More than 2 years after Susan Fowler's account of sexual harassment at Uber kicked off a wave of reckoning inside tech companies, the industry is still more reactive than forward-looking in handling the ethical issues raised by sexual misconduct.

Why it matters: By waiting for media exposure before taking principled action against sexual harassment and related misdeeds, some tech leaders are still sending a message of "get away with it as long as you can" rather than "do what's right." 

Driving the news: Over the weekend, MIT Media Lab head Joi Ito resigned after revelations that he and others allowed convicted sex offender Jeffrey Epstein to play a prominent role in donating and soliciting donations for the institution.

• A wave of news coverage this summer chronicled Epstein's role as a funder of research scientists and the Media Lab — long after his conviction for soliciting prostitution from a minor in 2008. That prompted a public apology from Ito, but also a letter in his defense from dozens of his associates and friends.
• Women inside the institution raised questions to Ito about the issue at the time that he did not pursue.
• It took a Ronan Farrow exposé in the New Yorker, detailing that Ito and the Media Lab knew there was a problem and took pains to try to keep Epstein's donations anonymous.
• And as recently as this past week, according to reports, the lab's founder Nicholas Negroponte was arguing that it was fine to take the money and he'd advise doing it again.

The big picture: It's clear that there has been progress over the last 30 months, with some changes in both personnel and policy at a number of major tech companies.

• Uber has replaced its CEO, ousted some others and revised some policies, including an end to confidentiality agreements and forced arbitration for those making sexual misconduct allegations.
• Under pressure, Google agreed to stop forcing arbitration on those alleging sexual harassment.
• A number of tech venture capital firms, including 500 Startups and Binary Capital, have made leadership changes amid sexual misconduct allegations.

Yes, but: Too often, companies are still either covering up problems that are likely to become public knowledge eventually, or responding only after the press turns a spotlight on a problem that they've long known about.

• Google paid $90 million to Andy Rubin and $15 million to Amit Singhal in severance deals despite allegations of sexual harassment against the former executives.
• And David Drummond remains the chief lawyer at Google's parent company, despite having had at least one and allegedly more affairs with co-workers in the legal department.

What they're saying: Kara Swisher in the New York Times: "Corner-cutting ethics have too often become part and parcel to the way business is done in the top echelons of tech, allowing those who violate clear rules and flout decent behavior to thrive and those who object to such behavior to endure exhausting pushback."

What's next: Look for more fallout from Epstein's tech connections, as well as closer scrutiny of contributions and investments from other potentially tainted sources, like Saudi money tied to the murder of journalist Jamal Khashoggi.

A group of state attorneys general led by Texas' Ken Paxton is expected to announce today a new antitrust probe into Google, adding to the lengthening list of U.S. investigations into the big internet companies.

Why it matters: Big Tech companies like Google, Facebook, and Amazon are now facing numerous state and federal probes into their practices.

• These companies have historically enjoyed wide regulatory freedom in the U.S., but lawmakers and regulators want to change that — and antitrust law gives the government its most powerful tools to penalize, regulate or even break up American corporations.

The big picture: Axios' Kia Kokalitcheva put together this overview of the many government inquiries the companies face, from antitrust to privacy and other concerns...

Facebook:

• The Federal Trade Commission is reportedly looking into some of Facebook's large acquisitions, including WhatsApp and Instagram, as part of an antitrust probe.
• A group of state attorneys general led by New York's Letitia James is looking into "whether Facebook's actions may have endangered consumer data, reduced the quality of consumers’ choices, or increased the price of advertising."
• Facebook said in July it will pay a $5 billion fine for a separate case the commission brought over the company's privacy practices.
• Facebook and its acquisitions are subject to the House Judiciary Committee's broad investigation into antitrust.
• Facebook's Calibra subsidiary is also facing ongoing scrutiny from the House Financial Services Committee as well as the Senate Banking Committee over its plans for a cryptocurrency.

Alphabet/Google:

• Google disclosed Friday that the Justice Department recently requested documents about its prior antitrust investigations, signaling the company is a target of the agency's broader probe into big tech companies.
• A group of state attorneys general is expected to announce an investigation into Google's anti-competitive practices.
• YouTube recently settled with the FTC over charges it had illegally collected children's personal information. It will pay a $170 million fine.
• Google is also facing the House Judiciary Committee's probe into big tech antitrust as it pertains to its large share of the internet search market.

Amazon:

• The retail giant's practices — in particular, how it competes with third-party sellers on its marketplace — are part of the House Judiciary Committee's antitrust investigation of big tech companies.
• The FTC has also indicated its interest in studying Amazon's competition with third-party sellers.

Apple:

• Apple is also part of the House Judiciary Committee's probe, which is looking into whether the cut that its App Store takes from software developers' revenue is anti-competitive.

Glitches in software designed by Netflix in 2013 could allow an attacker to crash a TV, according to new research from security firm ForAllSecure, Axios' Joe Uchill reports. The software, known as DIAL, was used in early versions of Google Chromecast and installed in several TVs and other devices from the the middle of the decade.

The big picture: Netflix's software allowed people to broadcast video from a phone or computer onto their television and was an early component of Chromecast until Google moved that software in a different direction. Though the software is now obsolete, many TVs came preinstalled with DIAL.

The discovery was made by 2 interns at ForAllSecure completing an assignment to use the company's Mayhem automated security analysis software to analyze open source software.

• The interns turned the glitches over to Netflix through a "bug bounty" program, where Netflix offers cash rewards to researchers who uncover security flaws in its products. Netflix has now patched the bug.
• The interns will get to keep the bounty, co-founder and CEO David Brumley told Axios. "You've got to motivate interns to stay in security somehow," he said.

U.S. Cyber Command released samples of North Korea's government-funded malware to researchers during the early hours of North Korea's Day of the Foundation of the Republic — a move seemingly timed to unnerve the hermit nation during a national holiday, Joe reports.

The big picture: Cyber Command periodically releases malware to the research community to bolster private sector defenses against foreign threats.

• But while previous releases received praise from the researchers for providing new details about threat groups, the North Korean samples that were released on a Sunday in the U.S. don't immediately appear to be as fruitful.

What they're saying: "It's old [samples]," tweeted Sergio Caltagirone, VP of threat intelligence for Dragos.

• The link between the Sunday release date and the North Korean holiday was first noticed by Andrew Thompson of Mandiant.

Cyber Command released the samples between midnight and 1am, North Korea time, on Sept. 9.

• The release contains samples of malware from the hacker group Hidden Cobra, which the U.S. government has attributed to North Korea.
• Cyber Command would not say if the timing of the release was intentional. "We do not discuss details about the malware samples the CNMF team posts," a spokesperson told Axios.

On Tap

• IFA is wrapping up this week in Berlin, while Apple's iPhone event on Tuesday will be the week's focal point.
• Vox Media's Code Commerce conference takes place today and Tuesday in New York.
• The White House is holding a summit on government use of AI.

Trading Places

• Glossier hired 19-year Amazon veteran longtime Melissa Eamer as COO.
• Former CBS News head David Rhodes is consulting for Spotify as the streaming audio firm works on its news strategy, The Information reports.

ICYMI

• Uber is exploring ways to offer financing to drivers. (Vox)
• Google says it will stop taking ads for unproven medical techniques, including untested stem cell therapies. (The Verge)
• HackerOne has raised $36 million in fresh funding. (TechCrunch)
• Former HTC chief Peter Chou is working on some sort of social VR headset in partnership with Deutsche Telecom. (CNET)
• Instagram's new role as a disinformation zone. (Axios)

Check out Microsoft, the Musical, a project of some of the software maker's summer interns.