All News Rundown

The End to No Breach Ransomware? | Gestalt IT Rundown: February 12, 2020

February 12, 2020
Add Comment
by Rich Stroffolino

New ransomware attacked exfiltrate data prior to encryption for blackmail, IBM standardizes on Slack, the impact of India’s proposed data privacy law, and more this week. Rich Stroffolino is joined by Keith Townsend this week for the Gestalt IT Rundown, your weekly IT news briefings.

This week on the Rundown:

The End to No Breach Ransomware? 

Ransomware is still a major issue for organizations, but I feel like we’re approaching a place where ransomware mitigation is fairly well understood. That doesn’t mean if you’re prepared you might not have services go down, but it has a less apocalyptic feel. To date, most ransomware isn’t about breaching a system, but rather than make it unavailable by encrypting content. However, recent targeted attacks by the Maze and Sodinokibi (REvil) ransomware rings have been using weaknesses in Internet-facing infrastructure to obtain data prior to typical ransomware encryption, effectively blackmailing organizations to pay up even if they can recover from the attack.

SaaS-as-a-Security

Alex Danco, formerly of Social Capital, wrote a blog post predicting the future of startup funding in the age of SaaS. He sets out that SaaS startups currently are locked into a one size fits all VC funding model based on equity, leading to a bubble mentality that promote ambiguity between founders and investors and tolerates an inherently high failure rate. The predictable revenue of SaaS startups requires more cash than a perpetual license model to reach profitability (estimated around $100+ million vs $20-30 million), but Alex sees the revenue stability of SaaS opening the doors to other financing models, specifically companies taking on debt rather than equity, turning recurring revenue into a security. He proposes: “raise your initial equity to establish your product, go-to-market, and first big cohort of users. Once you understand that first cohort of users really well, securitize the first X% of the cash flows they generate, get em off your balance sheet, and then use that money to create your next cohort of users.”

IBM Gives Itself Some Slack

Business Insider reported that IBM would deploy Slack across its 350,000 employees. This doesn;t come out of nowhere, Slack has been used at IBM since 2014, began an official parternship in 2016 and was already Slack’s largest customer in 2019. The narrative around Slack has been somewhat somber since their IPO last year, with MS Teams posting massive DAU numbers.

Impacts of India’s Proposed Privacy Law

In the wake of GDPR and CCPA, India unvealed its proposed Indian Data Protection Act of 2019 last year. It features similarities with the other two laws, including the right to be forgotten, and also would establish robust data soverienty requirements. But it also criminalizes re-identification of user data without user consent, which could cause major problems for security researchers. It’s common industry practice for companies to de-identify user data, with indepedent security teams auditing it to check if it can be reidentified, often without disclosing specific tests done at that time to the companies.

Is Chrome Too Opinionated?

Google announced that starting with Chrome 82, the browser will start warning users before starting “mixed content downloads” or non-HTTPS downloads started on secure pages. The intial rollout will only warn about executable files, which would then be blocked from downloading in Chrome 83. Archive file types, PDFs and word docs, and image files will receive download warnings in each subsequent Chrome versions, then be blocked by the version after that, with all mixed content downloads blocked in Chrome 86 on the desktop. Mobile versions of Chrome will have these policy delayed by one version.

Oracle Cloud Infrastructure Data Science Service

Oracle launched Oracle Cloud Infrastructure Data Science Service, a native OCI service that lets let data scientists collaborate on the development, deployment and maintenance of machine learning models. It includes a collaborative space for data exploration, a Python based “accelerated data science toolkit” with automation and explainability features, a model catalog through which a data scientist can make models available to other users, and a loose coupling of model deployment to service contet (meaning you can change the model without breaking your app). GCP is a prominent cloud for data scientists, and AWS announced expansion of its SageMaker services for better collaboration, can this niche play help Oracle grow their cloud ambitions?

Cortex M Gets ML Boost

ARM announced two new processors, the Cortex-M55 for embedded devices and the Ethos-U55 micro neural processing unit. The M55 is the first to use ARM’s new Helium architecture, and promises faster vector calculation and the ability to run Machine Learning models 15x faster than previous Cortex M cpus. The Ethos U55 is a co-processor to Cortex-M, with ARM claiming the combination speeding up ML workloads 480x. ARM sees the combination bringing new ML capabilities to embedded edge devices without having to use a cloud backend.

Nutanix Updates Karbon

Nutanix rolled out a number of updates to its Kubernetes Management platform Karbon. Users can now perform one-click upgrades without having to redploy a cluster, admins can now use Active Directory to give read-only access to users, and Nutanix now provides a bundle of containers that have all the code needed to deploy and manage Kubernetes clusters in air-gaped deployments.

And Then There Were Three

A U.S. District judge has ruled in favor of Sprint’s $26 billion deal to merge with T-Mobile, which now only needs the California Public Utilities Commission’s approval to go forward. Attorneys general from a dozen states sought to block the deal, arguing that combining the No. 3 and No. 4 U.S. carriers would stifle competition and create higher prices for consumers. The companies said the merger would help them compete against AT&T and Verizon, and build a nationwide 5G network more quickly.

Apple Throws FIDO a Bone

Apple has joined the Fast Identity Online (FIDO) Alliance, which seeks to develop and promote stronger authentication standards than passwords. Other members include Amazon, Facebook, Microsoft, and Samsung, with support The Alliance’s Universal 2nd Factor open standard. Chrome, Firefox, Edge, and Opera browsers natively support U2F, and in iOS 13.3, Safari also supports FIDO2-compliant physical security keys like YubiKey.

The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on YouTube every Wednesday at 12:30pm ET. Be sure to subscribe to Gestalt IT on YouTube for the show each week.

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

View all posts

Leave a Comment