Registering Dismay: Microsoft Azure Blues
October 20, 2021
The Beyond Search team loves Microsoft. Totally.
Some are not thrilled with automated customer service. Talk to smart software. Skip the human thing. Microsoft’s customer service has been setting a high standard for decades. . Despite the company getting bigger and more powerful, Microsoft sparked a story in The Register called “WTF? Microsoft Makes Fixing Deadly OOMIGOD Flaws On Azure Your Job.”
Azure is Microsoft’s cloud platform and users using Linux VMs are susceptible to four “OMIGOD” in the Open Management Infrastructure (OMI). Linux Azure users are forced to fend for themselves with the OMIGOD bugs, because Microsoft will not assist them. What is even worse for the Linux users is that they do no want to run OMIs on their virtual machines. OMIs are automatically deployed when the VM is installed when some Azure features are enabled. Without a patch, hackers can access root code and upload malware.
The write up points out that Microsoft did some repairs:
“The Windows giant publicly fixed the holes in its OMI source in mid-August, released it last week, and only now is advising customers. Researchers quickly found unpatched instances of OMI. Security vendor Censys, for example, wrote that it discovered ’56 known exposed services worldwide that are likely vulnerable to this issue, including a major health organization and two major entertainment companies.…In other words, there may not be that many vulnerable machines facing the public internet, or not many that are easily found.”
Linux VM users on Azure are unknowingly exposed and a determined hacker could access the systems.
Is it possible Windows 11 is a red herring. OMIGOD, no.
Whitney Grace, October 20, 2021
The Boss of the DoubleClick Outfit Offers Some Advice
October 19, 2021
I read “Alphabet CEO Sundar Pichai Calls for Federal Tech Regulation, Investments in Cybersecurity.” What did the owner of DoubleClick talk about?
That’s easy. Big things like quantum computing which is unlikely to arrive on the Google phone any time soon. And regulation. You know the rules of the road which the DoubleClick outfit follows like a super slick Waymo vehicle which rarely drive into a dead end or create a thrill or two for those spotting one in a bus lane. Plus cybersecurity. Right. That’s why the DoubleClick outfit apparently alerted some Gmail users that a mere nation state or two or three were interested in their missives.
The write up reports that the boss of the DoubleClick systems and methods stated in an interview at a high class technology event:
Pichai additionally tied consumer privacy to security, even noting that “one of the biggest risks to privacy is the data getting compromised” — an interesting statement coming only days after Amazon, a top Google rival, saw its game streaming site Twitch hacked. As for where to draw the line in regulating tech, Pichai said the law shouldn’t encroach on the open internet.
Yep, DoubleClick’s owner did not mention online advertising as originally crafted by pay-to-play innovator Yahoo. Right? Yahoo, the pre IPO settlement, and the GoTo.com/Overture business.
Nope, DoubleClick’s owner did not talk about online advertising and how that money machines has shaped Alphabet Google into the sleek, trustworthy, reliable, and Timnit Gebru-sensitive outfit it is today.
Minor omission. Understandable from the owner of the DoubleClick technology.
Following rules is the name of the game. The question is, “What rules is Alphabet Google following?”
Why new ones are important to the company is not particularly clear to me. But I just sit in my computer lab in rural Kentucky and marvel at how the owner of the DoubleClick technology can be so darned sincere and earnest.
As Oscar Wilde observed in the Importance of Being Earnest:
The truth is rarely pure and never simple.
That’s why it is challenging to delete old email on the Gmail system, why Android is a busy beaver in the transfer data stream, and why the Importance of Being Earnest is relevant to the mom-and-pop online advertising company and, of course, to quantum computing.
Stephen E Arnold, October 19, 2021
Data Slupring Gluttons: Guess Who, Please?
October 19, 2021
Apple’s iOS enjoys a reputation of being more respectful of users’ privacy than Google’s Android. However, announces Tom’s Guide, “New Study Reveals iPhones Aren’t as Private as You Think.” The recent paper was published by Trinity College’s School of Computer Science & Statistics. Unlike the many studies that have covered what kind of data apps collect, this research focusses on data reaped by core operating systems.
