Connect with us

ZDNET

Tech giants say government cyber assistance would simply cause more problems

Published

on

An Australian intelligence and security committee has been told by technology giants that they foresee no scenario where the installation of government software would be of benefit and do not require assistance from the government in responding to cyber incidents.

“I cannot think of a situation where installing ASD software on our networks would be of assistance,” director of Google’s threat analysis group Shane Huntley said.

“We have a good working relationship with the ACSC and there has been productive threat sharing, and we believe that there is a productive means to collaborate as collaborators, not as coercion or them stepping in to operate our systems and to install stuff on our systems.

“That is where we draw the strong line.”

Among other things, the Security Legislation Amendment (Critical Infrastructure) Bill 2020 would allow government to provide “assistance” to entities in response to significant cyber attacks on Australian systems. This includes the proposal for software to be installed that is touted as aiding providers in dealing with threats.

Huntley on Thursday told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) — which is looking into the Bill — that if there was an incident, Google would absolutely work with the Australian Signals Directorate (ASD) to help respond if required, however that is where it would end.

“I do not believe that there is a situation where installing ASD software on our networks or our systems, especially in the heat of an incident, is actually going to cause anything except more problems, and it’s not going to help the solution and it’s not going to help the problem at hand,” he continued.

Appearing alongside Huntley was Atlassian director of global public policy David Masters, who echoed much the same — that it’s not that his company wouldn’t want to work with the Australian Cyber Security Centre (ACSC), but allowing officials into his company’s networks to install software and somewhat pick up the running of services and processes is not a scenario he could see Atlassian wanting or even requiring.

The tech sector has raised concerns with government step in powers from day one. Amazon Web Services (AWS) previously said government “assistance” or “intervention” powers could give it overly broad powers to issue directions or act autonomously and Microsoft previously told the PJCIS it would prefer the government stay out of its incident response.

When Atlassian and Google were testifying that the views of the panel were that government assistance would not be required, AUCloud stepped in to say “never say never”.  

Senator James Paterson said it was remarkable that Atlassian and Google saw no scenario where assistance would help and asserted it was the view of witnesses other than AUCloud. He then gave Microsoft and AWS the opportunity to clarify their position, but the two companies chose not to do so, although after the hearing, AWS has disassociated itself from the comments.

Earlier in the hearing, AWS director of Australia and New Zealand public policy Roger Somerville said there was a risk of the government stepping in.

“There’s a deeper underlying assumption in the entire Bill here that seems to be that if something bad happens to a critical piece of Australia’s infrastructure then the government is capable of stepping in and fixing that thing, and in many instances we think that’s a really big risk of the government stepping in and misunderstanding how the regulated entity operates, maybe making things worse, so creating more or new problematic security and systemic risks in the process,” Somerville said.

“We think that could have really significant consequences for Australia’s economy and should be avoided.”

Similarly, Hasan Ali, assistant general counsel in Microsoft’s office of critical infrastructure, said prior to Google and Atlassian’s remarks that “installation of any type of software, particularly in a complex and interconnected network will have severe adverse consequences”.

“Doing so in the data storage or processing sector with hyperscale cloud providers, these are interdependent systems, they will introduce vulnerabilities, and we think it’s going to be potentially a source of substantial third-party risk that we may have to mitigate for, from the government, if there is uncertainty with how these powers may be used,” Ali said.  

While Huntley accepted that installing software to allow for monitoring and detection of threats and for data collection would be beneficial for those without a sophisticated IT environment and a lack of internal capability, that isn’t the case with the likes of Google.

“We have 1,000s of security engineers, we have our own systems for monitoring, threat analysis, detection, and the best way — and really, the only feasible way to do this sort of monitoring — would be with our own systems and our own tools,” he said. “I really can’t imagine the situation where there is some software from ACSC or ASD which installing on our systems wouldn’t even work, let alone be safe.”

Instead, he would prefer the government provide threat information.

“If ASD wants to say, ‘Here’s what to look for on your systems, here is the IP addresses, here’s the signatures of the malware, here is data to help in this instance’, we always want to see that information,” he said.

“What we need is information and collaboration, because the only real software that’s safe to operate in a sort of Google or hyperscale cloud environment is our software and our systems that have been tested and vetted.

“I don’t think there was a gap that can be filled by the government here.”

Speaking following the tech giants, auDA CEO Rosemary Sinclair said the Department of Home Affairs had taken on its recommendation for the domain name system to be treated as a subsector, rather than being “caught up” in the broader communications sector.

