Microsoft Security: Time for the Softies to Release Windows 12, a Phone, or a Bid to Buy Tesla?
March 22, 2022
I find the headline amusing. I don’t find the story “Lapsus$ Hackers leak 37GB of Microsoft’s Alleged Source Code” particularly amusing. The Softies have become the outfit with a bright laser dot on the company’s logo. The write up reports:
The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server.
Okay, let’s assume that the story is mostly accurate or meeting a higher standard than that set by the New York Times for its coverage of a certain president’s son and his non-functioning laptop.
The article points out:
Furthermore, we are told that some of the leaked projects contain emails and documentation that were clearly used internally by Microsoft engineers to publish mobile apps. The projects appear to be for web-based infrastructure, websites, or mobile apps, with no source code for Microsoft desktop software released, including Windows, Windows Server, and Microsoft Office. When we contacted Microsoft about tonight’s source code leak, they continued to tell BleepingComputer that they are aware of the claims and are investigating.
Ho ho ho. Perhaps Microsoft’s security, including Defender, lacks some capabilities?
How many breaches are necessary before stakeholders make clear that the brittleness, flaws, and questionable engineering be remediated?
Is some wizard at Microsoft suggesting a re-run of plays which have worked in the past; for example, just put out a news release of Windows or splash cash and PR for a big acquisition? Just imagine a Tesla with Windows File Explorer ads displayed on that great big center display.
Stephen E Arnold, March 22, 2022
Synthetic Data Are Better Than Data from Real Life. Does Better Mean Cheaper?
March 22, 2022
I read “When It Comes To AI, Can We Ditch The Datasets?” The answer, as you may have surmised, is, “Absolutely.”
Synthetic data is like polystyrene. Great for building giant garbage islands and not so great for the environment. So trade offs. What’s the big deal?
The write up explains:
To circumvent some of the problems presented by datasets, MIT researchers developed a method for training a machine learning model that, rather than using a dataset, uses a special type of machine-learning model to generate extremely realistic synthetic data that can train another model for downstream vision tasks.
What can one do with made up data about real life? That’s an easy one to answer:
Once a generative model has been trained on real data, it can generate synthetic data that are so realistic they are nearly indistinguishable from the real thing.
What can go wrong? According to the article, nothing.
Well, nothing might be too strong a word. The write up admits:
But he [a fake data wizard] cautions that there are some limitations to using generative models. In some cases, these models can reveal source data, which can pose privacy risks, and they could amplify biases in the datasets they are trained on if they aren’t properly audited.
Yeah, privacy and bias. The write up does not mention incorrect or off base guidance.
But that’s close enough for nothing for an expert hooked up with IBM Watson (yes, that Watson) and MIT (yes, the esteemed institution which was in financial thrall to one alleged human trafficker).
And Dr. Timnit Gebru’s concerns? Not mentioned. And what about the problems identified in Cathy O’Neill’s Weapons of Math Destruction? Not mentioned.
Hey, it was a short article. Synthetic data are a thing and they will help grade your child’s school work, determine who is a top performer, and invest your money so you can retire with no worries.
No worries, right.
Stephen E Arnold, March 22, 2022
Microsoft Defender Is On the Job
March 22, 2022
I don’t know if this write up is an early April Fool thing or actual factual. “Microsoft Defender Goofed Up As It Flagged Its Own Office Updates As Malware” states:
…the company’s Defender for Endpoint security started detecting updates for its own Office app as ransomware. The antivirus program was misidentifying the “OfficeSvcMgr.exe” as malicious software.
Let’s assume there is some truth in the statement OfficeSvcMgr.exe is malicious. My ideas are:
- Careless Microsoft coding was part of OfficeSvcMgr.exe and less flawed coding by another Microsoft technical group spotted the “flaw”
- Microsoft’s quality assurance for its “security” systems remains questionable and the business process flaws have not yet been remediated
- Microsoft is busy adding features to Teams and ads to File Manager so there’s no time or resources to deal with the outstanding Defender service.
Which is closer to the pin? I am into the flawed business processes. But the appeal of putting ads into an operating system is a close second.
Stephen E Arnold, March 22, 2022
AI: Talking with a Sus Domesticus
March 22, 2022
Humans have wanted to understand their fellow animals since the Garden of Eden. They have conducted research experiments to learn animal behavior with the possible hope of decoding the language of beasts. Following in the throes of past animal researchers, AI scientists might have cracked the code to talking with animals says The Guardian in: “Grunt Of The Litter: Scientists Use AI To Decode Pig Calls.”
Animal communication expert Dr. Elodie Briefer of the University of Copenhagen worked with an international team to develop an algorithm that decodes pig grunts. The team trained a neural network to decipher when swine experienced positive and negative emotions with audio recordings and behavioral data.
The researchers found:
“The scientists used the algorithm to distinguish calls linked to positive emotions from those linked to negative emotions. The different noises represented emotions across the spectrum and reflected positive situations, such as huddling with littermates, suckling their mothers, running about and being reunited with the family, to negative situations ranging from piglet fights, crushing, castration and waiting in the abattoir.
The researchers found that there were more high-pitched squeals in negative situations. Meanwhile, low-pitched grunts and barks were heard across the board, regardless of their predicament. Short grunts, however, were generally a good sign of porcine contentment.”
Dr. Briefer and her team discovered there’s a stark difference between positive and negative pig sounds. The algorithm correctly classified 92% of grunt recordings. The team hopes to expose the algorithm to more recordings with a broader emotion spectrum for further clarification and possibly communicate with other animals.
The pig translation algorithm could be employed in the meat industry to improve animals’ mental welfare. Dr. Temple Grandin revolutionized animals’ physical and mental wellbeing with her improvements to the meat industry, Dr. Briefer and her team could build on her research. They can do a whole lot more than PETA. In the meantime, we might be on our way to understanding pigs, but why do we still have trouble with automated phone systems?
Whitney Grace, March 22, 2022
Insider Threat News: Two Interesting Situations at Two Sophisticated Companies
March 21, 2022
As you may know, I enjoy pointing out that some big buck cyber security systems struggle with insider threats. Isn’t it easier to put the words “detect and prevent insider threats” on a marketing slide deck than implement the service?
Two events may serve to remind those who wonder about the risks insider threat pose.
First, “Microsoft Investigating Claim of Breach by Extortion Gang” explains that a bad actor entity advertised for insiders. This quote is from the cited article:
We recruit employees/insider at the following!!!! Apple, IBM, and Microsoft. TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk.
If accurate, this group (LKAPSUS$) is clear about the why and what it wants. The article alleges that Microsoft is beavering away to determine if its systems have been breached. Don’t the Softies use Defender and other MSFT cyber defense services? Yeah, well.
Second, Apple made headlines because an insider spoofed Apple’s security to the tune of an alleged $10 million. “Former Apple Employee Charged with $10M Fraud” reports:
… Prosecutors allege that while Prasad negotiated with suppliers and entered invoices into the purchasing system, he was conspiring to take kickbacks, using false repair orders to steal parts, and paying for goods and services never received using Apple’s money. The charges go on to allege tax evasion, wire and mail fraud, defrauding the United States, and money laundering, noting that Prasad was fired from Apple in December 2018 after a decade of employment.
How about those internal security and auditing business processes? Apple cares about privacy and security is the firm’s assertion. Again: Marketing is easier than preventing an insider threat.
Why am I bringing up a subject which is not discussed in the specific context of expensive cyber security systems? I offer these examples to make clear that what a cyber outfit says and what its products and services do are less reliable than a decade AvtoVAZ LADA. If you are not familiar with these vehicles, try to find one to drive on a long road trip through the Rocky Mountains. No LADA? Go for a Renault.
Stephen E Arnold, March 21, 2022
Google: Admitting What It Does Now That People Believe Google Is the Holy Grail of Information
March 21, 2022
About 25 years. That’s how long it took Google to admit that it divides the world into bluebirds, canaries, sparrows, and dead ducks. Are we talking about our feathered friends? Nope. We are dividing the publicly accessible Web sites into four categories. Note: These are my research team’s classifications:
Bluebirds — Web sites indexed in sort of almost real time. Example: whitehouse.gov and sites which pull big ad sales
Canaries — Web sites that are popular but indexed in a more relaxed manner. Example: Sites which pull ad money but not at the brand level
Sparrows — Web sites that people look at but pull less lucrative ads. Example: Your site, probably?
Dead ducks — Sites banned, down checked for “quality”, or sites which use Google’s banned words. Example: You will have to use non Google search systems to locate these resources. Example: Drug ads which generate money and kick up unwanted scrutiny from some busy bodies.
“Google Says ‘Discovered – Currently Not Indexed’ Status Can Last Forever” explains:
‘Discovered – Currently not indexed’ in the Google Search Console Index Coverage report can potentially last forever, as the search engine doesn’t index every page.
The article adds:
Google doesn’t make any guarantees to crawl and index every webpage. Even though Google is one of the biggest companies in the world, it has finite resources when it comes to computing power.
Monopoly power? Now that Google dominates search it can decide what can be found for billions of people.
This is a great thing for the Google. For others, perhaps not quite the benefit the clueless user expects?
If something cannot be found in the Google Web search index, that something does not exist for lots of people. After 25 years and information control, the Google spills the beans about dead ducks.
Stephen E Arnold, March 21, 2022
Silicon Valley Change? It Is Happening
March 21, 2022
I read a New York Magazine article which used the phrase “vibe shift.” You can find that story at this link. This is a very hip write up, and the vibe shift is a spotted trend, not to be confused with a spotted crocuta.
I came across this story which has hopped on the vibe shift zoo train: “The Vibe Shift in Silicon Valley.” Now the locale becomes important. The table below provides the vibe shift which existed three years ago and the spotted trend of the vibe shift:
| The Unshifted Vibe | The Shifted Vibe |
| Facebook is the “center” of the digital universe | TikTok, the China-affiliated outfit, is the new center of the universe |
| Info diffuses quickly | Info struggles to be diffused |
| Fix the Web | Replace the Web |
| Data are “mind control” | Data are a “personal liability” |
| The US is the big dog in tech regulation | Europe and Apple are the kings of the rules jungle |
| Tech destroys “our politics” | Tech harms children |
The article says:
Of course, there are many more shifts you could probably name that would support a full-time tech reporter at any publication: the heightened importance of chip manufacturing and innovation; the global supply chain; the post-COVID gig economy; and the decriminalization of psychedelics, which isn’t exactly tech but is definitely tech-adjacent. But when I think about my own coverage, these are the shifts that are guiding it: my evolving sense of where power is moving in tech and the surrounding culture.
What adaptations should one make? Here are a few suggestions:
- Watch TikToks then post your own TikToks in order to immerse and understand the new power center.
- Info does not diffuse. That’s interesting because in my upcoming National Cyber Crime lecture about open source intelligence, information is diffusing and quite a percentage of those data are helpful to investigators.
- I like the “replace” but is the alternative Web 3? How do those Web 3 apps work without ISPs and data centers? They don’t unless one is in a crowd and pals are using mobile based mesh methods. Yeah, rip and replace? Not likely.
- Mind control and a personal liability. Remember Scott McNealy’s observation: Privacy is dead. Get over it. Reality is different from the vibe.
- In the US, government has shifted responsibility for space flight, regulation, and community actions to for profit outfits. In Europe, a clown car of regulators are trying to tame the US outfits which have made less than positive contributions to social cohesion. That’s a responsible path for what and for whom?
- Tech has destroyed politics. Okay. Tech is harming children. Okay. I am not sure politics has been torn apart, and children have been at risk is a well worn rallying point when certain entities want to contain human trafficking and related actions.
What is the situation in Silicon Valley? Here are my observations:
- The Wild West approach to business has irritated quite a few folks, and there is a backlash or techlash if one prefers hippy dippy jargon
- The high school science club approach to decision making has lost its charm. Example: Google is sponsoring an F1 vehicle and the company is probably unaware that two other content centric outfits used this “marketing” so senior executives could sniff fumes and rub shoulders with classy people. And the companies? Northern Light and Autonomy.
- The lack of ethical frameworks has allowed social media companies and third party data aggregators to “nudge” people for the purpose of enriching themselves and gaining influence. Yep, ethical behavior may be making a come back.
- Many in Silicon Valley ignored the message in Jacques Ellul’s book Le bluff technologique. Short summary: Fixing problems with technology spawns new problems which people believe can be fixed by technologies. Ho ho ho.
Vibe shift? How about change emerging from those who are belatedly realizing the inherent problems of the Silicon Valley ethos.
Stephen E Arnold, March 21, 2022
Google: A Redefinition of Relevance
March 21, 2022
It begins with the author’s search for a new toaster. That is the example The New Yorker‘s Kyle Chayka cites as he discusses “What Google Search Isn’t Showing You.” Of course, we know that Google sells ads. It does not deliver objective search. If you want objective search, you have to do actual research, not query free services which have to make money selling user data, ads, and analyses. That is why Chayka’s initial toaster hunt produced a dissatisfying, “cluttered onslaught of homogenous e-commerce options,” as he put it.
When Google Search launched in 1998, it was free of advertising and dedicated to supplying users with the best results. At the time, co-founders Sergey Brin and Lawrence Page wrote that advertising would interfere with that goal. Even so, they introduced ads two years later; their original hypothesis was, as it turns out, correct. Then there is the entire SEO racket that has developed around gaming Google’s algorithm. And let us not forget Google’s growing willingness to push its own interests to the top of results. Chayka writes:
“Decades of search-engine optimization have resulted in content that is formulated not to inform readers but to rank prominently on Google pages. That might be one reason that my toaster results felt so redundant: each site is attempting to solve the same algorithmic equation. Gabriel Weinberg, the C.E.O. of the privacy-focused search-engine company DuckDuckGo, cited three other sources of dissatisfaction with Google Search. The first is the company’s practice of tracking user behavior, which drives the kind of creepy, chasing-you-around-the-Internet advertising that Google profits from. The second is Google prioritizing its own services in search results, by, for instance, answering a travel query with Quick Answers pulled from Google Places instead of from a richer, more social source such as Tripadvisor. Lastly, Weinberg argued, users are simply tired of Google’s dominance over their experience of the Internet. Google is reportedly paying Apple upward of fifteen billion dollars a year to remain the default search engine on iPhones. On Google’s own Android phone, changing one’s preferred search engine requires a cumbersome settings adjustment, and pop-up messages along the way urge the user to switch back to Google.”
To say the company is taking advantage of its near-monopoly is an understatement. (Google Search makes up about 85% of the search market.) Besides DuckDuckGo‘s Weinberg, the article shares comments from two other alternative-search champions, Marginalia founder Viktor Lofgren and Are.na co-founder Daniel Pianetti. See the write-up for those perspectives. When applied to Chayka’s toaster queries, both these niche platforms returned unexpected results. The author found them interesting if not particularly helpful for the online shopper. We do not know where Chayka finally decided to purchase a new toaster, but his tangent reminds us how far Google has veered from its original philosophy.
Cynthia Murrell, March 21, 2022
SXSW Festival: The Future of Meme Rich Techno Conferences?
March 20, 2022
I read PitchBook’s “SXSW State Is a Collision of Weed, Metaverse, NFTs, Acid and Saving the Planet.” Now that’s insight into the techno hip meme scape. The article states:
the event has secured its place as a vital part of the venture capital ecosystem and its ever-optimistic quest to create the future of everything. And this year’s installment has been no exception, featuring experts delving into some of Silicon Valley’s biggest passion projects, from crypto and climate science to the metaverse and psychedelic drugs. The return of SXSW following a pandemic hiatus also comes at a time when the city of Austin—thanks in part to the festival itself—stars in another drama that hits home for the VC ecosystem: The rise of hot new metropolises winning over tech and other corporate leaders seeking locales that are more accommodating of their business and personal ambitions.
As one observer labels locations like Texas, that’s flyover country, dude.
The highlight of the event, if the information I have is accurate, may have included shootings. “Gunman Opens Fire at SXSW Festival in Austin, 4 Injured: Officials” reports:
A suspected gunman who shot four people Saturday at the South By Southwest festival in Austin is in police custody, officials said Sunday morning. The shooter opened fire at the intersection of East 6th and Neches streets, officials said.
I have attended conferences at which the tchotchkes were substandard. People grumbled but no one demonstrated the response which allegedly took place at the meme fest with NFTs and weed. I prefer more subdued events offered via Zoom. Violent behavior is a click on the “Leave meeting” icon.
Stephen E Arnold, March 20, 2022
The Google: More Personnel Excitement? Of Course!
March 19, 2022
Google has quite a few bright employees. In my experience, the current crop is delivering stubbier ears of corn than the 2002 digital farmers produced. But that’s just my opinion, of course. “Google Is Accused in Lawsuit of Systemic Bias Against Black Employees” reports:
Google maintains a “racially biased corporate culture” that favors white men, where Black people comprise only 4.4% of employees and about 3% of leadership and its technology workforce.
After the employee push back and the spectacular Dr. Timnit Gebru matter, Google has demonstrated that it at age 20 may have the equivalent of corporate Wernicke-Korsakoff Syndrome. The confusion and shaking of Googzilla’s left foreleg may be signals, important signals.
The plaintiff is The plaintiff, April Curley. The write up adds:
Curley said Google hired her in 2014 to design an outreach program to historically Black colleges. She said her hiring proved to be a “marketing ploy,” as supervisors began denigrating her work, stereotyping her as an “angry” Black woman and passing her over for promotions. Curley said Google fired her in September 2020 after she and her colleagues began working on a list of desired reforms.
Google’s legal eagles will attempt to explain this away, probably proving that Ms. Curley is not a high school science club type.
But what about Dr. Gebru? Yeah, that may be an anomaly because …. Gentle reader, you fill in the reason.
Stephen E Arnold, March 19, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
