Microsoft Security: Perhaps Revenue Does Not Correlate with Providing Security?
February 1, 2021
I want to keep this brief. Microsoft makes money from the sale of security services. “Microsoft CEO Satya Nadella: There Is a Big Crisis Right Now for cybersecurity” reports:
For the first time on Tuesday, Microsoft disclosed revenue from its various security offerings as part of its quarterly earnings — $10 billion over the last 12 months. That amounts to a 40% year-over-year jump in the growing security business, making up roughly 7% of the company’s total revenue for the previous year.
Here’s a fascinating passage:
Microsoft itself was also hacked, though no customer data was breached. A Reuters report indicated that, as part of the hack of the National Telecommunications and Information Agency, Microsoft’s Office 365 software was attacked, allowing the intruders to monitor agency emails for months. Microsoft, however, said at the time that it has identified no vulnerabilities in its cloud or Office software.
Er, what?
I don’t want to rain on this financial parade but The Register, a UK online information service, published “Unsecured Azure Blob Exposed 500,000+ Highly confidential Docs from UK Firm’s CRM Customers.” Furthermore, the Microsoft security services did not spot the SolarWinds’ misstep, which appears to have relied upon Microsoft’s much-loved streaming update service. The euphemism of “supply chain” strikes me as a way to short circuit criticism of a series of technologies which are easily exploited by at least one bad actor involved in the more than 12 month undetected breach of core systems at trivial outfits like US government agencies.
Net net: Generating revenue from security does not correlate with delivering securing or engineering core services to prevent breaches. And what about the failure to detect? Nifty, eh?
The February 9, 2021, DarkCyber video program takes a look at another of Microsoft’s remarkable dance steps related to the SolarWinds’ misstep. Do si do, promenade, and roll away to a half sashay! Ouch. Better watch where you put that expensive shoe.
Stephen E Arnold, February 1, 2021
Microsoft: Maybe Quantum Computing Can Help Out Defender?
February 1, 2021
The February 9, DarkCyber video news program contains a short item about Microsoft’s January 20, 2021, explanation of the SolarWinds’ misstep. Spoiler: Hey, Microsoft was not responsible. If you are interested in the MSFT explanation with some remarkable self promotion for its security prowess, navigate to this link. But to the matter at hand. Microsoft security will no doubt benefit from its latest technical innovation. “Microsoft Claims Breakthrough in Quantum Computing” reports:
This [MSFT and University of Sydney] team has developed a cryogenic quantum control platform that uses specialized CMOS circuits to take digital inputs and generate many parallel qubit control signals. The chip that powers this control platform is called Gooseberry.
Does this beg the inclusion of the Intel Horse Feathers — no, strike that — Intel Horse Ridge technology?
The write up continues:
There’s no doubt that both Gooseberry and the cryo-compute core represent big steps forward for quantum computing, and having these concepts peer-reviewed and validated by other scientists is another leap ahead.
I hope the technology innovators surge ahead to apply the “breakthrough” to the Redmond giant’s security for Azure and Windows 10, which of course were not the SolarWinds’ problem. The gilded lily language “supply chain” was maybe, a little, sort of tangentially involved.
Supply chain? Gooseberries and horse feathers perhaps?
Stephen E Arnold, February
High School Science Club Management: The Microsoft GitHub Example
January 18, 2021
Anyone who reads Beyond Search knows that I eschew the old saws of management consulting. No Druckerisms here. I go for more evocative terminology such as HSSCMM or high school science club management methods. The high school science club was the last refuge for those who were not “into” the flow of athletes, elected school representatives, and doing just enough to pass a class in home economics. Nope, the HSSC was THE place for those who knew better than anyone else what was important, knew better how to accomplish a task, and knew better than anyone the wonderfulness of such an esteemed organization.
Thus, a HSSCMM is a rare thing.
I believe I have spotted an example ably described in “GitHub Admits Significant Error of Judgment…” I would point out that GitHub is a Microsoft property and has been since late 2018, sufficient time for the outstanding culture of the Redmond giant to diffuse into the code repository/publishing entity.
The “error” concerns a knee jerk response to a person’s post using a forbidden word. After the employee was terminated, others in the science club management team decided that the dismissal was a misstep. Bigger or smaller than the SolarWinds’ modest toe bump? Who knows.
But, by golly, the Microsoft-GitHub science club alums convened and took a decision: Fire the personnel manager (sometimes called a people manager or a human resources leader).
The management precepts I derive from this fascinating chain of events are:
- Be deciders. Don’t dally. Then without too much hand waving reverse course. The science club precept is that lesser entities will not recall the change of direction.
- Seek scapegoats. Use the Teflon approach so that that which is thrown slides upon the lesser entity, in this case, the amusing people manager function.
- Avoid linking the actions of one part of the science club to the larger science club of which the smaller is merely a decorative ornament; that is, omit the fact that GitHub is owned by Microsoft.
I may have these precepts in a poorly formed state, but I think this GitHub admits article provides a provocative case example. I wonder if Mr. Drucker would agree.
Stephen E Arnold, January 18, 2021
Microsoft Teams: More, More, More
January 12, 2021
Last week I was on a Zoom video call. Zoom is pretty easy to use. What’s interesting is that the cyber security organizer of the meeting could not figure out how to allow a participant to share a screen. Now how easy is it to use Microsoft Teams compared to Zoom? In my opinion, Microsoft Teams is a baffler. The last thing Teams needs is another dose of featuritis. Teams and Zoom both need to deal with the craziness of the existing features and functions.
I have given up on Zoom improving its interface. The tiny gear icon, one of the most used components, is tough for some people to spot. Teams has a couple of donkeys laden with wackiness; for example, how about those access controls? Working great for new users, right? But Microsoft who is busy reinventing itself from Word and SharePoint wants to be the super Slack of our Rona-ized world. Sounds good? Yep, ads within Office 10 are truly an uplifting experience for individuals who use Windows 10 to sort of attempt work. Plus, Teams adds Channel calendars. Great! More calendars! Many Outlooks, many search systems, and now calendars! In Teams!
I noted this BBC write up: “Pupils in Scotland Struggle to Get Online Amid Microsoft Issue.” I thought teachers, parents were there to help. The Beeb states:
A number of schools, pupils and parents have reported the technology running slowly or not at all.
What’s Microsoft say? According to the Beeb:
A Microsoft spokesperson said: “Our engineers are working to resolve difficulties accessing Microsoft Teams that some customers are experiencing.” When pressed on whether demand as a result of home schooling was causing the issue, Microsoft declined to comment.
Just like the SolarWinds’ misstep? Nope, just working to make Teams more interesting. Navigate to “Microsoft Teams Is Getting a More Engaging Experience for Meetings Soon.” If the write up is accurate, that’s exactly what Microsoft has planned for its Zoom killer. The write up reports an item from the future:
Microsoft is working on making Teams meetings more engaging using AI and a “Dynamic View” to give more control over meeting presentations.
And what, pray tell, is a more engaging enhancement or two? I learned that in the future (not yet determined):
The Dynamic view is said to let you see what’s being shared and other people on the call at the same time. With the call being automatically optimized in a way that lets participants both see the important information that’s being shared and the people presenting it in a satisfying way.
News flash. The features appear to add controls (hooray, more controls) and the presentation seems just fine for those high-resolution displays measured in feet, not inches.
Bulletin. Just in. More people are using mobile devices than desktop computers. How is Teams on a mobile device with a screen measured in inches, not feet?
Oh, right. Featuritis and tiny displays. Winners. Maybe not for someone over the age of 45, but that’s an irrelevant demographic, right?
Stephen E Arnold, January 12, 2021
Microsoft: Information Released Like a Gentle Solar Wind
December 31, 2020
I read the New Year’s Eve missive from Microsoft, a company which tries to be “transparent, “Microsoft Internal Solorigate Investigation Update.” I am not sure, but I think the Microsoft Word spell checker does not know that SolarWinds is not spelled Solarigate. Maybe Microsoft is writing about some other security breach or prefers a neologism to end the fine year 2020?
Here’s a passage I found interesting:
Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor. We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated. [Bold added to highlight intriguing statements]
To me, an old person who lives in rural Kentucky, it sure sounds as if Microsoft is downplaying:
- Malicious code within Microsoft’s systems
- The code performed “unusual activity” whatever this actually means I don’t know
- The malicious code made it to MSFT source code repositories
- Whatever happened has allegedly been fixed up.
What’s that unknown unknowns idea? Microsoft may be writing as if there are no unknown unknowns related to the SolarWinds misstep.
If you want more timely Solarigate misstep info, here’s what Microsoft suggests as a New Year’s Eve diversion:
For the up-to-date information and guidance, please visit our resource center at https://aka.ms/solorigate.
Stephen E Arnold, December 31, 2020
Score Your Business Meetings: I Usually Award Fs
December 10, 2020
COVID-19 made Zoom a necessary tool. YouTube and TikTok are filled with Zoom call mistakes from students pranking classes, pets interrupting calls, and people forgetting to wear pants. While Zoom inadvertently changed the way business meetings are conducted, it has not changed how boring they are. TechSpot reports that emotions might change when it comes to meetings because “Microsoft Patents Technology That Can ‘Score’ Meetings Based On Facial Expressions And Body Language.”
Technologists are already obsessed with sympathetic metadata, AI mining the Internet for emotional content, while YouTubers and other streamers are equally obsessed with positive feedback and gaining subscribers. Microsoft has combined both these trends into an “insight computer system” that relies on AI to interpret meeting participants and scores them. The scoring system takes body language, facial expressions, room temperature, time of day, and attendance numbers into consideration.
Business meetings are boring and usually do not augment productivity. Remote working has changed the game, because attendees can goof off more than when they are physically present. Microsoft designed the sentimental conference rating system to analyze participants and help businesses determine if a meeting was successful. It sounds more like a Orwellian monitoring tool:
“GeekWire notes that the company was criticized for enabling what appears to be workplace surveillance when it rolled out its “Productivity Score” feature in October. Wolfie Christl of the independent Cracked Labs digital research institute in Vienna, Austria, writes that it allows managers to see the “number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc,” turning Microsoft 365 into a full-fledged workplace surveillance tool. Microsoft, of course, insists that Productivity Score does not spy on workers.”
Microsoft has reversed course, after asserting that its tools are not used to spy on people. Good to know. I score my most recent meeting an F.
Whitney Grace, December 10, 2020
Teams: Its Future Seems to Be Emulating the Feature-itis of MSFT Word
December 10, 2020
Someone asked me to test Zoom in 2016, maybe earlier. It was a lot more useful than Freeconference.com’s IBM video service which was available to me at the time. Zoom is getting more cluttered. I have to deal with automated calendar, endless updates, icon litter, and weird controls scattered across the Web site, the app for my Mac Mini, and the Web browser implementation. I can record and probably acquire a Zoom brain implant add in.
But Microsoft Teams makes Zoom’s accretion of wonkiness look very 16th century. I read “Features Added to Microsoft Teams in November 2020 Update.” My reaction was a question, “Has Microsoft discovered its next Microsoft Office?” (I was tempted to mention Microsoft Bob and Microsoft SharePoint, but I de-enthusiasmed myself.)
What’s Teams do? For starters, you can check out Microsoft’s explanation of “more ways to be a team.” Typical of thumbtypers’ marketing woo woo, Teams is linked to Microsoft 365. Okay, I get it a subscription and/or volume licensing with a dollop of lock in. Imagine. meet, chat, call, and collaborate in just one place. Also, one can:
- Instantly go from group chat to video call with the touch of a button.
- Securely connect, access, share, and coauthor files in real time.
- Stay organized by keeping notes, documents, and your calendar together.
However, Teams is an application environment too. The November 2020 write up points out:
Microsoft now made the new Power Apps app for Teams generally available. It allows you to create and deploy custom apps without leaving Teams. With the straightforward , embedded graphical app studio, it’s never been easier to create low code apps for Teams. you’ll also harness immediate value from inbuilt templates just like the Great Ideas or Inspections apps, which may be deployed in one click and customized easily. The new Power Apps app for Teams are often backed by a replacement relational datastore – Dataverse for Teams.
The “dataverse.” That’s similar to my term “datasphere,” but the datasphere exists and includes the dataverse in my opinion.
Yep, the “world” of Microsoft. What’s interesting is that Salesforce understands that Microsoft’s response to Zoom may be the start of a new bit thing. Even Amazon has joined the party with its mostly ignored Chime thing. (Amazon AWS provides the zoom for Zoom, so for now, the Bezos bulldozer is carving new revenue paths in other markets.) And Google is active in this sector as well, but for the life of me, I cannot recall the name of the conference/messaging service du jour. Google sells ads and will probably get serious when a US government Department of Energy conference call can be enhanced with an advertisement from Duke Energy or Exxon).
One thing is clear in my opinion: Microsoft Teams has the feature-itis affliction. I was at a Microsoft meeting years ago when one of the Softies pointed out that 95 percent of Word users relied on fewer than 10 functions.
What do I do when I use Zoom? Participate in a video call. If I need to take notes, I use a pencil and paper. If I need to add an event to my calendar, I write it in my monthly planner. If I want to zone out, I post a background that shows me looking at the camera and nodding.
Keep it simple? Not likely.
Stephen E Arnold, December 10, 2020
Interesting Post on Microsoft Github: Teams Vulnerability
December 9, 2020
I found this interesting post on Github, one of Microsoft’s open source plays. “Important, Spoofing” – Zero-Click, Wormable, Cross-Platform Remote Code Execution in Microsoft Teams.” The post explains how to compromise a Teams environment by sending or editing an existing Teams message. The message looks just peachy to the recipients or recipients. Teams is plural. When the recipient looks at the message the malicious payload executes. The post points out:
That’s it. There is no further interaction from the victim. Now your company’s internal network, personal documents, 365 documents/mail/notes, secret chats are fully compromised. Think about it. One message, one channel, no interaction. Everyone gets exploited.
Microsoft calls the exploit spoofing. Keep in mind that Microsoft has more than 100 million active users of its Zoom killer.
Stephen E Arnold, December 9, 2020
LinkedIn Analyzed: Verrry Interesting
December 4, 2020
I read “LinkedIn’s Alternate Universe.” I was poking around in an effort to find out how many social profiles are held by Microsoft. The write up provides a number 722 million. However, for my purposes I used a less robust estimate of 660 million. I ran out of space for decimal places. Check the story on Monday, and you will understand my space challenge. The story is Disinterest in Search and Retrieval Quantified.
I recommend this Divinations’ write up because it is amusing, and it helped me understand why the service has become some what peculiar in a social network world in which Ripley’s Believe It or Not! content has become normative.
Here are three examples:
- Posts by living people announcing that the author is dead. Ho, ho. Alive, not dead for the denizens of a personnel department site.
- Begging for dollars and attention. The two seem to be joined at the medulla for some LinkedIn members.
- The antics of recruiters become Twitter jokes.
What is fascinating is that we have a WordPress plug in that posts headlines to LinkedIn automatically. This creates some interesting reactions. First, the software bot has about 800 LinkedIn friends. Okay. I think that’s good. Second, the stories about the MSFT social network service have been filtered as I recall.
The article is worth a gander.
Stephen E Arnold, December 4, 2020
Some US Big Tech Outfits Say Laisse Tomber
December 2, 2020
The trusted “real news” outfit Thomson Reuters published “Amazon, Apple Stay Away from New French Initiative to Set Principles for Big Tech.” Quelle surprise! The “principle” is the silly notion of getting big US technology companies to pay their taxes, fair taxes. Incroyable? Companies not getting with the program allegedly include Apple, Facebook, Google, and Microsoft. These four firms are likely to perceive the suggestion of fairness as a demonstration of flawed logic. It is possible that the initiative may become a cause célèbre because money. France is a mere country anyway.
Stephen E Arnold, December 2, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
