Science/Techno Babble Random, Random

[ponchi101]

He is really not that much into democracy.

[ti-amie]

Microsoft’s new Recall feature for Copilot+PCs criticized as ‘spyware’

This week, Microsoft is hosting its annual developer conference Build from the Seattle Convention Center, and amid the flurry of AI-related announcements from the valuable software company, one has struck a false note among many tech industry followers on X (formerly Twitter).

Of many Microsoft announcements, perhaps the biggest was the introduction of new Microsoft Copilot+PCs — laptops and desktop computers outfitted with a new version of Microsoft Windows that contains its AI assistant Copilot baked into the very fabric of the operating system itself.

Copilot, in turn, is powered by a range of underlying AI models including the new GPT-4o introduced last week by Microsoft partner and investment OpenAI.

Yet the one feature in particular, Recall, stood out to some observers — and not in a good way. The Recall feature essentially records a user’s screen activity on their Copilot+PC, including mouse movements and application actions — whether a user is sending messages, checking email, editing a document or image — and allows the user to go back, replay them to find a detail or interaction they want to access again. Microsoft describes Recall this way in a blog post announcing the Copilot+ PCs:

“With Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory. Copilot+ PCs organize information like we do – based on relationships and associations unique to each of our individual experiences. This helps you remember things you may have forgotten so you can find what you’re looking for quickly and intuitively by simply using the cues you remember.”

Microsoft elaborated that the feature will allow users to “get back to where you were, whether to a specific email in Outlook or the right chat in Teams.”

Microsoft execs equated the feature to being like “photographic memory” on your PC:

A program that records all your PC activity may sound Orwellian/dystopian or ill advised, but in that same blog post, the company sought to quell concerns over privacy and security, stating that the data was “stored entirely on your device,” in something called a “personal semantic index.” As the blog post goes on:

“Your snapshots are yours; they stay locally on your PC. You can delete individual snapshots, adjust and delete ranges of time in Settings, or pause at any point right from the icon in the System Tray on your Taskbar. You can also filter apps and websites from ever being saved. You are always in control with privacy you can trust.“

A spokesperson for Microsoft reiterated those privacy and security mechanisms to VentureBeat in a brief phone call, and they also stated that the data was stored in an encrypted format on the user’s PC, would never be sent up to the cloud or the web, nor would it be used to train any Microsoft AI models — on device or elsewhere. The spokesperson said it was always in the user’s control — not any system administrator from a company.

Yet a number of users on X immediately greeted the feature and demos of it with alarm. Some even equated it to spyware or keyloggers, malware that records a user’s keystrokes and can be used to record sensitive information such as passwords.

Some pointed out the risks of having even a copy of your PC activity stored on device if the device was seized by an antagonistic party, say a government agency or security apparatus.

Others recalled how Microsoft itself, as the largest software company in the world by sheer number of devices running variants of Windows and Office, has already been subject to many hacks and cyber attacks, making this kind of on-device activity storage a potentially enticing target for hackers.

Even in a more benign case, losing your device or having it stolen — users expressed concern that their sensitive information, such as passwords, could be accessed through the Recall feature.

Even X owner Elon Musk joined in the pileup on Microsoft’s Copilot+PC Recall feature, stating “this is like a Black Mirror episode,” in reference to the dystopian sci-fi/horror series on Netflix.

Whether this backlash is deserved or not, it will be interesting to see how it impacts sales of Microsoft Copilot+PCs — if it does at all — and if any of the concerns materialize into concrete harms caused by this new Recall feature. Or, in the best case scenario for Microsoft and users of the new devices, the system works as designed and manages to provide benefits of rewinding to the past without sacrificing privacy and safety.

https://venturebeat.com/security/micros ... m-spyware/

[ponchi101]

How about the other side of security? Real story (just a couple of days ago).
My GF needed to run a program that runs in Linux. So I told her that the best, FREE linux out there is Ubuntu, and I downloaded the latest version (24.04). So I created a bootable USB, and tested it on my W10 laptop. No issues whatsoever.
I then ran it on her W11 laptop. I showed her how it works, and how she needed to boot up her laptop from the USB. We then logged out from Ubuntu and went back to W11.
Bad luck. When I ran the laptop from the USB, W11 triggered Bitlocker, an internal program from MS that locked and encrypted her hard drive because it "felt" that the Ubuntu run was a hacking attack. So, in order for her to recover her laptop, we needed to go into he MS account and get the Bitlocker recovery key. Which she could not because, having been "hacked", she needed a confirmation code sent to her recovery account, and that account was an account she had in college and she did not have her password (she had forgotten it). We eventually found it, but she was without a PC for wo days (and we are working).

