Tech Giants: We Do What We Want. Got That?
January 3, 2022
I spotted “AT&T, Verizon Refuse US Request to Delay 5G Launch.” The main point of the story is that two big Baby Bells (remember them?) are showing their Bell Telephone DNA. The story states:
AT&T Inc. and Verizon Communications Inc. rejected a request from the U.S. federal transportation officials to delay their planned launch on January 5 of a new variation of 5G wireless services.
The US government is concerned that those outstanding 5G wave forms could have a negative impact on air traffic. I think that this means “cause crashes.” Of course, I am probably incorrect. However, the US government is worried the allegedly zippy 5G might disrupt a device: Maybe a passenger’s pacemaker or create interference when a pilot checks something on an official Boeing certified iPad.
Several observations have surfaced among my Beyond Search and DarkCyber teams:
- The government is late to the game… again. Lateness means either failing with the big tech crowd or getting a detention slip in the form of zero technical support for the annoying official
- Big tech makes clear that the US government is irrelevant and will do what it wants. The drill is outrage, hearing, an apology, and then no changes
- Significant encouragement for outfits like Amazon, Apple, Facebook, and Google to move forward: Deals with China, predatory pricing, cooperation on certain technical matters, and maintaining these firms’ alleged monopolies.
Net net: Quite a way to start 2022 because ignoring the 5G issue signals product managers to amp up their methods in order to generate more revenue.
Stephen E Arnold, January 3, 2022
Facebook: Making Friends in the USAF
December 31, 2021
This is a short post sparked by this Financial Times’ article: “Facebook to Build Metaverse with Start-Up That Had US Military Contracts.”
The main idea is that Facebook bought a company. The firm — Reverie— will work with Meta Facebook thing’s Reality Labs. But the bonus move is that the Meta Facebook thing was terminated when the Meta Facebook thing bought Reverie. The venerable and generally respectable Financial Times pointed out that the Meta Facebook thing would “not be involved with any future defense or military AI development.”
Okay. My hunch is that a Meta Facebook thing employee whose child seeks to enter the Air Force Academy may find that some of those involved in the selection process may remember this “not be involved with any future defense or military AI development.”
Who likes this type of business decision? Maybe the Chinese and Russian military leadership? But that’s just a thought from the wilds of rural Kentucky. The Meta Facebook thing knows what’s best for itself and, of course, the US government.
Stephen E Arnold, December 31, 2021
Log4Shell: Tough to Hide This Fire
December 28, 2021
Billy Joel is absolutely right when he sang the acclaimed song “We Didn’t Start The Fire” about the world’s slow demise. Unlike the planet, the Internet is regularly set ablaze and the demise is quick. The current flame is “Log4Shell” and it gives bad actors back doors into clouds and enterprise systems to steal data, download malware, erase information, and cause mayhem. AP News explores the breach in: “‘The Internet’s On Fire’ As Techs Race To Fix Software Flaw.”
The bug dubbed “Log4Shell” originated in open source Apache software used to run Web sites and other Web services. While open source software is a boon to the world, it is not updated as quickly as proprietary software. Amazon, for example, updates itself daily while systems running Apache only update at their owners’ behest.
Funny enough the “Log4Shell” vulnerability was first noticed in a children’s game:
“The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.Microsoft said it had issued a software update for Minecraft users. ‘Customers who apply the fix are protected, it said.”
Cyber security is not child’s play, but hacking is for some bad actors. Thankfully developers are working on a patch to prevent further damage. Security professionals really should not panicking and combine their knowledge to find a solution quicker.
A couple of points:
- The issue allegedly was disclosed by an Alibaba tech professional, possibly Chen Zhaojun
- China suspender an apparently “big” cyber security deal with Alibaba after the disclosure
Are these two actions connected; specifically, did China lose control of a really nifty zero day? Beyond Search thinks that the career trajectory of some Alibaba professionals will be interesting to watch. Are there IT jobs in Ürümqi?
Whitney Grace, December 28, 2021
Whitney Grace, December 27, 2021
Russia May Not Contribute to the Tor Project in 2022
December 28, 2021
This is probably not a surprise to those involved with the Tor Project. We noted some evidence of Russia’s view of anonymized Internet browsing in “Russia Blocks Privacy Service Tor In Latest Move To Control Internet.” The article reports:
Russia’s media regulator has blocked the online anonymity service Tor in what is seen as the latest move by Moscow to bring the Internet in Russia under its control. Roskomnadzor announced it had blocked access to the popular service on December 8, cutting off users’ ability to thwart government surveillance by cloaking IP addresses.
The Tor Project responded with some tech tips for ways to get around the Putin partition. (Think Tor bridge. Some details are at this link.)
Does this mean that Russia has no interest in Tor? Nope. We think that some of Mr. Putin’s fellow travelers are hosting Tor relay servers, but that’s just something we heard from a person yapping about freedom.
What’s next? How about blocking any service originating in nation states not getting with Mr. Putin’s Ukrainian program? It is unlikely that Sergey Brin’s flight on a Russian rocket ship will become a reality in 2022. We also heard that the Google Cloud hosts some services that Mr. Putin thinks may erode the freedoms enjoyed by Russian citizens.
Stephen E Arnold, December 28, 2021
Red Kangaroos? Maybe a Nuisance. Online Trolls? Very Similar
December 16, 2021
It is arguable that trolls are the worst bullies in history, because online anonymity means they do not face repercussions. Trolls’ behavior caused innumerable harm, including suicides, psychological problems, and real life bullying. Local and international governments have taken measures to prevent cyber bullying, but ABC Australia says the country continent is taking a stand: “Social Media Companies Could Be Forced To Give Out Names And Contact Details, Under New Anti-Troll Laws.”
Australia’s federal government is drafting laws that could force social media companies to reveal trolls’ identities. The new legislation aims to hold trolls accountable for their poor behavior by having social media companies collect user information and share it with courts in defamation cases. The new laws would also hold social media companies liable for hosted content instead of users and management companies. Australia’s prime minister stated:
“Prime Minister Scott Morrison said he wanted to close the gap between real life and discourse online. ‘The rules that exist in the real world must exist in the digital and online world,’ he said. ‘The online world shouldn’t be a wild west, where bots and bigots and trolls and others can anonymously go around and harm people and hurt people.’”
The new law would require social media companies to have a complaints process for people who feel like they have been defamed. The process would ask users to delete defamatory material. If they do not, the complaint could be escalated to where users details are shared to issue court orders so people can pursue defamation action.
One of the biggest issues facing the legislation is who is responsible for trolls’ content. The new law wants social media companies to be held culpable. The complaints system would allow the social media companies to use it as a defense in defamation cases.
The article does not discuss what is deemed “defamatory” content. Anything and everything is offensive to someone, so the complaints system will be abused. What rules will be instituted to prevent abuse of the complaints system? Who will monitor it and who will pay for it? An analogous example is YouTube system of what constitutes as “appropriate” children’s videos and how they determine flagged videos for intellectual theft as well as inappropriate content. In short, YouTube’s system is not doing well.
The social media companies should be culpable in some way, such as sharing user information when there is dangerous behavior, i.e.e suicide, any kind of abuse, child pornography, planned shooting attacks and other crimes. Sexist and abusive comments that are not an opinion, i.e., saying someone should die or is stupid for being a woman, should be monitored and users held accountable. It is a fine line, though, determining the dangers in many cases.
Whitney Grace, December 16, 2021
Specialized Software Vendors: Should They Remember the Domino Theory?
December 15, 2021
Lining up dominoes, knocking one down, and watching the others in a line react to what some non-nuclear types call a chain reaction is YouTube fodder. One can watch geometric growth manifested in knocked down dominoes. Click here for the revelation. We may have some domino action in the specialized software and services market. This “specialized software and services” is my code word for developers of intelware and policeware.
“US Calls for Sanctions against NSO Group and Other Spyware Firms” reports:
a group of politicians (including Senate Finance Committee chair Ron Wyden, House Intelligence Committee chair Adam Schiff and 16 other Democrats) accuses NSO and three other foreign surveillance firms of helping authoritarian governments to commit human rights abuses.
And what firms are the intended focus of this hoped for action? According to the write up, the companies are:
- Amesys (now called Nexa Technologies). This was a company which found purchase in some interesting countries bordering the Mediterranean, garnered some attention, and morphed into today’s organization.)
- DarkMatter (based in United Arab Emirates). This is an interesting outfit which has allegedly recruited in the US and possibly developed a super duper secure mobile device. The idea was to avoid surveillance. Right?
- Trovicor (based in Germany) once was allegedly a unit of Nokia Siemens Networks and is mentioned in a fiery write up called “Explosive Wikileaks Files Reveal Mass Interception of Entire Population.” That’s a grabber headline I suppose. True or false? I have zero idea but it illustrates the enthusiasm some evidence when realizing that interesting companies provide some unique services to their customers.
The reason for the hand waving is the publicity the NSO Group has inadvertently generated.
Will the knock on NSO Group have an impact on Amesys Nexa, DarkMatter, and Trovicor? Those YouTube videos may foreshadow what might happen if government officials look for the more interesting and more technologically advanced specialized software and services companies. Where can one find a list of such organizations? Perhaps the developer of the new OSINT service knows? Curious? Write darkcyber333 @ yandex dot com.
Stephen E Arnold, December 15, 2021
Chinese Company Excitement: Xiaomi
December 15, 2021
Own stock in Alibaba? Well, think Xiaomi.
Lithuania made a discovery during a recent cybersecurity assessment that, honestly, does not surprise us in the least. We learn of the finding in Big Technology’s piece, “A Xiaomi Phone Might’ve Shipped With a Censorship List in Europe. Now What?” A certain Xiaomi phone model sold in Europe was found to carry a built-in censorship list of about 450 political terms, like “democratic movement” and “long live Taiwan’s independence.” The blocklist lay dormant, but it could have been activated remotely at any time. It is thought its inclusion on phones shipped outside China, where censorship is the norm, may have been a mistake. Reporter Alex Kantrowitz writes:
“After the government published its findings, things got weird. The list swelled to more than 1,000 terms, including hundreds of non-political terms like ‘pornography,’ seemingly to turn the political blocklist into something more generic. Then, it disappeared. ‘They reacted,’ Margiris Abukevicius, Lithuania’s vice minister for defense, told me. ‘It wasn’t publicized from their side.’ The accusations, which Xiaomi disputes, clarified just how fraught the West’s relationship is with China’s growing technology power. As China-based tech companies like Xiaomi and TikTok flourish, there’s still no playbook in North America or Europe to deal with their potential to censor or steer culture via algorithms. TikTok, with its inscrutable feed, remains unchecked. And the Lithuanian government’s report on Xiaomi, replicated by another researcher, sparked a collective shrug. ‘Western countries,’ Abukevicius said, ‘are more and more reliant on technologies, and a big part of those technologies comes from countries which are not friendly, which we don’t trust, and it poses risks.’ How to address those risks remains unclear, though. Xiaomi was Europe’s top-selling smartphone manufacturer in the second quarter of 2021, and it’s number two in the world overall.”
Not in the US, though. Xiaomi was blacklisted here until recently, and FCC commissioner Brendan Carr is taking Lithuania’s discovery into account as he decides whether to allow Xiaomi smartphones to run on our wireless networks. In Europe, more countries are investigating the matter. It is uncertain what measures will be taken; an outright ban seems “extreme,” we’re told, considering there is no evidence the blocklist was ever activated within the EU. Kantrowitz points out the bigger issue going forward is a more general one—Western nations need a plan to address the culture clash and potential security risks cropping up on our devices.
