Jan 15, 2020

Axios Login

Well, it doesn't seem like the DOJ-Apple encryption debate is settled, at least given President Trump's tweet on Tuesday night. (Meanwhile, Apple is preparing for the tough fight ahead.)

What is settled is today's Login. It is a bit longer than said tweet, but even still it's only 1,340 words, a 5-minute read.

1 big thing: Microsoft patches big Windows flaw discovered by NSA

Illustration: Sarah Grillo/Axios

Microsoft released a security patch Tuesday to fix a major flaw in the Windows operating system. Although Microsoft says it hasn't seen evidence the issue has been exploited in the wild, it's a significant vulnerability that could allow an attacker to "decrypt confidential information" on unmatched systems.

Why it matters: The flaw's seriousness made headlines, but it's just as notable that the National Security Agency alerted Microsoft to it. In the past, the NSA has kept some Windows flaws to itself to use for its own purposes.

Of note: Although the NSA confirmed it discovered the flaw, a representative declined to say when it was discovered, when it was disclosed to Microsoft, whether it considered keeping the flaw to itself, and what motivated the agency to ultimately disclose the issue to Microsoft.

What's next: Microsoft confirmed details of the flaw and the release of the patch, adding that its security software can detect and block malware attempting to use this vulnerability. ​It affects versions of Windows 10 as well as the 2016 and 2019 versions of Windows Server, but not Windows 8 or earlier versions.

  • "We have not seen any evidence that this technique has been used in the wild," Microsoft said. "As always we encourage customers to install all security updates as soon as possible.”

Details: The vulnerability was rated "important," Microsoft's second highest rating, because exploiting it requires user interaction. (Critical flaws can be exploited with no user interaction.)

  • Krebs on Security, which reported the existence of the patch Monday night, described it as "an extraordinarily serious security vulnerability in a core cryptographic component."
  • Also, per Krebs, Microsoft has already delivered a patch for the bug to the U.S. military and other key customers and potential targets, such as the companies that manage internet infrastructure. Those companies had to agree not to disclose details of the vulnerability.
  • In a statement, Microsoft said it doesn't release production-ready updates ahead of its regular Update Tuesday schedule, but it does give advance versions to partners "for the purpose of validation and interoperability testing in lab environments." Those who get the advance versions are not supposed to use them for production machines.

What they're saying: Longtime security expert Dan Kaminsky, chief scientist at White Ops, tells Axios that the flaw is a big deal, despite the less-than-critical rating assigned by Microsoft.

"It does happen that some bugs are 'overhyped'. Not this one. A flaw here exposes itself on sensitive attack surfaces across the entire Windows platform, in subtle ways that are difficult to predict and — critically — would be highly reliable. Absolutely the real deal, patch this immediately."
— Dan Kaminsky
2. Feds' role chided as T-Mobile-Sprint trial wraps up

Photo: Justin Sullivan/Getty Images

The states trying to block the T-Mobile-Sprint merger in court got a boost this week from T-Mobile's home state as the litigation heads into closing arguments Wednesday, Axios' Margaret Harding McGill reports.

Driving the news: Washington state attorney general Bob Ferguson, in a court filing this week, called out the Justice Department for attempting to "undermine the states’ important and independent role in enforcing antitrust laws" in its efforts to convince the court to OK the deal.

  • The DOJ and FCC in their own December filing told the court that blocking the deal would override and undermine the findings they made when they reviewed and approved the merger last year.
  • Ferguson, who has not joined the more than a dozen attorneys general suing to stop the merger, said that states and the federal government should both have a say in antitrust enforcement. He took issue with the notion that "if DOJ has taken a position on an antitrust matter, the states have no authority to reach a contrary conclusion."

What's next: Closing arguments begin at 10 am in a New York federal court Wednesday. New York attorney general Letitia James, who is leading the case alongside California's Xavier Becerra, is expected to attend.