In short. This drive towards AI means that companies like MS need to make their security ever stronger. To the point that if you do something that slightly resembles an attack, you are locked out of your own data, and recovery is a painstaking ordeal.
I also find it rich that Elon is talking about the security of the feature. Because, you know, X/TWT is not a prime target for security breaches.

BTW: My laptop ran Ubuntu with no triggering of Bitlocker because I never associated my laptop to my MS account, so Bitlocker has been effectively disabled in my laptp.

[ti-amie]

[ti-amie]

[ti-amie]

What caused the Windows outages affecting flights, companies around the world

By Adela Suliman
Reporter focusing on breaking U.S. and world news.


A traveler uses her mobile phone to photograph a departures board displaying blue error screens, also known as the “blue screen of death,” in Newark International Airport in New Jersey on Friday. (Bing Guan/Reuters)

Mass IT outages have caused disruptions around the world, with thousands of flights canceled or delayed and online services down at airports, hospitals, banks and businesses. Many Microsoft users started their day with an error screen — dubbed the “blue screen of death,” or BSOD error.

The company says it is aware of an issue affecting Windows programs running technology from CrowdStrike, a cybersecurity company. President Biden has been briefed on the outage and will continue to receive updates, according to an administration official. The White House is also in contact with CrowdStrike’s executive team and has offered government support, the official said, adding that it “has been convening agencies to assess impacts to the US government’s operations and entities around the country.” Here’s what to know about the widespread IT outages and what happens next.

Where have users reported outages?

As of 4 p.m. Eastern time, almost 4,200 flights have been canceled worldwide. More than 2,500 of those were flights operating into, within or out of the United States, according to FlightAware.com, an online flight tracking website. More than 37,600 flights were delayed worldwide, with delays affecting more than 8,800 flights originating and/or ending in the United States.

Major U.S. carriers, including United Airlines, American Airlines and Delta Air Lines, grounded their flights overnight, as the Federal Aviation Administration cited communications issues. Airline operations are beginning to resume some flights, but, as United later said, disruptions are expected “to continue throughout Friday.” United blamed a “third-party software outage” that impacted computer systems worldwide. American Airlines also pointed to a “technical issue with a vendor” that disrupted operations.

The Department of Homeland Security said it is “working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages.”

Transportation Secretary Pete Buttigieg said he expected issues related to transportation systems to largely be resolved by Saturday. He added on CNBC Friday that while the problems are already being “smoothed out,” the transportation systems are “tightly wound” and take time to untangle.

Airports in the Netherlands, Germany, Britain, Israel, Hong Kong and South Korea were also among those affected. Some staffers turned to manually checking in passengers as a result of the digital disruption.

What is the cause of the Windows outage, and when was it reported?

Details about the outage, which has also affected websites, broadcasters and payment systems, are still emerging. According to Microsoft Azure, a cloud computing platform, issues were first reported around midafternoon Thursday.

Microsoft said the “preliminary root cause” appeared to be “a configuration change in a portion of our Azure backend workloads.” In turn, it said, that “caused interruption between storage and compute resources which resulted in connectivity failures that affected downstream Microsoft 365 services dependent on these connections.”

There was a second, more widespread issue that resulted from a faulty update from CrowdStrike, according to the companies. They believe the Azure outage is not related to the CrowdStrike one.

“Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally,” a Microsoft spokesperson said in an unsigned statement. “We are actively supporting customers to assist in their recovery.”