Cynthia Murrell, December xx, 2021
Russia, Tor, and Maybe Sybil Are a Thing?
December 14, 2021
Dictatorships are in vogue, at least in some parts of the world. One interesting response to the Onion Router Technology has been to look up that well known person Sybil. That individual makes it possible to participate in onion routing. Then Sybil’s admirers can process assorted Internet metadata and time stamps in order to learn some interesting things. One of those interesting things is explained in “Russia Ratchets Up Internet Control by Blocking Tor.” Russia learned that it does not want the Onion Router within the land of vodka, bears, and forgotten gulags. Makes sense, doesn’t it?
The write up says:
GlobalCheck, a group that monitors websites’ accessibility in Russia, confirmed that blocking had begun.
Is it possible to block Tor?
Probably not 100 percent. But the steps, including the enabling legislation, suggest that getting caught might have consequences. Believe it or not, there is a person who gets some support from the Russian government to locate burial grounds associated with gulags.
Perhaps that individual will get the opportunity to have some new explorations to undertake?
Stephen E Arnold, December 14, 2021
US Government Procurement: Diagram the Workflow: How Many Arrows Point Fingers?
December 8, 2021
I want to keep this short. For a number of years, I have pointed out that current Federal procurement procedures and the policies the steps are supposed to implement create some issues. I like to mention procurement time for advanced software. By the time the procurement goes through the RFQ, the RFP, the proposal evaluation, the selection, the little meeting at which losers express their concerns, and the award — the advanced technology is often old technology. Another issue is the importance of marketing hoo hah which often leads the Federal government to purchase products and services which are different from that which was described in the PowerPoint presentations and the proposals. There are other interesting characteristics of the process; for example, coffee chats with senators, nice lunches with important people who may pop up on a cable TV talking head program, or good old friendship from a college social group. Ah, yes. Procurement.
“US Government Agencies Bought Chinese Surveillance Tech Despite Federal Ban” is a collection of some procurement anecdotes. Interesting? Not particularly. Why? There are no consequences for buying products and services from vendors who should not be eligible for US government contracts. The article focuses on Chinese related missteps. The explanations are crafted to avoid getting anyone in legal hot water.
Net net: I worked in DC starting in the early 1970s. How much has changed in the last 50 years. Not much. China is nemesis but China was a bit of a nemesis 50 years ago. The FARs have been updated. Nevertheless, some interesting purchases have been made over the years. Where’s the Golden Fleece Award now? Are there some unwanted and unloved tanks parked somewhere? What about certain air superiority systems which experience more downtime than a second hand taxi purchased from a shady character in Mexico City. Yes, procurement and some proud moments. Why not fire up that TikTok and ignore the useful data hosed back to certain servers?
Stephen E Arnold, December 8, 2021
If One Thinks One Is Caesar, Is That Person Caesar? Thumbs Up or Thumbs Down
December 7, 2021
I read a story which may or may not be spot on. Nevertheless, I found it amusing, and if true, not so funny. The story is “Facebook Refuses to Recognize Biden’s FTC As Legitimate.” I am not sure if the original version of JP Morgan would have made this statement. Maybe he did?
Here’s a statement from the article which I circled in Facebook blue:
The FTC didn’t “plausibly establish” that the company “maintained a monopoly through unlawful, anticompetitive conduct.” It asked the court to dismiss the complaint with prejudice. In the court filing, Facebook also once again argued that Khan should recuse herself, saying that her not doing so will “taint all of the agency’s litigation choices in the event the case proceeds.”
I think Julius Caesar, before he had a bad day, allegedly said:
If you must break the law, do it to seize power: in all other cases observe it.
My thought is, “Enough of this pretending to be powerful.” Let’s make the US a real 21st century banana republic. Is there a T shirt which says, “Tech Rules” on the back and “I am Julius” on the front? There may be a market for one or two.
Stephen E Arnold, December 7, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
