, IP address leak (Android), and denial of service (DoS) dubbed Message of Death (Android). Bräunlein reported the four flaws to the Microsoft Security Response Center (MSRC), which investigates vulnerability reports concerning Microsoft products and services. “The vulnerabilities allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address and DoS’ing their Teams app/channels,” the researcher said. Out of the four vulnerabilities, Microsoft addressed only the one that attackers could use to gain access to targets’ IP addresses if they use Android devices.
Second, we have “Stealthy BLISTER Malware Slips in Unnoticed on Windows Systems.” I learned:
… Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.
Nope, let’s block Windows 11 users from installing another browser. Let’s kill Chis-PC software. The path forward is to enter 2022 with the ghost of SolarWinds laughing and the ghosts of Christmas yet to come licking their lips in glee.
Stephen E Arnold, December 31, 2021
Facebook: Be Proud
December 31, 2021
Gee, who could have predicted it? MacRumors reports, “Facebook Crowned ‘Worst Company of 2021’ by New Survey.” Each December Yahoo Finance picks a Company of the Year based on factors like achievements and market performance, and stalwart Microsoft has come out on top for 2021. The less coveted worst company designation is determined by a survey of Yahoo Finance’s audience. Writer Sami Fathi reports:
“According to the survey, which polled over 1,000 individuals, Facebook received 50% more votes for the spot compared to Alibaba, a Chinese e-commerce platform. Those surveyed have a ‘litany of grievances’ towards Facebook, including but not limited to concerns over censorship, reports about Instagram’s impact on mental health, and privacy. While the survey results are grim and not in the company’s favor, 30% of the participants responded positively to whether Facebook could ‘redeem itself.’ … Facebook has long been embroiled in public concerns over the privacy of its users. Facebook has notably fought with Apple over changes in iOS and iPadOS that make it harder for companies to track users across other apps and websites. Facebook has claimed the new change, App Tracking Transparency, would hurt small businesses that rely on advertising to attract new customers. Mark Zuckerberg has gone as far as to say that Facebook’s lackluster growth in the last quarter of the year was partly to blame on ATT (App Tracking Transparency).”
For his part, Apple CEO Tim Cook flings criticism right back at the Zuck. Which is worse—giving up a little revenue or fomenting polarization and violence? I suppose it depends on one’s perspective. The company formerly known as Facebook is hoping its Meta rebrand will distract everyone from its woes, but going by this survey that has yet to happen.
Cynthia Murrell, December 31, 2021
Facebook: Making Friends in the USAF
December 31, 2021
This is a short post sparked by this Financial Times’ article: “Facebook to Build Metaverse with Start-Up That Had US Military Contracts.”
The main idea is that Facebook bought a company. The firm — Reverie— will work with Meta Facebook thing’s Reality Labs. But the bonus move is that the Meta Facebook thing was terminated when the Meta Facebook thing bought Reverie. The venerable and generally respectable Financial Times pointed out that the Meta Facebook thing would “not be involved with any future defense or military AI development.”
Okay. My hunch is that a Meta Facebook thing employee whose child seeks to enter the Air Force Academy may find that some of those involved in the selection process may remember this “not be involved with any future defense or military AI development.”
Who likes this type of business decision? Maybe the Chinese and Russian military leadership? But that’s just a thought from the wilds of rural Kentucky. The Meta Facebook thing knows what’s best for itself and, of course, the US government.
Stephen E Arnold, December 31, 2021
HP: A Minor Glitch from the Outfit Purchasing Autonomy
December 30, 2021
My Japanese is non existent, so I rely on Google Translate. (The Beyond Search team loves the Google.) According to the Institute for Information Management and Communication at Kyoto University, an HP supercomputer system experience a momentary lapse. (Possibly the same type of issue which sparked the purchase of Autonomy?) Google Translate offers this output:
An accident occurred in which some data in the capacity storage (/ LARGE0) was unintentionally deleted.
How much data were lost? Not much. Just 77 terabytes or the equivalent of 77 trillion bytes. This worked out to 34 million files affecting 14 groups of researchers. Good news some back ups were available but for four of those groups, the data are now gone, or in the phraseology of social media, cancelled.
The apology appears in red, which makes the problem go away.
Who beavered away on the system? Nippon Hewlett Packard.
Wasn’t HP the outfit allegedly paying very close attention to its board of directors’ behavior? Maybe not. But HP definitely bought Autonomy and HP definitely will be unpopular with the four groups losing their data.
Happy New Year. And what’s the New Year’s resolution for the Institute for Information Management and Communication? Buy more HP is one possibility.
Stephen E Arnold, December 31, 2021
Lick Tech: A Taste for Covid and Leukoplakia?
December 30, 2021
I spotted a remarkable photo in this online story: “Lick It Up: Japan Prof Creates ‘Tele-Taste’ TV Screen.” Here’s the main point of the write up:
Japanese professor has developed a prototype lickable TV screen that can imitate food flavors, another step toward creating a multisensory viewing experience. The device, called Taste the TV (TTTV), uses a carousel of 10 flavor canisters that spray in combination to create the taste of a particular food. The flavor sample then rolls on hygienic film over a flat TV screen for the viewer to try.
I am reluctant to replicate the image in the online publication. Visualize this. One approaches a large TV screen and licks the panel as one would an ice cream cone on the beach in Guarujá.
Think of this approach:
Winner!
Stephen E Arnold, December 30, 2021
Ads and Money Plus Surveillance and Strong Control: A Winning Equation?
December 30, 2021
We need to face it that if the western world did not have a mixed capitalistic economy, the amount of consumer surveillance Amazon, Google, Apple, and other tech companies would be the equivalent of government surveillance in China and North Korea. The Drum explains how advertising spies on consumers in: “Why The Death Of Third-Party Cookies Is Actually A Modern Advertiser’s Dream.”
Third-party cookies will soon be a tool of the past. Consumers are tired of ads, but if they must engage with ads they tire of seeing the same ones, lack of personalization, and authenticity. New techniques stress personalization and authenticity. New advertising tools will farm more consumer data to create the next generation of ads:
“In-content ad strategies use artificial intelligence (AI) to not only deliver personalized, timely content, but also to generate contextual data about the viewer. This data offers brands the option to target audiences based on sentiment, which adds a key emotional moment of connection between viewer and brand – helping to build both trust and advertising effectiveness.”
This sounds like harmless advertising, but it implies prying further into consumers’ privacy. There is a fine line between collecting consumer data for advertising campaigns and invading privacy. Lines need to be drawn and consumers should be informed and given a choice to participate in advertising. One could argue they could avoid the Internet, but that’s like saying a person can rely on US public transportation outside a major metropolis. It does not work.
Whitney Grace, December 30, 2021
Reputation Repair Via Content Moderation? Possibly a Long Shot
December 30, 2021
Meta (formerly known as Facebook) is launching another shot in the AI war. CNet reports, “Facebook Parent Meta Uses AI to Tackle New Types of Harmful Content.” The new tool is intended to flag posts containing misinformation and those promoting violence. It also seems designed to offset recent criticism of the company, especially charges it is not doing enough to catch fake COVID-19 news.
As Meta moves forward with its grand plans for the metaverse, it is worth noting the company predicts this tech will also work on complex virtual reality content. Eventually. Writer Queenie Wong tells us:
“Generally, AI systems learn new tasks from examples, but the process of gathering and labeling a massive amount of data typically takes months. Using technology Meta calls Few-Shot Learner, the new AI system needs only a small amount of training data so it can adjust to combat new types of harmful content within weeks instead of months. The social network, for example, has rules against posting harmful COVID-19 vaccine misinformation, including false claims that the vaccine alters DNA. But users sometimes phrase their remarks as a question like ‘Vaccine or DNA changer?’ or even use code words to try to evade detection. The new technology, Meta says, will help the company catch content it might miss. … Meta said it tested the new system and it was able to identify offensive content that conventional AI systems might not catch. After rolling out the new system on Facebook and its photo-service Instagram, the percentage of views of harmful content users saw decreased, Meta said. Few-Shot Learner works in more than 100 languages.”
Yep, another monopoly type outfit doing the better, faster, cheaper thing while positioning the move as a boon for users. Will Few-Shot help Meta salvage its reputation?
Cynthia Murrell, December 30, 2021
Facebook Innovates: Beating Heart Emojis
December 29, 2021
I could not resist citing this write up: “WhatsApp Working on Animated Heart Emojis for Android, iOS: Report.” What’s the big news for 2022 from the most loved, oops sorry, worst company in the United States? Here’s the answer according to Gadgets360:
WhatsApp is reportedly planning to add animation to all the heart emojis of various colors for Android and iOS. This could be linked to the message reaction feature that the platform is said to be working on. The feature has been already added to WhatsApp Web/ Desktop via a stable update.
The beating hearts are chock full of meaning. The pulsing image files provide notification information. The compelling news story added:
WhatsApp is rumored to allow users to react to a specific message in a chat with specific emojis. There is also a reaction info tab to show who reacted to a message. Message reactions are reported to be rolled out to individual chat threads and group chat threads.
Definitely impressive. What use will bad actors using WhatsApp for interesting use cases find for pulsing hearts or other quivering emojis?
Stephen E Arnold, December 29, 2021
The Price of a Super Secure Mobile for Questionable People
December 29, 2021
Criminals are sometimes the smartest people in the world, but other times they are the dumbest. The Sydney Morning Herald reported a story on some of the latter in, “‘Invulnerable To Law Enforcement’: More Alleged Drug Criminals Outed By Encrypted App.” Australian criminals Duax Ngakuru and Hakan Ayik were used an encrypted phone platform that was surreptitiously created by law enforcement.
Australian and New Zealand law enforcement teamed together on Operation Ironside and they infiltrated the encrypted AN0M phone network. Authorities monitored Ngakuru and Ayiks’ drug activity for three years:
“The work of Australian and New Zealand authorities has – especially since Operation Ironside was unveiled publicly in June with sweeping arrests and raids across the globe – made the Ngakurus and Ayik among the most wanted men on the planet, crippling the drug syndicates the trio helped operate.
The police files also reveal how the AFP’s infiltration of the encrypted AN0M phone network suggest the Ngakurus and Ayik successfully imported many drug shipments into Australia and New Zealand over many years. On May 17, Shane Ngakuru was covertly recorded using his AN0M phone device to describe sending “methamphetamine to New Zealand, Melbourne, and Perth” from his base in Thailand.”
The bad actors believed they were invulnerable and the most powerful men in Turkey if not Oceania. While their drug operations were cleverly planned, the stupidity surfaces when they did not research their communication networks. Their so-called invulnerability comes about when they thought AN0M could not be hacked. They did not check up on updates or in other bad acting communities to see if there were hints of police crackdowns.
The US FBI, CIA, and other law enforcement organizations never shared information in the past, but they discovered it was mutually beneficially to do so. Criminals often do the same. Unfortunately Ayik and Ngakurus’ egos got the best of them.
Whitney Grace, December 29, 2021
Mobile: Unexpected Consequences or Fuel for Social Media?
December 29, 2021
“Study Finds Problematic Smartphone Use during Pandemic” could raise some fruitful avenues for researchers to explore. Frances Haugen’s document dump and her comments during her “Facebook is evil” road show. The article reports:
Statistical analysis of the survey results found that low sense of control, fear of missing out, and repetitive negative thinking were, indeed, all associated with greater severity of problematic smartphone use.
How does one fuel craziness? My hunch is that one tosses in content display which sparks a user’s clicking or doom scrolling.
If so, the impact of digital information via an addictive chunk of hardware might be the lever needed to topple the world the way it was in the years before the Big Tech revolution and a handy dandy pocket phone, computer, and content dispensing device.
Managing a Facebook-type of problem might not work if the corrosive impacts require a smartphone dance partner. The same might be slapped against mobile devices. Thus, meaningful dampening of the current digital craziness would require unplugging both the Facebook-like outfits and the mobile gizmo folks.
Unlikely? You bet. Forecast? Yep, more craziness ahead for 2022.
Stephen E Arnold, December 29, 2021