Data Loss: An Interesting Number
August 19, 2020
“Over 27 Billion Records Exposed in the First Half of 2020” contains some interesting assertions. One which caught my attention was:
Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.
The write up quotes an expert from Risk Based Security as saying:
“The striking differences between 2020 and prior years brings up many questions,” says Inga Goddijn, executive vice president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”
I am curious as well. Interpol’s August 2020 “Cybercrime: Covid-19 Impact” suggests that cybercrime is chugging along quite nicely.
DarkCyber’s question is:
With hundreds of cyber security firms offering everything from real time AI monitors to old fashioned and expensive humans, bad actors appear to be increasingly successful. How is that Garmin cyber security system working now? Any Amazon S3 buckets compromised recently? Is Self-Key’s statement that “the first quarter of 2020 has been one of the worst in data breach history with over 8 billion records exposed” accurate?
The numbers may be interesting but the question is, “Why are state-of-the-art, artificially intelligence cyber security systems performing in a way that suggests bad actors are experiencing a surfeit of target opportunities?
Stephen E Arnold, August 19, 2020
Instagram: What Does Suspicious Mean at This Facebook Outfit?
August 19, 2020
DarkCyber noted what could be construed as a baby step toward adulting or a much bigger step toward Facebook obtaining more fine-grained information. “Instagram Will Make Suspicious Accounts Verify Their Identity” states:
Instagram is taking new steps to root out bots and other accounts trying to manipulate its platform. The company says it will start asking some users to verify their identities if it suspects “potential inauthentic behavior.” Instagram stresses that the new policy won’t affect most users, but that it will target accounts that seem suspicious.
It seems that “inauthentic” means “suspicious.” Okay, what is that exactly. The write up quotes an Instagram something as saying:
This includes accounts potentially engaged in coordinated inauthentic behavior, or when we see the majority of someone’s followers are in a different country to their location, or if we find signs of automation, such as bot accounts.
What addresses inauthenticity? How about this?
Under the new rules, these accounts will be asked to verify their identity by submitting a government ID. If they don’t, the company may down-rank their posts in Instagram’s feed or disable their account entirely.
When a moment of adulting or a data grab, the Facebook continues to be Facebook.
Stephen E Arnold, August 19, 2020
IBM: A New PR Direction without Recipes and TV Game Shows?
August 18, 2020
IBM appears to be shifting its marketing in an interesting way. IBM announced its Power10 chips. Representative of the coverage is Forbes’ Magazine’s “IBM POWER10 Mega Chip For Hybrid Cloud Is Revealed.” The write up is not written by Forbes’ staff. The article is from an outfit called Tirias Research, a member of a contributor group. I am not sure what a contributor group is. The article seems like marketing speak to me, but you judge for yourself. Here’s a snippet:
To handle the ever more complex cloud workloads, the POWER10 improves capacity (socket throughput) and efficiency by about 3x over the POWER9. The energy efficiency gains were critical because IBM increased CPU core count over the POWER9 but kept the socket power roughly the same. All in all, the POWER10 big step forward for the architecture.
Next, I noticed write ups about IBM’s mainframe business. Navigate to “COBOL Still Handles 70% of Global Business Transactions.” The content strikes me as a recycling of IBM-prepared visuals. Here’s an example of the “analysis” and “news” in the article about the next big future:
Several observations:
- It was not that long ago that IBM was touting IBM Watson as capable of matching pets with potential owners. Now IBM is focusing on semiconductors and “workhorse” mainframes
- There are chips using technology more advanced than IBM’s 7 and 14 nanometer chips. Like Intel, IBM makes no reference to manufacturing techniques which may offer more advantages. That’s understandable. But three nanometer fabs are approaching, and IBM appears to be following, not leading.
- The cheerleading for hybrid clouds is different from cheerleading for “the cloud.” Has IBM decided that its future pivots on getting companies to build data centers and hire IBM to maintain them.
The craziness of the state unemployment agencies with COBOL based systems is fresh in my mind. For me, emphasizing the dependence of organizations upon COBOL is interesting. This statement caught my attention:
COBOL still handle [sic] more than 70% of the business transactions that take place in the world today.
Is this a good thing? Are Amazon, Microsoft, and Google embracing mainframes? My hunch is that companies are unable to shift from legacy systems. Inertia, not innovation, may be creating what some people seeking unemployment benefits from COBOL-centric systems perceive as a dysfunctional approach.
