Microsoft and Security: A Rerun with the Same Worn-Out Script
March 12, 2024
This essay is the work of a dumb dinobaby. No smart software required.
The Marvel cinematic universe has spawned two dozen sequels. Microsoft’s security circus features are moving up fast in the reprise business. Unfortunately there is no super hero who comes to the rescue of the giant American firm. The villains in these big screen stunners are a bit like those in the James Bond films. Microsoft seems to prefer to wrestle with the allegedly Russian cozy bear or at least convert a cartoon animal into the personification of evil.
Thanks, MSFT, you have nailed security theater and reruns of the same tired story.
What’s interesting about these security blockbusters is that each follows a Hollywood style “you’ve seen this before nudge nudge” approach to the entertainment. The sequence is a belated announcement that Microsoft security has been breached. The evil bad actors have stolen data, corrupted software, and by brute force foiled the norm cores in Microsoft World. Then announcements about fixes that the Microsoft custoemr must implement along with admonitions to keep that MSFT software updated and warnings about using “old” computers, etc. etc.
“Russian Hackers Accessed Microsoft Source Code” is the equivalent of New York Times film review. The write up reports:
In January, Microsoft disclosed that Russian hackers had breached the company’s systems and managed to read emails belonging to senior executives. Now, the company has revealed that the breach was worse than initially understood and that the Russian hackers accessed Microsoft source code. Friday’s revelation — made in a blog post and a filing with the Securities and Exchange Commission — is the latest in a string of breaches affecting the company that have raised major questions in Washington about Microsoft’s security posture.
Well, that’s harsh. No mention of the estimable alleged monopoly’s releasing the information on March 7, 2024. I am capturing my thoughts on March 8, 2024. But with college basketball moving toward tournament time, who cares? I am not really sure any more. And Washington? Does the name evoke a person, a committee, a committee consisting of the heads of security committees, someone in the White House, an “expert” at the suddenly famous National Bureau of Standards, or absolutely no one.
The write asserts:
The company is concerned, however, that “Midnight Blizzard is attempting to use secrets of different types it has found,” including in emails between customers and Microsoft. “As we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” the company said in its blog post. The company describes the incident as an example of “what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.” In response, the company has said it is increasing the resources and attention devoted to securing its systems.
Microsoft is “reaching out.” I can reach for a donut, but I do not grasp it and gobble it down. “Reach” is not the same as fixing the problems Microsoft caused.
Several observations:
- Microsoft is an alleged monopoly, and it is allowing its digital trains to set fire to the fields, homes, and businesses which have to use its tracks. Isn’t it time for purposeful action from the US government agencies with direct responsibility for cyber security and appropriate business conduct?
- Can Microsoft remediate its problems? My answer is, “No.” Vulnerabilities are engineered in because no one has the time, energy, or interest to chase down problems and fix them. There is an ageing programmer named Steve Gibson. His approach to software is the exact opposite of Microsoft’s. Mr. Gibson will never be a trillion dollar operation, but his software works. Perhaps Microsoft should consider adopting some of Mr. Gibson’s methods.
- Customers have to take a close look at the security breaches endlessly reported by cyber security companies. Some outfits’ software is on the list most of the time. Other companies’ software is an infrequent visitor to these breach parties. Is it time for customers to be looking for an alternative to what Microsoft provides?
Net net: A new security release will be coming to the computer near you. Don’t fail to miss it.
Stephen E Arnold, March 12, 2024
x
x
x
x
x
Sales SEO: A New Tool for Hype and Questionable Relevance
February 5, 2024
This essay is the work of a dumb dinobaby. No smart software required.
Search engine optimization is a relevance eraser. Now SEO has arrived for a human. “Microsoft Copilot Can Now Write the Sales Pitch of a Lifetime” makes clear that hiring is going to become more interesting for both human personnel directors (often called chief people officers) and AI-powered résumé screening systems. And for people who are responsible for procurement, figuring out when a marketing professional is tweaking the truth and hallucinating about a product or service will become a daily part of life… in theory.
Thanks for the carnival barker image, MSFT Copilot Bing thing. Good enough. I love the spelling of “asiractson”. With workers who may not be able to read, so what? Right?
The write up explains:
Microsoft Copilot for Sales uses specific data to bring insights and recommendations into its core apps, like Outlook, Microsoft Teams, and Word. With Copilot for Sales, users will be able to draft sales meeting briefs, summarize content, update CRM records directly from Outlook, view real-time sales insights during Teams calls, and generate content like sales pitches.
The article explains:
… Copilot for Service for Service can pull in data from multiple sources, including public websites, SharePoint, and offline locations, in order to handle customer relations situations. It has similar features, including an email summary tool and content generation.
Why is MSFT expanding these interesting functions? Revenue. Paying extra unlocks these allegedly remarkable features. Prices range from $240 per year to a reasonable $600 per year per user. This is a small price to pay for an employee unable to craft solutions that sell, by golly.
Stephen E Arnold, February 5, 2024
Microsoft Security: Are the Doors Falling Off?
January 22, 2024
This essay is the work of a dumb dinobaby. No smart software required.
“Microsoft Network Breached Through Password-Spraying by Russian-State Hackers” begs to be set to music. I am thinking about Chubby Checker and his hit “Let’s Twist Again.” One lyric change. Twist becomes “hacked.” So “let’s hack again like we did last summer.” Hit?
A Seattle-based quality and security engineer finds that his automobile door has fallen off. Its security system is silent. It must be the weather. Thanks, MSFT second class Copilot Bing thing. Good enough but the extra wheel is an unusual and creative touch.
The write up states:
Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said [on January 19, 2024]. The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers.
The Ars Technica story noted:
A Microsoft representative said the company declined to answer questions, including whether basic security practices were followed.
Who did this? One of the Axis of Evil perhaps. Why hack Microsoft? Because it is a big, juicy target? Were the methods sophisticated, using artificial intelligence to outmaneuver state-of-the-art MSFT cyber defenses? Nope. It took seven weeks to detect the password guessing tactic.
Did you ever wonder why door fall off Seattle-linked aircraft and security breaches occur at Seattle’s big software outfit? A desire for profits, laziness, indifference, or some other factor is causing these rather high-profile issues. It must be the Seattle water or the rain. That’s it. The rain! No senior manager can do anything about the rain. Perhaps a solar wind will blow and make everything better?
Stephen E Arnold, January 22, 2024
Regulators Shift into Gear to Investigate an AI Tie Up
January 19, 2024
This essay is the work of a dumb dinobaby. No smart software required.
Solicitors, lawyers, and avocats want to mark the anniversary of the AI big bang. About one year ago, Microsoft pushed Google into hitting its Code Red button. Investment firms, developers, and wild-eyed entrepreneurs knew smart software was the real deal, not a digital file of a cartoon like that NFT baloney. In the last 12 months, AI went from jargon and eliciting yawns to the treasure map to the fabled city of El Dorado (even if it was a suburb of Grants, New Mexico. Google got the message quickly. The lawyers. Well, not too quickly.
Regulators look through the technological pile of 2023 gadgets. Despite being last year’s big thing, the law makers and justice deciders move into action mode. Exciting. Thanks, MSFT Copilot Bing thing. Good enough.
“EU Joins UK in Scrutinizing OpenAI’s Relationship with Microsoft” documents what happens when lawyers — after decades of inaction — wake to do something constructive. Social media gutted the fabric of many cultural norms. AI isn’t going to be given a 20 year free pass. No way.
The write up reports:
Antitrust regulators in the EU have joined their British counterparts in scrutinizing Microsoft’s alliance with OpenAI.
What will happen now? Here’s my short list of actions:
- Legal eagles on both sides of the Atlantic will begin grooming their feathers in order to be selected to deal with the assorted forms, filings, hearings, and advisory meetings. Some of the lawyers will call Ferrari to make sure they are eligible to buy a supercar; others may cast an eye on an impounded oligarch-linked yacht. Yep, big bucks ahead.
- Microsoft and OpenAI will let loose an platoon of humanoid art history and business administration majors. These professionals will create a wide range of informative explainers. Smart software will be pressed into duty, and I anticipate some smart automation to provide Teflon the the flow of digital documentation.
- Firms — possibly some based in the EU and a few bold souls in the US — will present information making clear that competition is a good thing. Governments must regulate smart software
- Entities hostile to the EU and the US will also output information or disinformation. Which is what depends on one’s perspective.
In short, 2024 will be an interesting year because one of the major threat to the Google could be converted to the digital equivalent of a eunuch in an Assyrian ruler’s court. What will this mean? Google wins. Unanticipated consequence? Absolutely.
Stephen E Arnold, January 19, 2024
A Swiss Email Provider Delivers Some Sharp Cheese about MSFT Outlook
January 17, 2024
This essay is the work of a dumb dinobaby. No smart software required.
What company does my team love more than Google? Give up. It is Microsoft. Whether it is the invasive Outlook plug in for Zoom on the Mac or the incredible fly ins, pop ups, and whining about Edge, what’s not to like about this outstanding, customer-centric firm? Nothing. That’s right. Nothing Microsoft does can be considered duplicitous, monopolistic, avaricious, or improper. The company lives and breathes the ethics of Thomas Dewey, the 19 century American philosopher. This is my opinion, of course. Some may disagree.
A perky Swiss farmer delivers an Outlook info dump. Will this delivery enable the growth of suveillance methodologies? Thanks, MSFT Copilot Bing thing. Thou did not protest when I asked for this picture.
I read and was troubled that one of my favorite US firms received some critical analysis about the MSFT Outlook email program. The sharp comments appeared in a blog post titled “Outlook Is Microsoft’s New Data Collection Service.” Proton offers an encrypted email service and a VPN from Switzerland. (Did you know the Swiss have farmers who wash their cows and stack their firewood neatly? I am from central Illinois, and our farmers ignore their cows and pile firewood. As long as a cow can make it into the slaughter house, the cow is good to go. As long as the firewood burns, winner.)
The write up reports or asserts, depending on one’s point of view:
Everyone talks about the privacy-washing(new window) campaigns of Google and Apple as they mine your online data to generate advertising revenue. But now it looks like Outlook is no longer simply an email service(new window); it’s a data collection mechanism for Microsoft’s 772 external partners and an ad delivery system for Microsoft itself.
Surveillance is the key to making money from advertising or bulk data sales to commercial and possibly some other organizations. Proton enumerates how these sucked up data may be used:
- Store and/or access information on the user’s device
- Develop and improve products
- Personalize ads and content
- Measure ads and content
- Derive audience insights
- Obtain precise geolocation data
- Identify users through device scanning
The write up provides this list of information allegedly available to Microsoft:
- Name and contact data
- Passwords
- Demographic data
- Payment data
- Subscription and licensing data
- Search queries
- Device and usage data
- Error reports and performance data
- Voice data
- Text, inking, and typing data
- Images
- Location data
- Content
- Feedback and ratings
- Traffic data.
My goodness.
I particularly like the geolocation data. With Google trying to turn off the geofence functions, Microsoft definitely may be an option for some customers to test. Good, bad, or indifferent, millions of people use Microsoft Outlook. Imagine the contact lists, the entity names, and the other information extractable from messages, attachments, draft folders, and the deleted content. As an Illinois farmer might say, “Winner!”
For more information about Microsoft’s alleged data practices, please, refer to the Proton article. I became uncomfortable when I read the section about how MSFT steals my email password. Imagine. Theft of a password — Is it true? My favorite giant American software company would not do that to me, a loyal customer, would it?
The write up is a bit of content marketing rah rah for Proton. I am not convinced, but I think I will have my team do some poking around on the Proton Web site. But Microsoft? No, the company would not take this action would it?
Stephen E Arnold, January 17, 2023
An Effort to Put Spilled Milk Back in the Bottle
December 15, 2023
This essay is the work of a dumb dinobaby. No smart software required.
Microsoft was busy when the Activision Blizzard saga began. I dimly recall thinking, “Hey, one way to distract people from the SolarWinds’ misstep would be to become an alleged game monopoly.” I thought that Microsoft would drop the idea, but, no. I was wrong. Microsoft really wanted to be an alleged game monopoly. Apparently the successes (past and present) of Nintendo and Sony, the failure of Google’s Grand Slam attempt, and the annoyance of refurbished arcade game machines was real. Microsoft has focus. And guess what government agency does not? Maybe the Federal Trade Commission?
Two bureaucrats to be engage in a mature discussioin about the rules for the old-fashioned game of Monopoly. One will become a government executive; the other will become a senior legal professional at a giant high-technology outfit. Thanks, MSFT Copilot. You capture the spirit of rational discourse in a good enough way.
The MSFT game play may not be over. “The FTC Is Trying to Get Back in the Ring with Microsoft Over Activision Deal” asserts:
Nearly five months later, the FTC has appealed the court’s decision, arguing that the lower court essentially just believed whatever Microsoft said at face value…. We said at the time that Microsoft was clearly taking the complaints from various regulatory bodies as some sort of paint by numbers prescription as to what deals to make to get around them. And I very much can see the FTC’s point on this. It brought a complaint under one set of facts only to have Microsoft alter those facts, leading to the courts slamming the deal through before the FTC had a chance to amend its arguments. But ultimately it won’t matter. This last gasp attempt will almost certainly fail. American regulatory bodies have dull teeth to begin with and I’ve seen nothing that would lead me to believe that the courts are going to allow the agency to unwind a closed deal after everything it took to get here.
From my small office in rural Kentucky, the government’s desire or attempt to get “back in the ring” is interesting. It illustrates how many organizations approach difficult issues.
The advantage goes to the outfit with [a] the most money, [b] the mental wherewithal to maintain some semblance of focus, and [c] a mechanism to keep moving forward. The big four wheel drive will make it through the snow better than a person trying to ride a bicycle in a blizzard.
The key sentence in the cited article, in my opinion, is:
“I fail to understand how giving somebody a monopoly of something would be pro-competitive,” said Imad Dean Abyad, an FTC attorney, in the argument Wednesday before the appeals court. “It may be a benefit to some class of consumers, but that is very different than saying it is pro-competitive.”
No problem with that logic.
And who is in charge of today Monopoly games?
Stephen E Arnold, December 15, 2023
The Power of Regulation: Muscles MSFT Meets a Strict School Marm
November 17, 2023
This essay is the work of a dumb dinobaby. No smart software required.
I read “The EU Will Finally Free Windows Users from Bing.” The EU? That collection of fractious states which wrangle about irrelevant subjects; to wit, the antics of America’s techno-feudalists. Yep, that EU.
The “real news” write up reports:
Microsoft will soon let Windows 11 users in the European Economic Area (EEA) disable its Bing web search, remove Microsoft Edge, and even add custom web search providers — including Google if it’s willing to build one — into its Windows Search interface. All of these Windows 11 changes are part of key tweaks that Microsoft has to make to its operating system to comply with the European Commission’s Digital Markets Act, which comes into effect in March 2024
The article points out that the DMA includes a “slew” of other requirements. Please, do not confuse “slew” with “stew.” These are two different things.
The old fashioned high school teacher says to the high school super star, “I don’t care if you are an All-State football player, you will do exactly as I say. Do you understand?” The outsized scholar-athlete scowls and say, “Yes, Mrs. Ee-You. I will comply.” Thank you MSFT Copilot. You converted the large company into an image I had of its business practices with aplomb.
Will Microsoft remove Bing — sorry, Copilot — from its software and services offered in the EU? My immediate reaction is that the Redmond crowd will find a way to make the magical software available. For example, will such options as legalese and a check box, a new name, a for fee service with explicit disclaimers and permissions, and probably more GenZ ideas foreign to me do the job?
The techno weight lifter should not be underestimated. Those muscles were developed moving bundles of money, not dumb “belles.”
Stephen E Arnold, November 17, 2023
An Odd Couple Sharing a Soda at a Holiday Data Lake
November 16, 2023
What happens when love strikes the senior managers of the technology feudal lords? I will tell you what happens — Love happens. The proof appears in “Microsoft and Google Join Forces on OneTable, an Open-Source Solution for Data Lake Challenges.” Yes, the lakes around Redmond can be a challenge. For those living near Googzilla’s stomping grounds, the risk is that a rising sea level will nuke the outdoor recreation areas and flood the parking lots.
But any speed dating between two techno feudalists is news. The “real news” outfit Venture Beat reports:
In a new open-source partnership development effort announced today, Microsoft is joining with Google and Onehouse in supporting the OneTable project, which could reshape the cloud data lake landscape for years to come
And what does “reshape” mean to these outfits? Probably nothing more than making sure that Googzilla and Mothra become the suppliers to those who want to vacation at the data lake. Come to think of it. The concessions might be attractive as well.
Googzilla says to Mothra-Soft, a beast living in Mercer Island, “I know you live on the lake. It’s a swell nesting place. I think we should hook up and cooperate. We can share the money from merged data transfers the way you and I — you good looking Lepidoptera — are sharing this malted milk. Let’s do more together if you know what I mean.” The delightful Mothra-Soft croons, “I thought you would wait until our high school reunion to ask, big boy. Let’s find a nice, moist, uncrowded place to consummate our open source deal, handsome.” Thanks, Microsoft Bing. You did a great job of depicting a senior manager from the company that developed Bob, the revolutionary interface.
The article continues:
The ability to enable interoperability across formats is critical for Google as it expands the availability of its BigQuery Omni data analytics technology. Kazmaier said that Omni basically extends BigQuery to AWS and Microsoft Azure and it’s a service that has been growing rapidly. As organizations look to do data processing and analytics across clouds there can be different formats and a frequent question that is asked is how can the data landscape be interconnected and how can potential fragmentation be stopped.
Is this alleged linkage important? Yeah, it is. Data lakes are great places to part AI training data. Imagine the intelligence one can glean monitoring inflows and outflows of bits. To make the idea more interesting think in terms of the metadata. Exciting because open source software is really for the little guys too.
Stephen E Arnold, November 16, 2023
Bing Chatbot Caught Allowing Malicious Ads to Slip Through
November 13, 2023
This essay is the work of a dumb humanoid. No smart software required.
Bing has been so excited to share its integrated search chatbot with the world. Unfortunately, there is a bit of a wrinkle. Neowin reports, “Microsoft Is Reportedly Allowing Malicious Ads to Be Served on Bing’s AI Chat.” Citing a report from Malwarebytes, writer Mehrotra A tells us:
“Bing AI currently adds hyperlinks to text when responding to user queries and some times, these hyperlinks are sponsored ads. However, when Malwarebytes asked Bing AI how to download Advanced IP Scanner, it gave a hyperlink to a malicious website instead of the official website. While, Microsoft does put a small ad label next to the link, it is easy to overlook and an unsuspecting user will not think twice before clicking the link and downloading a file that could very well damage their system. In this instance, the ad opened a fake URL that filtered traffic and took the real users to a fake website that mimics the official Advanced IP Scanner website. Once some one runs the executable installer, the script tries to connect to an external IP address. Unfortunately, Malwarebytes did not find the final intention or the payload but it could have easily being a spyware or a ransomware.”
Quite the oversight. The write-up concludes Microsoft is not sufficiently vetting marketing campaigns before they go live. We can only hope Malwarebyte’s discovery will change that.
Cynthia Murrell, November 13, 2023
The GOOG and MSFT Tried to Be Pals… But
October 30, 2023
This essay is the work of a dumb humanoid. No smart software required.
Here is an interesting tangent to the DOJ’s case against Google. Yahoo Finance shares reporting from Bloomberg in, “Microsoft-Google Peace Deal Broke Down Over Search Competition.” The two companies pledged to stop fighting like cats and dogs in 2016. Sadly, the peace would last but three short years, testified Microsoft’s Jonathan Tinter.
In a spirit of cooperation and profits for all, Microsoft and Google-parent Alphabet tried to work together. For example, in 2020 they made a deal for Microsoft’s Surface Duo: a Google search widget would appear on its main screen (instead of MS Bing) in exchange for running on the Android operating system. The device’s default browser, MS Edge, would still default to Bing. Seemed like a win-win. Alas, the Duo turned out to be a resounding flop. That disappointment was not the largest source of friction, however. We learn:
“In March 2020, Microsoft formally complained to Google that its Search Ads 360, which lets marketers manage advertising campaigns across multiple search engines, wasn’t keeping up with new features and ad types in Bing. … Tinter said that in response to Microsoft’s escalation, Google officially complained about a problem with the terms of Microsoft’s cloud program that barred participation of the Google Drive products — rival productivity software for word processing, email and spreadsheets. In response to questions by the Justice Department, Tinter said Microsoft had informally agreed to pay for Google to make the changes to SA360. ‘It was half a negotiating strategy,’ Tinter said. Harrison ‘said, ‘This is too expensive.’ I said, ‘Great let me pay for it.’’ The two companies eventually negotiated a resolution about cloud, but couldn’t resolve the problems with the search advertising tool, he said. As a result, nothing was ever signed on either issue, Tinter said. ‘We ultimately walked away and did not reach an agreement,’ he said. Microsoft and Google also let their peace deal expire in 2021.”
Oh well, at least they tried to get along, we suppose. We just love dances between killer robots with money at stake.
Cynthia Murrell, October 30, 2023
-
- Subscribe to Beyond Search
Feature archive
News archive
-
