Archive for Amazon

BREAKING: Parler Sues Amazon For Site Takedown…. Alleges Antitrust Violations

Posted in Commentary with tags , on January 11, 2021 by itnerd

Let the games begin.

Alternative social networking service Parler has sued Amazon accusing its web hosting service of breaking anti-trust laws in taking off the platform that is popular with many right-leaning social media users. You can read the court document here. But here’s the reasons why they will lose. First of all, and most important of all, Parler violated Amazon’s terms of service because unlike Facebook and Twitter, Parler doesn’t crack down on hate speech. And you combine that with the fact that people on its platform plotted the events of last Wednesday that left five dead, Amazon was well within its rights to toss them off AWS. Second, Amazon has really deep pockets and will simply throw lawyers at this to make Parler either go away, or run them out of money.

Here’s the counterpoint. If you read their court document, they make some somewhat interesting arguments. Specifically:

4. AWS’s decision to effectively terminate Parler’s account is apparently
motivated by political animus. It is also apparently designed to reduce competition
in the microblogging services market to the benefit of Twitter.

And:

5. Thus, AWS is violating Section 1 of the Sherman Antitrust Act in
combination with Defendant Twitter. AWS is also breaching it contract with
Parler, which requires AWS to provide Parler with a thirty-day notice before
terminating service, rather than the less than thirty-hour notice AWS actually
provided. Finally, AWS is committing intentional interference with prospective
economic advantage given the millions of users expected to sign up in the near
future.

I would be interested to see if Parler can prove that there was a political motive behind this, and that Amazon is trying to hurt them. But remember on both parts of this, I’m a computer geek and not a lawyer.

This will be fun to watch.

BREAKING: Parler Is Being Suspended From AWS…. Possibly Killing The Social Media Platform

Posted in Commentary with tags , on January 9, 2021 by itnerd

Well. Who knew that Jeff Bezos who is the CEO of Amazon had Thanos like powers? I say that because news is breaking that Parler who has been punted from the Google Play Store and the Apple App Store now is in very deep trouble as it is being suspended from Amazon Web Services:

Amazon suspended the pro-Trump social-networking site Parler from its web-hosting service this weekend, a move that threatens to darken the site indefinitely after its users glorified the recent riot at the U.S. Capitol.

The e-commerce and web hosting giant said Parler had violated its terms of service given its inadequate content-moderation practices, adding in a letter to the social network that it would implement its punishment just before midnight Pacific time Monday.

What that means is that unless Parler changes course on the moderation issues that have led to these bans, Jeff Bezos has effectively Thanos snapped Parler off the Internet. Now it seems like Parler has some sort of “plan b” to get back on line based on this:

Parler also did not respond to a request for comment. But its chief executive, John Matze, said in a post on the site that Parler could be “unavailable on the Internet for up to a week as we rebuild from scratch.”

I question if that’s viable to be honest. AWS is the big boy on the block when it comes to hosting sites the scale of Parler. I am not sure who would be capable of doing the same thing at a similar scale. Not to mention who would be willing to have Parler as a customer. Thus I think that we may be watching the endgame when it comes to Parler. But I am free to be surprised.

EU Files Antitrust Charges Against Amazon For Unfair Business Practices

Posted in Commentary with tags on November 10, 2020 by itnerd

European Union regulators have filed antitrust charges against Amazon, accusing the e-commerce giant of using data to gain an unfair advantage over merchants using its platform:

The EU’s executive commission, the bloc’s top antitrust enforcer, said Tuesday that the charges have been sent to the company. The commission said it takes issue with Amazon’s systematic use of non-public business data to avoid “the normal risks of competition and to leverage its dominance” for e-commerce services in France and Germany, the company’s two biggest markets in the EU. The EU started looking into Amazon in 2018 and has been focusing on its dual role as a marketplace and retailer. In addition to selling its own products, the U.S. company allows third-party retailers to sell their own goods through its site. Last year, more than half of the items sold on Amazon worldwide were from these outside merchants. Executive Vice President Margrethe Vestager, the EU commissioner in charge of competition, said it’s not a problem that Amazon is a successful business but “our concern is very specific business conduct which appears to distort genuine competition.” Amazon faces a possible fine of up to 10% of its annual worldwide revenue, which could amount to billions of dollars. The company rejected the accusations.

