• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Microsoft: Adding Audio to an Otherwise Lackluster Day

I don’t know if the information in “Horrible New Windows 10 Bug Sounds Like the Most Annoying Glitch Ever” is accurate. I find it amusing, particularly for a sophisticated, user centric software company like Microsoft. The write up reports:

According to Microsoft, some Windows users have suddenly been hit by an error that leaves their devices making a highly irritating squeaking sound… After installing KB5000842 or later updates, 5.1 Dolby Digital audio may play containing a high-pitched noise or squeak in certain apps when using certain audio devices and Windows settings.

Squeaking. Like a dog toy, like a rusty hinge, like a criminal explaining who his or her accomplices were, where these individuals live, and their modus operandi? Like the sound of a programmer who gets away with flawed code do he or she could do a Teams call?

Amusing just like the toothless Defender.

Stephen E Arnold, May 20, 2021

Microsoft Partners Up for Smarter Security

I noted “Microsoft Partners with Darktrace to Help Customers Combat Cyber Threats with AI.” You may know that Microsoft has been the subject of some attention. No, I am not talking about Windows 10 updates which cause printers to become doorstops. Nope. I am not talking about the fate of a leaner, meaner version of Windows. Yep, I am making a reference to the SolarWinds’ misstep and the alleged manipulation of Microsoft Exchange Server to create a reprise of “waiting on line for fuel.” This was a popular side show in the Washington, DC, area in the mid-1970s.

How does Microsoft address its security PR challenge? There are white papers from Microsoft threat experts. There are meetings in DC ostensibly about JEDI but which may — just by happenstance — bring up the issue of security. No big deal, of course. And Microsoft forms new security-centric partnerships.

The partner mentioned in the write up is Darktrace. The company relies on technology somewhat related to the systems and methods packaged in the Autonomy content processing system. That technology included Bayesian methods, was at one time owned by Cambridge Neurodynamics, and licensed to Autonomy. (A summary of Autonomy is available at this link. The write up points out that Bayesian methods are centuries old and often criticized because humans have to set thresholds for some applications of the numerical recipes. Thus, outputs are not “objective” and can vary as the method iterates.) Darktrace’s origins are in Cambridge and some of the firm’s funding came from Michael Lynch-affiliated Invoke Capital. The firm’s Web page states:

Founded by celebrated technologist and entrepreneur, Dr Mike Lynch OBE, Invoke Capital founds, invests in and advises fast-growing fundamental technology companies in Europe. With deep expertise in identifying and commercializing artificial intelligence research and a close relationship with the University of Cambridge, Invoke exists to realize the commercial possibilities of Britain’s extraordinary science and deep technology base. Since 2012, Invoke has been instrumental in founding, creating and developing prominent technologies, and then finding the right teams to scale them into global businesses. Invoke’s companies include Darktrace, a world-leading cyber AI company that employs more than 1,500 people globally, Luminance, an award-winning machine learning platform for the legal industry, and AI fraud-detection engine, Featurespace. Invoke exited data-driven medicine experts, Sophia Genetics, in 2020.

{The Register provides a run down of some of the legal activity associated with Mr. Lynch at this link. )

The item presenting the tie up of Microsoft and Darktrace states:

Microsoft announced today a new partnership with Darktrace, a UK-based cyber security AI firm that works with customers to address threats using what it describes as “self-learning artificial intelligence”. Darktrace’s threat response system is designed to counter insider threats, espionage, supply chain attacks, phishing, and ransomware. The partnership between Microsoft and Darktrace is meant to give organizations an automated way of investigating threats across multiple platforms. Darktrace’s system works by learning the data within a specific environment as well as how users behave. The goal is to tell which activity is benign or malicious.

For more information about Darktrace, one can consult the firm’s Web site. For a different view, an entity with the handle OneWithCommonSense provides his/her assessment of the system. You can find that document (verified online on May 13, 2021) at this link.

Why is this interesting?

1. The use of a system and method which may be related to how the Autonomy system operates may be an example how one mathematical method can be extended to a different suite of use cases; specifically, cyber security.
2. The Darktrace disclosures about its technology make it clear that the technology is in the category of “artificial intelligence” or what I call smart software. Systems and methods which are more efficient, economical, and more effective are reasons why smart software is an important product category to watch.
3. Darktrace (to my knowledge) may have the capability to recognize and issue an alert about SolarWinds-type incursions. Other cyber security firms’ smart software dropped the ball and many were blindsided by the subsequent Microsoft Exchange Server and shell exploits.

As a side note, Microsoft acquired the Fast Search & Transfer company after there were legal inquiries into the company. That was a company based in Norway. With the Darktrace deal, Microsoft is again looking offshore for solution to what on the surface seems to be the Achilles’ heel of the company’s product portfolio: Its operating system and related services.

Will Darktrace’s technology address the debilitating foot injury Microsoft has suffered? Worth watching because bad actors are having a field day with free ice cream as a result of the revelations related to Microsoft’s security engineering. Windows Defender may get an injection of a technology that caught Dr. Lynch’s eye. Quick is better in my opinion.

Stephen E Arnold, May 13, 2021

The Amusing Antics of Big Tech Monopoly-Type Companies

If I use my imagination, I can hear the comments in the TV room of a fraternity house near the Chambana campus of the University of Illinois. “Dudes, we can make the losers at Sigma Nu look really stupid.” Then the snort, snort, snort of perceived victory over lesser beings.

I thought about this hypothetical bro-moment when I read two stories this morning.

The first is “Microsoft Edge Blocks Firefox Installer, Says It’ll Hurt Your PC.” Firefox has had its share of challenges. There’s the money thing, the management thing, and the number of users thing. Microsoft, the all-time leader in security, has determined that Firefox is allegedly a danger. The write up reports:

“Firefox Installer.exe was blocked because it could harm your device,” the warning read, with users only able to click through to see more details rather than continue the download. Techdows says that all versions of the Firefox Installer, including release, beta, dev, and nightly, appear to be affected, with multiple Reddit threads detailing download issues. Some users were able to download and install Firefox using Edge after disabling Microsoft Defender SmartScreen, a program.

That seems like a predictable response from those who have witnessed commentary in the hypothetical frat house.

The second is “Google: We Put YouTube TV in the Main YouTube App. What Now, Roku?” The idea is that Roku, the hardworking salary man of online video, is going to be reminded that the Google is the top dog. The write up states:

Google announced in a blog post that it was just going to run an end-around on Roku and stick the YouTube TV app in the YouTube app.

No one fools around with Mother Google.

What do these frat mentality actions by two large companies tell us? Perhaps these are routine business practices in the regulation and consequence free datasphere of 2021? Could these actions indicate that fraternity type thinking remains a core part of the technology world in the US? Or is there a darker implication; for instance, these actions are perceived as just what has to be done to ensure that big outfits get larger?

From my point of view, I find the frat-style a reminder that what characterizes those in extended adolescence appears to be the warp and woof of high technology: Competitive products are harmful or too stupid to cope with Googley reality.

Stephen E Arnold, May 13, 2021

Sharing a Stage: Microsoft and Huawei

Just a small item from “Huawei Calls for Closer Public-Private Sector Action to Restore Trust in Technology” in New Zealand. The focus of the write up was on a call by Huawei (yep, the Chinese technology giant viewed with suspicion by some in the US, delivered a message about trust. Here’s the quote from the Huawei professional explaining trust:

As more devices feature connectivity, more services go online, and more critical infrastructures rely on real-time data exchanges, so must governments worldwide ensure that everyone is protected by the highest security standards… We must build strong trust in technology, enabled by a common set of rules, innovations, and progress. Only then can we commit to the sustainable and trustworthy use of technology.

Okay. But the item of information in the article which struck me as important was this passage:

Other speakers from the private sector include Roche board of directors chairman, Christophe Franz, Daimler chairman of the board of management, Ola Källenius, Microsoft chief executive officer, Satya Nadella, and HCL Corporation’s chief executive officer, Roshni Nadar Malhotra. [Emphasis added]

I found it interesting that Microsoft’s CEO shared a podium at a conference about trust. As you may recall, Microsoft experienced a misstep with Exchange Server and has struggled with Windows updates which bedevil some users.

The write up emphasized that “that trust is inherently built on openness and transparency.” Sounds tasty. Trust.

Stephen E Arnold, May 10, 2021

Microsoft Teams: An Interesting Message

Today my lecture will be via Zoom. The reason? Because Teams. The tweets greeted me with interesting content; for example:

We’ve confirmed that this issue [Teams spitting error messages] affects users globally.

Gobally. Okay. Now that’s a pretty fascinating statement from Microsoft, the outfit which has the ability to make it impossible for some people to play games at normal frame rates or print documents.

Very pro Microsoft online information services are explaining the oh-so-minor glitch; for example, “Microsoft Teams Down to Start the Day on the East Coast.” Without the usual rah rah, the objective news service states:

Many people struggling to use Teams see a message stating, “Operation failed with unexpected error.” As of 6:55 AM EST, reports spiked for outages from zero to 355, but they are rising quickly. Teams has millions of users, so 355 reports isn’t a dramatically high number, but the rate of change indicates an issue.

One can assume that “the rate of change indicates an issue” a pretty strong statement about the feature rich Teams’ service. Will some of the technical professionals working on the SolarWinds’ misstep be shifted to shore up the Teams mishap?

The technical issues with security, consumer updates, and Teams seem to be intractable to me. Instead of too big to fail, has Microsoft become too big to create stuff which works?

Stephen E Arnold, April 27, 2021

Microsoft and LinkedIn: Ultimate Phishing Pool, er, Tool

Microsoft is buckling like an old building in Reykjavik. There was SolarWinds, then Microsoft Exchange Server, and then… The list goes on. Another issue has shaken the enterprise software company: LinkedIn phishing. (You thought I was going to comment about Windows Updates killing some gamers’ “experience”, didn’t you? Wrong.)

“Hackers Are Using LinkedIn As the Ultimate Phishing Tool” asserts:

According to MI5, the UK’s security agency, at least 10,000 citizens have been approached by state-sponsored threat actors using fake profiles on a popular social media platform.  While MI5 did not specifically name the platform, the BBC claims to have learned that the platform in question is LinkedIn.

Interesting. MI5 is the UK’s domestic intelligence agency. The Box usually does not publicity and tries to sidestep the type of information disseminated in some countries; for example, in the US, intelligence agencies proactively accessed computers and took steps to reduce the risk of malware issues. By the way, those servers were running Microsoft software. Microsoft owns LinkedIn too.

Hmmm.

The article points out:

According to MI5, the LinkedIn attacks are wider in scope and directed at staff in government departments and major businesses. Once connected, the scammers try to bait the individuals by offering speaking or business opportunities, before attempting to recruit them to pass on confidential information.

Just another crack in the Microsoft LinkedIn edifice or a signal that the company can no longer manage its software, protect its “customers”, or update a consumer PC without creating problems?

Stephen E Arnold, April 26, 2021

Microsoft, SolarWinds, 1000 Malevolent Engineers, and Too Big to Fail?

“SolarWinds Hacking Campaign Puts Microsoft in Hot Seat” is an interesting “real news” story. The write up states that the breach was a two stage operation. The first stage was using SolarWinds to distribute malware. The second stage was to use that malware as a chin up bar. Bad actors’ grabbed the bar and did 20 or more pull ups. The result was marketing talk and a mini-meme about 1,000 engineers concentrating their expertise on penetrating the Microsoft datasphere.

The article quoted a cyber security expert as describing Microsoft’s systems and methods as have “systematic weaknesses.” For a company whose software is a “monoculture” with an 85 percent market share, the phrase “systematic weaknesses” is not reassuring. Not only can Microsoft release updates which kill some users’ ability to print, Microsoft can release security systems which don’t secure the software.

The article include this statement:

And remember, many security professionals note, Microsoft was itself compromised by the SolarWinds intruders, who got access to some of its source code — its crown jewels. Microsoft’s full suite of security products — and some of the industry’s most skilled cyber-defense practitioners — had failed to detect the ghost in the network. It was alerted to its own breach by FireEye, the cybersecurity firm that first detected the hacking campaign in mid-December.

I noted that the write up does not point out that none of the cyber security firms’ breach detection solutions noted the SolarWinds’ misstep. That seems important to me, but obviously not to the “real” cyber security professionals.

The US government does not want Microsoft to fail. “NSA and FBI Move to Help Microsoft with Its Exchange Server Vulnerabilities” reports:

It is not just the NSA finding and telling Microsoft about problems with Exchange. The FBI is also concerned with the number of unpatched Exchange servers. In a rare move, the FBI sought and was granted a warrant to patch any unfixed exchange servers it found remotely.

If a Windows update creates a problem for you, perhaps a helpful professional affiliated with a government agency will assist in resolving your problem?

Stephen E Arnold, April 19, 2021

Microsoft: Bob Security Captures Headlines

Sleeper code. Yep, malware injected into thousands of servers could wake up and create some interesting challenges for the JEDI contractors with Microsoft T Shirts. Here’s my design suggestion for the security experts’ team:

Do you remember the tag line for Bob, a stellar graphical interface for Microsoft Windows? No. Let me highlight one of the zippier marketing statements:

Hard working, easy going software everyone will use.

Who knew that the “everyone” would include bad actors. Plus there are two other security related items to entice cyber professionals.

First, “Windows 10 Hacked Again at Pwn2Own, Chrome, Zoom Also Fall” includes this statement:

The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks’ Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine. Windows 10 was hacked a second time using an undocumented integer overflow weakness to escalate permissions up to NT Authority\SYSTEM by a researcher known as z3r09. This also brought them $40,000 after escalating privileges from a regular (non-privileged) user. Microsoft’s OS was hacked a third time during day one of Pwn2Own by Team Viettel, who escalated a regular user’s privileges to SYSTEM using another previously unknown integer overflow bug.

The statements suggest that either the OS is deliberately flawed in order to allow certain parties unfettered access to user computers or that Microsoft is focusing on moving Paint to the outstanding Microsoft online store.

Second, I spotted “Hackers Scraped Data from 500 Million LinkedIn Users about Two Thirds of the Platform’s Userbase and Posted It for Sale Online.” (Editor’s note: Data is plural, but let’s not get distracted, shall we?) The article reports:

The data includes account IDs, full names, email addresses, phone numbers, workplace information, genders, and links to other social media accounts.

Useful to some I assume.

Net net: I wonder if a Bob baseball cap is available in the Microsoft store?

I would wear one with pride during my upcoming National Cyber Crime Conference lecture.

Stephen E Arnold, April 9, 2021

Microsoft Adds Semantic Search to Azure Cognitive Search: Is That Fast?

Microsoft is adding new capabilities to its cloud-based enterprise search platform Azure Cognitive Search, we learn from “Microsoft Debuts AI-Based Semantic Search on Azure” at Datanami. We’re told the service offers improved development tools. There is also a “semantic caption” function that identifies and displays a document’s most relevant section. Reporter George Leopold writes:

“The new semantic search framework builds on Microsoft’s AI at Scale effort that addresses machine learning models and the infrastructure required to develop new AI applications. Semantic search is among them. The cognitive search engine is based on the BM25 algorithm, (as in ‘best match’), an industry standard for information retrieval via full-text, keyword-based searches. This week, Microsoft released semantic search features in public preview, including semantic ranking. The approach replaces traditional keyword-based retrieval and ranking frameworks with a ranking algorithm using deep neural networks. The algorithm prioritizes search results based on how ‘meaningful’ they are based on query relevance. Semantics-based ranking ‘is applied on top of the results returned by the BM25-based ranker,’ Luis Cabrera-Cordon, group program manager for Azure Cognitive Search, explained in a blog post. The resulting ‘semantic answers’ are generated using an AI model that extracts key passages from the most relevant documents, then ranks them as the sought-after answer to a query. A passage deemed by the model to be the most likely to answer a question is promoted as a semantic answer, according to Cabrera-Cordon.”

By Microsoft’s reckoning, the semantic search feature represents hundreds of development years and millions of dollars in compute time by the Bing search team. We’re told recent developments in transformer-based language models have also played a role, and that this framework is among the first to apply the approach to semantic search. There is one caveat—right now the only language the platform supports is US English. We’re told that others will be added “soon.” Readers who are interested in the public preview of the semantic search engine can register here.

Cynthia Murrell, April 9, 2021

GitHub: Amusing Security Management

I got a kick out of “GitHub Investigating Crypto-Mining Campaign Abusing Its Server Infrastructure.” I am not sure if the write up is spot on, but it is entertaining to think about Microsoft’s security systems struggling to identify an unwanted service running in GitHub. The write up asserts:

Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company’s servers for illicit crypto-mining operations…

In the wake of the SolarWinds’ and Exchange Server “missteps,” Microsoft has been making noises about the tough time it has dealing with bad actors. I think one MSFT big dog said there were 1,000 hackers attacking the company.

The main idea is that attackers allegedly mine cryptocurrency on GitHub’s own servers.

This is post SolarWinds and Exchange Server “missteps”, right?

What’s the problem with cyber security systems that monitoring real time threats and uncertified processes?

Oh, I forgot. These aggressively marketed cyber systems still don’t work it seems.

Stephen E Arnold, April 8, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Explaining Graykey: Helpful or Harmful for Law Enforcement?
  • Apple: Another Problem Becoming Evident
  • Early AI Adoption: Some Benefits
  • FOGINT: Security Tools Over Promise & Under Deliver
  • More Googley Human Resource Goodness

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org