Is Cyber Security Lagging a Grade Behind Other Technology?
November 25, 2022
The average computer user is unaware of how invasive and harmful cyber attacks are. Forbes details how little individuals and companies know about cyber crime in, “Why We Need A Cyber Intelligence Revolution.” Peiter Zatko is an infamous hacker and the former head of Twitter’s security. He revealed in a whistleblower complaint that Twitter’s protections are at risk because of poor security measures.
The whistleblower complaint was not a surprise to the cybersecurity world, but it was to everyone else. Companies and individuals need to be aware of the capabilities and limitations of cyber security. Companies should also set up reasonable expectations for their cybersecurity teams. Businesses are more at risk from security breaches, ransomware, and other threats. Legacy systems are especially vulnerable, because they were not designed to handle modern cyber attacks.
Cybersecurity teams need to be proactive. They can be proactive by gathering real-time intelligence from multiple sources to identify and prevent bad actors from attacking. Cybersecurity workers are in a pickle though:
“Our company recently conducted a survey of more than 300 IT professionals to determine the state of enterprise cybersecurity today and gather insights to lead us into a more secure future. Seventy-two percent of respondents have added new technologies in the past 12 months and nearly half (46%) have more than six tools and services in their security stack today. At the same time, 27% don’t even know how many tools they have in their security stack, and almost a quarter of professionals (24%) said their security posture is average or below average, indicating their awareness of their security stack vulnerabilities.”
A Gartner survey also found that 75% of organizations are investing in security vendor consolidation, because they want to reduce the strain on their cybersecurity teams. It is even worse that the old methods, such as firewalls, do not work anymore.
Organizations and individuals can take a few steps to ensure they remain safe. They can assess their current security plan and run a threat scan, use proactive and reactive solutions, and integrate threat intelligence from multiple sources.
Whitney Grace, November 25, 2022
Cyber Security? That Is a Good Question
November 25, 2022
This is not ideal. We learn from Yahoo Finance, “Russian Software Disguised as American Finds Its Way into U.S. Army, CDC Apps.” Reuters journalists James Pearson and Marisa Taylor report:
“Thousands of smartphone applications in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found. The Centers for Disease Control and Prevention (CDC), the United States’ main agency for fighting major health threats, said it had been deceived into believing Pushwoosh was based in the U.S. capital. After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns. The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns. That app was used by soldiers at one of the country’s main combat training bases. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. … Pushwoosh is registered with the Russian government to pay taxes in Russia. On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland and Washington, D.C., Reuters found.”
Pushwoosh’s software was included in the CDC’s main app and that share information on health concerns, including STDs. The Army had used the software in an information portal at, perhaps among other places, its National Training Center in California. Any data breach there could potentially reveal upcoming troop movements. Great. To be clear, there is no evidence data has been compromised. However, we do know Russia has a pesky habit of seizing any data it fancies from companies based within its borders.
Other entities apparently duped by Pushwoosh include the NRA, Britain’s Labor Party, large companies like Unilever, and makers of many items on Apple’s and Google’s app stores. The article includes details on how the company made it look like it was based in the US and states the FTC has the authority to prosecute those who engage in such deceptive practices. Whether it plans to bring charges is yet to be seen.
Cynthia Murrell, November 25, 2022
The Zuck Play: Why Not Fire Thousands with Twitter As Cover?
November 24, 2022
Here’s the answer:
Mark Zuckerberg’s pet project, Reality Labs, may be his company’s downfall. TechSpot reports, “Meta Value Down $520 Billion Over Last Year, Threatening Its Position as a Top 20 Company.” Some of the company’s losses can be chalked up to broader economic factors, of course, especially tightened ad budgets across the board. However, reporter Rob Thubron writes:
“In addition to the falling revenue, Meta has been worrying investors with the amount of money being poured into its VR/MR ambitions, aka the metaverse. Reality Labs, the division responsible for this unit, was down another $3.7 billion in Q3. That follows the $3 billion it lost in Q2 and the $2.96 billion from the first quarter of 2022. The division hemorrhaged $10.2 billion throughout 2021, and Meta expects the unit’s operating losses to grow significantly year-over-year in 2023. Meta predicts total expenses for this year to reach between $85 billion and $87 billion.”