Well, this isn’t good news for Amazon as this could be the start of a number of countries looking into the way that Amazon does business as the EU tends to be the bellwether for this sort of thing. Hopefully for Amazon’s sake, they have all their ducks in a row. Because this is going to get rocky.

Check Point Security Report Says That Amazon Alexa Were Subject To Extensive Levels Of Pwnage

Posted in Commentary with tags , on August 17, 2020 by itnerd

A report from Check Point Security researchers paints a pretty scary picture of how secure smart home devices are. Specifically Amazon Alexa products:

Our findings show that certain Amazon/Alexa subdomains were vulnerable to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross Site Scripting. Using the XSS we were able to get the CSRF token and perform actions on the victim’s behalf.

These vulnerabilities would have allowed an attacker to:

  • Silently install skills (apps) on a user’s Alexa account
  • Get a list of all installed skills on the user’s Alexa account
  • Silently remove an installed skill
  • Get the victim’s voice history with their Alexa
  • Get the victim’s personal information

In effect, these exploits could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill.

Successful exploitation would have required just one click on an Amazon link that has been specially crafted by the attacker.

Now all of those issues have been fixed. But it really makes one think twice about having these devices in their homes as it seems really wrong that a third party company is doing the sort of due diligence that the makers of this gear should be doing. The thing is that companies who create these devices have to have security as the top priority if these companies want consumers to buy their gear. Thus the best way for you to get the most secure smart home gear is to demand and expect better from these companies.

Tech CEOs To Get Grilled By Congress Today…. Here’s How To Watch

Posted in Commentary with tags , , , on July 29, 2020 by itnerd

Apple, Amazon, Google, and Facebook are set to be grilled by Congress today. Specifically the Judiciary Committee. The hearing is to find out if tech companies are using their dominant market positions to stifle competition which would be harmful to consumers. It will be interesting to see how this plays out as this is an election year which means that you might see some things might happen for no other reason than to increase the chances of re-election for some politician. If you’re interested in watching the “fun”, here’s a link to watch it live starting at noon ET:

Expect some feedback from yours truly once this is over.

Amazon Pauses Police Use Of Facial Recognition…. Why This Is Meaningless

Posted in Commentary with tags on June 11, 2020 by itnerd

Amazon has announced that they are going to be pausing police use of facial recognition by police forces. Here’s why via a blog post put out by Amazon:

We’re implementing a one-year moratorium on police use of Amazon’s facial recognition technology. We will continue to allow organizations like Thorn, the International Center for Missing and Exploited Children, and Marinus Analytics to use Amazon Rekognition to help rescue human trafficking victims and reunite missing children with their families.

We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge. We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested.

This is a first step, but it’s really not one that goes far enough. IBM who quit the facial recognition business earlier this week took a very definitive stand on this. This move by Amazon isn’t even close to that. It seems to me that Amazon wants to say that it is doing something to address the issues that have come out of the George Floyd protests, but at the same time still make money from this tech at a later date. Thus it seems to me that this is more of a PR stunt than anything else, and as a result is meaningless. If Amazon really wants to show some leadership on this issue, then they would do something that is closer to the IBM end of the spectrum. But I suspect they won’t and thus you should not take them seriously on this issue.

Amazon VP Quits “In Dismay” And Calls Company “Chickenshit” Over Firing Of Whistleblowers

Posted in Commentary with tags on May 4, 2020 by itnerd

It seems that there’s blowback from Amazon’s apparent firing of employees due to their concerns over their working conditions during the COVID-19 pandemic including some whistleblowers. Tim Bray who is well known for his part in creating the XML specification has quit the company “in dismay” and went public about his departure:

Tim Bray, a well known senior engineer and Vice President at Amazon has “quit in dismay” because Amazon has been “firing whistleblowers who were making noise about warehouse employees frightened of Covid-19.” In an open letter on his website, Bray, who has worked at the company for nearly six years, called Amazon “chickenshit” for firing and disparaging employees who have organized protests. He also said the firings are “designed to create a climate of fear.”

While this is going to create an optics issue for Amazon, this guy likely isn’t going to be poor, and he’s just one guy. If hundreds or thousands of people lower down on the food chain start to quit Amazon for the same reason, then Amazon may have to worry. If people at Bray’s level start to quit en-mass, then Amazon will have to worry. So while this will get the attention of many, it isn’t a watershed moment. Yet.

More Details On The Jeff Bezos Phone Hack Emerge…. Starting With The Fact That It Was An iPhone X That Was Hacked

Posted in Commentary with tags , on January 23, 2020 by itnerd

Yesterday, I wrote about the fact that Jeff Bezos had his phone hacked by the Saudis. Though they deny that it was responsible for the hack. And that massive amounts of data was downloaded. Today more details have come out regarding this hack.

  • Yesterday it wasn’t clear what phone he was using. We now know via the New York Times that it was an iPhone X.
  • This hack apparently led to a blackmail attempt of sorts from America Media Inc who also owns the National Enquirer as what was taken was apparently “embarrasing” texts and photos. That in turn led to the famous “No thank you, Mr Pecker” Medium post.

Now when I started writing this story, I thought all of this sounded familiar. And I was right when I started to look back through the blog. The attack vector, and the type of the attack is very similar to an attack on a human rights activist back in 2016. The source of the attack was malware provided by a shadowy company called NSO who is known to sell their malware to governments who don’t exactly have the best human rights records. And at the time Apple released an emergency patch to iOS 9 to close the holes that were used in that incident. Fast forward to today where the UN Report that led to me writing yesterday’s story also points to NSO:

The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials. This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.

And to add to this, Facebook who owns WhatsApp fixed an issue that fits this attack vector almost a year ago. And the thought was the NSO group was behind that attack.

Now the question is how did we get to where we are now? Well, this is the theory that is floating around if you accept that the Saudis are behind this is a follows:

  • Just before the hack, The Washington Post, which Jeff Bezos owns, was investigating American Media, Inc and it’s role in helping President Donald Trump silence women he had affairs with.
  • The Washington Post also had writing for them a person named Jamal Khashoggi. He was a vocal critic of the Saudi government and was murdered because of that. And a lot of the negative things that he had to say about the Saudi government ended up in the Washington Post
  • The Saudis were likely not happy about the Washington Post reporting. And they have a bit of a reputation of going after people that they perceive as threats in a variety of ways. Thus they hatched this scheme to use the NSO malware to get something on Bezos. And hit the jackpot with whatever “embarrassing texts and photos” that they got off the phone. Whatever “embarrassing” items they got was then turned over to American Media, Inc to try and punish Bezos for the coverage that they didn’t like. American Media in turn tried to use this “embarrassing” info to shut down the investigation into them helping President Trump. Except that it backfired on them when Bezos went public on Medium.

Interesting theory. But what are needed are facts. Only a broader investigation can not only separate fact from fiction, but it should be able to follow the facts to nail down the parties responsible and hold them accountable in any and every way possible. Clearly this was a very targeted and sophisticated attack. And because of that it is one that cannot go unpunished.

A Smartphone Belonging To Jeff Bezos Was Pwned By Saudi Hackers Who Extracted Massive Amounts Of Data

Posted in Commentary with tags on January 22, 2020 by itnerd

News is surfacing today that Amazon founder Jeff Bezos had his smartphone pwned by hackers working for the Saudi Crown Prince. Said hackers then pulled a ton of data off of it. And this was done because of the coverage that the Washington Post, which Bezos owns, has done on the Saudis. None of which was flattering given that one of the reporters was killed by Saudi agents recently. Here are the details via the Washington Post:

United Nations human rights investigators have concluded that an account belonging to Saudi Crown Prince Mohammed bin Salman sent an infected video to Amazon founder Jeff Bezos, triggering a massive extraction of data from the billionaire’s cell phone.

The report by human rights investigators Agnes Callamard and David Kaye says the forensic evidence found in Bezos’s phone “suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia.”

In a report released Wednesday, Callamard and Kaye called for the United States and other nations to investigate the alleged hacking of Bezos’s phone as part of a larger look at what they called “the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents.”

The UN officials’ report was based on a forensic investigation of Bezos’s phone commissioned by the Amazon founder, who also owns The Washington Post. Callamard and Kaye said the crown prince’s involvement in the alleged hack was part of “a pattern of targeted surveillance of perceived opponents” by Saudi authorities and was “relevant to… ongoing evaluation of claims about the Crown Prince’s involvement in the 2018 murder of Saudi and Washington Post journalist Jamal Khashoggi.”

The 2018 hack of Bezos’s phone took place five months before Khashoggi, a Saudi dissident who was under contract with The Post’s editorial department to write opinion columns, was murdered at the Saudi consulate in Istanbul. Five Saudi nationals were sentenced to death last month in connection with the Khashoggi killing after a secret trial in Saudi Arabia.

It isn’t mentioned if Bezos is on Team Android or on Team iPhone, but this whole episode does illustrate the risks of attachments that you receive. In any case, the Saudi’s deny this, which I would expect any nation state accused of hacking to do. But unfortunately for the Saudis this isn’t going to go away as the UN is calling for an investigation and one suspects that more details will come out about this hack that they will not like.

If You Have A Ring Doorbell, Law Enforcement Can Get Video From It Simply By Asking For It

Posted in Commentary with tags on August 6, 2019 by itnerd

A report in GovTech caught my eye this morning as it had news that Amazon is working with police to provide access to video from the popular Ring doorbells simply by having the cops ask for it:

What has raised eyebrows, however, is the company’s push for partnerships with law enforcement agencies across the country, a fact that some feel has allowed police to create informal surveillance networks in hundreds of neighborhoods. 

Under Ring partnerships, police are provided with a special portal that allows them to communicate with and request video from community residents.  

Amazon offers these partnerships for free, in exchange for the signing of a memo of understanding that has also caused controversy. Critics allege these memos allow Amazon the unprecedented ability to ghostwrite a majority of law enforcement’s press releases about the product, leading to accusations that “Ring is using local police as a de facto advertising firm.”

“What we’re talking about is a private company trying to disrupt the public safety infrastructure of this country in the same way that companies have gone into other parts of our society,” said Dave Maass, senior investigative researcher with the Electronic Frontier Foundation. 

Among other things, Maass sees the product as problematic for both consumer privacy and cybersecurity. 

“Information is being collected on people who are just going about their lives. Not necessarily doing anything nefarious, yet they’re having information collected on them anyway,” he said. “By deploying tens of thousands of these cameras in any given community, you’re also creating a very wide surface area for attack [for hackers],” he went on. “We’ve seen over the years that IoT devices — specifically web cameras and CCTV cameras — have proven very rich targets for malicious actors.” 

However, here’s the other side of this:

However, he [Tony Botti, public information officer for the Fresno County Sheriff’s Office] noted, there is a workaround if a resident happens to reject a police request. If the community member doesn’t want to supply a Ring video that seems vital to a local law enforcement investigation, police can contact Amazon, which will then essentially “subpoena” the video. 

“If we ask within 60 days of the recording and as long as it’s been uploaded to the cloud, then Ring can take it out of the cloud and send it to us legally so that we can use it as part of our investigation,” he said

There’s a whole number of ways that this isn’t good. Privacy for example is at the top of the list. Unauthorized access is second on that list as I would be concerned at someone trolling through videos that a Ring Doorbell records for giggles. But on the other hand, you could make an arrangement that this shouldn’t be an issue because if you have video that could help the cops, any good citizen should want to hand it over. Thus eliminating the need for the cops to troll through your video. In other words, this is a complex issue that likely needs debating in public and Amazon answering some pointed questions before this goes away.