Forgetting the Lessons of the Phalanx: Zooming In Does Not Work for Some

September 14, 2021

I read a write up from the Android mobile of Captain Obvious. The title? Here she be: “Study of Microsoft Employees Shows How Remote Work Puts Productivity and Innovation at Risk.” Ground breaking!

The article explains without a trace of Saturday Night Live humor:

A new study finds that Microsoft’s companywide shift to remote work has hurt communication and collaboration among different business groups inside the company, threatening employee productivity and long-term innovation.

To make the academic goodness of the report even more credible, the write up explains that the research report was:

published Thursday morning by Microsoft researchers in the journal Nature Human Behaviour. It coincides with Microsoft’s announcement that employees won’t be returning to the office Oct. 4 as previously expected.

I circled this quote nestled in the article:

The desire of employees to have both flexibility and connection with others is what Microsoft CEO Satya Nadella calls the “Great Paradox.” The company is also announcing new features in Teams, LinkedIn and other products meant to address some of the challenges revealed by the data.

War fighters employing the reliable phalanx figured out that Zooming in to a battle was not a reliable way to win. Teaming in, even with new features, is unlikely to yield better results.

Perhaps the lack of togetherness at Microsoft makes life easier for those exploiting the security peculiarities of Microsoft systems and software? No, hold that thought, please. Microsoft’s Windows 11 is a Covid era product. The Microsoft Exchange Server and Azure issues are from PC time; that is, the pre Covid period.

Perhaps the already present communications and togetherness issues have been present for many years. The work from home approach just amplified them.

Paradoxical? Nope. Management acting as a 50000 watt AM radio station. Static, anyone? Will Microsoft employees do the Thermopylae thing to defeat Microsoft’s antagonists? Sure, just via Zoom and one hopes a functioning Teams with extra features.

Stephen E Arnold, September 14, 2021

Microsoft: What Is the Priority?

September 8, 2021

Two items caught my attention today (September 3, 2021). The first was “Conti Ransomware Now Hacking Exchange Servers with ProxyShell Exploits.” What’s interesting is that Microsoft Exchange is in the news again. Here’s the interesting part of the write up:

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits….  While Microsoft fully patched these vulnerabilities in May 2021, technical details regarding exploiting the vulnerabilities were recently released, allowing threat actors to start using them in attacks. So far, we have seen threat actors using the ProxyShell vulnerabilities to drop webshells, backdoors, and to deploy the LockFile ransomware.

Isn’t this like a 45 rpm recording of the The Trashmen’s “Surfin’ Bird.” Repetitive much? Here’s the lyric. Just substitute breach or break for bird, and you may have a hit on your hands:

A well a everybody’s heard about the bird
B-b-b bird, bird, bird, b-bird’s the word
A well a bird, bird, bird, the bird is the word
A well a bird, bird, bird, well the bird is the word
(Repeat endlessly)

The second item was “Don’t Like the New Windows 11 Start or Taskbar? Don’t Worry – Microsoft’s Got Your Back.” The main thrust of this write up is that Microsoft trashed the task bar and start menu of Windows 11. I learned:

Affected Insiders found, according to Microsoft, “that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load.” The result was a hurried update requiring those impacted to do a bit of Registry tinkering in order to get things back to normal.

From the all-important security assurances to the suggestions of the best Windows ever, Microsoft delivers flawed experiences for some it seems.

Trust, confidence in Microsoft software, and commitment to providing secure and stable tools are in short supply in Harrod’s Creek. Your mileage may vary, but bad actors continue to get useful tips about ways in which Microsoft says, “Hey, pay us a visit.”

Stephen E Arnold, September 8, 2021

The Print Nightmare Method Advances to the Windows 11 Tool Bar and Start Button

September 8, 2021

Once again someone has discovered a bug in Windows machines. The vulnerability allows bad actors access to remove code execution and local privilege escalation. Tech Radar details how this is the second issue related to this vulnerability in “There’s Yet Another New PrintNightmare Hack.” The problem started when Chinese security researchers shared a proof-of-concept exploit online, believing that Microsoft had patched the hole in Windows Print Spooler. Nope!

Microsoft quickly released a patch, but not before damage was done. Creator of the popular exploitation tool Mimkatz, Benjamin Delpy exploit exploited the bug again. The bug enables anyone to gain admin privileges on vulnerable machines. It works like this:

“According to reports, Delpy’s workaround takes advantage of the fact that Windows doesn’t prevent Limited users from installing printer drivers. Furthermore, it won’t complain when these drivers are fetched from remote print servers, and will then run them with the System privilege level.”

Microsoft issued another PrintNightmare patch, but Delpy and other security researchers are not happy with it. They say that Microsoft checks for remote libraries in PrintNightmare patch and it gives an opportunity to work around it. Delpy and other security researchers have since learned a lot about printer spooler and drivers. He released his own proof-of-concept that downloads a rogue driver that misuses the latitude to allow Windows users access to admin privileges. Delpy and others explain this will not be the last of Windows printer spooler abuse.

And how’s that Microsoft method working out?

It is consistent. “Windows 11 Preview Glitch Hits Start menu and Taskbar” explains:

“Recently, Windows Insiders in both the Dev and Beta Channels began reporting that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load,” wrote the Windows Insiders team at Microsoft in a blogpost.

Yep, consistent.

Whitney Grace, September 8, 2021

Microsoft: Maybe ESET-Type Companies Are a Problem?

August 12, 2021

Microsoft security may have a problem other than bad actors compromising systems. The news cycle has moved forward, but I still chuckle at the SolarWinds’ misstep. How many super duper cyber solutions failed to detect the months long compromise of core Windows processes? I don’t know, and my hunch is that whoever knows does not want to talk about the timeline. That’s understandable.

I read “IISpy: A Complex Server?Side Backdoor with Anti?Forensic Features.” The source appears to be We Live Security which is reporting about an ESET research finding. (I find it interesting that cyber security researchers report interesting things that other cyber security vendors appear not to report or possibly know about. Interesting or a signal that cyber security systems are not particularly effective when new methods poke through a secured system, saying, “Surprise!)

The write up states:

According to ESET telemetry, this backdoor has been active since at least July 2020, and has been used with Juicy Potato (detected as Win64/HackTool.JuicyPotato by ESET security solutions), which is a privilege escalation tool. We suspect the attackers first obtain initial access to the IIS server via some vulnerability, and then use Juicy Potato to obtain the administrative privileges that are required to install IISpy as a native IIS extension. According to our telemetry, IISpy affects a small number of IIS servers located in Canada, the USA and the Netherlands – but this is likely not the full picture, as it is still common for administrators to not use any security software on servers, and thus our visibility into IIS servers is limited.

If the affected server is the exact one the bad actor wants, numbers may not be germane. Also, does the phrase “not the full picture” indicate that the cyber researchers are not exactly what’s going on?

Interesting questions from my point of view.

If I step back, what’s my observation:

Perhaps cyber security is in a quite pitiful state. If this is accurate, why would the US government offer Amazon AWS another $10 billion deal? Microsoft will contest this important award. You can read the Microsoft News story “Microsoft Challenges the Government’s Decision to Award Amazon a NSA Cloud-Computing Contract, Which Could Be Worth $10 Billion” to get a sense about the disconnect between selling and addressing what may be fundamental security issues.

Would that money, time, and effort be better invested in addressing what seems to be another troubling security issue?

The answer to this question would be in my opinion a true juicy potato.

Stephen E Arnold, August 12, 2021

Microsoft: Amazing Quote about Support

August 12, 2021

I read “El Reg talks to Azure Data veep as Microsoft flicks the switch on Azure Arc for SQL Managed Instances: Longevity, PostgreSQL, and the Default Relational Database of Choice.” I like the phrase “default relational database of choice.” Okay, confidence can be a positive.

Most of the interview is not-so-surprising stuff: End-of-life assurances, hits of a catholic approach to the Codd structure, and a general indifference to the Amazon database initiatives. That’s okay. The expert is Rohan Kumar, who is going to speak Redmond, a peculiar dialect of jargon which often reveals little relevant to the ordinary person trying to restore a trashed SQL Server table.

I did spot one tiny comment. Here is this remarkable assertion:

“We will never let any of our customers run into challenges because Microsoft decided, ‘hey, we’re not going to support you’.”

No kidding? For real? I mean none of the code blocking, security challenging stuff?

Stephen E Arnold, August 12, 2021

Strong Sinequa Helps Out Hapless Microsoft with Enterprise Search

August 9, 2021

Microsoft has enlisted aid or French entrepreneurs have jumped on the opportunity to enhance the already stellar software system available from the SolarWinds and Exchange Server misstep outfit.

Business Wire reveals in a hard hitting write up “Sinequa Brings Intelligent Search to Microsoft Teams” an exciting development. Wait, doesn’t Microsoft search work? Apparently Sinequa’s platform works better. We learn:

“Sinequa for Teams enables organizations to unleash the power of Sinequa’s Intelligent Search platform right within Microsoft Teams. … Sinequa continues to recognize the need to make knowledge discoverable so employees can make better decisions, regardless of where and how they work. The Sinequa platform offers a single access point to surface relevant insights both from within and outside the Microsoft ecosystem. Built for Azure and Microsoft 365 customers with Teams, Sinequa has extended its powerful search technology to Teams to help enterprises elevate productivity and enable better decision-making all in one place.”

The tailored Teams platform promises to improve data findability and analysis while bolstering collaboration and workflows. Sinequa is proud of its ability to provide enterprise search to large and complex organizations. Founded in 2002, the company is based in Paris, France.

Excellence knows no bounds.

Cynthia Murrell, August 9, 2021

A Microgoof or a Google PR Opportunity?

July 19, 2021

It is difficult to determine if Google is on the money with its alleged discovery of Russian cyber criminals targeting big wheels via LinkedIn. True or not, it may be another security misstep for the Redmond giant. “Russian Hackers Disguised as LinkedIn Networkers Spreading Malware” asserts:

A new investigation by Google shows that some of the common LinkedIn spam can be quite dangerous. Hackers with possible connections to the Russian government sent fraudulent LinkedIn messages to various officials from European countries with links aimed to exploit vulnerabilities in Windows and iOS. It is not yet known how many LinkedIn users were targeted in this hacking campaign and how many of them were ultimately hacked. Google believes that the cybercriminal gang responsible for the hacking campaign is most likely backed by the Russian government.

If this article is on the money, the odds are getting longer that Sergey Brin will be able to ride a Russian rocket into space. The article includes the statement “backed by the Russian government.” That might toss those orbital dreams into the Caspian Sea, the lowest point in the country. Also, the tecnopolies may be squaring off for a public relations dust up. I mean how could the Chrome love birds spat over a minor security issue. LinkedIn is a Microsoft property, and I assume it is protected by all manner of Microsoft security software as well as systems purchased or licensed.

LinkedIn vulnerable. Some believe LinkedIn lost control of user data earlier this year. Forbes reported that data about 700 million LinkedIn uses was for sale on a hacking forum.

However, if one compares the LinkedIn assertion from the GOOG with the mostly verified PrintNightmare glitch, the Microgoof results from repeated efforts to patch the print spooler. By the way, this gem is in most Windows versions.  Here’s a flow chart to guide your remediation efforts:

Image

LinkedIn versus what seems to be an engineered in persistent invitation to bad actors to have a series of great days. No zero days needed it seems.

Pick your Microgoof. Personally I find the print spooler thing more enjoyable than people looking for work.

Stephen E Arnold, July 19, 2021

Microgoof: JEDI Knight Defeated by Unknown Death Ray

July 14, 2021

I read “Losing the $10 Billion JEDI Contract Is Bad for Microsoft Not Just Because of the Money. It’s about Credibility.”

Here’s an interesting passage:

More important than the money was that it gave the company a level of third-party validation, that its cloud-computing platform is  on par with Amazon, the market leader. The Pentagon, arguably the world’s most sophisticated cyber customer, had chosen Microsoft over Amazon to fully revamp and modernize its tech ecosystem. That gave Microsoft credibility. Now, however, the Department of Defense says Microsoft’s offering wasn’t going to “meet its needs.”

The write up then indirectly links the death ray to none other than the mom and pop online bookstore:

Amazon challenged and eventually sued the federal government complaining that Microsoft was awarded the contract because of President Trump’s animosity towards the Washington Post, owned by Amazon’s founder and former CEO, Jeff Bezos.

Politics! Not technology! The write up points out:

Amazon controls roughly a third of the market and a host of government contracts, including with the Central Intelligence Agency. By comparison, analysts estimate Microsoft has cornered only around 20% of the market.

How could the defenses of the JEDI be breached? Was it the same weakness that causes printers to fail, supply chain attacks to thrive, and fuzzed communications about the minimum requirements for Windows 11?

No, no, no.

The Microgoof will take months, maybe years, to figure out. Where was Windows Defender when the Redmond giant needed its support? Maybe the service could not access Teams? Maybe the call did not go through because the parties were using a Windows Phone? Maybe the Windows update interrupted the system? What if the unknown death ray was crafted by the Bezos bulldozer now guided by Max Peterson who replaced the former Microsoftie Teresa Carlson, who is now a Splunker?

One thing is clear: First SolarWinds, the printer thing, then Windows 11, and now the JEDI zapper. I smell the exhaust from the Bezos bulldozer. Who else will?

Stephen E Arnold, July 14, 2021

Microsoft Percept: Perception in the Azure Cloud

July 13, 2021

Does your printer work? The printer is fine and our Apple Minis and laptops have zero problem generating hard copy. What about people joining a Teams meeting when those individuals are not 365 paying customers? Have you plugged in a second or third monitor and wondered where the icons went when using Windows 10? How is Windows Defender working for you since you received the Revil ransomware popup?

Ah, no solid answers. We don’t have any either. Windows 11 may address these trivial issues but the big repair job will arrive with Microsoft Percept. “Microsoft Aims to Expedite New Edge Computing Use Cases with Azure Percept” defines the bold new Star Trek-like innovation this way:

Azure Percept … is an end-to-end system for edge AI development and deployment that now works over 5G and LPWA as well.

Sound great to you? Beyond Search is not 100 percent convinced. We would be okay with better security within Microsoft software and a printer method which allows printers to print.

Microsoft seems to be more comfortable marketing than delivering software and systems which work as users expect. Microsoft software is in wide use. Cyber criminals rely on Microsoft’s door-wide-open methods. I suppose more bad actors would print out their zero days, exploits, and code snippets if their printers worked.

Stephen E Arnold, July 13, 2021

Microsoft LinkedIn: A TikTok Target?

July 12, 2021

Microsoft LinkedIn had an opportunity to dominate the video résumé market. Now the allegedly Chinese influenced TikTok appears to be chasing this sector. More importantly, LinkedIn users are “old school.” Rah rah text and video snippets explaining how a life coach can jumpstart a career. Are those wrinkles I see on most of the LinkedIn video performers’ programs. Yep, they are wrinkles.

Now TikTok is creating a video résumé service in a “official” way. The idea is that even TikTok creators may need a real job. The write up “TikTok Lets Users Apply for Jobs in the US with Video Resumes” says:

Short-video sharing app TikTok on Wednesday, July 7, launched a pilot program that lets users upload video resumes for US-based jobs ranging from a WWE Superstar to a senior data engineer at Shopify or a creative producer at TikTok itself.

The idea is that unhip “real” companies need workers. LinkedIn profiles don’t signal “I will flip burgers” or “I will watch your super over achieving high performing really wonderful children”. Thus, a gap exists and TikTok aims to fill it. Or will this service just provide a flow of data into TikTok’s servers and then maybe to other interesting data centers in lovely Wuhan.

Microsoft and LinkedIn is dealing with the hashtag #securitybreach. TikTok is moving forward with the #CareerTok and related metadata.

Stephen E Arnold, July 12, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta