Microsoft Partners Up for Smarter Security

May 13, 2021

I noted “Microsoft Partners with Darktrace to Help Customers Combat Cyber Threats with AI.” You may know that Microsoft has been the subject of some attention. No, I am not talking about Windows 10 updates which cause printers to become doorstops. Nope. I am not talking about the fate of a leaner, meaner version of Windows. Yep, I am making a reference to the SolarWinds’ misstep and the alleged manipulation of Microsoft Exchange Server to create a reprise of “waiting on line for fuel.” This was a popular side show in the Washington, DC, area in the mid-1970s.

How does Microsoft address its security PR challenge? There are white papers from Microsoft threat experts. There are meetings in DC ostensibly about JEDI but which may — just by happenstance — bring up the issue of security. No big deal, of course. And Microsoft forms new security-centric partnerships.

The partner mentioned in the write up is Darktrace. The company relies on technology somewhat related to the systems and methods packaged in the Autonomy content processing system. That technology included Bayesian methods, was at one time owned by Cambridge Neurodynamics, and licensed to Autonomy. (A summary of Autonomy is available at this link. The write up points out that Bayesian methods are centuries old and often criticized because humans have to set thresholds for some applications of the numerical recipes. Thus, outputs are not “objective” and can vary as the method iterates.) Darktrace’s origins are in Cambridge and some of the firm’s funding came from Michael Lynch-affiliated Invoke Capital. The firm’s Web page states:

Founded by celebrated technologist and entrepreneur, Dr Mike Lynch OBE, Invoke Capital founds, invests in and advises fast-growing fundamental technology companies in Europe. With deep expertise in identifying and commercializing artificial intelligence research and a close relationship with the University of Cambridge, Invoke exists to realize the commercial possibilities of Britain’s extraordinary science and deep technology base. Since 2012, Invoke has been instrumental in founding, creating and developing prominent technologies, and then finding the right teams to scale them into global businesses. Invoke’s companies include Darktrace, a world-leading cyber AI company that employs more than 1,500 people globally, Luminance, an award-winning machine learning platform for the legal industry, and AI fraud-detection engine, Featurespace. Invoke exited data-driven medicine experts, Sophia Genetics, in 2020.

{The Register provides a run down of some of the legal activity associated with Mr. Lynch at this link. )

The item presenting the tie up of Microsoft and Darktrace states:

Microsoft announced today a new partnership with Darktrace, a UK-based cyber security AI firm that works with customers to address threats using what it describes as “self-learning artificial intelligence”. Darktrace’s threat response system is designed to counter insider threats, espionage, supply chain attacks, phishing, and ransomware. The partnership between Microsoft and Darktrace is meant to give organizations an automated way of investigating threats across multiple platforms. Darktrace’s system works by learning the data within a specific environment as well as how users behave. The goal is to tell which activity is benign or malicious.

For more information about Darktrace, one can consult the firm’s Web site. For a different view, an entity with the handle OneWithCommonSense provides his/her assessment of the system. You can find that document (verified online on May 13, 2021) at this link.

Why is this interesting?

  1. The use of a system and method which may be related to how the Autonomy system operates may be an example how one mathematical method can be extended to a different suite of use cases; specifically, cyber security.
  2. The Darktrace disclosures about its technology make it clear that the technology is in the category of “artificial intelligence” or what I call smart software. Systems and methods which are more efficient, economical, and more effective are reasons why smart software is an important product category to watch.
  3. Darktrace (to my knowledge) may have the capability to recognize and issue an alert about SolarWinds-type incursions. Other cyber security firms’ smart software dropped the ball and many were blindsided by the subsequent Microsoft Exchange Server and shell exploits.

As a side note, Microsoft acquired the Fast Search & Transfer company after there were legal inquiries into the company. That was a company based in Norway. With the Darktrace deal, Microsoft is again looking offshore for solution to what on the surface seems to be the Achilles’ heel of the company’s product portfolio: Its operating system and related services.

Will Darktrace’s technology address the debilitating foot injury Microsoft has suffered? Worth watching because bad actors are having a field day with free ice cream as a result of the revelations related to Microsoft’s security engineering. Windows Defender may get an injection of a technology that caught Dr. Lynch’s eye. Quick is better in my opinion.

Stephen E Arnold, May 13, 2021

The Amusing Antics of Big Tech Monopoly-Type Companies

May 13, 2021

If I use my imagination, I can hear the comments in the TV room of a fraternity house near the Chambana campus of the University of Illinois. “Dudes, we can make the losers at Sigma Nu look really stupid.” Then the snort, snort, snort of perceived victory over lesser beings.

I thought about this hypothetical bro-moment when I read two stories this morning.

The first is “Microsoft Edge Blocks Firefox Installer, Says It’ll Hurt Your PC.” Firefox has had its share of challenges. There’s the money thing, the management thing, and the number of users thing. Microsoft, the all-time leader in security, has determined that Firefox is allegedly a danger. The write up reports:

“Firefox Installer.exe was blocked because it could harm your device,” the warning read, with users only able to click through to see more details rather than continue the download. Techdows says that all versions of the Firefox Installer, including release, beta, dev, and nightly, appear to be affected, with multiple Reddit threads detailing download issues. Some users were able to download and install Firefox using Edge after disabling Microsoft Defender SmartScreen, a program.

That seems like a predictable response from those who have witnessed commentary in the hypothetical frat house.

The second is “Google: We Put YouTube TV in the Main YouTube App. What Now, Roku?” The idea is that Roku, the hardworking salary man of online video, is going to be reminded that the Google is the top dog. The write up states:

Google announced in a blog post that it was just going to run an end-around on Roku and stick the YouTube TV app in the YouTube app.

No one fools around with Mother Google.

What do these frat mentality actions by two large companies tell us? Perhaps these are routine business practices in the regulation and consequence free datasphere of 2021? Could these actions indicate that fraternity type thinking remains a core part of the technology world in the US? Or is there a darker implication; for instance, these actions are perceived as just what has to be done to ensure that big outfits get larger?

From my point of view, I find the frat-style a reminder that what characterizes those in extended adolescence appears to be the warp and woof of high technology: Competitive products are harmful or too stupid to cope with Googley reality.

Stephen E Arnold, May 13, 2021

Sharing a Stage: Microsoft and Huawei

May 10, 2021

Just a small item from “Huawei Calls for Closer Public-Private Sector Action to Restore Trust in Technology” in New Zealand. The focus of the write up was on a call by Huawei (yep, the Chinese technology giant viewed with suspicion by some in the US, delivered a message about trust. Here’s the quote from the Huawei professional explaining trust:

As more devices feature connectivity, more services go online, and more critical infrastructures rely on real-time data exchanges, so must governments worldwide ensure that everyone is protected by the highest security standards… We must build strong trust in technology, enabled by a common set of rules, innovations, and progress. Only then can we commit to the sustainable and trustworthy use of technology.

Okay. But the item of information in the article which struck me as important was this passage:

Other speakers from the private sector include Roche board of directors chairman, Christophe Franz, Daimler chairman of the board of management, Ola Källenius, Microsoft chief executive officer, Satya Nadella, and HCL Corporation’s chief executive officer, Roshni Nadar Malhotra. [Emphasis added]

I found it interesting that Microsoft’s CEO shared a podium at a conference about trust. As you may recall, Microsoft experienced a misstep with Exchange Server and has struggled with Windows updates which bedevil some users.

The write up emphasized that “that trust is inherently built on openness and transparency.” Sounds tasty. Trust.

Stephen E Arnold, May 10, 2021

Microsoft Teams: An Interesting Message

April 27, 2021

Today my lecture will be via Zoom. The reason? Because Teams. The tweets greeted me with interesting content; for example:

We’ve confirmed that this issue [Teams spitting error messages] affects users globally.

Gobally. Okay. Now that’s a pretty fascinating statement from Microsoft, the outfit which has the ability to make it impossible for some people to play games at normal frame rates or print documents.

Very pro Microsoft online information services are explaining the oh-so-minor glitch; for example, “Microsoft Teams Down to Start the Day on the East Coast.” Without the usual rah rah, the objective news service states:

Many people struggling to use Teams see a message stating, “Operation failed with unexpected error.” As of 6:55 AM EST, reports spiked for outages from zero to 355, but they are rising quickly. Teams has millions of users, so 355 reports isn’t a dramatically high number, but the rate of change indicates an issue.

One can assume that “the rate of change indicates an issue” a pretty strong statement about the feature rich Teams’ service. Will some of the technical professionals working on the SolarWinds’ misstep be shifted to shore up the Teams mishap?

The technical issues with security, consumer updates, and Teams seem to be intractable to me. Instead of too big to fail, has Microsoft become too big to create stuff which works?

Stephen E Arnold, April 27, 2021

Microsoft and LinkedIn: Ultimate Phishing Pool, er, Tool

April 26, 2021

Microsoft is buckling like an old building in Reykjavik. There was SolarWinds, then Microsoft Exchange Server, and then… The list goes on. Another issue has shaken the enterprise software company: LinkedIn phishing. (You thought I was going to comment about Windows Updates killing some gamers’ “experience”, didn’t you? Wrong.)

Hackers Are Using LinkedIn As the Ultimate Phishing Tool” asserts:

According to MI5, the UK’s security agency, at least 10,000 citizens have been approached by state-sponsored threat actors using fake profiles on a popular social media platform.  While MI5 did not specifically name the platform, the BBC claims to have learned that the platform in question is LinkedIn.

Interesting. MI5 is the UK’s domestic intelligence agency. The Box usually does not publicity and tries to sidestep the type of information disseminated in some countries; for example, in the US, intelligence agencies proactively accessed computers and took steps to reduce the risk of malware issues. By the way, those servers were running Microsoft software. Microsoft owns LinkedIn too.

Hmmm.

The article points out:

According to MI5, the LinkedIn attacks are wider in scope and directed at staff in government departments and major businesses. Once connected, the scammers try to bait the individuals by offering speaking or business opportunities, before attempting to recruit them to pass on confidential information.

Just another crack in the Microsoft LinkedIn edifice or a signal that the company can no longer manage its software, protect its “customers”, or update a consumer PC without creating problems?

Stephen E Arnold, April 26, 2021

Microsoft, SolarWinds, 1000 Malevolent Engineers, and Too Big to Fail?

April 19, 2021

SolarWinds Hacking Campaign Puts Microsoft in Hot Seat” is an interesting “real news” story. The write up states that the breach was a two stage operation. The first stage was using SolarWinds to distribute malware. The second stage was to use that malware as a chin up bar. Bad actors’ grabbed the bar and did 20 or more pull ups. The result was marketing talk and a mini-meme about 1,000 engineers concentrating their expertise on penetrating the Microsoft datasphere.

The article quoted a cyber security expert as describing Microsoft’s systems and methods as have “systematic weaknesses.” For a company whose software is a “monoculture” with an 85 percent market share, the phrase “systematic weaknesses” is not reassuring. Not only can Microsoft release updates which kill some users’ ability to print, Microsoft can release security systems which don’t secure the software.

The article include this statement:

And remember, many security professionals note, Microsoft was itself compromised by the SolarWinds intruders, who got access to some of its source code — its crown jewels. Microsoft’s full suite of security products — and some of the industry’s most skilled cyber-defense practitioners — had failed to detect the ghost in the network. It was alerted to its own breach by FireEye, the cybersecurity firm that first detected the hacking campaign in mid-December.

I noted that the write up does not point out that none of the cyber security firms’ breach detection solutions noted the SolarWinds’ misstep. That seems important to me, but obviously not to the “real” cyber security professionals.

The US government does not want Microsoft to fail. “NSA and FBI Move to Help Microsoft with Its Exchange Server Vulnerabilities” reports:

It is not just the NSA finding and telling Microsoft about problems with Exchange. The FBI is also concerned with the number of unpatched Exchange servers. In a rare move, the FBI sought and was granted a warrant to patch any unfixed exchange servers it found remotely.

If a Windows update creates a problem for you, perhaps a helpful professional affiliated with a government agency will assist in resolving your problem?

Stephen E Arnold, April 19, 2021

Microsoft: Bob Security Captures Headlines

April 9, 2021

Sleeper code. Yep, malware injected into thousands of servers could wake up and create some interesting challenges for the JEDI contractors with Microsoft T Shirts. Here’s my design suggestion for the security experts’ team:

image

Do you remember the tag line for Bob, a stellar graphical interface for Microsoft Windows? No. Let me highlight one of the zippier marketing statements:

Hard working, easy going software everyone will use.

Who knew that the “everyone” would include bad actors. Plus there are two other security related items to entice cyber professionals.

First, “Windows 10 Hacked Again at Pwn2Own, Chrome, Zoom Also Fall” includes this statement:

The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks’ Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine. Windows 10 was hacked a second time using an undocumented integer overflow weakness to escalate permissions up to NT Authority\SYSTEM by a researcher known as z3r09. This also brought them $40,000 after escalating privileges from a regular (non-privileged) user. Microsoft’s OS was hacked a third time during day one of Pwn2Own by Team Viettel, who escalated a regular user’s privileges to SYSTEM using another previously unknown integer overflow bug.

The statements suggest that either the OS is deliberately flawed in order to allow certain parties unfettered access to user computers or that Microsoft is focusing on moving Paint to the outstanding Microsoft online store.

