A Microgoof or a Google PR Opportunity?

July 19, 2021

It is difficult to determine if Google is on the money with its alleged discovery of Russian cyber criminals targeting big wheels via LinkedIn. True or not, it may be another security misstep for the Redmond giant. “Russian Hackers Disguised as LinkedIn Networkers Spreading Malware” asserts:

A new investigation by Google shows that some of the common LinkedIn spam can be quite dangerous. Hackers with possible connections to the Russian government sent fraudulent LinkedIn messages to various officials from European countries with links aimed to exploit vulnerabilities in Windows and iOS. It is not yet known how many LinkedIn users were targeted in this hacking campaign and how many of them were ultimately hacked. Google believes that the cybercriminal gang responsible for the hacking campaign is most likely backed by the Russian government.

If this article is on the money, the odds are getting longer that Sergey Brin will be able to ride a Russian rocket into space. The article includes the statement “backed by the Russian government.” That might toss those orbital dreams into the Caspian Sea, the lowest point in the country. Also, the tecnopolies may be squaring off for a public relations dust up. I mean how could the Chrome love birds spat over a minor security issue. LinkedIn is a Microsoft property, and I assume it is protected by all manner of Microsoft security software as well as systems purchased or licensed.

LinkedIn vulnerable. Some believe LinkedIn lost control of user data earlier this year. Forbes reported that data about 700 million LinkedIn uses was for sale on a hacking forum.

However, if one compares the LinkedIn assertion from the GOOG with the mostly verified PrintNightmare glitch, the Microgoof results from repeated efforts to patch the print spooler. By the way, this gem is in most Windows versions.  Here’s a flow chart to guide your remediation efforts:

Image

LinkedIn versus what seems to be an engineered in persistent invitation to bad actors to have a series of great days. No zero days needed it seems.

Pick your Microgoof. Personally I find the print spooler thing more enjoyable than people looking for work.

Stephen E Arnold, July 19, 2021

Microgoof: JEDI Knight Defeated by Unknown Death Ray

July 14, 2021

I read “Losing the $10 Billion JEDI Contract Is Bad for Microsoft Not Just Because of the Money. It’s about Credibility.”

Here’s an interesting passage:

More important than the money was that it gave the company a level of third-party validation, that its cloud-computing platform is  on par with Amazon, the market leader. The Pentagon, arguably the world’s most sophisticated cyber customer, had chosen Microsoft over Amazon to fully revamp and modernize its tech ecosystem. That gave Microsoft credibility. Now, however, the Department of Defense says Microsoft’s offering wasn’t going to “meet its needs.”

The write up then indirectly links the death ray to none other than the mom and pop online bookstore:

Amazon challenged and eventually sued the federal government complaining that Microsoft was awarded the contract because of President Trump’s animosity towards the Washington Post, owned by Amazon’s founder and former CEO, Jeff Bezos.

Politics! Not technology! The write up points out:

Amazon controls roughly a third of the market and a host of government contracts, including with the Central Intelligence Agency. By comparison, analysts estimate Microsoft has cornered only around 20% of the market.

How could the defenses of the JEDI be breached? Was it the same weakness that causes printers to fail, supply chain attacks to thrive, and fuzzed communications about the minimum requirements for Windows 11?

No, no, no.

The Microgoof will take months, maybe years, to figure out. Where was Windows Defender when the Redmond giant needed its support? Maybe the service could not access Teams? Maybe the call did not go through because the parties were using a Windows Phone? Maybe the Windows update interrupted the system? What if the unknown death ray was crafted by the Bezos bulldozer now guided by Max Peterson who replaced the former Microsoftie Teresa Carlson, who is now a Splunker?

One thing is clear: First SolarWinds, the printer thing, then Windows 11, and now the JEDI zapper. I smell the exhaust from the Bezos bulldozer. Who else will?

Stephen E Arnold, July 14, 2021

Microsoft Percept: Perception in the Azure Cloud

July 13, 2021

Does your printer work? The printer is fine and our Apple Minis and laptops have zero problem generating hard copy. What about people joining a Teams meeting when those individuals are not 365 paying customers? Have you plugged in a second or third monitor and wondered where the icons went when using Windows 10? How is Windows Defender working for you since you received the Revil ransomware popup?

Ah, no solid answers. We don’t have any either. Windows 11 may address these trivial issues but the big repair job will arrive with Microsoft Percept. “Microsoft Aims to Expedite New Edge Computing Use Cases with Azure Percept” defines the bold new Star Trek-like innovation this way:

Azure Percept … is an end-to-end system for edge AI development and deployment that now works over 5G and LPWA as well.

Sound great to you? Beyond Search is not 100 percent convinced. We would be okay with better security within Microsoft software and a printer method which allows printers to print.

Microsoft seems to be more comfortable marketing than delivering software and systems which work as users expect. Microsoft software is in wide use. Cyber criminals rely on Microsoft’s door-wide-open methods. I suppose more bad actors would print out their zero days, exploits, and code snippets if their printers worked.

Stephen E Arnold, July 13, 2021

Microsoft LinkedIn: A TikTok Target?

July 12, 2021

Microsoft LinkedIn had an opportunity to dominate the video résumé market. Now the allegedly Chinese influenced TikTok appears to be chasing this sector. More importantly, LinkedIn users are “old school.” Rah rah text and video snippets explaining how a life coach can jumpstart a career. Are those wrinkles I see on most of the LinkedIn video performers’ programs. Yep, they are wrinkles.

Now TikTok is creating a video résumé service in a “official” way. The idea is that even TikTok creators may need a real job. The write up “TikTok Lets Users Apply for Jobs in the US with Video Resumes” says:

Short-video sharing app TikTok on Wednesday, July 7, launched a pilot program that lets users upload video resumes for US-based jobs ranging from a WWE Superstar to a senior data engineer at Shopify or a creative producer at TikTok itself.

The idea is that unhip “real” companies need workers. LinkedIn profiles don’t signal “I will flip burgers” or “I will watch your super over achieving high performing really wonderful children”. Thus, a gap exists and TikTok aims to fill it. Or will this service just provide a flow of data into TikTok’s servers and then maybe to other interesting data centers in lovely Wuhan.

Microsoft and LinkedIn is dealing with the hashtag #securitybreach. TikTok is moving forward with the #CareerTok and related metadata.

Stephen E Arnold, July 12, 2021

Microgoof of the Day: The Print Thing

July 9, 2021

I read “Microsoft’s Emergency PrintNightmare Pat Doesn’t actually Fix the Issue.” If this article is correct, it warrants a honk from the Beyond Search goose. The story was the inspiration for an irregular series of posts to be called “Microgoof of the Day.” The write up says without any stand up comedy joke writer:

…there are reports of new proof-of-exploit code that circumvents the fix altogether.

Well, well, well.

The write up nods to another publication with this passage:

Reporting on the findings of Benjamin Delpy, creator of popular post exploitation tool Mimikatz, The Register says that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch. “They did not test it for real,” Delpy bluntly told The Register, reportedly describing the issue as “weird from Microsoft.”

Weird from Microsoft? Hmmm.

Regardless of who’s right or wrong, PrintNightmare is a hoot in some circles. In others, maybe not so much. That’s the microgoof for you.

Stephen E Arnold, July 9, 2021

Amusing Confusing Wizards

July 7, 2021

More from the Redmond wizards’ humor generating machines.

Microsoft has found a way to deflect attention from yet another security issue. Do you print over the Internet? “Microsoft Acknowledges PrintNightmare Remote Code Execution Vulnerability Affecting Windows Pint Spooler Service” says:

IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.

So what distracts one from a print nightmare? That’s easy. Just try to figure out if your PC can run Windows 11? TPM, you say? Intel what?

PrintNightmare aptly characterizes Microsoft’s organizational acumen perhaps?

Stephen E Arnold, July 7, 2021

Microsoft in Perspective: Forget JEDI. Think Teams Together

July 7, 2021

I received some inputs from assorted colleagues and journalistic wizards regarding JEDI. The “real” news outfit CNBC published “Pentagon Cancels $10 Billion JEDI Cloud Contract That Amazon and Microsoft Were Fighting Over.” The write up stated:

… the Pentagon is launching a new multivendor cloud computing contract.

What caused this costly, high-profile action. Was it the beavering away of the Oracle professionals? Were those maintaining the Bezos bulldozer responsible? Was it clear-thinking consultants who asked, “Wasn’t Microsoft in the spotlight over the SolarWinds’ misstep?” I don’t know.

But let’s put this in perspective. As the JEDI deal was transported to a shelf in a Department of Defense store room at the Orchard Range Training Site in Idaho, there was an important — possibly life changing — announcement from Microsoft. Engadget phrased the technology breakthrough this way: Microsoft Teams Together Mode test lets just two people start a meeting. I learned:

Together Mode uses AI-powered segmentation to put all participants in a meeting in one virtual space.

I assume that this was previously impossible under current technology like a mobile phone, an Apple device with Facetime, Zoom, and a handheld walkie talkie, a CB radio, a ham radio, FreeConference.com, or a frequently sanitized pay phone located in a convenient store parking lot near the McCarran International Airport in Las Vegas.

I have a rhetorical question, “Is it possible to print either the news story about the JEDI termination or the FAQ for Together in the midst of — what’s it called — terror printing, horror hard copy effort — wait! — I have it. It is the condition of PrinterNightmare.

I have to stop writing. My Windows 10 machine wants to reboot for an update.

Stephen E Arnold, July 7, 2021

Microsoft and LinkedIn: How about That Security?

July 2, 2021

I spotted an interesting and probably made up post titled “New LinkedIn Data Leak Leaves 700 Million Users Exposed.” Isn’t this old news? I must be thinking about the 500 million names scraped earlier this year. (See “Reported LinkedIn Data Breach: What You Need to Know,” please.)

The write up states:

Since LinkedIn has 756 million users, according to its website, this would mean that almost 93% of all LinkedIn users can be found through these records.

I am eagerly awaiting Microsoft’s explanation. Will it be 1,000 programmers? Russia? China? A flawed update?

Excuses: Microsoft has offered a few. Is ineptitude in the quiver of rhetorical arrows? Perhaps it was an illusion?

Stephen E Arnold, July 2, 2021

Microsoft Code Recommendations: Objectivity and Relevance, Anyone?

June 30, 2021

The “real news” outfit CNBC published an interesting news item: “Microsoft and OpenAI Have a New A.I. Tool That Will Give Coding Suggestions to Software Developers.” The write up states:

Microsoft on Tuesday announced an artificial intelligence system that can recommend code for software developers to use as they write code…The system, called GitHub Copilot, draws on source code uploaded to code-sharing service GitHub, which Microsoft acquired in 2018, as well as other websites. Microsoft and GitHub developed it with help from OpenAI, an AI research start-up that Microsoft backed in 2019.

The push to make programming “easier” is moving into Recommendation Land. Recommendation technology from Bing is truly remarkable. Here’s a quick example. Navigate to Bing and enter the query “Louisville KY bookkeeper.” Here are the results:

image

The page is mostly ads and links to intermediaries who sell connections to bookkeepers accepting new clients, wonky “best” lists, and links to two bookkeeping companies. FYI: There are dozens of bookkeeping services in Louisville, and the optimal way to get recommendations is to pose a query to the Nextdoor.com Web site.

Now a question: How “objective” will these code suggestions be? Will there be links to open source supported by or contributed to by such exemplary organizations as Amazon, Google, and IBM, among others?

My hunch is that Bing points the way to the future. I will be interested to see what code is recommended to a developer working on a smart cyber security system, which may challenge the most excellentness of Microsoft’s own offerings.

Stephen E Arnold, June 30, 2021

Another Friday, More Microsoft Security Misstep Disclosures

June 28, 2021

I think Microsoft believes no one works on Friday. I learned in “Microsoft Warns of Continued Attacks by the Nobelium Hacking Group” that SolarWinds is the gift that keeps on giving. Microsoft appears to have mentioned that another group allegedly working for Mr. Putin has been exploiting Microsoft software and systems. Will a “new” Windows 11 and registering via a Microsoft email cure this slight issue? Sure it will, but I am anticipating Microsoft marketing jabber.

The write up states:

The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyber attack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks. Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.

The applause sign is illuminated.

I spotted this remarkable statement in the write up as well:

It’s possible that successful attacks went unnoticed, but for now it seems Nobelium’s efforts have been ineffective.

Wait, please. There is more. Navigate to “Microsoft Admits to Signing Rootkit Malware in Supply-Chain Fiasco.” This smoothly executed maneuver from the Windows 11 crowd prompted the write up to state:

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.

This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.

The write up concludes:

This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates.

Amazing. The reason cyber crime is in gold rush mode is due to Microsoft in my opinion. The high tech wizards in Redmond can do rounded corners. Security? Good question.

Stephen E Arnold, June 28, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta