Browse > Home / Archive: September 2020

Monoculture and Monopoly Law: Attraction to a Single Point Occurs and Persists

September 2, 2020

Did you hear the alarm clock ring? “Zoom Is Now Critical Infrastructure. That’s a Concern” makes it clear that even the deep sleepers can wake up. What’s the tune on these wizards’ mobile phone? Maybe a fabulous fake of “Still Drowsy after All These Years.” (Sorry, Mr. Simon.)

The write up makes clear that the Brookings community and scholars have been told the following:

  • Zoom is the information superhighway for education
  • Zoom content is visible to Zoom
  • Zoom is fending off the likes of Apple and Facetime, Google Meet and Hangouts, and Microsoft Teams (Skype shoved its hands in the barbeque briquettes, thus making that service less interesting.)
  • Zoom goes down, thus wrecking havoc.

The write up does not suggest that Zoom is up to fancy dancing with authorities from another nation state. The write up does not delve into the tale of the stunning Alex Stamos, a human Swiss Army Knife of security. The write up does not articulate this Arnold Law:

A monoculture and a monopoly manifest attraction to a single online point.

A corrolary is:

That single point persists.

In the absence of meaningful oversight, Zoom is, according to the write up:

By contrast, a successful cyber attack targeting Zoom could bring education and an enormous amount of business activity to a complete halt.

And what about the Zoom data? Useful to some perhaps?

Stephen E Arnold, September 2, 2020

Written by Stephen E. Arnold · Filed Under News, Online (general), Security, Video | Comments Off on Monoculture and Monopoly Law: Attraction to a Single Point Occurs and Persists 

Facebook: Trouble Within?

September 2, 2020

How did my Latin teacher explain this allegedly accurate management method? As I recall, a member of the Roman army who dropped the ball would be identified. Then his “unit” would be gathered. According to Mr. Buschman, every tenth person was killed. The point of the anecdote was to teach the “meaning” of decimate; that is, every tenth or in 1958 lingo, destroy. Was Mr. Buschman on the beam? I have no idea, nor do I care. My recollection of decimation emerged as I read “Facebook Employees Are Outraged At Mark Zuckerberg’s Explanations Of How It Handled The Kenosha Violence.” The Silicon Valley “real” news outfit reported this allegedly accurate quote:

“At what point do we take responsibility for enabling hate filled bile to spread across our services?” wrote one employee. “[A]nti Semitism, conspiracy, and white supremacy reeks across our services.”

To quell what seems to be some dissention in the ranks, is it time to revisit Rome’s method of focusing a cohort’s attention?

A modern day Caesar might find inspiration in the past. The present and immediate future may not be doing the job.

Stephen E Arnold, September 2, 2020

Written by Stephen E. Arnold · Filed Under Facebook, Management, News | Comments Off on Facebook: Trouble Within? 

Maps with Blank Spots

September 2, 2020

We noted the “real” news outfit story “Blanked-Out Spots On China’s Maps Helped Us Uncover Xinjiang’s Camps.” The how to is interesting. We learned:

Our breakthrough came when we noticed that there was some sort of issue with satellite imagery tiles loading in the vicinity of one of the known camps while using the Chinese mapping platform Baidu Maps. The satellite imagery was old, but otherwise fine when zoomed out — but at a certain point, plain light gray tiles would appear over the camp location. They disappeared as you zoomed in further, while the satellite imagery was replaced by the standard gray reference tiles, which showed features such as building outlines and roads. At that time, Baidu only had satellite imagery at medium resolution in most parts of Xinjiang, which would be replaced by their general reference map tiles when you zoomed in closer. That wasn’t what was happening here — these light gray tiles at the camp location were a different color than the reference map tiles and lacked any drawn information, such as roads.

After reading the article, DarkCyber wonders what other interesting sites are missing?

Stephen E Arnold, September 2, 2010

Written by Stephen E. Arnold · Filed Under Government, News, Rich media | Comments Off on Maps with Blank Spots 

Blue Chip Black Eye?

September 2, 2020

DarkCyber spotted “Accenture India Staff to Face Brunt of Layoffs.” The write up reports:

Technology major Accenture is expected to lay off around 25,000 people or least 5% of its global workforce…

Interesting. The received wisdom in the consulting world of blue-chip firms is that when the economy goes down, consulting revenues go up.

Is this a black eye for Accenture’s sales executives or a signal that “received wisdom” may not work in the Rona Era?

Stephen E Arnold, September 2, 2020

Written by Stephen E. Arnold · Filed Under Consulting, News | Comments Off on Blue Chip Black Eye? 

Facebook a PR Firm? What about a Silicon Valley Cash Rich Intelligence Agency?

September 1, 2020

DarkCyber noted “Facebook, The PR Firm.” The main idea seems to be:

I [Can Duruk maybe?] saw on Twitter a leak from Facebook where the comms people were pleading to their coworkers to stop leaking to the press. The comms folks, in a weird form of irony, were so inundated with their moderation work that they had to ask people whose main task is to create more moderation work for the poorly paid and mentally traumatized people to please creating less work for them.

That statement combines the best of Escher and Kafka.

The write up notes:

I read Facebook less as a tech company, but instead a communications one. Not a telecom communications, but more like a PR / marketing consultancy. There’s nothing original about Facebook. It’s a company that hires people to build others’ ideas, and, more often than not, it does that better and faster than them too. And when it can’t do that, it just buys them outright. There is a lot of building, but the ideas are outsourced. But what Facebook is really good at is actually doing all this while fighting what seems to be a never-ending, at least since 2016 or so, PR battle while not giving an inch.

Is the entrepreneur Mark Zuckerberg a reincarnation of Ivy Lee, a metempsychosis in the realm of online social media?

And the final line of the write up reminds the reader:

This, after all, is a company that once thought comparing itself to a chair was a good idea.

DarkCyber thinks the write up makes some helpful points. However, several observations emerged from our morning Zoom “meeting” among the team members who had the energy to click a mouse button:

  1. Facebook has internalized the mechanisms used by some intelligence agencies and specialized services firms; for example, the dalliance in and out of court with NSO Group
  2. Facebook can perform what can be called “beam forming.” The idea is to take digital bits, focus them on a topic or issue, and then aim the beam of content at individuals and groups. The beam works like a wood carver’s oblique knife. The “targets” are shaped as needed.
  3. The company can exert threats in order to apply pressure to entities with a perceived intention of doing Facebook hard; for example, the threats made to Australia if the social media giant has to pay for news.

To sum up, DarkCyber believes that Facebook has more in common with an intelligence operation than a PR firm. I mean public relations. Really? Does Facebook care about relating to the public? Money, clicks, users, tracking, and data for sure. But public relations?

Stephen E Arnold, September 1, 2020

Written by Stephen E. Arnold · Filed Under Business strategy, Facebook, Legal matters, News, Social Media | Comments Off on Facebook a PR Firm? What about a Silicon Valley Cash Rich Intelligence Agency? 

Bad Actors Rejoice: Purrito Is Kitten with Claws

September 1, 2020

The Internet has taught us many things about people, particularly tech geeks. Technology geeks love challenging themselves with hacking tricks, possess off base senses of humor, and love their fur babies. They particularly love cats.

A “purrito” is a term coined by the animal rescue community for tiny kittens swaddled in tiny blankets, ergo like burritos. It goes without saying that burritos are adorable.

It is also not surprising that potential bad actors, who love cats, would purloin the Purrito for an “ultra fast, minimalistic, encrypted command line paste-bin.” Purrito Bin even uses characters to make a tabby kitten face: (=???=).

Reading through the instructions for Purrito, the developer made it even cuter by calling the standard client “meow” and a companion client “purr.” Purrito Bin is a simple way to encrypt files :

“In a encrypted storage setting, the paste is encrypted before sending it to the server.

Now the server will only be used as a storage bin and even in case of a non-https connection, you are guaranteed that no one else will be able to read the data that you have sent.

How does it work?

Steps automatically done by the provided clients, on the client side:

• Randomly generate an encryption key.

• Encrypt your data using said key, the encrypted data is called the cipher.

• Send the cipher to PurritoBin and get a standard paste url as above, which will be converted to the form”

The concept of Purrito Bin is itself genius, but is it a good idea for it to be posted publicly where bad actors can use it?

Whitney Grace, September 1, 2020

Written by Stephen E. Arnold · Filed Under News, Privacy | 1 Comment 

McKinsey? Not Wonderful? What?

September 1, 2020

Our esteemed leader (who is now Lord Stephen E Arnold. Believe it or not.) used to be a management consultant. Although I have worked on his research team for more than eight years, I have no idea what he did or does. Every time we meet, he’s playing with his computers. Helpful, right?

What do management consultants do? Slate knows and reports that management consultants “sell what you’re buying, as opposed to what they’re selling” in the article “How McKinsey Helps Companies Avoid Responsibility.” At least the only management company that is following this modus operandi is McKinsey and Company. McKinsey and Company is a top blue chip management company and has been in business for almost a century.

Accounting professor James McKinsey founded his namesake company on basic accounting principles: use financial records to project future revenue and costs. This concept is standard today, but no one practiced it in 1926. McKinsey was selective about his client list and become legendary among top-tier clients. When Marvin Bower took over the company he added another mantra to the company: always putting clients’ interests above McKinsey’s.

In the 1950s, a new slew of problems arrived with the postwar economic boom and McKinsey took it upon themselves to help companies succeed even more, This included wading through middle management and telling companies to fire people if needed. McKinsey consultants are happy to be scapegoats for downsizing:

“‘And the McKinsey consultant who gives the manager that advice also gets to avoid having to feel responsible for putting people out of work. ‘If I’m working at McKinsey, when I decide to give the best professional advice I can, following the principles of integrity that McKinsey insists on for its workers, I don’t characterize myself as having fired 50,000 people,’ [Yale professor Daniel] Markovits explains. ‘What I’ve done is give the best professional advice that I can. And that’s a perfectly apt way to think about your life, but from a systematic or a structural perspective, it insulates everybody from responsibility for terrible outcomes.’”

This led to massive layoffs from the 1970s-1990s, but it did keep companies afloat and cemented the concept that a company’s only responsibility is to maximize the value of shares. McKinsey expanded into government and public sector work, including the Trump Administration, and foreign countries: China, Turkey, Russia, and South Africa, Saudi Arabia. McKinsey consultants advised corrupt regimes about “better business practices” that resulted in harming humans and quality of life.

McKinsey is always interested in serving their clients’ best interests, but it has dirtied their hands to the detriment of harming others. How evil is DarkCyber own Lord Stephen? He pays for lunch, but that may be his sole saving grace. (Yes, he wants to be called Lord Stephen. Maybe he will tell the team how he went from rural Kentucky to “lord”?

Whitney Grace, September 1, 2020

Written by Stephen E. Arnold · Filed Under Consulting, News | Comments Off on McKinsey? Not Wonderful? What? 

Lexipol: Facing Scrutiny?

September 1, 2020

Should a private company be writing policies for police departments? Increasingly that is the case and, many say, is a major reason it is so difficult to hold police accountable for using excessive force. Mother Jones invites us to “Meet the Company that Writes the Policies that Protect Cops.” Founded in 2003, Lexipol’s focus is unabashedly on crafting policies that protect officers and departments against lawsuits. Much hinges on definitions of words one would think should be straightforward, like “necessary” and “imminent.” In fact, company co-founder (and former cop) Bruce Praet seems especially proud of the slippery language that gives police “flexibility.”

When pressed, Lexipol insists it bases its policies on federal and state standards, laws, court rulings, and “best practices.” However, reporter Madison Pauly writes:

“Some of the company’s policies … depart in significant ways from recommendations by mainstream policing organizations. The National Consensus Policy on Use of Force, a collaboration between 11 major law enforcement groups, requires cops to try de-escalation techniques before using force if possible. Lexipol discourages police departments from requiring them. Lexipol’s policy allows officers to shoot at moving vehicles in some circumstances, a practice that the Police Executive Research Forum recommends against because it may injure or kill civilians and officers. The ACLU has contested Lexipol’s rules for handling immigration violations, which in some states include a provision allowing cops to consider ‘a lack of English proficiency’ when deciding whether someone may have entered the country illegally. Despite these challenges, the company has marketed its policies as a way to decrease cities’ liability in police misconduct lawsuits. In its communications with potential clients, Lexipol has claimed that agencies that use its policies are sued less frequently and pay out smaller settlements, according to a Texas Law Review analysis of public records. The company’s critics argue that it accomplishes this with vague or permissive rules that meet bare-minimum legal requirements rather than holding officers to a higher standard.”

According to the company, Lexipol has vended its policies, training, customizable handbooks, or other services to more than 8 thousand public safety agencies, including several large cities. These include corrections, fire, and EMS agencies alongside police departments. In California, it is estimated that about 95 percent of law enforcement are using Lexipol policies. See the article for examples where, we’re told, these policies have stood in the way of justice. As with the crafting of state legislation, we suspect many citizens are unaware how much influence these public agencies have handed over to a third party.

Cynthia Murrell, September 1, 2020

Written by Stephen E. Arnold · Filed Under law enforcement, Legal matters, News | 1 Comment 

Why Update? Surprise, Hacker Masquerade Time

September 1, 2020

Hacker Masquerade vulnerability assessment firm Positive Technologies has shared some results from their penetration tests (“pentests) on corporate information systems. Though they do not reveal data on individual clients, they report some eye-opening statistics. IT Brief reports on these findings in, “Hackers Difficult to Distinguish from Legitimate Users—Study.” Writer Shannon Williams tells us:

“At 61% of the companies, we found at least one simple way to obtain control of infrastructure that would have been feasible even for a low-skilled hacker. The testers noted that legitimate actions that would be unrecognizable from regular user activity accounted for 47% of the actions that allowed pentesters to create an attack vector. These actions included creating new privileged users on network hosts, creating a memory dump of lsass.exe, exporting registry hives, and sending requests to the domain controller. These actions allow hackers to obtain credentials from corporate network users or information required to develop the attack. The risk is that it is hard to differentiate between such actions and the usual activities of users and administrators, making it more likely that the attack will remain unnoticed. These incidents can however be detected with security incident detection systems. The testing also demonstrated that the attackers can exploit known vulnerabilities found in outdated software versions to remotely execute arbitrary code, escalate privileges, or learn important information. What the experts see most often is lack of current OS updates.”

And that, boys and girls, is why we must always keep our operating systems up to date. The write-up shares a little about how hackers can use OS quirks to gain access to and traverse systems. Keeping your Windows updated will not, however, patch holes caused by lax permissions, single-factor authentication routines, and other liabilities. Not surprisingly, Positive Technologies’ Ekaterina Kilyusheva suggests companies hire a specialist to perform an internal pentest that will assess their systems’ vulnerabilities.

Cynthia Murrell, September 1, 2020

Written by Stephen E. Arnold · Filed Under DarkCyber, News, Security | 1 Comment 

« Previous Page

  • Archives

  • Recent Posts

  • Meta