The researchers found Android does collect a higher volume of data, but iPhones collect more types of information. This includes data about other devices that could allow Apple to make a relationship graph of all devices in a local network, whether a home, office, or public space like a café. Creepy. Not only that, both operating systems collect telemetry and other data even when users explicitly opt out. Much of this collection happens when the phone is powered up. The rest occurs the whole time the device is on, even when sitting idle. Writer Paul Wegenseil specifies:
“Both the iPhone and Android phone called home to Apple and Google servers every 4 or 5 minutes while the phones were left idle and unused for several days. The phones were powered on and plugged in, but the users had not yet logged into Apple or Google accounts. Even when the iPhone user stayed logged out of their Apple account, the iPhone still sent identifying cookies to iCloud, Siri, the iTunes Store and Apple’s analytics servers while the iPhone was idle. It also sent information about nearby devices sharing the same Wi-Fi network. When location services were enabled on the iPhone, its latitude and longitude were transmitted to Apple servers. On Android, data is sent to Google Play servers every 10 to 20 minutes even when the user is not logged in. Certain Google apps also send data, including Chrome, Docs, Messaging, Search and YouTube, although only YouTube sends unique device identifiers. Even when the iPhone user stayed logged out of their Apple account, the iPhone still sent identifying cookies to iCloud, Siri, the iTunes Store and Apple’s analytics servers while the iPhone was idle. It also sent information about nearby devices sharing the same Wi-Fi network.”
Unfortunately, researchers concluded, there is not much one can do to prevent this data from being harvested. The best Android users can do is to start their phone with network connections disabled. The study found disabling Google Play Services and the Google Play and YouTube apps before connecting to a network prevented the vast majority of data sharing. But then, users would have to visit other app stores to download apps, each of which has its own privacy issues. Apple users do not even have that option, as their device must connect to a network to activate.
See the article for a summary of the researchers’ process. They reached out to both companies for comment. Google responded by comparing its data collection to the statistics modern vehicles send back to manufacturers—they just want to make sure everything is working properly. Apple’s spokesperson quibbled with the researchers findings and insisted users’ personal data was safe and could not be traced to individuals. I suppose we will just have to take their word for it.
Cynthia Murrell October 19, 2021
Digital Shadows Announces Social Monitor
October 19, 2021
Deep fakes? They are here and Digital Shadows has a service for those who live in fear of digital manipulation.
Bad actors often pose as corporations’ executives and other key personnel on social media. Sometimes the goal is to damage the target’s reputation, but more often it is to enact a phishing scheme. Either way, companies must put a stop to these efforts as soon as possible. We learn there is a new tool for that from, “Digital Shadows Launches SocialMonitor—a Key Defense Against Executive Impersonation on Social Media” posted at PR Newswire. The press release tells us:
“All social media platforms will take down fake accounts once alerted but keeping on top of the constant creation of fake profiles is a challenge. SocialMonitor overcomes these challenges by adding targeted human collection to SearchLight’s existing broad automated coverage. Digital Shadows customers simply need to register key staff members within the SearchLight portal. Thereafter, users will receive ‘Impersonating Employee Profile’ alerts which will be pre-vetted by its analyst team. This ensures that organizations only receive relevant notifications of concern. Russell Bentley at Digital Shadows comments: ‘Fake profiles on social media are rife and frequently used to spread disinformation or redirect users to scams or malware. Social media providers have taken steps such as providing a verified profile checkmark and removing fake accounts. However, there is often too long a window of opportunity before action can be taken. SocialMonitor provides organizations with a proactive defense so that offending profiles can be taken down quickly, protecting their customers and corporate reputation.’”
Note this is yet another consumer-facing app from Digital Shadows, the firm that appears to be leading the Dark Web indexing field. Curious readers can click here to learn more about SocialMonitor. Digital Shadows offers a suite of products to protect its clients from assorted cyber threats. Based in San Francisco, the company was founded in 2011.