Early Friday, Microsoft said it had “been made aware of an issue” affecting Windows users running technology from CrowdStrike called the Falcon agent. Falcon, according to the company website, is a platform to stop online security breaches via cloud technology. It encompasses more than 10 security and IT tools including AI technology.

George Kurtz, the chief executive of CrowdStrike, said early Friday in a post on X that “the issue has been identified, isolated and a fix has been deployed.” He urged customers to utilize the company’s support portal for the latest updates.

CrowdStrike was set up in 2011 by co-founders Kurtz and Dmitri Alperovitch to provide security for the world’s leading businesses using “endpoint protection” and “expert intelligence to pinpoint … adversaries” who are launching cyberattacks, according to its official website.

What have Microsoft and CrowdStrike said about the outages?

Kurtz blamed “a defect … in a single content update for Windows hosts.” Mac and Linux hosts were not impacted, and “this is not a security incident or cyberattack,” he added in a post on X.

In a later appearance Friday morning on NBC News’s “Today” show, Kurtz said the company was “deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this.” Many CrowdStrike systems are recovering and will be soon be operational, Kurtz said, but “it could take some time for some systems that won’t automatically recover.”

In a separate update, Microsoft said some customers have managed to resolve the issue by “attempting multiple Virtual Machine restart operations,” although it appeared that “several reboots” — as many as 15 — could be required.

It also noted that users “may be unable to access various Microsoft 365 apps and services,” including Microsoft Teams and the Microsoft 365 admin center. “The underlying cause has been fixed, however, residual impact is continuing to affect some Microsoft 365 apps and services,” it said on X.

The company added that just before 11 a.m. Eastern time, all “Microsoft 365 apps and services have recovered.” It said it would continue monitoring the situation.

What services have been affected by the mass IT outages?

Health care: A number of hospitals and health services around the world have been disrupted by the outage. In the United States, the Memorial Sloan Kettering Cancer Center in New York said Friday that it is “pausing the start of any procedure that requires anesthesia,” due to a “worldwide technical disruption.” Massachusetts General Hospital said that all previously scheduled non-urgent surgeries, procedures, and medical visits would be canceled “due to the severity” of the outage.

England’s National Health Service said the outage disrupted “the majority” of family practice surgeries on Friday, affecting digital appointment and patient record systems. It said paper patient records would be used and that patients should continue to attend appointments.

Israel’s Health Ministry said the outage has hit more than a dozen hospitals and that many are operating on a manual basis while their digital services remain inaccessible. Two hospitals in the northern German cities of Luebeck and Kiel have also canceled elective surgeries scheduled for Friday, Reuters reported.

Emergency phone lines: Alaska State Troopers said early Friday that “many 911 and non-emergency call centers are not working correctly” across the state, citing a “technology-related outage.” It redirected emergency callers to different numbers in a Facebook post.

Paris 2024 Olympics: The Paris Olympics organizing committee said Friday that some of its IT services have been disrupted by “the global technical issues affecting Microsoft software,” though it stressed that ticketing systems were unaffected and “the preparation of venues is continuing normally.” The outage has had a “limited” impact so far, affecting “the delivery of uniforms and accreditations,” while some delegations were experiencing flight delays, it added. The Olympics are due to start next week.

Cybersecurity: The Cybersecurity and Infrastructure Security Agency said Friday it had noticed threat actors using the outage to push phishing attempts and cyberattacks. It added it was working with CrowdStrike and others to address the issues stemming from the widespread IT outage.

What does CrowdStrike do?

Founded by two former executives from rival cybersecurity firm McAfee, CrowdStrike sells security products like Falcon and provides consulting to companies on how to improve their cybersecurity.

CrowdStrike has also worked closely with U.S. officials in investigating cyberthreats. It has gained prominence for its probes into major cyberattacks, including the 2014 hack of Sony Pictures and the 2016 cyberattack on the Democratic National Committee.

CrowdStrike linked the Sony hack to North Korea, saying it found similarities between the malware used against Sony and ones previously used by a North Korea-linked group it termed Silent Chollima.

