Bottom Line I.T. with Mike Maddox and Erik Jacobsen
RECORDED at ASK
January 16, 2018
Segment 1
Processor Vulnerability
https://www.wired.com/story/meltdown-and-spectre-vulnerability-fix/
Spectre and Meltdown broke basic security for practically all computers. The terrifying vulnerabilities have left many confused, and it is important to follow how the remediation efforts have been going.
Segment 2
Processor Vulnerability (continued)
As a part of the Processor vulnerability identified last week, Microsoft has announced a patch that will be pushed out to all Windows 10 machines on Tuesday this week. ASK has investigated the technical details of this patch and we have identified a major concern regarding Antivirus applications. Workstations running some Antivirus applications, that are not at the latest release and update level, have the potential to go into Blue Screen when the Microsoft patch is deployed.
Your ASK Managed Services Agreement includes Webroot (the leading Antivirus Product available). Webroot will be completely updated and ready for the Microsoft patch on Tuesday. ASK Technical Services has identified your account as having some machines that are running Antivirus other than Webroot. At times Antivirus software gets installed by users, many times without even knowing that they are installing it. We strongly recommend that you allow us to remove all Antivirus other than Webroot immediately. This is part of our proactive management and no billing will be associated with this work. Please respond to this email with approval for this.
ASK Technical Services is putting together a list of the specific machines in your environment that have Antivirus other than Webroot. This is a manual effort and will not be complete until Sunday evening. Your approval for removal now, will allow me to get your company placed on the top of the list in order to avoid potentially business impacting blue screens on Tuesday.
If you have questions or concerns, please call.
Segment 3
What Happens to Open-Source Projects After a Developer’s Death?https://www.wired.com/story/giving-open-source-projects-life-after-a-developers-death/
When a developer creates a “open-source” project, anyone can use it or modify it. Meaning that if the developer dies, there is no one dedicated to approve changes to code if other developers submit bug fixes, patches, etc. The tool will eventually fail as its code becomes outdated and incompatible with newer tech. Good examples include the Linux operating system or Google’s AI framework TensorFlow, but the result is a complex, largely hidden, web of software dependencies. When open source code is maintained by a small team of volunteers, it can and has led to numerous security vulnerabilities.
Segment 4
Trying the autopilot system in Tesla’s Model S 100D on Detroit’s roads
http://www.mlive.com/auto/index.ssf/2017/10/tesla_model_s_100d.html?ath=fc0c8a8bbc92f25ac26ddd140d05d583#cmpid=nsltr_herostryimage_single
According to mlive write Benjamin Raven, the autopilot system in the Tesla Model S 100D “absolutely lives up to the hype.” Though Michigan does not allow dealership sales of Tesla cars (it does allow online sales), Raven was able to test drive the car with two Tesla representatives along for the ride. Raven writes that it was difficult to let go and allow the car to drive for him, saying “I found myself grabbing for the wheel” but continues “I learned to let the computer on wheels do what it was made to do and let it impress.”
Segment 5
Uber Reveals Data Breach and Cover-up
Uber, the ride-hailing service, revealed it paid hackers $100,000 to conceal a data breach affected 57 million accounts one year ago. In response, the firm fired CSO Joe Sullivan and deputy Craig Clark for their role in the cover up. Uber has stated that it will contact the owners associated with the breached accounts.
Segment 6 – Bottom Line Security
Uber Hacked and Surveilled Rivals
https://www.wsj.com/articles/uber-hacked-and-surveilled-rivals-alleges-ex-manager-in-letter-1513389333
In 2016 Uber had contractors who were trained by the CIA allegedly spy on another firm’s executives and sent video to former CEO Travis Kalanick. Additionally, Uber contractors allegedly used “signal-intercept equipment” to gather data on phone calls made by Uber’s opponents, politicians, and regulators. Months following, Uber allegedly hacked a competitor’s systems to gather license, name, and contact info of all the company’s drivers. These claims were among others in a 37 page letter from a former Uber official.