Cynthia Murrell October 19, 2021
Research? Sure. Accurate? Yeah, Sort Of
October 19, 2021
Facebook is currently under scrutiny unlike any it has seen since the 2018 Cambridge Analytica scandal. Ironically, much of the criticism cites research produced by the company itself. The Verge discusses “Why These Facebook Research Scandals Are Different.” Reporter Casey Newton tells us about a series of stories about Facebook published by The Wall Street Journal collectively known as The Facebook Files. We learn:
“The stories detail an opaque, separate system of government for elite users known as XCheck; provide evidence that Instagram can be harmful to a significant percentage of teenage girls; and reveal that entire political parties have changed their policies in response to changes in the News Feed algorithm. The stories also uncovered massive inequality in how Facebook moderates content in foreign countries compared to the investment it has made in the United States. The stories have galvanized public attention, and members of Congress have announced a probe. And scrutiny is growing as reporters at other outlets contribute material of their own. For instance: MIT Technology Review found that despite Facebook’s significant investment in security, by October 2019, Eastern European troll farms reached 140 million people a month with propaganda — and 75 percent of those users saw it not because they followed a page but because Facebook’s recommendation engine served it to them. ProPublica investigated Facebook Marketplace and found thousands of fake accounts participating in a wide variety of scams. The New York Times revealed that Facebook has sought to improve its reputation in part by pumping pro-Facebook stories into the News Feed, an effort known as ‘Project Amplify.’”
Yes, Facebook is doing everything it can to convince people it is a force for good despite the negative press. This includes implementing “Project Amplify” on its own platform to persuade users its reputation is actually good, despite what they may have heard elsewhere. Pay no attention to the man behind the curtain. We learn the company may also stop producing in-house research that reveals its own harmful nature. Not surprising, though Newton argues Facebook should do more research, not less—transparency would help build trust, he says. Somehow we doubt the company will take that advice.
A legacy of the Cambridge Analytica affair is the concept that social media algorithms, perhaps Facebook’s especially, is reshaping society. And not in a good way. We are still unclear how and to what extent each social media company works to curtail false and harmful content. Is Facebook finally facing a reckoning, and will it eventually extend to social media in general? See the article for more discussion.
Cynthia Murrell October 19, 2021
DarkCyber for October 19, 2021: DDoS Takedown, More NSO Group PR, VPN Shift, and Autonomous Kills
October 19, 2021
DarkCyber reports about cyber security, online services, and smart software. You can view this program at this url.
This edition of the program includes four stories:
- The US Department of Justice terminated 15 Internet domains involved in denial of service functions. These offered crime as a service and allowed customers to launch DDoS attacks with minimal technical expertise.
- The NSO Group captured headlines again. The result of revelations in a British legal proceeding resulted in the Israeli specialized services firm firing one of its Middle Eastern clients.
- Roll ups are popular among some financial experts. Aggregation means less competition and greater market reach. Consolidation is underway in the virtual private network sector. Will Kape Technology’s acquisition of Private Internet Access and Express VPN produce benefits for customers?
- The final story explores the most innovative facet of Israel’s alleged autonomous termination of a nuclear scientist. The smart software is just part of the story.
DarkCyber is produced by Stephen E Arnold, publisher of Beyond Search.
Kenny Toth, October 19, 2021
Interesting Behavior: Is It a Leitmotif for Big Tech?
October 18, 2021
A leitmotif, if I remember the required music appreciation course in 1962 is a melodic figure that accompanies a person, a situation, or a character like Brünnhilde from a special someone’s favorite composer.
My question this morning on October 18, 2021, is:
“Is there a leitmotif associated with some of the Big Tech “we are not monopolies” outfits?”
You can decide from these three examples or what Stephen Toulmin called “data.” I will provide my own “warrant”, but that’s what the Toulmin’s model says to do.
Here we go. Data:
- The Wall Street Journal asserts that William “Bill” Gates learned from some Softie colleagues suggested Mr. Gates alter his email behavior to a female employee. Correctly or incorrectly, Mr. Gates has been associated with everyone’s favorite academic donor, Jeffrey Epstein, according to the mostly-accurate New York Times.
