Microsoft: The Security Supremo Cloud Pitch
February 28, 2022
I read “Microsoft’s New Security Chief Says It Is Time to Take Shelter in the Cloud.” The write up reports:
Microsoft has been hit by a series of high-profile cyber intrusions in recent years. In December 2020, the company said it had been compromised by the hackers behind the cyberattack on SolarWinds Corp.—a group that U.S. officials have linked to the Russian government. Months later, Microsoft’s widely used email product, Exchange, was targeted by a cyberattack that was eventually linked to the Chinese government.
I know. So now Microsoft wants me to trust their cloud service because it is more secure?
What’s interesting is that a former Amazon AWS executive is in charge. Apparently he has addressed assorted security concerns. He is, if true, a fast worker or a faster PR content generator.
The write up points to February 22, 2022, as the day it asserted it would repurpose the Microsoft security products for the Google cloud. Keep in mind that Microsoft security is compatible with Amazon’s cloud.
The write up includes this statement:
In addition to the SolarWinds and Exchange cyberattacks, the company in August had to repair a flaw in the Azure cloud—strategically Microsoft’s most-critical business—after a cybersecurity company found a bug that left customer data exposed. The Azure bug, which was discovered by the cybersecurity company Wiz Inc., rattled some Microsoft customers because it showed how hackers could steal data from thousands of customers by targeting one part of Microsoft’s cloud.
Saying security is different from delivering security. In some ways, Microsoft’s penchant for distraction with the wonky Windows 11 release and then the super spectacular metaverse game type thing have worked.
Now security is back in the spotlight. Oh, just move everything to the cloud. Lock in? Yep. More expensive? For some yes. Put all the eggs in one basket with some security issues? Sure, that makes perfect sense.
If you are doubtful about the cloud, navigate to “Report: 76% of IT Pros Say That Cloud Has Hit a Wall.” The main idea of that write up is that
multicloud, multitool environments have outgrown the tools and platforms that IT leaders currently rely on.
That’s what’s interesting about the Microsoft security PR. Flawed software? Seems possible.
Remember SolarWinds? Remember Exchange Server?
Stephen E Arnold, February 28, 2022
Insider Threat: A Tricky Risk for Everyone
February 28, 2022
I spotted two report. One is from the once-upon-a-time Google- and In-Q-Tel outfit Recorded Future. The company published “Conti Ransomware Gang Chats Leaked by Pro-Ukraine Member”. Another version (maybe not verification of the Recorded Future story) appeared in “Backing Russia Backfires as Conti Ransomware Gang Internal Chats Leak.” I am never sure if stories are spot on, recycled rumors, or “real” news.
The main point of both stories is thought provoking.
A group of bad actors named “Conti” want to support a specific regime. One of the members of this group was not on board with the concept. This individual obtained confidential messages from members of the Conti outfit. With the information in hand, the “insider” made the content available to people outside of the gang.
From my point of view, the two stories make one point clear: If true, insider threats are often more of a threat that other types of actions. If false, the two stories provide a road map for individuals who want to pay off or cause some other factor to spark an insider into spilling the beans.
Net net: Insider threats are a vulnerability which warrant attention, not just a Fancy Dan automated email list of new exploits. Plus, this is a useful anecdote to share with those who tell me, “It can’t happen in my group.”
Stephen E Arnold, February 28, 2022
NSO Group: Now Taking Legal Action to Protect Its Image
February 28, 2022
I am not sure how long this story will be online with legal eagles from media and the intelware company NSO Group taking flight. The story is “NSO Sues Israeli Paper after Explosive Articles on Police.” [Note: The estimable Associated Press may remove the MFTV 9 story or put it behind a paywall where great content should thrive.] The original story whipped up a buzz saw of chatter about one of the more high profile surveillance systems. The Pegasus brand has been trampled by the plodding mules ridden by individuals unaware of the specialized software and services business, their customers, and the unreasonable effectiveness of zero click exploits.
The write up states that NSO Group went to court and demanded that the Calcalist be held to account for a story which is allegedly not true.
And what does NSO Group want? About $300,000 US dollars.
This is an interesting story with security and political implications. But the Kosher Mehadrin margarine on the kubaneh is the charity angle. Is that a PR move by NSO Group?
What’s fascinating to me is that the NSO Group has found a way to remain in the news despite recent events in Ukraine, financial turmoil in financial markets, and the headline making mask wearing thing.
Is this helping or hurting the intelware and policeware vendors? From what I hear, the NSO Group’s PR generating activities has not had a significant impact on vendors based outside of Tel Aviv. Israeli vendors find that some of their MBA-inspired enthusiasm for expanding their market share has been dialed back.