But Zuckerberg is nothing if not tenacious. The write-up continues:
“Despite losing billions and an analyst’s prediction that many business projects in this area will close by 2025, Zuckerberg is doubling down on the metaverse. ‘Look, I get that a lot of people might disagree with this investment, but from what I can tell, I think this is going to be a very important thing,’ he said. ‘People will look back a decade from now and talk about the importance of the work being done here.’ Meta’s decline is reflected in Zuckerberg’s falling place on Bloomberg’s Billionaires Index. The CEO has seen his fortune fall by $76.8 billion over the last 12 months, dropping to $48.9 billion and placing Zuck in the 23rd position on the list.”
We get that loss is over 60% of the Zuck’s personal fortune, but those are billions with a “b.” As Zuck allegedly says, “The metaverse has legs.” Maybe in an alternate universe?
Cynthia Murrell, November 24, 2022
Are Governments Behaving Like Sheep?
November 24, 2022
North Korea, China, and possibly Russia are incarnates of Orwell’s Big Brother from the dystopian 1984 novel. The US government is compared to Big Brother (and rightly so) when it attempts to block free speech. The thing about outlawing free speech is that it takes too much energy to regulate. The US government wants to limit free speech, but only when it feels like it. We also do not want that, because the government lies. Gizmodo explains why we do not want the government to be Big Brother in: “You Really Don’t Want The Government To Be Your Content Moderator.”
The Department of Homeland Security is collaborating with tech firms and large businesses to repackage Bush’s “War on Terror” into a new product. They are building tools to monitor social media and combat disinformation. Why did this happen?
“In April, the Biden administration announced the launch of a Disinformation Governance Board, a new unit within DHS meant to “standardize the [government’s] treatment of disinformation” across various agencies. But the project was fumbled from the start: the unit initially failed to release a charter, leaving Americans to wonder just what exactly this shadowy new group with a creepy name was going to be doing. It didn’t take long for critics—on both the political left and right—to start referring to it as a “Ministry of Truth,” (the notorious propaganda bureau from George Orwell’s 1984). Though officials tried to salvage the effort. DHS shuttered the board in May after it had been operational for less than a month.”
Biden’s administration continued the Orwellian acts with a new organization: Cybersecurity and Infrastructure Security (CISA). Big businesses such as JPMorgan Chase and Twitter are working with the FBI and CISA to approach state-sponsored disinformation campaigns. The US government also wants to address COVID-19 vaccine efficacy, US support of Ukraine, Afghanistan withdrawal, and racial justice.
Is the US government is not an impartial entity despite what politicians claim?
Whitney Grace, November 24, 2022
Will Decision Intelligence Lead to Better Decision Making?
November 24, 2022
After years of hype, it turns out big data is not paying off as promised. Not yet. Marc Warner, CEO of AI firm Faculty, asserts, “Data-Driven Decision Making Will Fail—and Here Is Why” at Computer Weekly. Simply pouring through an abundance of data does not result in accurate conclusions. Warner turns philosophical as he elaborates:
“About 400 years ago, philosophers realized that collecting data to create understanding was a good thing. However, they also thought data alone was sufficient to establish how the world was and predict what would happen next – a process called induction. They thought a wider understanding of what was going on didn’t matter. Notice this is the same claim made for data-driven decision making – but we know a wider understanding does matter. Will stars appear in the sky because they did yesterday? Well, yes – for a while. But at some point, they will burn out. What was an obvious extrapolation is, suddenly, no longer true. This view changed with the philosopher Karl Popper, who said we don’t extrapolate inductively from data, because that’s impossible. In fact, we guess what’s going on, then find data to falsify that theory. This is a crucial change. Suddenly, the focus is the theory – not the data. This means the theory can be very different from an extrapolation from data.”
Not surprisingly, the AI entrepreneur believes the way to develop such theories lies in machine learning, specifically decision intelligence. Warner describes how his company used this approach to help the UK’s National Health Service wrangle an overwhelming amount of data to manage resources during the pandemic. The resulting decisions, he states, are credited with saving thousands of lives. It makes sense, of course, that accurate understanding leads to better decisions. Perhaps decision intelligence can get us there. But can this budding approach do anything to combat the stubborn problem of bias in machine learning? Nothing stops better, faster, and cheaper. More time to watch TikTok.
Cynthia Murrell, November 24, 2022
The iPhone Is Magic
November 23, 2022
I believe everything I read about the Apple iPhone. My knowledge junk bun includes such items as:
- Apple has a secret $275 billion deal with China. China is, of course, one of some governmental officials’ favorite countries. See this write up for details.
- Apple cares about user privacy. Well, maybe there are/were some issues. See this Forbes’ article for details.
- Apple has a monopoly-like position. But monopolies are good for everyone! See the Market Realist article for more insights.
I had these thoughts in mind right after I read this magical — possibly cream puff confection of a story — article called “Woman Who Lost iPhone at Sea Finds It Washed up 460 Days Later in Mint Condition.” The article states:
Clare Atfield, 39, dropped her iPhone in the ocean and never expected to see it again, until an incredible 460 days later. On top of it, the device was in perfect working condition
The article added:
But a year later on November 7, she was contacted by a local dog walker who claimed to have found it on the beach, not far from where she originally lost it… “The gentleman who found it and I were both just in shock that it still worked,” she admitted. The paddle boarder was stunned there wasn’t much damage to the phone considering it was lost at sea for a long time.
What’s this tell me?
- By golly iPhones in free protective cases are okay after being submerged in salt water for more than one year
- The protective case kept the water from obliterating the information on non digital documents
- Content marketing is alive and well when the magical iPhone is involved.
Yes, I believe everything about Apple: No secret deals, no violations of user privacy for ads or any other thing, and no monopoly position. I also believe the iPhone survivability story in the estimable “Daily Star.”
Don’t believe me? Just check with a tooth fairy. I loved the “mint condition” point too.
Stephen E Arnold, November 23, 2022
Snorkel: Now Humans Are a Benefit?
November 23, 2022
Snorkel emerged from Stanford University’s AI lab. Some at the Google are ga-ga over Snorkel’s approach to reducing the cost of creating training sets for machine learning. If you are not paying attention to the expense of training models the old-fashioned way, when humans do the work, months or years of effort are required. Then — surprise — after operating in the real world for six months (plus or minus depending on the use case), the model has to be retrained.
Snorkel wants to get subject matter experts to build a training set one time. Then the numerical recipes will harvest additional information and automatically update the training set. Imagine better, faster, cheaper. Well, that’s the theory. Thus the entire AI industry push for finding short cuts to deal with the need for building training sets for initial model training and the work needed to make sure the model does not drift off into craziness. (I won’t mention the name of any search vendors, but a number of these outfits have performed oblation for their VC gods. Why? The results of the user’s query returned garbage. Confusing the information in a PowerPoint pitch with returning relevant and precise results for a user’s query is a bit like resolving the conflicts between Newtonian and quantum physics.)
I read “AI Startup Snorkel Preps a New Kind of Expert for Enterprise AI.” My immediate reaction was a question, “Why didn’t Google buy the company?” Hmmm. Now Snorkel is going to push to be a commercial success, perhaps like DeepDyve, an outfit which used or uses Snorkel technology.
The write up says:
Snorkel’s Data-centric Foundation Model Development, as the offering is called, is an enhancement to the startup’s flagship Snorkel Flow program. The new features let companies write functions that automatically create labeled training data by using what are called foundation models, the largest neural nets that exist, such as OpenAI’s GPT-3. The new functions in Snorkel Flow let a person who is a domain expert but not a programmer create a workflow that will then automatically generate labeled data sets that can be used to train the foundation programs for specific tasks.
The base technology emerged from projects guided in part by Christopher Ré. The work goes back more than a decade. Snorkel itself has been a start up for several years.
Smart software is getting a lot of tire kicking action by large companies. My hunch is that Snorkel wants to sell its methods to the firms just now having a bean counter come to a meeting and saying, “Have you taken a look at how much money our AI teams need to retrain our models?”
Then a whiz kid — possibly a graduate of Stanford — says, “Get Snorkel!”
Well, that’s my hunch. Will the models avoid the horrible fate of self immolating smart software which just gets stuff wrong? Probably not. But the PowerPoints and Zoom presentations will explain that Snorkel does not go “under water.” Snorkel lets an apoplectic accountant breathe somewhat more easily until the next quarterly analysis of smart software expenses.
Stephen E Arnold, November 23, 2022
AI: Black Boxes ‘R Us
November 23, 2022
Humans design and make AI. Because humans design and make AI, we should know how they work. For some reason, humans do not know how AI works. Motherboard on Vice explains that, “Scientists Increasingly Can’t Explain How AI Works.” AI researchers are worried that AI developers focus too much on the end results of an algorithm than how and why it arrives at said results.
In other words, developers cannot explain how an AI algorithm works. AI algorithms are built from layers and layers of deep neural networks (DNNs). These networks are designed to replicate human neural pathways. They are almost like real neural pathways, because neurologists are unaware of how the entire brain works and AI developers do not know how AI algorithms work. AI developers are concerned with the inputs and outputs, but the in-between is the mythical black box. Because AI developers do not worry about how they receive the outputs, they cannot explain why they receive biased, polluted results.
“‘If all we have is a ‘black box’, it is impossible to understand causes of failure and improve system safety,’ Roman V. Yampolskiy, a professor of computer science at the University of Louisville, wrote in his paper titled “Unexplainability and Incomprehensibility of Artificial Intelligence.” ‘Additionally, if we grow accustomed to accepting AI’s answers without an explanation, essentially treating it as an Oracle system, we would not be able to tell if it begins providing wrong or manipulative answers.’”
It sounds like the Schrödinger’s cat of black boxes.
Developers’ results are driven by tight deadlines and small budgets so they concentrate on accuracy over explainability. Algorithms are also (supposedly) more accurate than humans, so it is easy to rely on them. Making the algorithms less biased is another black box, especially when the Internet is skewed one way:
“Debiasing the datasets that AI systems are trained on is near impossible in a society whose Internet reflects inherent, continuous human bias. Besides using smaller datasets, in which developers can have more control in deciding what appears in them, experts say a solution is to design with bias in mind, rather than feign impartiality.”
Couldn’t training an algorithm be like teaching a pet to do tricks with positive reinforcement? What would an algorithm consider a treat? But did a guy named Gödel bring up incompleteness? Clicks, clicks, and more clicks.
Whitney Grace, November 23, 2022
A Trifecta for Meta, TikTok, and Twitter in Kenya
November 23, 2022
Once again, social media companies show their disdain for local laws and information integrity. Rest of World reports, “Facebook and Instagram Ran Ads Violating Kenyan Election Law, New Report Reveals.” Furthermore, according to the Mozilla Foundation report, Meta, Twitter, and TikTok failed to moderate harmful posts amid the Kenyan general election in August. Journalist Andrew Deck writes:
“Kenyan law states political candidates cannot campaign in the 48 hours before an election day. Candidates for both major political parties did just that, with paid promotions on Facebook and Instagram, which are both owned by Meta. Meta itself requires advertisers to abide by these blackout periods. Some ads from the opposition Azimio la Umoja party reached as many as 50,000 impressions and one gubernatorial candidate alone ran some 17 violating ads. … The porousness of moderation filters during this time contributed to what [Mozilla researcher Odanga Madung] calls a ‘post-election twilight zone,’ the report said. Despite public commitments to ramp up moderation resources before Kenyans headed to the polls, Meta, Twitter, and TikTok all saw breaches in their moderation systems, according to the report. In the days after the polls closed on August 9, election rumors on social media were exacerbated by the release of 43,000 polling station results publicly by the country’s Independent Electoral and Boundaries Commission (IEBC). Political parties and media companies released their own tallies of these votes, leading to conflicting declarations of the winner. Breaches included the circulation of misleading electoral tallies by opposing political parties and conspiracy theories about election fraud.”
What an interesting matter. See the article for more election chicanery that made it unchallenged onto social media. Meta, TikTok, and Twitter all insist they did their best to uphold regulations and label misinformation. Madung, however, believes they did not adequately test their procedures within Kenya. That seems like a sound conclusion. Just how long will these companies’ negligence contribute to election turmoil in countries around the globe?
Cynthia Murrell, November 23, 2022
OSINT: HandleFinder
November 22, 2022
If you are looking for a way to identify a user “handle” on various social networks, you may want to take a look at HandleFinder. The service appears to be offered without a fee. The developer does provide a “Buy Me a Coffee” link, so you can support the service. The service accepts a user name. We used our favorite ageing teen screen name ibabyrainbow or babyrainbow on some lower profile services. HandleFinder returned 31 results on our first query. (We ran the query a second time, and the system returned 30 results. We found this interesting.)
The services scanned included Patreon, TikTok, and YouTube, among others. The service did not scan the StreamGun video on demand service or NewRecs.
In order to examine the results, one clicks on service name which is underlined. Note that once one clicks the link, the result set is lost. We found that the link should be opened in a separate tab or window to eliminate the need to rerun the query after after each click. That’s how one of my team discovered the count variance.
When there is no result, the link in HandleFinder does not make this evident. Links to ibabyrainbow on Instagram returned “Page not found.” The result for Linktr.ee returned the Linktr.ee page of links, which means more clicking.
If one is interested in chasing down social media handles, you may want to check out this service. It is promising and hopefully will be refined.
Stephen E Arnold, November 22, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