- Facebook does not agree with a Wall Street Journal report that the company is not doing a Class A job fighting hate speech. See “Facebook Disputes Report That Its AI Can’t Detect Hate Speech or Violence Consistently.”
- The trusty Thomson Reuters reports that “Amazon May Have Lied to Congress, Five US Lawmakers Say.” The operative word is lied; that is, not tell the “truth”, which is, of course, like “is” a word with fluid connotations.
Now the warrant:
With each of the Big Tech “we’re not monopolies” a high-profile individual defends a company’s action or protests that “reality” is different from the shaped information about the individual or the company.
Let’s concede that these are generally negative “data.” What’s interesting is that generally negative and the individuals and their associated organizations are allegedly behaving in a way that troubles some people.
That’s enough Stephen Toulmin for today. Back to Wagner.
Leitmotifs allowed that special someone’s favorite composer to create musical symbols. In that eminently terse and listenable Der Ring des Nibelungen, Wagner delivers dozens of distinct leitmotiv. These are possible used to represent many things.
In our modern Big Tech settings, perhaps the leitmotif is the fruits of no consequences, fancy dancing, and psychobabble.
Warrant? What does that mean? I think it means one thing to Stephen Toulmin and another thing to Stephen E Arnold.
Stephen E Arnold, October 18, 2021
Xoogler Identifies Management Idiosyncrasies and Insecurities
October 18, 2021
Curious about how the GOOG manages. There an interesting interview on Triggernometry with Taras Kobernyk, a former engineer with the mom-and-pop online advertising company. You can locate the video at this url. Some useful information emerges in the video. Here are three examples from my notes:
- Google has an American culture
- It’s hard to trust the company
- Management is afraid.
I found the interview interesting because the engineer was from the former Soviet Union and seems to have taken some Google’s googley statements in a literal way. Result? Job hunt time. Is there “Damore” information to be revealed?
Stephen E Arnold, October 18, 2021
Office 365: A Petri Dish for Malware?
October 18, 2021
Microsoft has a PR problem? Microsoft may have other issues as well, but “Infosec Expert Beaumont Slams Microsoft Over Hosting Malware for Years” seems like a semi-negative write up. Is the situation as dire as the article suggests? I don’t know, but it seems as if it is not what you would call:
- A ringing endorsement for Microsoft security
- An illustration of Microsoft’s approach to Office 365
The write up asserts:
An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows.
How has Microsoft responded? The write up quotes infosec expert Beaumont as saying:
Before the train of MS employees arrive saying ‘just report it’, try getting them and future ones taken down yourselves. I did. It was a disaster.
The write up, which is a mish mash of quotes and tweets, contains a number of interesting allegedly true factoids.
True? Maybe. Not-so-great PR for the company that follows China’s content guidelines? Sure seems like it.
Stephen E Arnold, October 18, 2021
Amazon and Google: Another Management Challenge
October 18, 2021
There’s nothing like two very large companies struggling with a common issue. I read “Nearly 400 Google and Amazon Employees Called for the Companies to End a $1.2 Billion Contract with the Israeli Military.” Is the story true or a bit wide of the mark? I don’t know. It is interesting from an intellectual point of view.
The challenge is a management to do, a trivial one at that.
According to the write up:
Hundreds of Google and Amazon employees signed an open letter published in The Guardian on Tuesday [presumably October 12, 2021] condemning Project Nimbus, a $1.2 billion contract signed by the two companies to sell cloud services to the Israeli military and government.
Now what?
According to the precepts on the high school science club management method, someone screwed up hiring individuals who don’t fit in. The solution is to change the rules of employment; that is, let these individuals work from home on projects that would drive an intern insane.
Next up for these two giants will be a close look at the hiring process. Why can’t everyone be like those who lived in the dorm with Sergey and Larry or those who worked with Jeff Bezos when he was a simple Wall Street ethicist?
I will have to wait and see how these giant firms swizzle a solution or two.
Stephen E Arnold, October 18, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
