Microsoft: What Is the Priority?
September 8, 2021
Two items caught my attention today (September 3, 2021). The first was “Conti Ransomware Now Hacking Exchange Servers with ProxyShell Exploits.” What’s interesting is that Microsoft Exchange is in the news again. Here’s the interesting part of the write up:
The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits…. While Microsoft fully patched these vulnerabilities in May 2021, technical details regarding exploiting the vulnerabilities were recently released, allowing threat actors to start using them in attacks. So far, we have seen threat actors using the ProxyShell vulnerabilities to drop webshells, backdoors, and to deploy the LockFile ransomware.
Isn’t this like a 45 rpm recording of the The Trashmen’s “Surfin’ Bird.” Repetitive much? Here’s the lyric. Just substitute breach or break for bird, and you may have a hit on your hands:
A well a everybody’s heard about the bird
B-b-b bird, bird, bird, b-bird’s the word
A well a bird, bird, bird, the bird is the word
A well a bird, bird, bird, well the bird is the word
(Repeat endlessly)
The second item was “Don’t Like the New Windows 11 Start or Taskbar? Don’t Worry – Microsoft’s Got Your Back.” The main thrust of this write up is that Microsoft trashed the task bar and start menu of Windows 11. I learned:
Affected Insiders found, according to Microsoft, “that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load.” The result was a hurried update requiring those impacted to do a bit of Registry tinkering in order to get things back to normal.
From the all-important security assurances to the suggestions of the best Windows ever, Microsoft delivers flawed experiences for some it seems.
Trust, confidence in Microsoft software, and commitment to providing secure and stable tools are in short supply in Harrod’s Creek. Your mileage may vary, but bad actors continue to get useful tips about ways in which Microsoft says, “Hey, pay us a visit.”
Stephen E Arnold, September 8, 2021
Google Redefines Time
September 8, 2021
If you are Googley, you will adjust to the online ad giant’s manipulation of the space-time continuum. “Google Clock Bug Means Some Android Users Are Sleeping through Their Alarms” reports:
With many of us relying on our phones to get up in the morning (or any other time in the day), this is a bigger problem than it might at first appear to be. Google and Spotify do at least appear to have worked quickly to figure out what might be happening.
Perhaps those not happy with the Google manipulation of time, is it time to switch to an alternative device?
Apple sells some mobiles I believe. Are there issues with these devices? Nope, nothing that on device content scanning can cure.
Isn’t it wonderful to have choices in the mobile market?
Stephen E Arnold, September 8, 2021
The Print Nightmare Method Advances to the Windows 11 Tool Bar and Start Button
September 8, 2021
Once again someone has discovered a bug in Windows machines. The vulnerability allows bad actors access to remove code execution and local privilege escalation. Tech Radar details how this is the second issue related to this vulnerability in “There’s Yet Another New PrintNightmare Hack.” The problem started when Chinese security researchers shared a proof-of-concept exploit online, believing that Microsoft had patched the hole in Windows Print Spooler. Nope!
Microsoft quickly released a patch, but not before damage was done. Creator of the popular exploitation tool Mimkatz, Benjamin Delpy exploit exploited the bug again. The bug enables anyone to gain admin privileges on vulnerable machines. It works like this:
“According to reports, Delpy’s workaround takes advantage of the fact that Windows doesn’t prevent Limited users from installing printer drivers. Furthermore, it won’t complain when these drivers are fetched from remote print servers, and will then run them with the System privilege level.”
Microsoft issued another PrintNightmare patch, but Delpy and other security researchers are not happy with it. They say that Microsoft checks for remote libraries in PrintNightmare patch and it gives an opportunity to work around it. Delpy and other security researchers have since learned a lot about printer spooler and drivers. He released his own proof-of-concept that downloads a rogue driver that misuses the latitude to allow Windows users access to admin privileges. Delpy and others explain this will not be the last of Windows printer spooler abuse.
And how’s that Microsoft method working out?
It is consistent. “Windows 11 Preview Glitch Hits Start menu and Taskbar” explains:
“Recently, Windows Insiders in both the Dev and Beta Channels began reporting that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load,” wrote the Windows Insiders team at Microsoft in a blogpost.
Yep, consistent.
Whitney Grace, September 8, 2021
TikTok: No Big Deal? Data Collection: No Big Deal Either
September 7, 2021
Here’s an interesting and presumably dead accurate statement from “TikTok Overtakes YouTube for Average Watch Time in US and UK.”
YouTube’s mass audience means it’s getting more demographics that are comparatively light internet users… it’s just reaching everyone who’s online.
So this means Google is number one? The write up points out:
The Google-owned video giant has an estimated two billion monthly users, while TikTok’s most recent public figures suggested it had about 700 million in mid-2020.
Absolutely. To me, it looks as if two billion is bigger than 700 million.
But TikTok has “upended the streaming and social landscape.”
How? Two billion is bigger than 700 million. Googlers like metrics, and that’s a noticeable difference.
I learned that the average time per user spent on the apps is higher for TikTok than for YouTube. TikTok has a high levels of “engagement.”
Google YouTube has more users, but TikTok users are apparently more hooked on the short form content from the quasi-China influenced outfit.
Advertisers will care. Retailers who want to hose users with product pitches via TikTok care.
Data harvesters at TikTok will definitely care. The more time spent on a monitored app provides a more helpful set of data about the users. These users can be tagged and analyzed using helpful open source tools like Bootleg.
Just a point to consider: How useful will time series data be about a TikTok user or user cluster? How useful will such data be when it comes time to identify a candidate for insider action? But some Silicon Valley wizards pooh pooh TikTok data collection. Maybe a knowledge gap for this crowd?
Stephen E Arnold, September 9, 2021
Amazon: How Is That Video Streaming Thing Working Out?
September 7, 2021
What could be easier? Let people sign up and pump content to people interested in live streams of games, wanna-be go-go performers, and individuals sitting in an inflate-a-pool doing whatever. What could go wrong?
In my lectures about Amazon and the Bezos bulldozer, I highlight a few of the more intriguing activities the DarkCyber research team has observed; to wit:
- A Ukrainian pole dancer live streaming a kids’ pole dancing event
- A former exotic performer riding an electric Segway bicycle wearing absolutely minimal clothing and a colorful bike helmet, a backpack, and high tops
- A person explaining how to avoid being cheated when playing card games with others who are into real time streaming
- First-run motion pictures not on Amazon Prime
- Individuals who paint their bodies in real time to mimic comic book and anime characters.
Yeah, there’s more, but you get the idea.
Now Amazon faces a hitch in its long pre-rolls, its “finder” interface, and its difficulties figuring out if ibabyrainbow is out of bounds.
I read “Twitch Finally Issues Official Statement to Streamers About the ‘Hate Raids’ Issue.” The main idea is that Twitchies are using comments to post negative comments and other possibly objectionable content objects to a “creator’s” chat.
The key passage in the write up for me was this statement:
To say that Twitch is now in disrepute is a massive understatement. Despite being the world’s arguably largest streaming platform, Twitch is not only losing viewers but also a few big-name creators that made their name there.
Defeating the Redmond outfit for JEDI and challenging NASA are possibly easier tasks.
Streamers who do hate — Streamers who boycott via #ADayOffTwitch — Streamers who coined the tag #TwitchDoBetter. Will Sagemaker come to the rescue?
Stephen E Arnold, September 7, 2021
Facebook: A Curious Weakness and a Microsoft Strength
September 7, 2021
I read “The Irony of Facebook’s VR Collaboration Debacle” authored by a wizard whom I associate with IBM. I am not sure why the author’s observations trigger images of Big Blue, mainframes, and blazing history of Watson.
The angle in this essay is:
Collaboration is a social process where people get together to collectively solve problems. But Facebook sucks at social. A more accurate descriptor is that Facebook is a gossip platform at scale, which has done considerable harm to several countries and put them at considerable existential risk.
Yikes. “Sucks.” “Gossip platform.” And “harm to several countries.”
The write up zips into Zoom-land which Facebook allegedly wants to reimagine as a virtual reality metaverse.
Where is the analysis of “Facebook sucks” heading? Here’s a clue:
Facebook’s Horizon Workrooms is not collaboration. Microsoft Teams would be a better solution for information sharing because you’d see Zuckerberg, not an avatar that looks nothing like him.
I think I have it. The write up is a rah-rah for Teams. I was hoping that the conclusion would point to IBM video services.
Nope, it’s Microsoft a company I presume which does not suck, is not a gossip platform, and has not done harm to several countries?
Stephen E Arnold, September 7, 2021
Taliban: Flying Disabled Helicopters and Doing the Social Media Thing
September 7, 2021
Images of disabled US military helicopters stick in my mind. The Taliban claims it is no longer a terrorist group and promises it will keep some of the changes that were implemented in Afghanistan in the last twenty years. Plus, the ruling group knows how to fly and do social media. ABC News explores how the Taliban uses modern technology to its advantage: “How The Taliban Use Social Media To Seek Legitimacy In The West, Sow Chaos At Home.”
The Taliban has one of the more interesting human rights records in the world. Religious fundamentalist groups (of any origin) manifest fascinating behaviors. Take that back, religious fundamentalist groups do change to accommodate anything they can exploit for their advantage, like the Taliban has with social media. The Taliban adopted social media as a propaganda tool in the manner the Nazis turned every faction of society from movies to children’s books into a propaganda piece.
The Taliban controls or influences news pieces about Afghanistan:
“The Taliban now has the ability to communicate directly with the rest of the world, as well as to control the narrative around events as it has been trying to do for years at home and abroad through a barrage of messages on social media. Experts say it effectively did an end around the Afghan government through its unrelenting publicity campaign, capitalizing on disinformation and a lack of media literacy.”
Journalists in Kabul report on Afghanistan’s crisis, but the Taliban says everything is okay on social media. Experts claim that the Taliban has a sophisticated social media strategy to deceive the West and legitimize the new “government” on the world stage. The Taliban is very deceptive and know how to placate westerners, similar to Chinese and North Korean politicians.
Afghanistan has low Internet literacy and most Afghanis are apt to take Taliban propaganda as fact. Meanwhile the Taliban as an active social media presence, especially on Twitter. Twitter does not ban the Taliban, because the US government has not labeled it a terrorist group. Facebook, however, does ban the Taliban.
The Taliban posts more messages in foreign languages, especially English. In fact, they post more on Twitter than many US and European government departments. They also post lies aka disinformation on Twitter. There is widespread demand for Twitter to ban the Taliban accounts, but Twitter responds they are vigilant monitoring them. The Taliban wants to lure the West into a false sense of security and arguably it is what they have done for the past twenty years. Maybe some of the Taliban picked up social media methods from Cambridge Analytica?
Whitney Grace, September 7, 2021
DarkCyber for September 7, 2021 Now Available
September 7, 2021
DarkCyber is a twice-a-month video news program about the Dark Web, cyber crime, and lesser known Internet services. Program 18 includes stories about China’s information war fighting. The program explains three services which allow anyone to find the individual to which a US license plate has been registered. Crypto currency for criminal activities is playing a larger and larger role in illegal activities. How can you determine the level of risk associated with a particular digital currency transaction. DarkCyber points to a service which provides extremely useful information. The US government has released yet another report about facial recognition. Learn the three systems which are relied upon by several US government entities. There’s a great deal of chatter about nation stations which are sponsoring cyber attacks on the US. These stories often overlook the ease with which an insider can be instrumental in providing access to an allegedly secure network. And, finally, we explain how the Hellfire missile equipped with fragmenting blades has sliced and diced its way into Afghani history. DarkCyber is a production of Stephen E Arnold. The program appears every two weeks. This week’s program is available on the Beyond Search blog and on YouTube.
Kenny Toth, September 7, 2021
Great Moments in Customer Service: Online May Pose Different Risks
September 6, 2021
No, I am not talking about Yext’s new focus on helping customer service via a connected device better. No, I am not talking about Amazon’s paying up to $1,000 for a third party product which exhibits interesting behavior; for example, producing unexpected consequences. Yes, I am talking about a non-digital approach.
Navigate to “An Illinois Man Ran Over His Customer after a Botched Drug Sale. Here’s How Long He’ll Spend in Prison.” Note: Prison sentences in the Land of Lincoln can be malleable. Take terms with both salt and furikake.
The write up reports as “real” news:
Macon County Circuit Court Judge Thomas Griffith sentenced Christopher Castelli on Aug. 24 to a maximum of nine years in prison according to the plea agreement he made with the district attorney’s office. Initially, Castelli was charged with reckless homicide, but the charges were dismissed. Instead, he accepted a plea for leaving the scene of an accident resulting in the death of Alisha Gordon, 27.
Interesting. Honest Abe might wonder about this sentencing and its dismissal. For now, online customer service does not pose this type of risk to customers.
Stephen E Arnold, September 6, 2021
Protonmail Anecdote
September 6, 2021
Protonmail has been mentioned in come circles as a secure email service. Users pay to use the system. I have included it in my lectures about online messaging as an example of a “secure” service.
I spotted this Twitter thread which may be true, but, on the other hand, it may be an example of disinformation. The thread includes a screenshot and comments which may indicate that Protonmail has provided to law enforcement details about a specific user.
The person creating the tweet with the information points out:
I appreciate protonmail transparency on what happened, they provide a onion domain to avoid that issue (and a VPN), every service has to follow the law of the country they are in and a biggest issue here is the criminalization of climate activists by the french police [sic]
Additional information or disinformation may be available from this link.
Stephen E Arnold, September 6, 2021