Net net: At least IBM is not talking about recipes created by Watson.
Stephen E Arnold, August 18, 2020
Apple: An Intellectual Property Misunderstanding Resolved
August 18, 2020
DarkCyber is aware of the legal dust up between an electronic game company and Apple computer. However, another facet of Apple’s corporate mindset surfaces in “Apple Ordered to Pay PanOptis $506.2 Million for Infringing LTE Patents.”
The write up reports:
In [the] decision, the jury decided that Apple failed to prove that any of PanOptis’ patent claims were invalid. According to Law360, it also said that Apple willfully infringed on the patents. Notably, the in-person patent jury trial was the country’s first since coronavirus lockdowns began. The $506 million is a royalty of past sales of infringing devices, with the jury finding five of the seven patents in suit were violated.
With interest in next generation wireless technology moving more quickly than the US legal system, will Apple obtain its technology via licenses, good old R&D, or some of the more interesting methods available to the company? There’s nothing like American know how, is there?
Stephen E Arnold, August 18, 2020
Technology and New Normal Insights: What?
August 18, 2020
I read “10 Insights for the New Normal.” Remarkable. The essay was a product of IT Pro Portal and a marketing consulting firm doing business as BrandCap. What’s the connection between the new normal (which means the Rona Era) and technology? That’s is a very good question. Let’s look at three of these “insights”. I urge you to devour the remaining seven in the source document. Before I take a quick look at what I think are the the most interesting in the list of 10, I want to point out that I am not sure what “normal” means. The world is jagged, according to The End of Average. My hunch is that “normal” is a word selected because the people who read about socio-techno analysis in IT Pro Portal are “normal.” Is that a fair assumption? I will leave it to you, gentle reader, to answer this question.
Insights 1, 2, and 3 are essentially the same insight. Humans want to continue their lives in a pre-Rona manner. The new normal is the Rona Era. The third insight is that people want to get back to the pre-Rona normal. There you go. Hegel for Dummies.
Insight 6 is “Every day is like a Sunday afternoon.” I must admit this had me baffled. I then realized that I have continued to operate in the same way as I have for the last 52 years of my professional life. I don’t count years 1 to 22 when I was in college as “professional.” Moments were, maybe. But Sunday afternoon. Consider this explanation of the insight:
As lockdown stretched on and has now evolved, one of the most difficult aspects of life at home has been the sameness…Brands have an opportunity to surprise and delight through enabling the discovery of new products and experiences, both within the home and outside as people become more comfortable with the easing of restrictions.
Surprise and delight? I ordered an HDMI switch from Amazon. I was neither surprised nor delighted.
Insight 9 is a logical delight. Consider this trend: “Staying connected and disconnected.” I recall w somewhat quirky PhD in psychology whom I honestly believed was nuts telling me that schizophrenia is a mental disorder presenting itself in actions and speech that is disordered or hallucinatory. Some context may be helpful. This “wizard” and I were on numerous flights to work on a client engagement. Each flight this PhD would ask me, “Why do you wear maroon ties?” I explained that at 5 am I knew I could find a suitable tie to wear with my blue or gray suit in an efficient way. He then asked me on each flight for the next nine months, “Why do you wear maroon ties?” Which of us was crazier: Efficient me or the board certified whatever who asked the same question repeatedly?
I think I understand. One is working alone in a home office. The mobile phone only buzzes softly. The email notification is muted. Others — humanoids and allegedly domesticated animals — on the other side of a closed door. Alone yet connected. Disconnected yet reachable. The “trend” is explained this way:
The temptation for brands will be to tap into the national acceptance of on-screen comms, but brands should also be aware of the need to step away from screens and not attempt to interfere when people are disconnected.
This weekend I received three spam emails from a company which sold me three bars of an alleged French bar soap. Each email had no reference to my two previous emails sent to an entity known to me as LuckyVitamin.com. Three bars of soap and a dozen spam messages. Yep, that’s a trend. LuckyBrand.com obviously did not get the messages about the connected and disconnected paradox.
Net net: The outfit IT Pro Portal is running content marketing or search engine optimization content either intentionally (okay, I understand money) or unintentionally (yeah, that falls into the LuckyVitamin.com basket of mental behavior). A trend article might want to heed this definition:
the general course or prevailing tendency.
Self-referential statements, paradoxes, and brand awareness are not trends; these are examples of zeitgeist.
Stephen E Arnold, August 18, 2020
Listening to Mobile Calls: Maybe? Maybe Not
August 18, 2020
An online publication called Hitb.org has published “Hackers Can Eavesdrop on Mobile Calls with $7,000 Worth of Equipment.” Law enforcement and other government entities often pay more for equipment which performs similar functions. Maybe $7,000 is a bargain, assuming the technology works and does not lead to an immediate visit from government authorities.
According to the write up, you can listen to mobile calls using a method called “ReVoLTE”, a play on the LTE or long term evolution cellular technology. The article reports:
Now, researchers have demonstrated a weakness that allows attackers with modest resources to eavesdrop on calls. Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000.
Ah, ha, a catch. One has to be a researcher, which implies access to low cost, highly motivated students eager to get an A. Also, the “researcher” words makes it clear that one cannot order the needed equipment with one click on Amazon’s ecommerce site.
How realistic is this $7,000 claim? DarkCyber thinks that a person interested in gaining access to mobile calls may want to stay in school. CalTech or Georgia Tech may be institutions to consider. Then after getting an appropriate degree, work for one of the specialized services firms developing software and hardware for law enforcement.
On the other hand, if you can build these devices in your bedroom, why not skip school and contact one of the enforcement agencies in the US or elsewhere. DarkCyber has a suggestion. Unlawful intercept can lead to some interesting learning experiences with government authorities. Too bad similar enforcement does not kick in for misleading headlines for articles which contain fluff. That sounds like I am pointing out flaws in Silicon Valley-style reporting. Okay, okay, I am.
Stephen E Arnold, August 18, 2020
Telegram: Friendly Outfit for Russia, Other Places, Not So Much
August 18, 2020
There’s nothing like encrypted communications for bad actors. Some law enforcement and regulatory professionals are less enthusiastic. Russia has worked a deal with Telegram. Details about what Telegram’s side of the bargain include are sparse. Russia’s side of the deal is equally fuzzy. One might surmise a mechanism for accessing encrypted content. Is this possible? The answer depends on whom one asks.
Telegram in its quest to remain in business has, according to “Telegram Launches One-on-One Video Calls with End-to-End Encryption,” is dimming the lights for some law enforcement and regulatory units. The write up reports:
The video calls on Telegram support picture-in-picture mode, so that people can check and reply to their messages while talking to a friend. The calls are also protected with end-to-end encryption, with the security confirmed by matching emojis on the screen on either end of the line. Telegram continues to work on more features and improvements for its video call offering, saying that it is working to launch group video calls in the coming months. The upcoming feature will allow the app to jump into the videoconferencing market, which has become more crucial as people stay at home amid the COVID-19 pandemic.
What’s the big deal? Encrypted messaging poses a cost and time hurdle for government authorities. Bad actors find these encrypted services more useful than some other forms of information exchange. For example, the razzle dazzle of the Dark Web (despite its modest size in terms of sites and users) is losing ground to encrypted messaging services. And why not?
From a mobile device, encrypted messaging can replicate many of the more interesting facets of the Dark Web; for example:
- Encryption and anonymity. Check
- In app payment. Check
- Private groups. Check
- Social media functions. Semi check.
“Going dark” is no longer a bit of in-crowd jargon. It is a reality. And for Russian authorities, maybe not so dark.
Stephen E Arnold, August 18, 2020
A Former Science Club Member Critiques Google, THE Science Club
August 17, 2020
I truly enjoy posts from former insiders at giant technology monopolies. Each of them hires from the other. The meta-revolving door spin is fascinating to watch. Some get tossed out of the mechanism because of some career negative factor: Family, health, mental orientation, or some other exogenous, non-technical event. Others go through a Scientological reformation and realize that the world of the high-technology nation-states is a weird place: Language, food customs, expectations of non-conformist “norm” behavior, and other cultural suckerfish. What gives me a chuckle are revelations like Tim Bray’s or Steve Yegge’s “Dear Google Cloud: Your Deprecation Policy is Killing You.” In my opinion, Mr. Yegge’s thoughtful, calm, and “in the moment” essay about the GOOG is more intriguing than the Financial Times’ story that reports Google has predicted the end of the world as we know it in Australia. What? Australia? Yep, for those receiving this warning from the Oracle at Mountain View their life amidst the kangaroos will mean no “free search” and — gasp! — curtains for “a dramatically worse” YouTube. Search can’t get much worse, so the YouTube threat means angry kids. Yikes! YouTube. Will Australia, a mere country, at the wrong end of a Google phaser strike?
Back to Mr. Yegge: In his essay, the phrase “deprecation treadmill” appears. This is the key insight. Googlers have to have something to do it seems. The bright science club members interact via an acceptable online service and make decisions informed by data. As Mr. Yegge points out, the data fueling insights may not be comprehensive or processed by some master intelligence. He notes that a Bigtable storage technology had been running for many years before any smart science club member or smart Google software noticed. (So much for attention to detail.)
Mr. Yegge points out that
One is that running a Bigtable was so inconsequential to Google’s scale that it took 2 years before anyone even noticed it, and even then, only because the version was old. As a point of comparison, I considered using Google Cloud Bigtable for my online game, but it cost (at the time) an estimated $16,000/year for an empty Bigtable on GCP. I’m not saying they’re gouging you, but in my own personal opinion, that feels like a lot of money for an empty [censored] database.
This paragraph underscores the lack of internal controls which operate in real time, although every two years could be considered near real time if one worked in a data center at Dialog Information Services in the mid 1980s. Today? Two years means a number of TikToks can come and go along with IPOs, unicorns, and Congressional hearings live streamed.
Mr. Yegge also uses a phrase I find delicious: “Deprecation treadmill.” The Google science club members use data (some old, some new, and some selected to support a lateral arabesque to a hotter team) to make changes. Examples range from the Dodgeball wackiness to change in cloud APIs which Mr. Yegge mentions in his essay. He notes:
Google engineers pride themselves on their software engineering discipline, and that’s actually what gets them into trouble. Pride is a trap for the unwary, and it has ensnared many a Google team into thinking that their decisions are always right, and that correctness (by some vague fuzzy definition) is more important than customer focus.
I wish to point out that Mr. Yegge is overlooking the key tenet of high school science club management methods: The science club is ALWAYS right. Since Mr. Yegge no longer works at the Google, Mr. Yegge is WRONG. Anyone who is not a right-now Googler is WRONG. A failure to understand the core of this mindset cannot work at the Google. Therefore, that individual is mentally unable to understand that Mother Google’s right-now brood is RIGHT. Australia and the European Union, for example, do not understand the logic of the Google. And they are obviously WRONG.
How simple this is.
Mr. Yegge points out how some activities are supposed to be carrier out in the “real world” as opposed to the cultural norms of the techno-monopolies. He writes:
Successful long-lived open systems owe their success to building decades-long micro-communities around extensions/plugins, also known as a marketplace.
This is indeed amusing. Google delivers advertising, and that is a game within a casino hotel. I think the online advertising game run by the Google blends the best of a 1950s Las Vegas outfit on the Strip and the mythical Hotel California of the Eagles’ song. Compare my metaphor with Mr. Yegge’s. Which is more accurate?
Google’s pride in their software engineering hygiene is what gets them into trouble here. They don’t like it when there are lots of different ways to do the same thing, with older, less-desirable ways sitting alongside newer fancier ways. It increases the learning curve for newcomers to the system, it increases the burden of supporting the legacy APIs, it slows down new feature velocity, and the worst sin of all: it’s ugly. Google is like Lady Ascot in Tim Burton’s Alice in Wonderland:
Lady Ascot: Alice, do you know what I fear most?
Alice Kingsley: The decline of the aristocracy?
Lady Ascot: Ugly grandchildren.
Mr. Yegge’s point is a brilliant one: The Google wants its customers to operate like “here and now” Googlers. But customers do not understand and they are WRONG.
The disconnect between the Google and mere customers is nailed in this statement by Mr. Yegge:
But after all these years, Google Cloud is still #3
Yes, Google does make decisions based on data. Those decisions are RIGHT. If this seems like a paradox, it is obvious that the customer is once again proving that he or she is not capable of working for Google. Achieving third prize in the cloud race is RIGHT, at least to some real Googlers. For Mr. Yegge, the crummy third place ranking is evidence of the mismatch between the techno-monopoly and cloud users and, I might add, Australia and the EU.
Mr. Yegge points out what may be a hint of the tension between the Google science club and its “wanna be” members. He writes about a Percona-centric, ready-to-use solution. He calmly points out:
Go ahead, I dare you. Follow the link and click the button. Choose “yes” to get all the default parameters and deploy the cluster to your Google Cloud project. Haha, joke’s on you; it doesn’t work. None of that [censored] works. It’s never tested, starts bit-rotting the minute they roll it out, and it wouldn’t surprise me if over half the click-to-deploy “solutions” (now we understand the air quotes) don’t work at all. It’s a completely embarrassing dark alley that you don’t want to wander down. But Google is straight-up encouraging you to use it. They want you to buy it. It’s transactional for them. They don’t want to support anything.
DarkCyber looks forward to Mr. Yegge’s next essay about the Google. Perhaps he will tackle the logic of reporting an offensive advertisement to the online monopoly. That process helps one understand a non-deprecation method in use at the A Number One science club. The management method is breathtaking.
As Eugène Ionesco noted:
“Realism falls short of reality. It shrinks it, attenuates it, falsifies it; it does not take into account our basic truths and our fundamental obsessions: love, death, astonishment. It presents man in a reduced and estranged perspective. Truth is in our dreams, in the imagination.”
The “our” is Google’s reality. If you are not a “here and now” Googler, you cannot understand.
Stephen E Arnold, August 17, 2020
Amazon Alexa Is Sensitive
August 17, 2020
The gimmick behind digital assistants is with a simple vocal command, using a smart speaker like Amazon Echo, users have access to knowledge and can complete small tasks. Amazon is either very clever or very clumsy when it comes to digital assistant Alexa. Venture Beat shares that, “Researchers Identify Dozens Of Words That Accidentally Trigger Amazon Echo Speakers” in a recent study.
The problem with digital assistants, other than them recording conversations and storing them to the cloud, is who will have access tot these conversations. LeakyPick is a platform that investigates microphone equipped devices and monitors network traffic for audio transmissions. LeakyPick was founded by University of Darmstadt, North Carolina State University, and the University of Paris Saclay.
LeakyPick was designed to test when smart speakers are activated:
“LeakyPick — which the researchers claim is 94% accurate at detecting speech traffic — works for both devices that use a wakeword and those that don’t, like security cameras and smoke alarms. In the case of the former, it’s preconfigured to prefix probes with known wakewords and noises (e.g., “Alexa,” “Hey Google”), and on the network level, it looks for “bursting,” where microphone-enabled devices that don’t typically send much data cause increased network traffic. A statistical probing step serves to filter out cases where bursts result from non-audio transmissions.”
To identify words that could activate smart speakers, LeakyPick uses all words in a phoneme dictionary. After testing smart speakers: Echo Dot, HomePod, and Google Home over fifty-two days. LeakyPick discovered that the Echo Dot reacted to eighty-nine words, some phonetically different from Alexa, to activate.
Amazon responded it built privacy deep into Alexa and sometimes smart speakers respond to words other than command signals.
LeakyPick, however, does show potential for testing smart home privacy and how to prevent them.
Whitney Grace, August 17, 2020
Facebook: Unified Messaging Comin’ Down the Pike
August 17, 2020
What does a monopoly do when regulators thinking about breaking up a big company do? That’s easy. The big company “integrates” its features, infrastructure, and services. If the big company does this “integration” in a clever way, going back to the pre-integration days is possible, but time consuming, expensive, and probably a job that will take more than a couple of days or a week.
“Facebook Is Sliding Into Instagram’s DMs. Literally” reports:
Facebook apparently began rolling out an update that integrates its Instagram and Facebook Messenger chat systems in the U.S. The new integration was announced quietly via a cheerful pop-up message that appeared to users when they opened Instagram on their phones on iOS and Android.
The article points out:
Allowing cross-messaging between Facebook Messenger, Instagram and WhatsApp has been part of Zuckerberg’s master plan for some time. Although each of apps will remain standalone, Facebook is working on integrating their underlying technical infrastructure. This means that people who only use one of Facebook’s apps could communicate with others in its empire, even if they don’t use the same app.
That’s a good point; however, it is not the main point in DarkCyber’s opinion. The goal of Facebook is to be impervious to break up. Integration is Job One. The fact that Facebook can add to Apple’s woes is like a hot fudge ice cream treat with a cherry or small fruit on top.
Life for Facebook was easier before its methods made headline news and caught the attention of usually sleepy government officials. So, heigh ho, heigh ho, to integration we go.
Stephen E Arnold, August 17, 2020