Slacking Security, TikTok Taking Over, More ApplyPay, & Amazon Vacuum

August 13, 2022 by
Slacking Security, TikTok Taking Over, More ApplyPay, & Amazon Vacuum
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT Podcast - August 12th, 2022

This week, Matt & Griff discuss Avalara buyout, Amazon vacuums, more Twitter & Musk news, a whole bunch of TikTok news, Slack security slacking, ApplePay developments and more.

Listen here!


Vista equity partners buys Avalara

  • The check from Kaseya must have cleared, because Vista Equity Partners, the former owner of Datto/Autotask which recently sold to Kaseya for $6.2bn just purchased tax compliance automation software giant Avalara for $8.4bn smackaroos.


Amazon got into healthcare last month, this month, it's vacuums?

  • Amazon is buying Roomba vacuum maker iRobot for $1.7 billion
  • Amazon said it will acquire iRobot for $61 per share in an all-cash transaction that will include iRobot's net debt.
    • The company has total current debt of approximately $332.1 million as of July 2.
  • The deal is subject to approval by shareholders and regulators.
  • A slew of home-cleaning robots adds to the company's tech arsenal, making it more involved in consumer's lives beyond static things like voice control.
  • Is Amazon looking to map your home?


Apple Pay may finally work on Chrome, Edge, and Firefox in iOS 16

  • Currently, Apple Pay only works in Safari on iOS 15 and older.
  • MacRumors contributor Steve Moser found that Apple Pay works with Edge and Chrome in the iOS 16 beta 4, and shared his findings on Twitter.
  • Moser's screenshots show a "Continue with Apple Pay" option on Apple's checkout page when using Edge.
  • Apple Pay still isn't available in the latest macOS beta, however.


TikTok has Spotify in its sights

  • ByteDance, has filed a trademark application for "TikTok Music,"
  • If approved, the trademarked phrase would apply to a mobile and tablet app where users can "purchase, play, share, download music, songs, albums, lyrics" and "create, recommend, share his/her playlists," according to the application.
  • TikTok is already a hub for discovering and rediscovering music seeing as both Spotify and Apple Music's top curated playlists are now dominated by songs that first went viral on TikTok.


TikTok pilots HTML5 mini-games

  • They are testing "mini-games" that can be played inside the social video app and discovered through creators' videos.
  • This could position TikTok as a home for casual mobile gaming that routes around Apple and Google's app stores.


Former ByteDance employees confirm pro-China influence

  • Former ByteDance (developer of TikTok) Employees have confirmed that ByteDance pushed employees to make sure that Pro-China content was always highlighted within the app TopBuzz. In fact, they even had to send their managers screenshots that it was being done.


Another Twitter v. Musk story

  • Twitter issued a number of subpoenas to associates of Elon Musk to gather more information ahead of the lawsuit.
  • One subpoena requests info on "checklists, timelines, presentations, decks, organizational calls, meetings, notes, recordings" related to Mr. Musk's deal to purchase Twitter and also asked to provide any information regarding the discussion of bots and spam.


  • Musk wants public debate with Twitter CEO instead of that upcoming court trial
  • "I hereby challenge @paraga to a public debate about the Twitter bot percentage," Musk wrote in a tweet on Saturday. "Let him prove to the public that Twitter has <5% fake or spam daily users!"
  • The debate is unlikely to happen.


Slack lacks security; leaks password hashes

  • In a nutshell, when a user would create or invite someone to their workspace, an overshare of data was transmitted... including the password hash of the sender. FOR THE PAST 5 YEARS -- whoopsy.
  • what????
  • In a nutshell, the hashed password was transmitted, but not visible to users themselves, so it would be unlikely that anyone realized that this "extra" data was, in fact, the sender's password, and that all data was still encrypted over TLS. (Think of it like HTTP headers)
  • Still any firewall or logging device may store this information in plain text, meaning the extra data is out there somewhere.
  • The chances of determining the actual password is slim, as hashed passwords don't work backwards, only forwards, and Slack claims that the password was also Salted.


Gwisinlocker ransomware encrypts Windows & Linux ESXi servers

  • Though it specifically targets healthcare, industrial, and pharmaceutical companies in South Korea - it seems to be quite the bit of kit.
  • The ransomware will encrypt the data, but ensure that the host servers remain bootable. It also interacts with ESXi to shutdown the network and restrict access.
  • The ransoms are highly customized to each target. Including specific data exfiltrated and key information about the organization in each ransom note.
  • Also interesting is that payment directions are made by logging into a portal online via an onion address.