In 2015, CrowdStrike also made waves by announcing it had evidence that hackers linked to China’s government may have tried to violate a U.S.-China agreement to hold off on economic espionage against one another.

CrowdStrike was hired by the DNC to investigate a cyber intrusion in 2016, bringing the company into conflict with Donald Trump, who questioned the company’s conclusion that Russia was behind the attack.

Who are CrowdStrike customers?

CrowdStrike says 298 of the Fortune 500 companies use its products, including top companies in the food, auto, technology, finance and manufacturing industries.

CrowdStrike’s website lists Target, T-Mobile, Salesforce, Ericsson, Cox Automotive, Intel, Saatva and Telus Health as some of its customers. It also says 43 of the 50 U.S. states are protected by the company.

A range of federal agencies also use CrowdStrike. The Social Security Administration and Department of Education are among those that have reported an impact.

https://www.washingtonpost.com/world/20 ... explainer/

[ti-amie]

LittleAlex
@littlealex@infosec.exchange
Too funny: In 2010 McAffe caused a global IT meltdown due to a faulty update. CTO at this time was George Kurtz. Now he is CEO of #crowdstrike

https://www.zdnet.com/article/defective-mc

Defective McAfee update causes worldwide meltdown of XP PCs

Oops, they did it again. Early this morning, McAfee released an update to its antivirus definitions for corporate customers that mistakenly deleted a crucial Windows XP file, sending systems into a reboot loop and requiring tedious manual repairs. It's not the first strike for the company, either. I've got details.

Written by Ed Bott, Senior Contributing Editor
April 21, 2010 at 7:02 a.m. PT

[Update, April 22. More details in my follow-up post, McAfee admits "inadequate" quality control caused PC meltdown.]

Oops, they did it again.

At 6AM today, McAfee released an update to its antivirus definitions for corporate customers that had a slight problem. And by "slight problem," I mean the kind that renders a PC useless until tech support shows up to repair the damage manually. As I commented on Twitter earlier today, I'm not sure any virus writer has ever developed a piece of malware that shut down as many machines as quickly as McAfee did today.

Here's how the SANS Internet Storm Center describes the screw-up:

McAfee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and [lose] all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of "ePolicyOrchestrator", which is used to update virus definitions across a network, appears to have [led] to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update "DAT" files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.

The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus.

McAfee now has its own KnowledgeBase page posted, with details about the problem and the fix. The symptoms are described, tersely, as "Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010."

Update: Engadget's Nilay Patel quotes a statement from McAfee downplaying the impact on consumers:

The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.

That's bad news for McAfee. Corporate customers are likely to tally up the one-day cost of fixing this damage (or multiple days, if Engadget's report of tens of thousands of affected PCs within single companies is accurate), and they're likely conclude that it's time to find a new supplier of security software. At the very least, McAfee is going to have a lot of explaining to do at contract renewal time.

McAfee says it has already replaced the faulty virus definitions with an updated set, so if you update your definitions using the most recent set you will not encounter this issue. The company's official recommendation for repairing the damage involves copying Svchost.exe from a working system and manually copying it to an affected system. The McAfee technical bulletin doesn't include details about how to get to a command prompt on a system that's been temporarily bricked. (Using an XP installation disk allows a tech support professional to boot to a recovery environment and copy the necessary files from a command prompt. The good folks at BleepingComputer.com have published a tutorial that explains the process. Third party recovery tools also provide access to the file system from command-line environments.) This sort of repair is not a job for end users, certainly, and generally requires a skilled support professional.

Update 2: An e-mail correspondent from a large U.S. company (see full text at end of this post) says that multiple files in addition to Svchost.exe mght be affected and claims that simply replacing Svchost.exe might not be enough to repair the damage. I'm still looking to confirm this report.

Update 3, 22-Apr: McAfee has released a repair tool it calls the SuperDAT Remediation Tool. Details are on this page. Running this tool is still a manual process that requires booting from portable media and running the executable file, in safe mode if necessary.

Now, it is hard to imagine picking a more crucial file to torpedo. Svchost.exe is one of the most crucial of all Windows system files. It hosts the services that make just about every OS function possible. As the symptoms described here suggest, Windows simply won't start if Svchost.exe isn't there.

