Amazon: We Love the Cheery Smile, But Does It Have a Darker Meaning?

July 13, 2020

Who needs the Dark Web when one has Amazon? The Markup reveals, “Amazon’s Enforcement Failures Leave Open a Back Door to Banned Goods—Some Sold and Shipped by Amazon Itself.” Investigators at The Markup began combing the site for banned goods after a series of deaths and illnesses attributed to one counterfeit pill maker. The fake-Percocet maker, now in prison, revealed he’d bought his pill press right off Amazon. The journalists were dismayed to find nearly 100 dangerous and/or illegal items readily available on the site. All of these products are explicitly banned in Amazon’s third-party seller rules and prohibitions for the U.S. market. Reporters Annie Gilbertson and Jon Keegan write:

“The Markup filled a shopping cart with a bounty of banned items: marijuana bongs, ‘dab kits’ used to inhale cannabis concentrates, ‘crackers’ that can be used to get high on nitrous oxide, and compounds that reviews showed were used as injectable drugs. We found two pill presses and a die used to shape tablets into a Transformers logo, which is among the characters that have been found imprinted on club drugs such as ecstasy. We found listings for prohibited tools for picking locks and jimmying open car doors. And we found AR-15 gun parts and accessories that Amazon specifically bans. Almost three dozen listings for banned items were sold by third parties but available to ship from Amazon’s own warehouses. At least four were listed as ‘Amazon’s Choice.’ The phrase ‘ships from and sold by Amazon.com’ appeared beneath the buy button of five of the banned items we found, which two former employees confirmed means those products are, in fact, sold by Amazon. In addition, one of the sellers we were able to reach also confirmed it sold the items to Amazon.”

Of course, “Amazon’s choices” are often chosen by algorithm, which is part of the problem. The site does have a process for finding and removing banned products, but the human reviewers cannot keep up with the onslaught of third-party uploads. The journalists found several products that evaded detection by being listed as something they are not—like the AR-15 vise block masquerading as a desk accessory, complete with paperclips and pencil erasers in the image. Other items simply avoid telltale keywords, but are plain as day to anyone who views the listing. It is apparent even the algorithm has a clue because it frequently recommends items related to the product at hand. See the article for more examples.

What will Amazon do about this alarming issue? Well, if we take spokesperson Patrick Graham’s responses as a guide, the answer is it will downplay the problem. Seems about right.

Cynthia Murrell, July 13, 2020

Amzon AWS Cost Control Insights

June 29, 2020

Amazon’s AWS is a fascinating business case. On one hand, AWS reduces some of the hurdles to modern solution development. On the other hand, it is easy — even for an experienced Certified AWS expert — to forget what’s running, whether a particular service is unnecessary, or what processes are tucked into the corner of Jeff Bezos’ profit making machine. “Our AWS Bill is ~ 2% of revenue. Here’s How We Did It” provides a run down of the money gobblers and provides some helpful guidance. There are screenshots in the Gulf racing colors of orange and blue. There are explanations. Plus, there are useful insights; for example:

Our application is a Shopify app and during the process of building the application we created a Shopify store. Every Shopify store gets its own personal CDN where you can manually upload anything and it will be served over the Shopify CDN. So we minified and uploaded our JS file to the CDN of our Shopify store and now we serve 20000 Shopify stores using this method at zero cost.

One problem: There are more ways for Mr. Bezos to suck cash from eager and willing customers than helpful explanations of how to keep expenses low.

Stephen E Arnold, June 29, 2020

Amazon: Nosing into Telco Land

June 25, 2020

Amazon wants to expand into Asia, but they are avoiding the Chinese hot market and concentrating on India. India’s Zee News explains, “Amazon In Initial Talks To Buy $2 Billion Stake In Bharti Airtel” and Amazon would then own a 5% stake in the company. It would also augment India’s third largest telecommunication company and give them more power to compete against its rivals.

The five percent stake is not the only option Amazon has considered. They also spoke with Bharti Airtel about deals that included stakes worth between 8-10%. Nothing is definitive yet because the deal is in the preliminary stages:

“The talks between Bharti and Amazon are at an early stage and the deal terms could change, or an agreement may not be reached, said two of the three people, all of whom declined to be identified because the discussions are confidential. If talks to buy a stake fail, the companies could also look at a commercial transaction that could give Bharti`s customers cheap access to Amazon products, one of the people said.”

Nothing else is known about the suspected plans, but Bharti Airtel shares rose based on them. While China remains in hot water because of COVID-19, India has come more into focus for technology development. There has always been interest in India, but the subcontinent remains fairly neutral compared to its northern neighbor.

Whitney Grace, June 24, 2020

Cloud Pricing: Humor and Insight

June 22, 2020

We are putting the finishing touches on my Amazon Policeware lecture for the upcoming cyber crime conference. This particular talk has to be pre recorded. Why? Not sure, but creating a program is more difficult than lecturing from a stack of note cards.

I do include a brief reference to cloud pricing. I think there are some important truths in Amazon AWS pricing with regard to the company’s reinvention and reapplication of IBM’s old-school lock in strategy.

The write up “The Three Fs of Cloud Pricing” presents one facet of the Bezos bulldozer’s approach to policeware vendors and ultimate customers. Based on my DarkCyber team’s research, drgriffin is putting horseshoes on the iron stake.

If you have a “stake” in AWS cloud technology as a partner, ultimate customer, start up AWS user, or any of the other category of players in the Amazon forest, you will find the drgriffin write up information.

Here’s a snippet, but read the original, please:

Allowing people to play with the product for free was good for customers. But it was even better for cloud adoption. The free tier was part of their strategy of selling IT infrastructure directly, without having to go through finance and executives.

Remember that Google sought to circumvent information technology professionals. The attitude was, “You are a problme, and if you were any good, you would work at Google. Since you are NOT at Google, therefore, you are useless.”

Amazon, to cite one example, has taken a different approach; that is, the free tier. Don’t contraband vendors use a similar tactic?

Stephen E Arnold, June 22, 2020

Amazon: Bombay Gin? For Sure

June 21, 2020

The trustworthy outfit with trust principles published “Amazon Signals Entry into alcohol Delivery in India with Nod in Key State.” The title had the words “exclusive” and “document”, but the main point seemed diluted.

Amazon is allegedly going to deliver alcohol in West Bengal.

Why?

Money.

The write up points out that Amazon competitors are delivering liquor.

Interesting item of Amazonia.

Stephen E Arnold, June 21, 2020

Linux Developer Is Unhappy with Amazon

June 17, 2020

Who doesn’t love Amazon? Maybe the person credited with developing Linux? That would be Linus Torvalds, developer of note.

No one pays attention to insults on the Internet unless someone with clout says them. The IT community definitely paid attention to the head of the Linux kernelLinus Torvalds when he said, “Linus Torvalds Rejects ‘Beyond Stupid’ AWS-Made Linux Patch For Intel CPU Snoop Attack” reports ZDNet.

In early 2020, Snoop launched attacks on Intel andCore CPUs and AWS discovered it. The attack causes CPUs to leak data from its L1D cache via bus snooping—a cache-updating operation that happens when the L1D modifies data. AWS developed a patch for the Linux kernel that would allow applications to opt in to flush the L1D cache when a task is switched out. Torvalds thinks the patch would degrade performance in other applications. Torvalds said:

“ ‘Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say ‘slow down anybody else I schedule with too’…‘In other words, from what I can tell, this takes the crazy ‘Intel ships buggy CPU’s and it causes problems for virtualization’ code (which I didn’t much care about), and turns it into ‘anybody can opt in to this disease, and now it affects even people and CPU’s that don’t need it and configurations where it’s completely pointless’.

‘I don’t want some application to go ‘Oh, I’m _soo_ special and pretty and such a delicate flower, that I want to flush the L1D on every task switch, regardless of what CPU I am on, and regardless of whether there are errata or not. Because that app isn’t just slowing down itself, it’s slowing down others too.’’

Torvalds also think the patch is crazy because a hack could inhabit another core within the CPU and attack the L1 cache before its flushed. Another fun word he used was pseudo-security.

Usually “pseudo” is reserved for science, but this works too.

Whitney Grace, June 17, 2020

Organic or Paid Search? Answer: Pay Up

June 16, 2020

There is a weird symbiosis. Unlike the sucker fish clamped on a shark, the predator’s fellow travelers operate in the dark digital ocean. “Organic Vs Paid Search: Explained” correctly points out that traffic costs money. This is not 1994, gentle reader. This is 2020 and the costs of running an ad supported search engine are difficult to control.

The write-up ignores a simple fact: Online advertising companies want anyone who wants clicks and traffic to pay. Like the IRS oriented phrase: Death, taxes, and the online traffic levy.

This means that “organic search” — the 1994 style of Web indexing — is dead like dinosaurs. The future is pay to play.

As output devices become smaller and voice creeps forward as a way to explain where to get a pizza, the free loading sucker fish are going to get scraped off the digital shark. The shark will then eat the sucker fish.

What’s this mean for search engine optimization? More baloney, more hand waving, and another lost cause.

Pay to play, the phrase of the future. There’s no cyber Mother Theresa to intervene.

Stephen E Arnold, June 16, 2020

Amazon: Can Money Buy Smooth Sailing?

June 15, 2020

What is the obvious solution when you must not leave home but there are things to purchase? Amazon.com, of course. And where do businesses turn when they must suddenly facilitate remote workers? For many, the solution is Amazon’s AWS. During this pandemic the tech giant has grown even larger, but with this success comes a lot of criticism. Yahoo News tells us, “Amazon Hit from All Sides as Crisis Highlights Growing Power.” One prominent example—New York state Attorney General Letitia James and others were disgusted Amazon fired a worker who had led a protest over covid-19-related safety concerns. The company says the employee was actually fired for refusing to quarantine after testing positive for the disease. Hmm.

AFP reporter Julie Jammot writes:

“As Amazon becomes an increasingly important lifeline in the pandemic crisis, it is being hit with a wave of criticism from activists, politicians and others who question the tech giant’s growing influence. Amazon has become the most scrutinized company during the health emergency. It has boosted its global workforce to nearly one million and dealt with protests over warehouse safety and reported deaths of several employees. But Amazon has also pledged to spend at least $4 billion in the current quarter — its entire expected operating profit — on coronavirus mitigation efforts, including relief contributions and funding research. Amazon’s AWS cloud computing unit, which powers big portions of the internet, is also a key element during the crisis with more people and companies working online. Amazon’s market value has hovered near record levels around $1.2 trillion dollars as it reported rising revenues and lower profits in the past quarter.”

The company’s size alone, say activists, is reason enough for scrutiny. Some are concerned about the way Amazon treats workers, others balk at the financial gain CEO Jeff Bezos has personally enjoyed during this time. Though the company has increased pay above minimum wage during the crisis, to $15 an hour, critics say it could afford to pay much more. There is also concern that, with its popular streaming service on top of everything else, the company just wields too much influence in people’s daily lives.

Amazon seems to have sailed through the biological disturbance. Now comes the legal thunderstorms. Smooth cruising ahead? Unlikely.

Cynthia Murrell, June 15, 2020

Amazon Facial Recognition: Hit Pause for One Year. Is the Button Wired Up?

June 11, 2020

Quite a bit of interest in the announcement from the online bookstore about facial recognition. The story appeared in Dayone (that’s the Amazon official blog). The story’s title was “We Are Implementing a One Year Moratorium on Police Use of Rekognition.” Like IBM’s “we’re not doing facial recognition” announcement, the coverage of the news seems to have ignored some nuances.

First, Amazon has been investing like a wealth crazed MBA on Wall Street to beef up its policeware capabilities. Because bad actors are often humans, the technology required to identify these humans is important. And facial recognition and other types of policeware are expensive to develop. Thus, the word “moratorium” is important.

Second, some of the activities in which the online bookstore is engaged are covered by different types of agreements, contracts, and statements of work. As dramatic and newsy are “From this day forward” statements are, certain projects are likely to continue. Extrication from an underway government project is not just pushing the button. That button has to be connected to the operative system in order to work. Think of this as a dial on a thermostat in a hotel room. The guest thinks the dial works, but the device is a psychological play so the guest “thinks” he or she is in control. Ho, ho, ho.

Third, with infrastructure in place and data being processed, indexed, and stored, government entities have legal tools to obtain access to certain information. Whether one “stops” or not, the legal mechanisms are often deaf to such statements, “We don’t do this anymore.” That works exactly how often?

Net net: DarkCyber believes that more information about the precise meaning of moratorium in the context of Amazon’s usage of the word. Discarding a substantive investment? Maybe. Maybe not.

Stephen E Arnold, June 11, 2020

Amazon: Public Sector Services Attract Attention

June 11, 2020

DarkCyber is not 100 percent certain that the information in “Amazon Urged by Petition to Break Ties with Police.” Petitions can be tricky information gathering mechanisms. With that in mind, consider this statement:

A coalition of racial justice groups on Tuesday launched an online petition calling for Amazon to cut all ties with police and US immigration officials. The petition takes aim at Amazon Web Services cloud computing unit’s “Rekognition” facial recognition technology and Ring surveillance cameras used for home security.

The goal is:

The groups want Amazon to sever ties with police departments and US Immigration and Customs Enforcement.

How will Amazon respond? The company’s policeware business is not well understood, and it could be poised to become a more significant factor in Amazon’s business strategy. I will be delivering a talk about Amazon’s services and activities for law enforcement at the July 2020 US National Cyber Crime Conference. Interest in the subject is increasing, just slowly.

Stephen E Arnold, June 11, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta