|
Welcome to the MSP Radio newsletter, catching you up on some stories you might have missed! Each week we'll pull a few stories from the podcasts, give you highlights and insights, and make it easy for you to catch up on the latest news and commentary.
Share the newsletter and podcast with your colleagues, and help change the conversation around delivering technology services.
|
|
Clearview AI: Facial Recognition
From Monday, Jan 20th's Business of Tech Podcast: The New York Times has released an expose about Clearview AI, a startup that has built a facial recognition app. The system leverages a database of more than three billion images scraped from Facebook, YouTube, Venmo, and millions of other sites, and is now being leveraged by law enforcement to identify individuals. This article is worth the read, but some highlights.
- The app is available on a 30-day trial, which is noted as the best sales engine for law enforcement
- The photos can be less than perfect, which is contributing to the success rate.
- The tool matches roughly 75% of the time
- The app developers are knowingly in violation of the Terms of Service for the apps they are leveraging.
Why do we care?
If you run a chemical company, the most profitable way to handle your waste would be to dump it into the river. Not worrying about the disposal of waste is clearly the best method to save money and make an efficient business. It’s society that says we want clean water, and thus you can’t do that.
If you want to build the most profitable tech company, you mine as much data as you can, or you sell as much data as you can. Clearview and companies like Facebook are highly motivated to both leverage or provide data in this manner. It needs to be society that governs what is allowed, and what isn’t. Clearview AI admits in the article they know they are in violation of the Terms of Service and don’t care.
Thus, why you care. If you deliver tech services, you care about the coming regulation because you need to understand why it’s happening, and what society – your customers – want to have happen.
I believe there is a competitive position in being the company that helps customers do better with their information and data. Clearly, there is growing public demand for it. Now someone should help make it happen.
|
|
A new Phishing Scam Targets Nest and Ring Camera users
|
|
|
|
There's a new phishing scam targeting users very specifically. So why do we care? What can we learn?
|
|
All the patches, all the problems
From Thursday, Jan 23rd and Friday, Jan 24th's shows: Reported Thursday, Cisco is urging customers to update Firepower Management Center, after users informed it of a critical bug in LDAP authentication from an external authentication server. Devices are vulnerable if configured to authenticate users via an external LDAP server. The researcher who reported the flaw has released proof of concept exploit code.
ConnectWise Control, used by at least 100,000 users managing millions of endpoints, has been discovered to have eight security flaws that allow for an “attack chain” to hijack managed systems, according to security consultant Bishop Fox. ConnectWise has announced they have solved 6 of the issues, plans to fix the 7th, and calls the 8th a “feature”, not a bug and the company believes the final item does not pose a credible threat to users of the product.
“The conversation turned a little contentious,” Bishop Fox Associate Vice President of Consulting Daniel Wood told CRN. “A threat of defamation and libel did come up in that conversation. That immediately concerned us,” Wood said. “We absolutely stand behind the researchers we have and support them. As long as they follow our policies and procedures -- and we do things by the book -- then we’re always going to support them and stand up for them. If someone is threatening litigation, that’s only going to make us double down on protecting our researchers, consultants, and our company.”
Reported Friday, news broke of another exploit in the technology stack of service providers, with Solarwinds MSP’s N-Central having a zero-day vulnerability which allowed security researchers to steal the administrative credentials of an account holder, as discovered by Huntress Labs and reported by CRN.
The flaw, known as “Dumpster Diver”, was reported October 10 without a proof of concept, and SolarWinds began working on a patch earlier this week when a proof of concept was disclosed. The proof of concept is in the wild, disclosed January 21st in a Packet Storm article showing how to use the exploit to seize account credentials.
Why do we care?
Let me be clear that this section is my opinion because it’s clear some get litigious. I’ve been talking a lot about ethics, privacy, and security on this podcast and in other venues.
When a security researcher approaches you, there are already well-established practices for engagement. Threatening lawsuits is not one of them.
Last week, I reported on the NSA working with Microsoft. Here, Cisco works with a researcher to identify and fix the problem. The one answer that doesn’t come up is “threats of defamation and libel”. That's the wrong answer.
Now, to the takeaway. Security is ultimately everyone’s responsibility along the chain, and if you are concerned about the security of your customers, you will need to make judgement calls about which companies you trust and which you do not to have your back. If you don’t trust a supplier, you can experience pain now of switching, or pain later of a breach, because everyone gets breached.
In a bonus episode on Saturday, I spoke with Huntress Labs CEO and researcher Kyle Hanslovan, and asked about the way security vulnerabilities are reported, because my take is that a good portion of those delivering services aren’t in the business of security, and don’t understand how security vulnerabilities are reported and how companies work on those problems. It's a good resource.
|
|
Four Stories that didn't make the podcast
In five minutes each day, there are stories that don't make the podcast but were interesting and notable. I cover those in a weekly live stream, having a bit more time to talk about why they interest me, and why they didn't make the show. This week, Kaseya's $2B valuation, Canalys PC predictions, Funding for Doctors in the UK from tech, and Wikipedia back online in Turkey. Check out the video below, and broadcasts go to Facebook, YouTube, and Twitch. Follow on one of those platforms to get live-streamed coverage as it happens!.
|
|
|
|
MSP Radio Livestream on YouTube
|
|
Upcoming events!
Catch these upcoming educational events!
- Everyone is Angry At Tech!
-
Technology is changing all the time, but public perception of technology has changed even faster. From the darling of society to recipient of public scorn, big tech has changed the conversation … and not for the better. What has happened to customers’ trust, and how does it change the way solution providers should position their services? What new services can be leveraged, and how can the apparent difficulties in the market be leveraged into real opportunity?
This webinar will provide attendees with guidance for the new reality of customer perception by showcasing:
- How the market has changed
- What the pitfalls are
- How to create new service opportunities to stand apart from the crowd
- Webinar on Feb 5th, from 2pm to 3pm EST
|
|
|
|
