• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Sharing a Stage: Microsoft and Huawei

Just a small item from “Huawei Calls for Closer Public-Private Sector Action to Restore Trust in Technology” in New Zealand. The focus of the write up was on a call by Huawei (yep, the Chinese technology giant viewed with suspicion by some in the US, delivered a message about trust. Here’s the quote from the Huawei professional explaining trust:

As more devices feature connectivity, more services go online, and more critical infrastructures rely on real-time data exchanges, so must governments worldwide ensure that everyone is protected by the highest security standards… We must build strong trust in technology, enabled by a common set of rules, innovations, and progress. Only then can we commit to the sustainable and trustworthy use of technology.

Okay. But the item of information in the article which struck me as important was this passage:

Other speakers from the private sector include Roche board of directors chairman, Christophe Franz, Daimler chairman of the board of management, Ola Källenius, Microsoft chief executive officer, Satya Nadella, and HCL Corporation’s chief executive officer, Roshni Nadar Malhotra. [Emphasis added]

I found it interesting that Microsoft’s CEO shared a podium at a conference about trust. As you may recall, Microsoft experienced a misstep with Exchange Server and has struggled with Windows updates which bedevil some users.

The write up emphasized that “that trust is inherently built on openness and transparency.” Sounds tasty. Trust.

Stephen E Arnold, May 10, 2021

SolarWinds: Info Dribbles Continue

A “dribble” is, according to  Merriam Webster, “issue in piecemeal or desultory fashion.” From my point of view, “SolarWinds Says Russian Group Likely Took Data During Cyber-Attack” qualifies as info dribble. Paywalled Bloomberg reports:

SolarWinds said it “found evidence that causes us to believe the threat actor exfiltrated certain information as part of its research and surveillance,” according to a regulatory filing on Friday. The hackers “accessed email accounts of certain personnel, some of which contained information related to current or former employees and customers,” the company said.

How much data were taken, what content was pilfered, and for how long? Sorry, no info to address these questions. The write up reports:

SolarWinds estimates the hackers breached fewer than 100 of its customers using its software, according to the filing. The White House has found that about 100 U.S. companies and nine government agencies were hacked by the Russian cyber-attackers through SolarWinds and other means in the course of their espionage operation.

Remarkable how few entities were affected.

How did the attack occur? Here’s the explanation in the write up:

… the company believes the hackers may have used an unknown vulnerability, a brute-force cyber attack,or through social engineering — such as a phishing operation — according to the filing. The hackers then conducted “research and surveillance” on the company, including its Microsoft Office 365 environment, for at least nine months prior to October 2019, when they moved to the “test run” phase of the attack, according to the filing.

Okay, what happened exactly? Right, the company does not know.

What about the cyber security systems in place to identify malicious activity? What about systems to identify threats? What about the vulnerabilities in the supply chain processes?

Many questions. Dribble info is interesting but not germane to the big question: How did a lengthy attack go un-noticed for months? Another question: What’s the fix?

Stephen E Arnold, May 10, 2021

Despite Acronyms, Ineffective Cyber Security Persists

I want to be brief. I read “XDR defined: Giving Meaning to Extended Detection and Response.” The write up is a commercial for a forthcoming flurry of fuzzy reports from assorted mid-tier consultants. Some of the big blue chips are embroiled in management dust ups and legal matters related to opiate marketing. So the mid-tier crowd has a chance to sell reports and billable consulting hours. Furthermore some vendors of cyber security products and services will rush to the party.

The article is about the outfit doing business as Forrester. I learned:

Forrester has released research on what XDR is, what XDR isn’t, and what clients need to look for when evaluating XDR solutions. This research is a rigorous breakdown of what to expect from XDR solutions based on interviews and survey results from XDR end users and over 40 security vendors.

Well, what is XDR in the current environment of SolarWinds, Microsoft Exchange Server, and assorted breaches involving Facebook and dozens of other outfits? XDR is shorthand for extended detections and response.

The hitch in the git-along is that cyber breaches are a today problem. Presumably many firms have one, two or three cyber security solutions, threat intelligence updates, and smart software like the high profile, yet debate sparking Darktrace.

From my point of view, existing cyber security solutions did not work for the months which the bad actors had to exploit SolarWinds. Then the Microsoft Exchange Server issue. These have been followed by VPN exploits, wonky partners with ties to ever cozy bears, and assorted database thefts.

The fix is an acronym and a report?

I don’t want to be skeptical, but the problem is that marketing is now more important than delivering cyber security information and solutions that prevent breaches. As a point of fact, the compromised systems in the US Federal government and an unknown number of organizations are now compromised. Do we have a cyber security system capable of dealing with the sophisticated exploits used by adversaries.

The answer is, No, not XDR.

Stephen E Arnold, May 7, 2021

Russia Keeps Backdoor Into US Security Networks

Russia and the US keep each other at arm’s length. While the two countries might not officially be at war, each are wary of what the other does behind closed doors. In March, the US Department of Homeland Security was hacked in what is now called the SolarWinds hack. US authorities believe it was Russia’s doing and, according to Engadget, they kept a back door open: “Report: Russia ‘Likely’ Kept Access To US Networks After SolarWinds Hack.”

Despite the US bolstering their firewalls and security systems in the wake of the SolarWinds hack, Russia’s SVR intelligence agency could still have access to them. Deputy National Security Director Anne Neuberger did not directly state that Russia still has access to the systems, but did say blaming Russia for the hacks was not going to prevent future attacks.

Russia has hacked US systems for years:

“A continued presence in American networks is consistent with history. Russia continued to mount cyber attacks against the US after the Obama administration imposed sanctions in late 2016, targeting politicians and other systems during the 2018 midterms and beyond. Even if the US successfully dislodged Russia from government systems, there was a good chance it would find another security hole.”

While the US has a robust digital security system with robust minds operating it, Russia has their own equivalent. Each country will continue to attack the other in order to have an edge in this post-Cold War world.

Whitney Grace, May 5, 2021

Amazing Moments in Cyber Security: The SolarWinds Awards

Believe it or not.

In a gem of an understatement, SolarWinds’ Sojung Lee called 2020 a “challenging year.” Lee made this assessment at his company’s recent APJ Q2 Virtual Partner Briefing where, as ChannelLife reports, “SolarWinds Celebrates Channel Partners in APJ Channel Awards.” Yes, that company gives out awards. We’re told:

“The awards recognize SolarWinds’ partners and distributors for their achievements in delivering services and expertise to customers. SolarWinds Asia Pacific and Jap vice president sales, Sojung Lee, says that 2020 was a challenging year but SolarWinds partners remained resilient.”

Resilient—yes, they would have to be. Readers can navigate to the brief write-up for the list of recipients, if curious. We just find it remarkable this list even exists at this point in time. What about these “winners’” security? We don’t know and maybe SolarWinds does not either. Sales, not security, could be job one.

Cynthia Murrell, May 5, 2021

How Are Those Cyber Security Vendors Performing? (Yes, That Is the Correct Word)

This sounds like old news. This is really new news. The trust outfit Thomson Reuters published “U.S. Government Probes VPN Hack within Federal Agencies, Races to Find Clues.” The main idea is that despite the amped up cyber security efforts, another somewhat minor issue has been discovered. The trust outfit reports:

The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it. More than a dozen federal agencies run Pulse Secure on their networks, according to public contract records.

What’s up with VPNs? Here’s the trusted news source’s slick prose answering this question:

The use of VPNs, which create encrypted tunnels for connecting remotely to corporate networks, has skyrocketed during the COVID-19 pandemic. Yet with the growth in VPN usage so too has the associated risk.

Some questions:

1. Do existing cyber security systems ignore VPN traffic?
2. Do existing monitoring systems provided by vendors like Microsoft have a “certain blindness”?
3. In the aftermath of the SolarWinds and Microsoft Exchange Server stubbed toes, have systems been enhanced to deal with threats which appear to operate in an undetectable manner?

Answers? No good ones its seems. Ads and speeches. Oh, yeah! Marketing is performance art.

Stephen E Arnold, April 30, 2021, 942 am US Eastern

Ransomware: A Great Lakes of Sitting Ducks

I read “No Ransomware Silver Bullet, Crooks Out of Reach.” The explicit point in the write up is that ransomware is a big deal and there’s no fix in sight. The implicit point is that existing cyber security systems don’t work. In the sunshine of SolarWinds, I assumed there was cyber security progress. Yeah, sorry.

The write up states:

The U.S. government now deems ransomware a national security threat. The FBI has just created a task force to tackle it.

The bad actors are slick operators; for example:

Some top ransomware criminals fancy themselves software service professionals. They take pride in their “customer service,” providing “help desks” that assist paying victims in file decryption. And they tend to keep their word. They have brands to protect, after all.

What’s the fix?

Committee meetings, recommendations, legislative action – these are good ideas.

In short, there is a veritable Great Lakes filled with sitting ducks. Have you tried to herd ducks? I have. Tough work. Marketing, reports, and hearings are much easier. Quack, quack, quack.

Stephen E Arnold, April 29, 2021

Facebook: Everlasting Delight!

We are still aghast at the carelessness that allowed hackers to access user information for about a billion accounts between Facebook and LinkedIn. The Facebook breach, at least, has spawned a couple of interesting side stories. First we learned that CEO Mark Zuckerberg uses chat app Signal, a competitor to Facebook’s WhatsApp. We also found out the Facebook breach has forced “Have I Been Pwned” to rework its search functionality, at least for this particular data set.

The folks at Signal must be delighted. India Today reports that the “Leaked Phone Number of Mark Zuckerberg Reveals He Is on Signal.” While both Signal and WhatsApp boast end-to-end encryption, there have been issues with what Facebook does with the back-up files. From Facebook’s point of view, this tidbit about Zuckerberg comes at an unfortunate juncture. Writer Yasmin Ahmed points out:

“The news comes at a time when many users outraged with Facebook-owned WhatsApp’s new privacy policy are moving to seemingly safer alternatives like Signal. WhatsApp’s contentious new terms of service are slated to come into effect from May 2021. The updated privacy policy changes how Facebook can access users’ chats with business accounts.”

Oh dear. In another tangent, we are interested in this change prompted by the leak—“The Facebook Phone Numbers Are Now Searchable in Have I Been  HYPERLINK “https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/”Pwned,” explains the security check site’s own Troy Hunt. It is good to see a site adapt its search to evolving circumstances. But why was the site not already searchable by phone number? Hunt explains:

“I’d never planned to make phone numbers searchable and indeed this User Voice idea sat there for over 5 and a half years without action. My position on this was that it didn’t make sense for a bunch of reasons:

1. Phone numbers appear far less frequently than email addresses
2. They’re much harder to parse out of most data sets (i.e. I can’t just regex them out like email addresses)
3. They very often don’t adhere to a consistent format across breaches and countries of origin

Plus, when the whole modus operandi of HIBP is to literally answer that question – Have I Been Pwned? – so long as there are email addresses that can be searched, phone numbers don’t add a whole lot of additional value. The Facebook data changed all that.”

Indeed. While more than 500 million phone numbers were stolen, only a few million addresses went along for the ride. Until Hunt changed the search, he writes, over 99% of the many people checking on his site received a false negative. He was able to easily parse most phone numbers from well-formatted files in the breached data and normalize their format with a country code. The caveat—this fix only applies to this breach, unless or until a similar batch of phone numbers is harvested. See the post for the technical reasons that making phone-number searches standard is unworkable for the free resource.

Cynthia Murrell, April 29, 2021

Cyber Security Quote to Note: Seeing Is Important

I read a Washington Post article with a somewhat misleading title. The main point of the write up is that the US Department of Defense began using a large block of IP addresses in January 2021. These reason for the shift from dormant holding to active use of the Internet addresses related to cyber security. That’s the explanation in the write up. In the news story there was an important statement attributed to an anonymous source (a very popular way to report “real” news). Here’s the quote:

If you can’t see it, you can’t defend it.

In my opinion this is accurate. The statement underscores what I have commented upon in this blog and in my DarkCyber bimonthly video program DarkCyber. The SolarWinds and more recent security missteps have been missed by the commercial and governmental systems designed to spot cyber attacks and malware.

Having more traffic to monitor is a good thing. The problem is what I call the 21st century horse and barn situation. Here it is again:

Barn burned. Horses gone. Globus (Russia) retail space constructed where the hay used to be stored.

Better late than never? Yeah, sure.

Stephen E Arnold, April 28, 2021

Huawei: Dutch Treat for 5G Security

A secret report from 2010 has surfaced in the Netherlands and has been reviewed by editors at news site de Volkskrant. The document reveals that “Huawei Was Able to Eavesdrop on Dutch Mobile Network KPN,” reports the NL Times. We learn that, in 2009, KPN used Huawei tech and that six employees of the Chinese tech giant worked at its head office. Warned by security firm AIVD that this was a dicey situation, KPN hired researchers at Capgemini analyze any risks involved. We learn:

“The conclusions turned out to be so alarming that the internal report was kept secret. ‘The continued existence of KPN Mobile is in serious danger because permits may be revoked or the government and businesses may give up their confidence in KPN if it becomes known that the Chinese government can eavesdrop on KPN mobile numbers and shut down the network’, de Volkskrant quotes the report. At the time, KPN’s mobile network had 6.5 million subscribers.”

These subscribers included then Prime Minister Jan Peter Balkenende and other ministers as well as, importantly, Chinese dissidents. The write-up continues:

“The Capgemini report stated that Huawei staff, both from within KPN buildings and from China, could eavesdrop on unauthorized, uncontrolled, and unlimited KPN mobile numbers. The company gained unauthorized access to the heart of the mobile network from China. How often that happened is not clear because it was not recorded anywhere.”

Huawei assures everyone it never took advantage of this access and there is no evidence (yet) that it did so. The revelation explains why KPN has since maintained its own mobile core network and relied upon Western suppliers. Lesson learned.

Cynthia Murrell, April 27, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Silicon Valley Streetbeefs
  • If Math Is Running Out of Problems, Will AI Help Out the Humans?
  • How Can Creatives Survive AI Disruptions?
  • Google and Third-Party Cookies: The Writing Is on the Financial Projection Worksheet
  • The Simple Fix: Door Dash Some Diversity in AI

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org