A bigger problem for specialized services and software companies is that knowledge has diffused widely so that start ups operated by good actors and maybe less good actors are popping up. Plus, some of the once secret systems and methods are creeping into the open source software environment.
Maybe secrecy has some value when it comes to government related activities?
Stephen E Arnold, February 28, 2022
MSFT Insemination Algorithm: Too Much Herbe Matte and Twisted Bolos?
February 28, 2022
Microsoft, what were you thinking? Wired describes “The Case of the Creepy Algorithm that ‘Predicted’ Teen Pregnancy.” Creepy is right. The setting is 2018 Argentina, as legislators were debating whether to decriminalize abortion. (It did finally become legal there in 2020.) We learn:
“The Ministry of Early Childhood in the northern province of Salta and the American tech giant Microsoft presented an algorithmic system to predict teenage pregnancy. They called it the Technology Platform for Social Intervention. … The stated goal was to use the algorithm to predict which girls from low-income areas would become pregnant in the next five years. It was never made clear what would happen once a girl or young woman was labeled as ‘predestined’ for motherhood or how this information would help prevent adolescent pregnancy. The social theories informing the AI system, like its algorithms, were opaque. The system was based on data—including age, ethnicity, country of origin, disability, and whether the subject’s home had hot water in the bathroom—from 200,000 residents in the city of Salta, including 12,000 women and girls between the ages of 10 and 19. Though there is no official documentation, from reviewing media articles and two technical reviews, we know that ‘territorial agents’ visited the houses of the girls and women in question, asked survey questions, took photos, and recorded GPS locations.”
The targets of these intrusions were all poor, and many are members of immigrants or indigenous peoples. Such overbearing treatment is nothing new for those communities, nor is it unusual for Argentina’s women and girls in general. While the government positioned the technology as a way to combat teen pregnancy, it never described how that would work. Critics insist it was actually a way to blame girls and women for their situations with no consideration for context. Like the high rate of sexual violence, for example. In theory, the subjects could have declined to participate, but that would mean defying the ministry that provides them with free vaccinations and milk. A collaboration of journalist Diego Jemio, anthropologist Alexa Hagerty, and Argentine feminist activist and researcher Florencia Aranda, the article provides a detailed historical backdrop against which this affront should be viewed. Navigate to the article for that compelling, and at times enraging, account.
Argentina is eager to become a leader in the AI field. However, unlike the US or the EU, Argentina has no process to determine the impact of AI systems on citizens, never mind adequate regulations. As a result, no formal review of the Technology Platform for Social Intervention’s impact on women and girls was ever produced nor data on its accuracy or outcomes ever published. The authors could not even determine whether the program is still in operation. We suppose transparency is too much to ask from Argentina’s Ministry of Early Childhood. Microsoft, what do you have to say?
Cynthia Murrell, February 28, 2022
How to Be Happy the Microsoft Way: Endorsed by the Harvard Business Review?
February 25, 2022
I read a fascinating article about being happy. “A Microsoft Exec Says Tech, Not People, Makes Employees Really Happy” recycles an article from the estimable Harvard Business Review published an article titled “In a Hybrid World, Your Tech Defines Employee Experience.” I want to be upfront. I find most of the information in the HBR focused on authors hawking some type of consulting expertise. The outputs in the HBR acted like a magnet on blue chip consulting firms. Getting an article in the HBR was the equivalent of getting Elvis Presley to throw a perspiration tinged scarf to an adoring fan.
According to the source recycling the HRB information about being happy, I noted these statements of Delphic grade insight minus the blood of a dove, a goat, and possibly a misbehaving acolyte.
- Employee experiences are defined by technology.
- Technology and workplace tools are the new workplace. [HBR apparently likes this type of repetition]
- “Technology is “becoming central in attracting and retaining new talent, fostering workplace culture, creating productivity, and more.”
I want to offer some of my personal happy experiences with Microsoft technology:
- Updates which kill functions; for example, a system cannot print. This makes me happy for sure.
- Posturing about security when the vulnerabilities spawned by Microsoft software thrill bad actors each and every day.
- Microsoft Word’s remarkable ability to move images in delightful ways.
- The shallow spidering of the just so wonderful Bing content processing system.
- Rumors and allegations about Bill Gates and his interesting interactions with other Microsoft professionals
- A foldable phone with weird performance characteristics for two-screeners with good eyes
- Microsoft WiFi hardware which a Softie told me, “Doesn’t work.”
- Meaningless features in a screen capture utility
- Did I mention Exchange Server vulnerabilities? Yeah.
