Forgot your password?
typodupeerror

Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)

joshuark writes: ProPublica Reporter Renee Dudley heard Microsoft was running tech support for the U.S. Defense Department through China, the country’s biggest cybersecurity adversary.

The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.

“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.

In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.

It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.

A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.

Submission + - Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets (nerds.xyz) 2

BrianFagioli writes: Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets

Microsoft CEO Satya Nadella says businesses may be paying twice for artificial intelligence: once with money, and again with the proprietary knowledge they feed into AI systems to make them useful. He calls this the Reverse Information Paradox, arguing that prompts, corrections, evaluations, workflows, and other usage data can gradually expose how a company actually operates.

Nadella says enterprises should keep control of their own models, memory, feedback, and internal learning loops while avoiding dependence on a single AI provider. The warning is notable coming from Microsoft, which sells the cloud infrastructure and AI services needed to build exactly that kind of private environment.

Comment Re: Oh no the Russians! (Score 1) 45

Don't underestimate the skills of some people. If it's a live stream camera then it's not that impossible.

Timezone is the easiest part. Shadows can indicate latitude, so if you can narrow it down to state level then you can start to look for the visible details like vegetation and road details. If you can capture a few vehicles with identifiable information (handymen with their phone numbers are golden info) it's also going to be easier.

Submission + - Once Unimaginable, Publishers Are Preparing to Opt Out of Google Search (adweek.com)

schwit1 writes: For decades, publishers have done everything in their power, from the legal to the not-explicitly illegal, to rank as highly in Google Search as possible. For many websites, traffic from the search engine was their single greatest source of audience and, as a result, revenue.

Now though, a handful of influential players in the digital media ecosystem have begun moving in the opposite direction, laying the groundwork for what was once unthinkable: removing themselves from Google Search.

Last week, the content delivery network Cloudflare, which hosts roughly one-fifth of the websites in the world, gave Google an ultimatum.

The nuclear option is gaining traction as web traffic collapses and Google refuses to negotiate with content creators

Beginning Sept. 15, all new websites signing up for Cloudflare, as well as all the customers on its free tier, will have the default settings in their bot management protocol set to block “multi-purpose crawlers” on any webpage that has ads. This means that any crawler that scrapes for both search indexing and AI training will be turned away at the door, unless the site owner decides otherwise.

“We’ve been clear about what we want,” said Cloudflare chief strategy officer Stephanie Cohen. “We want a technical solution that allows you to be discoverable without having to give your content away for free.”

While a handful of crawlers fit this description—Apple and Bing, among others—the primary, unnamed target of this action is Google, which infamously uses one crawler to both index sites and train its AI models.

In doing so, Google forces publishers to make an impossible choice: They either allow both functions, enabling Google to scrape their content to train the AI products that are regurgitating their data without compensation; or they shut off both functions and disappear from Google Search, presumably losing their largest source of traffic in the process.

Submission + - How Flock Cameras Wrongly Tracked Journalist for Days Over 'Stolen' Plates (thedrive.com)

sinij writes:

The New Jersey plates that were allegedly stolen from the LA dealer were 34 03 DTM, not 34 10 DTM. But when the police report was created and the plate was entered into Flock’s system, it was just recorded as 34 DTM.
Still, he warned me to drive straight home, park the Range Rover, and leave it there. If I were to cross into the neighboring town, I’d probably get flagged again and go through this entire ordeal again with a different set of officers. His parting words were ominous: “You’re lucky we’re in Plymouth. If you were in Minneapolis, they definitely would’ve come at you with guns drawn.”


Slashdot Top Deals

You can't go home again, unless you set $HOME.

Working...