  • Separately, a D.C. court is reviewing the settlement the Justice Department (and several other states, including Sprint's home state of Kansas) reached with T-Mobile and Sprint in approving the deal.
  • The D.C. court late last week extended the settlement review process by accepting briefs until Feb. 7.
  • The court review process is typically a rubber stamp exercise. The move to gather additional feedback is "not a good sign" and casts further uncertainty around T-Mobile and Sprint's ability to quickly close their deal, LightShed analysts Walt Piecyk and Joe Galone said in a note.
3. IBM and Samsung top U.S. patent list
Photo: USPTO.gov

With 2019 in the books, it's time to look at how the various tech giants fared in the competition to pile up patents.

What's new: When including various subsidiaries, Seattle-based Sqoop found that Samsung edged out perennial top patent-getter IBM for utility patent applications and grants, as well as design patents. LG and Canon also were in the top five.

Why it matters: Looked at individually, patents represent merely a single idea that may or may not come to fruition. Taken in aggregate, though, patent applications and grants are a key measure of the overall strength of a company's intellectual property portfolio.

By the numbers: Here are some other findings...

  • Microsoft moved up from 10th position to sixth.
  • Ford entered the top 10, the only auto maker to do so.
  • In terms of utility patent applications, Huawei ranked sixth, a sign it's stepping up its IP efforts amid its legal and legislative challenges.

Meanwhile, using a somewhat different methodology, IFI Patents put out its own list of 2019 U.S. patent recipients.

  • This report places IBM atop the pack, where it has been for the past 27 years.
  • IBM had 9,262 patents last year, up 2%, per IFI, followed by Samsung, Canon, Microsoft and Intel.
4. Deloitte: All firms are tech firms (or dinosaurs)

For years now, Deloitte has called out a range of trends affecting tech companies in an annual report.

The latest: The biggest change in this year's report, out today, is that the identified trends don't just apply to tech companies, but are instead technology shifts changing how business is done at all manner of companies.

Why it matters: Of course, there are companies whose primary business is technology, but there are no longer companies that are immune to tech's influence. Rather, there are businesses across industries that are embracing technology — and those that are trying to resist its impact.

"Every company is a technology company," Deloitte CTO Bill Briggs tells Axios. "Emerging technology isn’t just informing new products and customer-facing breakthroughs, but being applied behind the scenes to fundamentally reimagine how work gets done and how businesses [and] governments run."

Details: In its report, Deloitte cites a number of trends, including...

  • The importance of trust.
  • "Digital twins," aka powerful virtual models of real-world scenarios, which rely on sensors and increasingly accurate simulation software to move beyond current uses like manufacturing and R&D.
  • The role finance departments can play as either gatekeepers or catalysts for innovation.

The bottom line: "Technology’s pace of change is only going to increase, and its impact is only going to expand," Briggs says.

5. Take Note

On Tap

  • The DCN Next: Summit is taking place in Miami starting today, with our own Sara Fischer and Jim VandeHei speaking later this week.

Trading Places

  • Longtime Uber employee Rachel Holt, who has most recently been its head of scooters and bikes, is leaving the company, as Dan Primack and Kia Kokalitcheva scooped yesterday.
  • Stack Overflow is today announcing Teresa Dietrich as its new chief product officer. She was previously global head of product and engineering McKinsey New Ventures and before that held posts at Namely, WebMD and AOL.
  • Local services company Thumbtack named Jeff Grant as chief operating officer and Scott Booker as chief product officer. Grant served as CMO at LeapFrog and CEO at both DriversEd and insuranceQuotes, while Booker was CEO at Healthgrades and served as product and marketing chief and president of international for A Place for Mom.
  • Jim Prosser, who ran communications at SoFi (and before that was at Twitter and Google), is joining Edelman as a managing director for its corporate and advisory practice, focused on West Coast-based clients, especially those in tech.


6. After you Login

Former facebook security chief Alex Stamos gave the commencement speech at UC Berkeley, tapping an algorithm to write the opening paragraph by analyzing past speeches from the likes of Steve Jobs, David Foster Wallace and Oprah. What ensued, of course, was amazing.