Second, I spotted “Hackers Scraped Data from 500 Million LinkedIn Users about Two Thirds of the Platform’s Userbase and Posted It for Sale Online.” (Editor’s note: Data is plural, but let’s not get distracted, shall we?) The article reports:

The data includes account IDs, full names, email addresses, phone numbers, workplace information, genders, and links to other social media accounts.

Useful to some I assume.

Net net: I wonder if a Bob baseball cap is available in the Microsoft store?

image

I would wear one with pride during my upcoming National Cyber Crime Conference lecture.

Stephen E Arnold, April 9, 2021

Microsoft Adds Semantic Search to Azure Cognitive Search: Is That Fast?

April 9, 2021

Microsoft is adding new capabilities to its cloud-based enterprise search platform Azure Cognitive Search, we learn from “Microsoft Debuts AI-Based Semantic Search on Azure” at Datanami. We’re told the service offers improved development tools. There is also a “semantic caption” function that identifies and displays a document’s most relevant section. Reporter George Leopold writes:

“The new semantic search framework builds on Microsoft’s AI at Scale effort that addresses machine learning models and the infrastructure required to develop new AI applications. Semantic search is among them. The cognitive search engine is based on the BM25 algorithm, (as in ‘best match’), an industry standard for information retrieval via full-text, keyword-based searches. This week, Microsoft released semantic search features in public preview, including semantic ranking. The approach replaces traditional keyword-based retrieval and ranking frameworks with a ranking algorithm using deep neural networks. The algorithm prioritizes search results based on how ‘meaningful’ they are based on query relevance. Semantics-based ranking ‘is applied on top of the results returned by the BM25-based ranker,’ Luis Cabrera-Cordon, group program manager for Azure Cognitive Search, explained in a blog post. The resulting ‘semantic answers’ are generated using an AI model that extracts key passages from the most relevant documents, then ranks them as the sought-after answer to a query. A passage deemed by the model to be the most likely to answer a question is promoted as a semantic answer, according to Cabrera-Cordon.”

By Microsoft’s reckoning, the semantic search feature represents hundreds of development years and millions of dollars in compute time by the Bing search team. We’re told recent developments in transformer-based language models have also played a role, and that this framework is among the first to apply the approach to semantic search. There is one caveat—right now the only language the platform supports is US English. We’re told that others will be added “soon.” Readers who are interested in the public preview of the semantic search engine can register here.

Cynthia Murrell, April 9, 2021

GitHub: Amusing Security Management

April 8, 2021

I got a kick out of “GitHub Investigating Crypto-Mining Campaign Abusing Its Server Infrastructure.” I am not sure if the write up is spot on, but it is entertaining to think about Microsoft’s security systems struggling to identify an unwanted service running in GitHub. The write up asserts:

Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company’s servers for illicit crypto-mining operations…

In the wake of the SolarWinds’ and Exchange Server “missteps,” Microsoft has been making noises about the tough time it has dealing with bad actors. I think one MSFT big dog said there were 1,000 hackers attacking the company.

The main idea is that attackers allegedly mine cryptocurrency on GitHub’s own servers.

This is post SolarWinds and Exchange Server “missteps”, right?

What’s the problem with cyber security systems that monitoring real time threats and uncertified processes?

Oh, I forgot. These aggressively marketed cyber systems still don’t work it seems.

Stephen E Arnold, April 8, 2021

Facebook and Microsoft: Communing with the Spirit of Security

April 7, 2021

Two apparently unrelated actions by bad actors. Two paragons of user security. Two. Count ‘em.

The first incident is summarized in “Huge Facebook Leak That Contains Information about 500 Million People Came from Abuse of Contacts Tool, Company Says.” The main point is that flawed software and bad actors were responsible. But 500 million. Where is Alex Stamos when Facebook needs guru-grade security to zoom into a challenge?

The second incident is explained in “Half a Billion LinkedIn Users Have Scraped Data Sold Online.” Microsoft, the creator of the super useful Defender security system, owns LinkedIn. (How is that migration to Azure coming along?) Microsoft has been a very minor character in the great works of 2021. These are, of course, The Taming of SolarWinds and The Rape of Exchange Server.

Now what’s my point. I think when one adds 500 million and 500 million the result is a lot of people. Assume 25 percent overlap. Well, that’s still a lot of people’s information which has taken wing.

Indifference? Carelessness? Cluelessness? A lack of governance? I would suggest that a combination of charming personal characteristics makes those responsible individuals one can trust with sensitive information.

Yep, trust and credibility. Important.

Stephen E Arnold, April 7, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta