• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Interesting Post on Microsoft Github: Teams Vulnerability

I found this interesting post on Github, one of Microsoft’s open source plays. “Important, Spoofing” – Zero-Click, Wormable, Cross-Platform Remote Code Execution in Microsoft Teams.” The post explains how to compromise a Teams environment by sending or editing an existing Teams message. The message looks just peachy to the recipients or recipients. Teams is plural. When the recipient looks at the message the malicious payload executes. The post points out:

That’s it. There is no further interaction from the victim. Now your company’s internal network, personal documents, 365 documents/mail/notes, secret chats are fully compromised. Think about it. One message, one channel, no interaction. Everyone gets exploited.

Microsoft calls the exploit spoofing. Keep in mind that Microsoft has more than 100 million active users of its Zoom killer.

Stephen E Arnold, December 9, 2020

LinkedIn Analyzed: Verrry Interesting

I read “LinkedIn’s Alternate Universe.” I was poking around in an effort to find out how many social profiles are held by Microsoft. The write up provides a number 722 million. However, for my purposes I used a less robust estimate of 660 million. I ran out of space for decimal places. Check the story on Monday, and you will understand my space challenge. The story is Disinterest in Search and Retrieval Quantified.

I recommend this Divinations’ write up because it is amusing, and it helped me understand why the service has become some what peculiar in a social network world in which Ripley’s Believe It or Not! content has become normative.

Here are three examples:

• Posts by living people announcing that the author is dead. Ho, ho. Alive, not dead for the denizens of a personnel department site.
• Begging for dollars and attention. The two seem to be joined at the medulla for some LinkedIn members.
• The antics of recruiters become Twitter jokes.

What is fascinating is that we have a WordPress plug in that posts headlines to LinkedIn automatically. This creates some interesting reactions. First, the software bot has about 800 LinkedIn friends. Okay. I think that’s good. Second, the stories about the MSFT social network service have been filtered as I recall.

The article is worth a gander.

Stephen E Arnold, December 4, 2020

Some US Big Tech Outfits Say Laisse Tomber

The trusted “real news” outfit Thomson Reuters published “Amazon, Apple Stay Away from New French Initiative to Set Principles for Big Tech.” Quelle surprise! The “principle” is the silly notion of getting big US technology companies to pay their taxes, fair taxes. Incroyable? Companies not getting with the program allegedly include Apple, Facebook, Google, and Microsoft. These four firms are likely to perceive the suggestion of fairness as a demonstration of flawed logic. It is possible that the initiative may become a cause célèbre because money. France is a mere country anyway.

Stephen E Arnold, December 2, 2020

Microsoft Bing Edge Shopping Reinvented. What?

I read “Reinventing Online Shopping on Microsoft Edge.” I like the word “reinventing.” It implies that online shopping is not using Amazon.com. Much to Google’s chagrin, the Bezos bulldozer has become the number one destination for those in the lower 48 who are looking for products. Six out of 10 shopping “journeys” begin online, according to Sleeknote. The same outfit reports that nearly half of US online commerce sales end up at Amazon. An outfit called Moz reports:

With 54 percent of product searches now taking place on Amazon, it’s time to take it seriously as the world’s largest search engine for e-commerce. In fact, if we exclude YouTube as part of Google, Amazon is technically the second largest search engine in the world.

So what about shopping on Microsoft Edge?

I ran this query on Microsoft Edge for AMZ 5700 video card. Here’s what I saw on November 22, 2020:

I ran the same query on Firefox. Here’s what I saw:

Both are different. The write up about reinventing shopping asserts that there are true blue, accidental, and incidental shoppers. That’s MBA think in action. The write up continues:

we [Microsoft] came up with a native-to-browser design framework that tailors shopping assistance to prioritize different information depending on the shopper’s stage in their journey. We determine what stage a person is at based on what kind of page they’re on.

Microsoft points out:

As you design your experiences, think about relying on a consistent UI paradigm that is both familiar and always available to the user. In our case, the UI framework leverages the URL bar, or address bar, in Edge as a quick one-touch anchor for shopping assistance. The URL bar is where people expect things relevant to the current webpage to show up — and we are extending the same model to surface optimized shopping insights. [Emphasis added]

I want to point out:

1. I see two different user interfaces: One looks like a Google jumble and the other looks like eBay
2. I don’t look for shopping information in the url bar. The url bar is where I want to see — wait for it, please — the url
3. Neither interface benefits from little pictures. I am searching for a specific thing and I want a link to a relevant page, not a jazzed up “report.”

Amazon’s shopping is certainly not perfect, but I don’t have to figure out why the display looks different in different browsers or what’s is available.

MBA alert: Amazon and Google have much more traffic than Bing when it comes to shopping. You can check your traffic data for verification, not look in the url bar for an experience. This reality check will verify that blue is the sadness of shopping data analysis, the accidental weirdness Microsoft result pages present to a human shopper, and the incidental effort varying graphical interfaces display.

Stephen E Arnold, November 23, 2020

Clarity: A Better Name Than Pluton. Pluton?

After two years, Clarity has finally made it out of Beta, we learn from “Microsoft Clarity Debuts as Free Analytics Tool with Heat Maps” at Search & Performance Marketing Daily. The free tool uses heat maps to analyze the behavior of visitors to one’s website. Reporter Laurie Sullivan writes:

“Clarity — designed to have a low impact on page-load times and there are no caps on traffic no matter what the number of visitors to the website — helps give marketers a deeper understanding of why at website performs one way and not another. It also provides anonymized heat maps and data that show where site visitors clicked and scrolled, and enables marketers to analyze use behavior on the website exactly as it happened through a job description code. Some of the data includes the name of the browser, and whether they are using a PC, tablet or mobile phone to access the site. Heat maps provide a visual way to examine large numbers of site visitor interactions. Microsoft built two types: click maps and scroll maps. While the heat maps tell marketers which pages get the most clicks, the click maps tell marketers what website page content visitors interact with the most. Areas in the map marked in red have the highest frequency of clicks and are usually centered on focal points.”

The heat maps let marketers know whether visitors are clicking where they want them to. It also reports certain behaviors—excessive scrolling, dead clicks, and rage clicks. The last term describes users clicking several times on a spot they believe should be a hyperlink but is not—one would want to either fix an intended link or tweak the graphics on those spots. The tool also supplies a dashboard that presents metrics of the overall traffic patterns, time spent on the site, and even concurrent JavaScript errors. Microsoft pledges Clarity complies with the EU’s General Data Protection Regulation.

But Pluton, Microsoft’s mystery processor? Pluton?

Cynthia Murrell, November 20, 2020

Microsoft Security: Time for a Rethink

Not long ago, the Wall Street Journal ran this full page ad for a cyber security company named Intrusion:

The ad is interesting because it highlights the failure of cyber security. Evidence of this ineffective defense is revealed in reports from the FBI, Interpol, and independent researchers: Cyber crime, particularly phishing and ransomware, are increasing. There are hundreds of threat neutralizers, smart cyber shields, and a mind boggling array of AI, machine learning, and predictive methods which are not particularly effective.

“Microsoft 365 Administrators Fail to Implement Basic Security Like MFA” provides some interesting information about the state of security for a widely used software system developed by Microsoft.

The article reveals that researchers have found that 99 percent of breaches can be “prevented using MFA.” MFA is cyber lingo for multi-factor authentication. A common way to prove that a log on is valid is to use a password. But before the password lets the user into the system, a one time code is sent to a mobile phone. The user enters the code from the phone and the system lets the person access the system. Sounds foolproof.

The write up states:

The survey research shows that approximately 78% of Microsoft 365 administrators do not have multi-factor authentication (MFA) activated.

Another finding is that:

Microsoft 365 administrators are given excessive control, leading to increased access to sensitive information. 57% of global organizations have Microsoft 365 administrators with excess permissions to access, modify, or share critical data. In addition, 36% of Microsoft 365 administrators are global admins, meaning these administrators can essentially do whatever they want in Microsoft 365. CIS O365 security guidelines suggests limiting the number of global admins to two-four operators maximum per business.

Let’s step back. If the information in the write up is correct, a major security issue is associated with Microsoft’s software. With an increase in breaches, is it time to ask:

Should Microsoft engage in a rethink of its security methods?

We know that third party vendors are not able to stem the tide of cyber crime. A security company would not buy a full page ad in the Wall Street Journal to call attention to failure if it were just marketing fluff. We know that Microsoft admins and Microsoft apps are vulnerable.

Perhaps shifting the burden from the software and cloud vendor to the user is not the optimal approach when one seeks to make security more effective and efficient. The shift is probably more economical for Microsoft; that is, let the customer carry the burden.

Some Microsoft customers may push back and say, “Wrong.” Perhaps regulators will show more interest in security if their newfound energy for taking action against monopolies does not wane? Over to the JEDI knights.

Stephen E Arnold, November 1, 2020

Microsoft: The Joy of Figuring Out What Code Can Do

DarkCyber finds Microsoft in an interesting spot. On one hand, Microsoft wants to be open sourcey. The idea of community created and community supported software provides a useful source of ready-to-microwave code nuggets, hints about whom to hire, and an opportunity to reduce the maintenance cost of certain components.

On the other hand, monitoring what’s on GitHub and, more importantly, how code can be used is a sticky wicket.

“RIAA Blitz Takes Down 18 GitHub Projects Used for Downloading YouTube Videos” explains:

Microsoft-owned GitHub has removed today 18 projects from its code-hosting portal following a legal request filed by the Recording Industry Association of America (RIAA)….In a letter sent to GitHub, RIAA argued that the “clear purpose of this source code [the youtube-dl library]” was to “circumvent the technological protection measures used by authorized streaming services such as YouTube” and to allow users to “reproduce and distribute music videos and sound recordings […] without authorization.”

The issue is likely to be a thorny one. Code can be used for many things:

• To perform a function
• A way to learn how to do a task
• Create software unrelated to the GitHub offering.

Microsoft has removed the “offending” software. But the problem could become the seed of a giant junk maple in the main Redmond campus green space. The article makes this point, and it is an important one:

RIAA isn’t alleging the library infringed on its rights, but that the library is illegal in itself.

Just as Microsoft wants to get open sourcey and more social, it finds itself in an interesting spot. Who or what will fertilize and water this tiny take down seed? Exactly what can code do? Exactly to what purposes can code be put? What about software which includes code which can do something a third-party defines as illegal? So many questions for the JEDI knights.

Stephen E Arnold, October 26, 2020

One More Reason to Love Microsoft Windows 10 Updates: Malware

The pushing of updates reflects two things. First, the generally low quality of software. Second, a crazed desire to lock in customers. Microsoft seems to be working hard to deliver on both counts. However, there is more to love about the silent, unwanted Windows update processes, a topic not covered in Microsoft’s free report about its loss of 250 million items of customer data. Curious? You can download the report at this link.

“This Nasty Malware Has Disguised Itself As a Windows 10 Update”, if accurate, suggests there are other issues with the JEDI warriors’ online systems. We learned:

Emotet, the malware campaign that has been causing havoc for computer systems all over the world, has reappeared with a new approach to infecting devices. An email attachment claiming to be from Windows Update and instructing users to upgrade Microsoft Word is now being used to lure unsuspecting victims into downloading the malicious software. The malware works by first sending spam emails that contain either a Word document attachment or a download link. Victims will then be prompted to ‘Enable Content’ to allow macros to run on their device, which will install the Emotet Trojan.

Seems like phishing to us. Are there steps Microsoft could take to minimize risks to their millions of long suffering customers? Sure, but it may not be a priority. JEDI, you know. Beating off Amazon and Google, you know.

The reports about security are nice. But maybe something more than a free marketing document is needed if the “nasty malware” story is on the money? You know?

Stephen E Arnold, October 23, 2020

Microsoft Bing: Assertions Versus Actual Search Results

DarkCyber read “Introducing the Next Wave of AI at Scale innovations in Bing.” The write up explains a number of innovations. These enhancements will make finding information via Bing easier, better, faster, and generally more wonderful.

The main assertions DarkCyber noted are:

Smarter suggestions. The idea is that one does not know how to create a search query. Bing will know what the user wants.

More ideas. Bing will display questions other people (presumably just like me) ask. Bing keeps track and shows the popular questions. Yep, popular.

Translations. Send a query with mixed languages, and Bing will answer in your language. No more of that copying and pasting into Google Translate or Freetranslations.org.

Highlighting. This is Bing’s yellow marker. The system will highlight what you need to read. The method? “A zero-shot fashion.” No, DarkCyber does not know what this means. But one can ask Bing, right?

Let’s give Bing a whirl and run the same query against Googzilla.

Here’s a DarkCyber Bing query related to research we are now doing:

Black Sage open source

And here’s the result:

Black Sage is an integrator engaged in the development of counter unmanned aerial systems. The firm’s marketing collateral emphasizes that its platform is open. DarkCyber wants to know if the system uses open source methods for compromising a targeted UAS (drone). Bing focuses on a publishing company.

Now Google:

The first result from the Google is a pointer to the company. The remainder of the results are crazy and wacky like the sneakers Mr. Brin wore to Washington about a decade ago to meet elected officials. Crazy? Nope, Sillycon Valley.

DarkCyber uses both Bing and Google. Why did Google produce something sort of related to our query and Bing missed the corn hole entirely?

The answer is that Bing does not process a user’s search history as effectively as the Google. All the fancy words from Microsoft cannot alter a search result. DarkCyber is amused by Google and Microsoft. We are skeptical of each system.

Key points:

• Microsoft is chasing technology instead of looking for efficient ways to tailor results to a user.
• Microsoft wants to prove that its approach is more knowledge-centric. Google just wants to sell ads. Giving people something they have already seen is fine with Mother Google.
• Microsoft, like Google, has lost sight of the utility of providing “stupid mode” and “sophisticated mode” for users. Let users select how a query should be matched to the content in the index.

To sum up, Google has a global share of Web search in the 85 percent range. Bing is an also participated player. Perhaps a less academic approach, deeper index, and functional user controls would be helpful?

Stephen E Arnold, September 25, 2020

Microsoft and Search: Here We Go Again

Microsoft cannot create reliable software. Example: The Surface Duo, née Andromeda. Example: Windows 10 updates. Example: Windows Mobile. Example: Bob (remember Bob?) The company has good ideas, but it cannot move beyond imitating Amazon for the cloud, piggybacking on Google for a Windows 10X vehicle, and buying Fast Search & Transfer for the jargon-charged enterprise search system the company acquired in 2008.

“Microsoft Gets Exclusive License for OpenAI’s GPT-3 Language Model” makes clear that the smart software efforts of Microsoft Research, acquisitions like Powerset and XOXCO, plus the numerous application specific search and NLP functions are not doing the job. The fix is to license the next big thing. Perhaps the challenge is an organization and work process within Microsoft? Maybe technology is not the problem? Maybe execution is?

The write up in the Silicon Valley real news article states:

Microsoft today announced that it will exclusively license GPT-3, one of the most powerful language understanding models in the world, from AI startup OpenAI. In a blog post, Microsoft EVP Kevin Scott said that the new deal will allow Microsoft to leverage OpenAI’s technical innovations to develop and deliver AI solutions for customers, as well as create new solutions that harness the power of natural language generation.

Here we go again. Will the result be a blend Bing, Windows ME, Vista, and MSN?

Stephen E Arnold, September 23, 2020

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Deepseek: Details Surface Amid Soft Numbers
  • VPNs May Become a Problem for Bargain Hunters
  • Acquiring AWS Credentials—Let Us Count the Ways
  • China Smart, US Dumb: The Deepseek Foray into Destabilization of AI Investment
  • Several Security Pitfalls to Avoid in Software Design

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org