Sinclair added the domain administrator was already adhering to cybersecurity standards such as the Essential Eight and ISO27001, using DNSSEC, and working with parts of its supply chain and registry operators on cyber assessments and red team exercises. She said AuDA will be auditing them every 12 months, with the potential penalty for failure to comply being the loss of accreditation.

“If needed we have our own disaster recovery arrangements and could step in should a register or the registry fail. All that is already in place and is quite extensive in its operation and effective,” Sinclair said.

“All those relationships and processes are in place, and one of the things that strikes us about the legislation is that it’s focusing on a problem of the unwilling and trying to address that. Whereas I suspect that … the vast majority of people who have been engaging in this process are in fact, the willing.”

In response, Senator Paterson pointed back to a large company that refused assistance from ASD.

“Unfortunately, we do have to legislate … for those worst case scenarios, and we are already aware of, at least, one instance, of the significant entity failing to cooperate when they should have in a serious cybersecurity incident,” he said.

“And so, unfortunately, the Parliament can’t ignore that — we have to balance the impact that it has on those of you who do have better practice.”

Sinclair said that the government should be careful about creating a solution to the wrong problem, but that she appreciated the problem of “somebody reaching for the lawyers, rather than actually reaching for the cybersecurity experts”.

“Nonetheless, the powers that are being proposed are very significant and require proportionate use and scrutiny.”

Updated 9 July 2021 at 4:00pm AEST: Added quote from AWS representative Roger Somerville and clarified that AWS and Microsoft had the ability to counter the claims made by Atlassian and Google but chose not to.

MORE ON THE CRITICAL INFRASTRUCTURE BILL

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/tech-giants-say-government-cyber-assistance-would-simply-cause-more-problems/#ftag=RSSbaffb68

ZDNET

New AI tools aim to improve live-stream content moderation

Published

on

While Facebook, Twitter, Google and other popular web-service providers are busy deploying legions of people to mitigate online toxicity in the forms of hate speech, bullying, and sexual/racial abuse, two lesser-known companies have come together in a new research and development project to try and resolve these problems in the live-streaming video industry.

The Meet Group, which develops software for interactive dating websites, and Spectrum Labs, which makes an AI-based audio-content moderation platform, on July 27 announced an expansion of their partnership to include a significant R&D commitment into voice moderation aimed at protecting users from online toxicity in TMG’s live-streaming applications.

The Meet Group owns several mobile social networking services including MeetMe, hi5, LOVOO, Growlr, Skout, and Tagged. The company has registered millions of mobile daily active users and facilitates tens of millions of conversations daily. Its mobile apps are available on iOS and Android in multiple languages.

Hate and personally abusive speech are increasing in many channels, as social-networking companies have reported. Voice moderation is currently a major challenge because recording all content is not possible nor privacy-friendly in an ephemeral live-streaming video context, TMG said. Existing methods of AI voice moderation are slow, tedious, and cost-prohibitive, because they require voice content to be transcribed before the text AI can be applied.

Recording, analyzing content at the right time

The Meet Group and Spectrum Labs are partnering to record content at the right time and proactively and cost-effectively detect toxicity, improve accuracy for moderators, and expand safety measures for users, TMG said.

“The method of monitoring live streaming video today is twofold,” TMG CEO Geoff Cook told ZDNet. “One is algorithmic sampling of the stream every five to seven seconds, analyzing it, and taking actions accordingly. The other is the report side; we have 500-plus moderators who are staffing this and putting eyes on the stream in less than a minute after that report button is tapped. We want to record and transcribe that content, analyze it based on what’s going on, index it potentially in some kind of category, take action on it, then make that transcription or recording available to the moderator.

“This R&D project is concerned with being more thoughtful about filling in the gaps in the existing moderation.”

Voice tracking will begin recording from two different triggers: The first happens when a report button is tapped; the tool will begin recording the voice track and automatically send it for analysis. The second trigger will begin voice recording automatically based on comments in the video. If an issue is believed to exist in the video based on the comments in the chat, the live stream proactively will be reported.

If a content violation is believed to exist, the recording, along with the behavior flag and transcription, in addition to the live stream itself, if still in progress, will be sent to one of The Meet Group’s 500+ human moderators, who will review the content under the company’s Content and Conduct policy to see if a policy was violated. 

Live-streaming usage increasing on social networks

Social, dating, and gaming companies are increasingly moving into live streaming video to improve community engagement, Spectrum Labs CEO Justin Davis told ZDNet. 

“With that shift comes a growing demand for effective moderation for voice,” Davis said. “With a billion minutes spent in its live-streaming platform per month and nearly 200,000 hours of content broadcast per day, The Meet Group is a fantastic partner with whom to work in deploying Spectrum’s toxic-voice detection and moderation platform to deliver best-in-class user safety controls for their moderation team and consumers alike.”

“User safety is fundamental to what we do, and effective moderation of live-streaming video requires effective moderation of all aspects of the stream, including voice, text chat, and video,” Cook said. “The combination of Spectrum’s technology and moderation solutions with our safety standards and processes create what we believe is a model that others in the live-streaming video industry may look to follow.”

The expanded partnership announced July 27 also includes algorithmic moderation of all chats sent within The Meet Group’s live-streaming solution and AI private-chat moderation.

The algorithmic chat moderation which will be available to The Meet Group apps as well as the company’s expanding list of vPaaS partners will be screening the nearly 15 million daily chats within the live-streaming feature for hate speech, sexual harassment, and other code-of-conduct violations, TMG said.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/new-ai-tools-aim-to-improve-live-stream-content-moderation/#ftag=RSSbaffb68

Continue Reading

ZDNET

Apple says supply constraints to worsen this quarter, impact iPhone sales

Published

on

Following much better-than-expected fiscal Q3 results this afternoon from Apple, the company’s CFO, Luca Maestri, told Wall Street analysts on a conference call that sales growth this quarter will be affected as the impact of the global supply chain on Apple’s business worsens from what it was the previous quarter.

“We expect very strong double-digit year over year revenue growth during the September quarter,” said Maestri, adding “we expect revenue growth to be lower than our June quarter year-over-year growth of 36%, and for three reasons.”

Explained Meastri,

First, we expect the foreign exchange impact on our year over year growth rate to be three points less favorable than it was during the June quarter. Second, we expect our services growth rate to return to a more typical level then the growth rate during the June quarter, which benefited from a favorable comparison as certain services were significantly impacted by the Covid lockdown a year ago. And third, we expect supply constraints during the September quarter to be greater than what we experienced here in the June quarter, the constraints will primarily impact iPhone.

Asked whether the supply chain impact will persist into Apple’s December quarter, CEO Tim Cook said “I don’t want to predict that today, we’re going to take it one quarter at a time.” Asked if Apple was absorbing higher costs, Cook said the cost of global freight has risen for the company. “We’re paying more for freight than I would like to pay,” he said. But chips and other ingredients are not driving up costs, he suggested. “Component costs continue in the aggregate to decline,” said Cook. 

The earnings report initially sent Apple shares up slightly in late trading, though the stock quickly gave up gains and turned down by almost 3%. 

Revenue in the three months ended in June rose 36%, year over year, to $81.4 billion, yielding a net profit of $1.30 a share.

Analysts had been modeling $73.33 billion and $1.01 per share.

Within the categories of revenue, Apple’s sales of iPhone rose by 50%, year over year, to $39.6 billion.

Maestri’s forecast for “strong double-digit growth” compares to Wall Street consensus for growth of 26.4%, totaling $81.79 billion. Hence, if sales growth is expected to be below the 36% of last quarter, it could still be higher than that consensus outlook.

Tech Earnings

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/apple-says-supply-constraints-to-worsen-this-quarter-impact-iphone-sales/#ftag=RSSbaffb68

Continue Reading

ZDNET

Google announces new bug bounty platform

Published

on

Google announced a new bug bounty platform as it celebrated the 10-year anniversary of its Vulnerability Rewards Program (VRP). The program led to a total of 11,055 bugs found, 2,022 rewarded researchers and nearly $30 million in total rewards. 

Jan Keller, technical program manager for Google’s VRP, said that in honor of the program, they are unveiling a new platform:  bughunters.google.com.

“This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues,” Keller said. 

Keller added that the platform will have gamification features and offer more chances for interaction or competition. There will be per-country leaderboards and chances to acquire awards or badges for specific bugs. 

The company is also creating a more “aesthetically pleasing leaderboard” as a way to help those using their achievements in the VRP to find jobs. There will even be more chances for bug hunters to learn through the new Bug Hunter University.

“We know the value that knowledge sharing brings to our community. That’s why we want to make it easier for you to publish your bug reports. Swag will now be supported for special occasions (we heard you loud and clear!),” Keller wrote. 

The blog post notes that more people should take advantage of other VRP features like the ability to submit patches to open-source software for rewards and potential rewards for research papers on the security of open source. 

Some open-source software may even be eligible for subsidy, Keller explained. 

“When we launched our very first VRP, we had no idea how many valid vulnerabilities — if any — would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20,” Keller said. 

“In the end, we actually received more than 25 reports, taking all of us by surprise. Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team.”

Keller went on to thank the Google bug hunter community for their work and urged them to give feedback about the new platform. 

Hank Schless, senior manager at Lookout, said his company has reported nearly 600 malicious apps found in the Play Store and commended Google for “essentially crowdsourcing their bug and vulnerability reporting.”

“Google has always taken a more open approach to its software than comparable companies. Android, for example, is built on open-source technology that enables more customization of the OS,” Schless said. 

“Relying on others to help report on issues is a key part of creating a secure customer experience that can continue to improve. This type of community-based knowledge only serves to make the world a more secure place.”

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/google-announces-new-bug-bounty-platform/#ftag=RSSbaffb68

Continue Reading

ZDNET

Microsoft Teams hits 250 million monthly active user milestone

Published

on

teams250million.jpg
Credit: Microsoft

Microsoft officials say the Teams collaboration platform has hit the 250 million monthly active user milestone, up from the 145 million daily active user total it hit in April this year. Microsoft execs shared the new number as part of the company’s Q4 FY21 earnings announcement on July 27.

Kyle Vikstrom, Director of Microsoft Investor Relations, shared the new Teams usage number with me ahead of the Q4 FY21 analyst call. The new metric Microsoft now is using is monthly, not daily, active users.

On Microsoft’s earnings call, officials said that Microsoft has nearly 80 million monthly active Teams Phone users. They added that 124 organizations now have more than 100,000 users of Teams and nearly 3,000 have more than 10,000 users.

In April 2020, Microsoft was at 75 million daily active users with Teams. Microsoft officials have said the rapid growth of the product is in large part fueled by the need for remote work during the COVID-19 coronavirus pandemic.

Teams is part of Microsoft’s “Commercial cloud” category and also is part of its office commercial products and cloud services revenue category. Teams began as a group-chat platform but Microsoft has been turning it into an almost operating-system-like product over time by extending its capabilities and features.  Microsoft officials said “commercial cloud” revenues — Office 365, Azure, Dynamics 365 and other cloud services — hit $19.5 billion in Q4, compared to $14.3 billion a year ago.

Microsoft is trying to grow Teams beyond its established business base by adding consumer features to the product. Microsoft is integrating a Teams Chat button into the Windows 11 taskbar in the hopes of getting more people to try Teams’ consumer capabilities.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://www.zdnet.com/article/microsoft-teams-hits-250-million-monthly-active-user-milestone/#ftag=RSSbaffb68

Continue Reading
Esports4 days ago

Teppei Genshin Impact Voice Actor: Who is it?

Esports4 days ago

Who won Minecraft Championships (MCC) 15? | Final Standings and Scores

Esports5 days ago

Can You Play Pokemon UNITE Offline?

Esports4 days ago

All ranked mode rewards for Pokémon UNITE: Season 1

Aviation3 days ago

Legendary F-14 Pilot Dale ‘Snort’ Snodgrass Dies In A Tragic Plane Crash

Cleantech4 days ago

Form Energy Reveals Iron-Air 100 Hour Storage Battery

Esports4 days ago

Sakura Arborism Genshin Impact: How to Complete

Esports4 days ago

Here are the results for the PUBG Mobile World Invitational (PMWI) West 2021

watch-live-russias-pirs-module-set-to-depart-space-station-today.jpg
Aerospace2 days ago

Watch live: Russia’s Pirs module set to depart space station today

Esports4 days ago

Here are the results for the PUBG Mobile World Invitational (PMWI) East 2021

Techcrunch4 days ago

This Week in Apps: Clubhouse opens up, Twitter talks bitcoin, Snap sees record quarter

best-gengar-build-in-pokemon-unite.png
Esports4 days ago

Best Gengar build in Pokémon UNITE

Cyber Security4 days ago

Threat Actors are Abusing Argo Workflows to Target Kubernetes

Esports4 days ago

Are there ranked rewards in Pokémon UNITE?

Cyber Security4 days ago

What Programming Language Should I Learn for CyberSecurity?

Esports4 days ago

Best Garchomp build in Pokémon UNITE

AR/VR4 days ago

Warplanes: WW1 Fighters to See Official Oculus Quest Store Launch This Week

Esports4 days ago

How to unlock Pokémon in Pokémon UNITE, all Unite License costs

Blockchain4 days ago

Canadian Border Town Halts Crypto Mining to Draw Up Regulations

AI4 days ago

What is the Freedom Phone and Should You Buy It?

Trending