The bigger question is how on earth an update like this ever made it out of the testing lab and onto a production server. This should have been caught at the very beginning of the testing process.

Unfortunately, though, this isn't the first time McAfee has had a screw-up like this. Back in 2009, when the Conficker worm was making the rounds, I took a close look at how McAfee was handling its response to the new threat and was appalled at the sloppy, error-ridden documents they published for consumers and IT professionals. Here's what I wrote at the time:

Security is serious business, and details matter. When a company as large as McAfee is this sloppy with its public response to a high-profile issue, it makes you wonder how tightly the engineering, development, and support sides of the business are being operated.

Now we know.

Ironically, one company that was apparently affected by this issue is Intel, which was identified by the New York Times. It's the second major security headache for Intel in six months, following a widely publicized breach of its systems in China around New Year's. (Intel acknowledged the "recent and sophisticated incident [that] occurred in January 2010" in its 10-K report filed with the SEC earlier this year.)

If you've been affected by this issue, leave a comment in the Talkback section, I'll add further details as I come across them.

Update: I'm beginning to hear directly from people who were affected by this colossal screw-up. One correspondent says he just fixed over 300 PCs: "Looked so much like Blaster from way back. Horrible clean up too as no network access. Moving clients to something with more centralized control ASAP."

A report from a university IT pro says 1200 PCs on his network were knocked out.

Another e-mail from an IT pro at a large U.S. company says that "hundreds of users" in his organization were impacted:

This issue affected a large number of users and is not resolved by simply replacing svchost.exe. You must boot to safe mode, then installl the extra.dat, then manually run the vscan console. You then remove the quarantined files. All users had at least two and some had up to 15. Unfortunately, using this method, you have no way to determine if some of the files you are restoring are vital system files or virus files.

I'm still hoping to get confirmation from Intel, where at least one anonymous source says "tens of thousands of PCs" were hit.

A report from Australia says 10% of the cash registers at the country's largest supermarket chain were knocked out, forcing the closure of 14-18 stores.

Via e-mail, I've heard firsthand reports from people who had to manually repair PCs at some very large corporations and arms of the U.S. military.

https://www.zdnet.com/article/stop-payi ... heres-why/

[ponchi101]

Don't they have a closed network to test this crap?
I mean, I have a mirror site of our site and I test our extension before I upload to this real one. Not a lot of managerial thinking to do.

[ashkor87]

Don't they have a closed network to test this crap?
I mean, I have a mirror site of our site and I test our extension before I upload to this real one. Not a lot of managerial thinking to do.

Devops!

[ti-amie]

Don't they have a closed network to test this crap?
I mean, I have a mirror site of our site and I test our extension before I upload to this real one. Not a lot of managerial thinking to do.

There's speculation that the work on this was outsourced because it's more cost efficient to do that these days.

I agree with you Ponchi. If someone writes code for an update their work should be checked by someone and then again. I don't get it.

[ti-amie]

[ponchi101]

Wow. Orwell was only wrong by 40 years. Not bad.

[ti-amie]

[ti-amie]

John Scott-Railton
@jsrailton
BREAKING: #Telegram CEO Pavel Durov arrested by French authorities.

Early official comments to French media suggest this follows from France's displeasure with Telegram's moderation & compliance with official requests(?).

If so, I'm pretty sure this is an unprecedented action by a government against a large platform's CEO.

Arrests of employees of big platforms over moderation & access are rare.

For example, folks may recall a 2016 case where Brazil arrested a VP at Facebook for refusing to provide Brazilian police with access to WhatsApp.

That said, it seems to me that threats to arrest platforms' staff over moderation & official cooperation fights are increasing, especially from governments in some big markets.

TF1 (machine trans FR)

[Owendonovan]

Brazil Blocks X After Musk Ignores Court Orders
The social network will go dark in the nation of 200 million, the result of an escalating fight between Elon Musk and a Brazilian judge over what can be said online.





https://www.nytimes.com/2024/08/30/worl ... ocked.html