Microsoft Teams: An Interesting Message
April 27, 2021
Today my lecture will be via Zoom. The reason? Because Teams. The tweets greeted me with interesting content; for example:
We’ve confirmed that this issue [Teams spitting error messages] affects users globally.
Gobally. Okay. Now that’s a pretty fascinating statement from Microsoft, the outfit which has the ability to make it impossible for some people to play games at normal frame rates or print documents.
Very pro Microsoft online information services are explaining the oh-so-minor glitch; for example, “Microsoft Teams Down to Start the Day on the East Coast.” Without the usual rah rah, the objective news service states:
Many people struggling to use Teams see a message stating, “Operation failed with unexpected error.” As of 6:55 AM EST, reports spiked for outages from zero to 355, but they are rising quickly. Teams has millions of users, so 355 reports isn’t a dramatically high number, but the rate of change indicates an issue.
One can assume that “the rate of change indicates an issue” a pretty strong statement about the feature rich Teams’ service. Will some of the technical professionals working on the SolarWinds’ misstep be shifted to shore up the Teams mishap?
The technical issues with security, consumer updates, and Teams seem to be intractable to me. Instead of too big to fail, has Microsoft become too big to create stuff which works?
Stephen E Arnold, April 27, 2021
Microsoft and LinkedIn: Ultimate Phishing Pool, er, Tool
April 26, 2021
Microsoft is buckling like an old building in Reykjavik. There was SolarWinds, then Microsoft Exchange Server, and then… The list goes on. Another issue has shaken the enterprise software company: LinkedIn phishing. (You thought I was going to comment about Windows Updates killing some gamers’ “experience”, didn’t you? Wrong.)
“Hackers Are Using LinkedIn As the Ultimate Phishing Tool” asserts:
According to MI5, the UK’s security agency, at least 10,000 citizens have been approached by state-sponsored threat actors using fake profiles on a popular social media platform. While MI5 did not specifically name the platform, the BBC claims to have learned that the platform in question is LinkedIn.
Interesting. MI5 is the UK’s domestic intelligence agency. The Box usually does not publicity and tries to sidestep the type of information disseminated in some countries; for example, in the US, intelligence agencies proactively accessed computers and took steps to reduce the risk of malware issues. By the way, those servers were running Microsoft software. Microsoft owns LinkedIn too.
Hmmm.
The article points out:
According to MI5, the LinkedIn attacks are wider in scope and directed at staff in government departments and major businesses. Once connected, the scammers try to bait the individuals by offering speaking or business opportunities, before attempting to recruit them to pass on confidential information.
Just another crack in the Microsoft LinkedIn edifice or a signal that the company can no longer manage its software, protect its “customers”, or update a consumer PC without creating problems?
Stephen E Arnold, April 26, 2021
Microsoft, SolarWinds, 1000 Malevolent Engineers, and Too Big to Fail?
April 19, 2021
“SolarWinds Hacking Campaign Puts Microsoft in Hot Seat” is an interesting “real news” story. The write up states that the breach was a two stage operation. The first stage was using SolarWinds to distribute malware. The second stage was to use that malware as a chin up bar. Bad actors’ grabbed the bar and did 20 or more pull ups. The result was marketing talk and a mini-meme about 1,000 engineers concentrating their expertise on penetrating the Microsoft datasphere.
The article quoted a cyber security expert as describing Microsoft’s systems and methods as have “systematic weaknesses.” For a company whose software is a “monoculture” with an 85 percent market share, the phrase “systematic weaknesses” is not reassuring. Not only can Microsoft release updates which kill some users’ ability to print, Microsoft can release security systems which don’t secure the software.
The article include this statement:
And remember, many security professionals note, Microsoft was itself compromised by the SolarWinds intruders, who got access to some of its source code — its crown jewels. Microsoft’s full suite of security products — and some of the industry’s most skilled cyber-defense practitioners — had failed to detect the ghost in the network. It was alerted to its own breach by FireEye, the cybersecurity firm that first detected the hacking campaign in mid-December.
I noted that the write up does not point out that none of the cyber security firms’ breach detection solutions noted the SolarWinds’ misstep. That seems important to me, but obviously not to the “real” cyber security professionals.
The US government does not want Microsoft to fail. “NSA and FBI Move to Help Microsoft with Its Exchange Server Vulnerabilities” reports:
It is not just the NSA finding and telling Microsoft about problems with Exchange. The FBI is also concerned with the number of unpatched Exchange servers. In a rare move, the FBI sought and was granted a warrant to patch any unfixed exchange servers it found remotely.
If a Windows update creates a problem for you, perhaps a helpful professional affiliated with a government agency will assist in resolving your problem?
Stephen E Arnold, April 19, 2021
Microsoft: Bob Security Captures Headlines
April 9, 2021
Sleeper code. Yep, malware injected into thousands of servers could wake up and create some interesting challenges for the JEDI contractors with Microsoft T Shirts. Here’s my design suggestion for the security experts’ team:
Do you remember the tag line for Bob, a stellar graphical interface for Microsoft Windows? No. Let me highlight one of the zippier marketing statements:
Hard working, easy going software everyone will use.
Who knew that the “everyone” would include bad actors. Plus there are two other security related items to entice cyber professionals.
First, “Windows 10 Hacked Again at Pwn2Own, Chrome, Zoom Also Fall” includes this statement:
The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks’ Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine. Windows 10 was hacked a second time using an undocumented integer overflow weakness to escalate permissions up to NT Authority\SYSTEM by a researcher known as z3r09. This also brought them $40,000 after escalating privileges from a regular (non-privileged) user. Microsoft’s OS was hacked a third time during day one of Pwn2Own by Team Viettel, who escalated a regular user’s privileges to SYSTEM using another previously unknown integer overflow bug.
The statements suggest that either the OS is deliberately flawed in order to allow certain parties unfettered access to user computers or that Microsoft is focusing on moving Paint to the outstanding Microsoft online store.
Second, I spotted “Hackers Scraped Data from 500 Million LinkedIn Users about Two Thirds of the Platform’s Userbase and Posted It for Sale Online.” (Editor’s note: Data is plural, but let’s not get distracted, shall we?) The article reports:
The data includes account IDs, full names, email addresses, phone numbers, workplace information, genders, and links to other social media accounts.
Useful to some I assume.
Net net: I wonder if a Bob baseball cap is available in the Microsoft store?
I would wear one with pride during my upcoming National Cyber Crime Conference lecture.
Stephen E Arnold, April 9, 2021
Microsoft Adds Semantic Search to Azure Cognitive Search: Is That Fast?
April 9, 2021
Microsoft is adding new capabilities to its cloud-based enterprise search platform Azure Cognitive Search, we learn from “Microsoft Debuts AI-Based Semantic Search on Azure” at Datanami. We’re told the service offers improved development tools. There is also a “semantic caption” function that identifies and displays a document’s most relevant section. Reporter George Leopold writes:
“The new semantic search framework builds on Microsoft’s AI at Scale effort that addresses machine learning models and the infrastructure required to develop new AI applications. Semantic search is among them. The cognitive search engine is based on the BM25 algorithm, (as in ‘best match’), an industry standard for information retrieval via full-text, keyword-based searches. This week, Microsoft released semantic search features in public preview, including semantic ranking. The approach replaces traditional keyword-based retrieval and ranking frameworks with a ranking algorithm using deep neural networks. The algorithm prioritizes search results based on how ‘meaningful’ they are based on query relevance. Semantics-based ranking ‘is applied on top of the results returned by the BM25-based ranker,’ Luis Cabrera-Cordon, group program manager for Azure Cognitive Search, explained in a blog post. The resulting ‘semantic answers’ are generated using an AI model that extracts key passages from the most relevant documents, then ranks them as the sought-after answer to a query. A passage deemed by the model to be the most likely to answer a question is promoted as a semantic answer, according to Cabrera-Cordon.”
By Microsoft’s reckoning, the semantic search feature represents hundreds of development years and millions of dollars in compute time by the Bing search team. We’re told recent developments in transformer-based language models have also played a role, and that this framework is among the first to apply the approach to semantic search. There is one caveat—right now the only language the platform supports is US English. We’re told that others will be added “soon.” Readers who are interested in the public preview of the semantic search engine can register here.
Cynthia Murrell, April 9, 2021
GitHub: Amusing Security Management
April 8, 2021
I got a kick out of “GitHub Investigating Crypto-Mining Campaign Abusing Its Server Infrastructure.” I am not sure if the write up is spot on, but it is entertaining to think about Microsoft’s security systems struggling to identify an unwanted service running in GitHub. The write up asserts:
Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company’s servers for illicit crypto-mining operations…
In the wake of the SolarWinds’ and Exchange Server “missteps,” Microsoft has been making noises about the tough time it has dealing with bad actors. I think one MSFT big dog said there were 1,000 hackers attacking the company.
The main idea is that attackers allegedly mine cryptocurrency on GitHub’s own servers.
This is post SolarWinds and Exchange Server “missteps”, right?
What’s the problem with cyber security systems that monitoring real time threats and uncertified processes?
Oh, I forgot. These aggressively marketed cyber systems still don’t work it seems.
Stephen E Arnold, April 8, 2021
Facebook and Microsoft: Communing with the Spirit of Security
April 7, 2021
Two apparently unrelated actions by bad actors. Two paragons of user security. Two. Count ‘em.
The first incident is summarized in “Huge Facebook Leak That Contains Information about 500 Million People Came from Abuse of Contacts Tool, Company Says.” The main point is that flawed software and bad actors were responsible. But 500 million. Where is Alex Stamos when Facebook needs guru-grade security to zoom into a challenge?
The second incident is explained in “Half a Billion LinkedIn Users Have Scraped Data Sold Online.” Microsoft, the creator of the super useful Defender security system, owns LinkedIn. (How is that migration to Azure coming along?) Microsoft has been a very minor character in the great works of 2021. These are, of course, The Taming of SolarWinds and The Rape of Exchange Server.
Now what’s my point. I think when one adds 500 million and 500 million the result is a lot of people. Assume 25 percent overlap. Well, that’s still a lot of people’s information which has taken wing.
Indifference? Carelessness? Cluelessness? A lack of governance? I would suggest that a combination of charming personal characteristics makes those responsible individuals one can trust with sensitive information.
Yep, trust and credibility. Important.
Stephen E Arnold, April 7, 2021
MSFT Exchange Excitement: Another Jolt of Info
March 30, 2021
I read “Exchange Server Attacks: Microsoft Shares Intelligence on Post-Compromise Activities.” Interesting, weeks, maybe longer since what one of my analysts described as another digital Chernobyl, have passed without much substantive information.
This “real” news story reports:
Microsoft is raising an alarm over potential follow-on attacks targeting already compromised Exchange servers, especially if the attackers used web shell scripts to gain persistence on the server, or where the attacker stole credentials during earlier attacks.
Interesting. A massive attack which may have distributed malware, possibly as yet undetected, poses a risk. That’s good to know.
This statement attributed to Microsoft is intriguing as well:
In a new blog post, Microsoft reiterated its warning that “patching a system does not necessarily remove the access of the attacker”.
Does this mean that Microsoft’s remediation is not fixing the “problem”? What sorts of malware could be lurking? Microsoft provides some measured answers to this particular question in “Analyzing Attacks Taking Advantage of the Exchange Server Vulnerabilities”?
But the problem is that Microsoft’s foundational software build and deploy business process seems to be insecure.
Dribs and dabs of the consequences of a major security breach is PR and hand waving, not actions which I craved.
Stephen E Arnold, March 30, 2021
Exchange Servers: Not Out of the Dog House Yet
March 25, 2021
Here’s a chilling statement I spotted in “Microsoft Servers Being Hacked Faster Than Anyone Can Count”:
This free-for-all [Exchange Server] attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic “script kiddies… Because access is so easy, you can assume that majority of these environments have been breached.
The statement is attributed to Antti Laatikainen, senior security consultant at the cyber security firm F-Secure.
Is this accurate?
The ever fascinating digital publication Windows Central ran a story with a headline that offers a different point of view: “Microsoft Says 92% of Exchange Servers Have Been Patched or Mitigated.”
The discussion about these different views raises a number of questions:
- Does Microsoft want to remediate its business processes to make its products and services more secure? (More security means more difficulties for certain government agencies who use security as a way to achieve their objectives.)
- Can security professionals be trusted to identify security problems or issues? (The SolarWinds’ misstep went undetected for months, maybe as much as two years before information about the issue surfaced in a FireEye statement.)
- Can continuous development and update processes deliver acceptable security? (The core business process may exponentially increase the attack surface with each fast cycle change and deployment.)
How secure are “patched” Exchange servers? A very good question indeed.
Stephen E Arnold, March 25, 2021
High Tech Tension: Sparks Visible, Escalation Likely
March 25, 2021
I read Google’s “Our Ongoing Commitment to Supporting Journalism.” The write up is interesting because it seems to be a dig at a couple of other technology giants. The bone of contention is news, specifically, indexing and displaying it.
The write up begins with a remarkable statement:Google has always been committed to providing high-quality and relevant information, and to supporting the news publishers who help create it.
This is a sentence pregnant with baby Googzillas. Note the word “always.” I am not certain that Google is in the “always” business nor am I sure that the company had much commitment. As I recall, when Google News went live, it created some modest conversation. Then Google News was fenced out of the nuclear ad machinery. Over time, Google negotiated and kept on doing what feisty, mom and pop Silicon Valley companies do; namely, keep doing what they want and then ask for forgiveness.
Flash forward to Australia. That country wanted to get money in exchange for Australian news. Google made some growling noises, but in the end the company agreed to pay some money.
Facebook on the other hand resisted, turned off its service, and returned to the Australian negotiating table.
Where was Microsoft in this technical square dance?
Microsoft was a cheerleader for the forces of truth, justice, and the Microsoft way. This Google blog post strikes me as Google’s reminding Microsoft that Google wants to be the new Microsoft. Microsoft has not done itself any favors because the battle lines between these two giants is swathed in the cloud of business war.
Google has mobile devices. Microsoft has the enterprise. Google has the Chromebook. Microsoft has the Surface. And on it goes.
Now Microsoft is on the ropes: SolarWinds, the Exchange glitch, and wonky updates which have required the invention of KIR (an update to remove bad updates).
Microsoft may be a JEDI warrior with the feature-burdened Teams and the military’s go to software PowerPoint. Google knows that every bump and scrape slows the reflexes of the Redmond giant.
Both mom and pop outfits are looking after each firm’s self interests. Fancy words and big ideas are window dressing.
Stephen E Arnold, March 25, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
