How much would one day of internet outage cost for the entire world? Brave new AI chatbot emphasizes privacy. Microsoft makes it harder to turn off Copilot, a recent hack is blamed on an employee’s personal Google account and SolarWinds security chief is the latest to face potential legal jeopardy.
These and more top tech stories on Hashtag Trending
I’m your host Jim Love, CIO of IT World Canada and Tech News Day in the US.
Last week we did a story on Cloudflare’s service issues and the company reached out to me. Here’s what they passed on:
“We operate in multiple redundant data centers in Oregon that power Cloudflare’s control plane (dashboard, logging, etc). There was a regional power issue that impacted multiple facilities in the region. The facilities failed to generate power overnight on November 1. Then, on the morning of November 2, there were multiple generator failures that took the facilities entirely offline. We have failed over to our disaster recovery facility and most of our services are restored. This data center outage impacted Cloudflare’s dashboards and APIs, but it did not impact traffic flowing through our global network. We are working with our data center vendors to investigate the root cause of the regional power outage and generator failures. We expect to publish multiple blogs based on what we learn and can share those with you when they’re live.”
I offered them an interview to discuss this on our weekend edition. I’ll let you know if that happens.
And speaking of outages, here’s something that hit my mailbox. If we ever question how dependent we are on reliable and open internet, here’s something that might make you think.
Atlas VPN estimates that a day without the internet would cost 43 billion dollars. Most of that economic activity would come from the U.S. and China which they estimate 21 billion. The U.S. would be 11 billion, China would be the other 10 billion. The next biggest loser would be the United Kingdom at 3 billion dollars, Japan at 2.7 billion and Germany at 1.5 billion.
There’s a link to the full report in the show notes at itworldcanada.com/podcasts
Brave, known for its privacy-centric browser, has introduced “Leo,” an AI assistant that claims unparalleled privacy.
Leo is now available for all Brave desktop users with version 1.60 and will soon be available for Android and iOS.
The AI assistant can translate, answer questions, summarize web pages, and generate content. Unlike other AI chatbots, Leo doesn’t record conversations or use them for AI training, and no login is needed. The standard Leo uses Meta’s Llama 2 language model and is free.
There’s a premium version for $15/month that uses Anthropic’s AI assistant, Claude Instant. Brave’s CTO, Brian Bondy, emphasized the importance of a privacy-first AI solution and mentioned that more AI models would be added to Leo in the future.
Sources include: The Verge
Windows 11 AI assistant called Copilot, is now available via a Chatbot-style sidebar. While it’s designed to assist with daily tasks, some users have reservations about its presence. But Microsoft has made it harder to shut it down.
Previously, users could disable Copilot by modifying a registry entry. However, recent updates have removed this entry. Now, users need third-party tools like “DoNotSpy11” to disable Copilot. This tool not only removes Copilot but also deactivates some of Windows 11’s telemetry and ad-tracking features. After installing DoNotSpy11, users can search for ‘copilot’ within the application, check the box next to ‘Privacy: Disable Copilot’, apply the changes, and reboot.
Microsoft’s decision to make Copilot challenging to disable for Home users may raise some concerns, especially given some recent criticisms about Windows 11’s telemetry and data collection practices.
Sources include: PC Gamer
Okta, the identity and access management provider, has attributed a recent breach of its support system to an employee’s decision to log into a personal Google account on a company laptop.
This exposed vital credentials, resulting in data theft from several Okta clients, including cybersecurity firms BeyondTrust and Cloudflare. David Bradbury, Okta’s security chief, revealed that from September 28 to October 17, 2023, an unauthorized actor accessed files linked to 134 Okta customers, which is just less than 1 per cent of their clientele. Some of these files contained session tokens that could facilitate session hijacking attacks.
Bradbury explained that the attacker utilized a service account stored within the system, which had permissions to view and modify customer support cases. This was possible because an employee had saved the service account’s username and password into their personal Google profile on an Okta-managed laptop.
Okta has been a frequent target for hackers aiming to exploit its infrastructure to breach third-party entities. In a separate incident in September, Okta reported that a sophisticated hacking group targeted IT service desk personnel to reset multi-factor authentication for high-privilege users within targeted organizations.
Sources include: Security Week
The Securities and Exchange Commission (SEC) recently charged software firm SolarWinds and its chief security officer, Timothy Brown, accusing them of misleading investors about their cyber defenses prior to a significant 2020 Russian cyberattack.
This move by the SEC is unusual, especially considering the time elapsed since the cyberattack. But the charges follow a verdict against former Uber security executive Joe Sullivan, who was found guilty of obstructing an FTC investigation and hiding a 2016 data breach.
Based on these examples, some feel that regulators may be more inclined to hold Chief Information Security Officers (CISOs) accountable for cybersecurity issues faced by their organizations.
With new SEC rules on the horizon, requiring public companies to disclose major cyber incidents within four days, there’s growing concern among executives who fear that early statements made during an incident response could lead to legal troubles down the line.
Dave Stapleton, CISO at ProcessUnity, expressed concerns about the retrospective blame game, stating, “you can’t know what you don’t know, but in hindsight, people are going to blame you for not knowing something.”
However, some experts believe that the cases against SolarWinds and Sullivan are unique and not indicative of a broader trend.
Jake Williams of IANS Research pointed out that both cases had specific circumstances that most executives wouldn’t encounter. For instance, SolarWinds was accused of claiming adherence to the NIST Cybersecurity Framework, but internal audits suggested otherwise.
Yet some industry insiders feel that increased liability risks might deter potential security leaders from top roles. Michael Sikorski of Palo Alto Networks highlighted the personal risks now associated with these positions, asking, “Who would want to do that if they know they’re personally liable and one day they could be fired?”
SolarWinds and Timothy Brown’s attorney have contested the SEC’s allegations, with SolarWinds’ representative criticizing the SEC’s understanding of technical documents.
Sources include: Axios
And that’s the top tech news for today.
Hashtag Trending goes to air 5 days a week with a special weekend interview show we call “the Weekend Edition.”
You can get us anywhere you get audio podcasts and there is a copy of the show notes at itworldcanada.com/podcasts
I’m your host, Jim Love – have a Marvelous Monday!