- And Teams for those using a Mac without a Microsoft 365 subscription. That’s a thrill.
I recall one meeting at which a senior Softie took an iPhone from an employee in a meeting with lots of people in the audience. I recall the baffled looks on the faces of Microsoft Research experts when I asked for a show of hands for those who were familiar with Kolmogorov’s approach to probability. No hands went up. Bummer. I recall a mobile meeting in which I was told, “Mobiles will never have multiple radios.”
Ah, memories.
But the HBR write up explains that my experiences would make me happier via technology.
Yeah, right. Thoughts from the Microsoft person who pointed the finger at a 1,000 engineers directed by a nation state to compromise Citadel Windows. Yep, that person.
Stephen E Arnold, February 25, 2022
IBM Watson: Creative Re-Explaining
February 25, 2022
I read “IBM Charts New Brand Direction With Campaign Built Around Creativity.”
The article contains an interesting statement allegedly articulated by Jonathan Adashek, cco and svp of marketing and communications at IBM
Adashek said IBM has historically had trouble articulating a clear and unifying purpose for a business as sprawling and multifaceted as the 110-year-old enterprise giant has become. But with business moves like the Kyndryl spinoff helping to strengthen the company’s core focus on growth areas like artificial intelligence and hybrid cloud computing, IBM decided it was time to boil down its public-facing message.
Does this mean the Watson “anti creativity” has been left behind?
Nope. Here’s some evidence:
Ogilvy global chief creative officer Liz Taylor said the concept for the campaign evolved out of the idea that a certain type of creative thinking is central to the business projects that many IBM clients are attempting to tackle—and that the company’s range of enterprise tech and consulting services can help with that. “It really started in the sort of notion of this era of creativity is the defining currency of business,” Taylor said. “It’s not necessarily creativity in the way I might think of my job, but our audience is just increasingly responsible for creating and executing visions for how to compete in this new world.”
Yep, IBM is creative: Clever contracts related to a certain nation state in the good old WW2 era, addressing cancer and telling, “You are history”, and now a type of creative different from that delivered by Madison Avenue-types.
Yep, “not necessarily creativity in the way I might think of my job” which is to explain that IBM fuels creativity.
Logical? Not necessarily. Did you know that IBM’s creativity allowed it to acquire a Microsoft Azure consulting firm called Neudisic? Buying innovation and a revenue stream for a semi successful cloud provider? Yes. Creative? Sure.
Stephen E Arnold, February 25, 2022
UK Bill Would Require Age Verification
February 25, 2022
It might seem like a no-brainer—require age verification to protect children from adult content wherever it may appear online. But The Register insists it is not so simple in, “UK.gov Threatens to Make Adults Give Credit Card Details for Access to Facebook or TikTok.” The UK’s upcoming Online Safety Bill will compel certain websites to ensure users are 18 or older, a process often done using credit card or other sensitive data. Though at first the government vowed this requirement would only apply to dedicated porn sites, a more recent statement from the Department for Digital, Culture, Media, and Sport indicates social media companies will be included. The statement notes research suggests such sites are common places for minors to access adult material.
Writer Gareth Corfield insists the bill will not even work because teenagers are perfectly capable of using a VPN to get around age verification measures. Meanwhile, adults following the rules will have to share sensitive data with third-party gatekeepers just to keep up with friends and family on social media. Then there is the threat to encryption, which would have to be discontinued to enable the bills provision for scanning social media posts. Civil liberties groups have expressed concern, just as they did the last time around. Corfield observes:
“Prior efforts for mandatory age verification controls were originally supposed to be inserted into Digital Economy Act but were abandoned in 2019 after more than one delay. At that time, the government had designated the British Board of Film Classification, rather than Ofcom, as the age verification regulator. In 2018, it estimated that legal challenges to implementing the age check rules could cost it up to £10m in the first year alone. As we pointed out at the time, despite what lawmakers would like to believe – it’s not a simple case of taking offline laws and applying them online. There are no end of technical and societal issues thrown up by asking people to submit personal details to third parties on the internet. … The newer effort, via the Online Safety Bill, will possibly fuel Britons’ use of VPNs and workarounds, which is arguably equally as risky: free VPNs come with a lot of risks and even paid products may not always work as advertised.”
So if this measure is not viable, what could be the solution to keeping kids away from harmful content? If only each child could be assigned one or more adults responsible for what their youngsters access online. We could call them “caregivers,” “guardians,” or “parents,” perhaps.
Cynthia Murrell, February 25, 2022
Anduril Victorious with SOCOM Contract
February 25, 2022
Tech startups, and the venture capitalists that back them, have been trying valiantly to break the chains of traditional government procurements. Pointing to a recent nearly billion-dollar deal, Breaking Defense ponders, “Anduril Nets Biggest DoD Contract to Date: Signifier or Outlier for Defense Start-Ups?” Anduril is based in Irvine, California, and was founded in 2017. The surveillance and military tech company beat out 11 others competing for the lucrative contract with Special Operations Command (SOCOM). Reporter Andrew Eversden writes:
“Anduril will serve as a systems integrator partner on SOCOM’s counter-unmanned systems efforts. The contract is worth a maximum of $967,599,957 over the next the decade. Under the contract, SOCOM will be able to purchase Anduril’s systems through traditional means, in addition to buying Anduril’s products as a service, meaning the command can configure the system ‘based on mission profiles and ensuring SOCOM can rapidly adapt to new and evolving threat profiles.’ According to the company press release, the company will ‘deliver, advance, and sustain CUxS capabilities for special operations forces wherever they operate.’ It will provide counter-drone capability through its Lattice AI platform, which is designed to autonomously identify and classify threats. The system will be deployed both domestically and overseas, the Jan. 20 announcement stated. Anduril has made major strides in the last year positioning itself to win major defense contracts and augment its technology portfolio. Last year, it acquired Area-I, a tube-launched unmanned aerial system maker. Last summer, the company won a five-year, $99 million production other transaction agreement with the Pentagon’s Defense Innovation Unit for its counter-drone tech. In September, it bought Copious Imaging, whose technology added another layer of threat detection to Anduril’s air defense portfolio.”
We also note the firm had the honor of collaborating with Palantir on the Army’s Tactical Intelligence Targeting Access Node (TITAN) prototype last year. Tech executives and investors have expressed frustration at the challenges of doing business with our military, but this latest contract may be a signal that startups and other non-giant companies can make their way in the federal marketplace after all. On the other hand, we are told, SOCOM has long been the DoD division most likely to embrace innovative, non-traditional partners. If this contract goes well, perhaps SOCOM’s forward-thinking perspective will spread to other agencies. No pressure, Anduril.
Cynthia Murrell, February 25, 2022
Facebook: Irish Troubles
February 24, 2022
When I think of Ireland, here’s what comes to mind:
- A really weird street with jazzy murals and a penchant for violence
- Uplifting novels by Ken Bruen
- Potatoes
- The craic
After reading “Facebook Receives Bad News That Could Disrupt Its Business,” I am now thinking big money changing hands. The write up explains:
“We issued our decision [regarding trans border data] to Meta yesterday. And we have given them 28 days to come back to us with any comments they have. And at that stage we will prepare our draft decision and send our draft decision to our colleague data protection authorities in the EU and I expect that to happen in April,” Doyle [Irish Data Protection spokes person] said. The stakes are high: if the Meta is prohibited from transferring information, its activities in Europe will be very strongly affected.
Implications? Meat — sorry, I meant Meta, formerly the Zuckbook — has one more issue to ponder. Oscar Wilde noted:
“Experience is merely the name men gave to their mistakes.”
Perhaps a VR headset will improve the Emerald Isle real world experience?
Stephen E Arnold, February 24, 2022
Google: A New FPGA Standard: Seems Like a Big Move
February 24, 2022
I know from my previous work projects that semiconductor talk makes people go to sleep. Sure, there are some chip heads who salivate when considering X ray etching and the physics of nanometer scale silicon. Take it from me this quite important technical field is less thrilling than the average TikTok video.
Nevertheless, I want to call your attention to “FPGA Interchange Format to Enable Interoperable FPGA Tooling.” The title just screams big win for everyone. Remember the “Don’t be evil thing”? Ho ho ho.
Here’s the passage which snagged my attention:
Those benefits will extend to not only VPR and nextpnr, but to any other closed source tools, or new open source ones that adopt and implement the Interchange format. Having a standard Interchange format at the tooling developers’ disposal lowers the barriers to developing new open source tools in this area. As example use cases, it enables new approaches to partial dynamic reconfiguration and the exploration of different place and route algorithms. [emphasis added’’]
What’s the jargon mean?
Google aims to define the standard. Good news for everyone, right. Perhaps one should ask those who have other ideas about floating point gate array systems and methods?
Nah, let’s not. Let Googzilla graze in green pastures. A standard makes it easy for with it folks to build Googley systems and integrate certain nifty machine learning mechanisms. Deep dive? You get a free snorkel too.
Stephen E Arnold, February 24, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
