The Lighthouse IT Podcast - December 2nd, 2022
This week, Matt & Griff discuss Twitter 2.0, a host of new Google search/maps features, a disguised possible Russian software the U.S. is using, SuperGPS, a new rise in Qakbot, Alexa on life-support, and much more!
'Extremely Hardcore' Twitter (Twitter 2.0)
Musk issues ultimatum to staff
- Commit to a new "hardcore" Twitter or leave the company with severance pay.
- After already slashing the original staff of 7,500 in half, a further 1,000 left after this ultimatum.
Musk met with engineers for 'code review' at 1:30 am
- He emailed to ask for help from those who "actually writes software."
- Employees were asked to first send Musk a "bullet point summary" of their code for the past six months, along with "up to 10 screenshots of the most salient lines of code."
At about 2,700 employees, Twitter says it's done with layoffs and is now hiring
- Musk said that they are done with layoffs and are actively recruiting for roles in engineering and sales, and that employees are encouraged to make referrals.
Getting closer to the 'everything' app
- Twitter is making DMs encrypted and adding video and voice chat to DMs.
- The creator of Signal is working to help with DM encryption so that users can "communicate without being concerned about their privacy, about a data breach at Twitter or about someone at Twitter spying on their DMs."
The great un-ban started this week
- For those who "have not broken the law or engaged in egregious spam," the ban on their accounts will be lifted.
Check marks are back Dec 2nd
- Gold check for companies, grey check for government, blue for individuals. (celebrity or not)
- and all verified accounts will be manually authenticated beforehand.
Musk claims Apple has threatened to remove the Twitter app
- Musk claims that Apple has threatened to remove the Twitter app from the App Store as part of its app review moderation process.
- Apple has apparently also pulled most of its advertising from Twitter.
- Apple's App Store is the only way to distribute software to iPhones. If the Twitter app were pulled, the social network would lose one of its main distribution platforms, although the service is available for the web.
- Apple requires apps with user-generated content such as Twitter to have strong content moderation systems in place.
- Apple requires apps to pay fees between 30% and 15% for digital purchases. When Epic Games put in a system to get around Apple's cut, Apple removed it. If Twitter were to pull a similar move, it might force Apple's hand. Musk has said one of his plans for Twitter is to raise billions of dollars from subscriptions, such as Twitter Blue, which is offered through the iPhone app.
Google launched new search, shopping, and maps features
Find food through Multisearch and Search for specific dishes
- With Google Lens, you can take a photo of that dish and add then type "near me" in Google Multisearch to have Google show you restaurants where you can order that dish off their menu.
- You can also type in your search to find those specific dishes. Google will show you nearby restaurants to find this dish.
Google Lens translate got an upgrade
- This update lets searchers translate text on more complex backgrounds.
- and instead of covering up the original text, Google will erase the original text and recreate the pixels underneath with an AI-generated background.
Google Shopping with AR shoes and new shopping models for AR beauty
- Google is also released shopping features to help you see shoes in AR over your own shoes. It allows you to spin, zoom and see shoes in your space.
- Also, Google has added new augmented reality search features for you to try product on models with various features, skin tones, and more.
Google Maps live view search with EV charging filters and wheelchair accessibility
- Now you can search and explore neighborhoods with augmented reality using the Google App on your phones. You can now take the Google Maps app on your phone, click on the camera icon, and look through the screen to see overlays of what is right near you in real time.
Alexa is on life-support
- First launched in November of 2014, Amazon's voice-assistant hasn't lived up to Amazon's expectations.
- The company's goal was never to sell more hardware, but to get people to buy more through Amazon's store.
- "We want to make money when people use our device, not when they buy our devices."
- During Q1 2022, Amazon's "Worldwide Digital" division, which includes Echo smart speakers, Alexa voice technology and Prime Video, had an operating loss of over $3 billion.
- While their business model has tolerated this kind of poor financial performance from its hardware business, that's no longer true.
- This division is now the prime target of the biggest layoffs in the company's history, that could be as many as 10,000.
Pushwoosh pushed out of CDC when discovered they are Russian
- American Company Pushwoosh makes software that provides user analytics and data tracking to software developers to integrate into their apps.
- It turns out, that company isn't American... it's Russian and that has concerns, for sure, for one of the company's customers: the US Government.
- No misdeeds have been discovered, but pressure of Russian government recently forcing businesses to fess up to US data, obviously has concerns.
SuperGPS does a lot with 10cm
- SuperGPS works by using a network similar to cellular instead of navigation satellites.
- This process is unaffected by buildings. (since it is a larger cellular deployment)
- It's accurate to within 4 inches.
- Best use case? Densely populated areas where GPS is a struggle, but also for autonomous vehicles or robots where inches matter.
Congratulations, you're awesome
- You may represent 20% of the population, but have 80% of my heart - Nearly 1 in 5 Americans listen to podcasts now.
- This comes as platforms are trying to push video - but video hasn't really caught up, with rare exception.
Qakbot is rising
- Lighthouse security partner Huntress is noticing a significant (over 400%) rise in Qakbot detections.
- Qakbot is a trojan information stealing software, that got its start in banking. (don't we all)
- It is tricky because it often uses an ISO to mount and execute code and is very good at avoidance.
- It's under active development, so AV tools struggle to detect.
- So how do we avoid?
- Use message filtering and security awareness training: The initial infection nearly always comes via email.
- Disable ISO Mounts: Mitigate the risk by disabling the ability for Windows to mount ISO files. This is usually where the obfuscated code resides for initial infection.
- Isolate Detections immediately: Because it is changing and updating so rapidly by its developers, it is difficult to detect by AV tools. It is better to isolate than to rush.
- Maintain proper [cyber] hygiene: Patching and updating is always recommended and maintain a frequent and anticipated cadence.
- Disable admin shares on workstations: Prevent spread via SMB and disable administrative shares. (though this may hinder third party tools)