An employee overlooked the update that could have prevented the Last Pass breach.  Twitter has yet another outage. And Nokia issues a new cell phone that can be – are you sitting down? – repaired easily.



 

Welcome to Hashtag Trending for Tuesday, March 7th.

I’m your host Jim Love, CIO of IT World Canada and TechNewsDay in the US – here’s today’s top tech news stories.

LastPass might have to change its name to Last to patch…. 

LastPass revealed new details of the massive data breach it suffered last year, detailing how a malicious party installed a keylogger onto a senior engineer’s computer through a vulnerability in streaming media service Plex. The company did, all in all, a reasonable dump of information with a mea culpa apology and a promise to do better. 

But now, according to a piece in the Android Police, Plex is saying that the vulnerability through which the exploit happened, was disclosed almost three years ago in May of 2020. Plex released a patch on the very same day. But LastPass’ employees never applied the patch.

According to that report, the vulnerability allowed those with access to a server administrator’s Plex account to upload a malicious file through the Camera Upload feature and, by overlapping the locations of the server data directory with a library that allowed Camera Uploads, it could have the media server execute malicious code.

“For reference, the version that addressed this exploit was roughly 75 versions ago,” a LastPass spokesperson said.

It’s easy in hindsight to criticize a company’s response to a cyberattack, but this just keeps getting worse – especially since LastPass was created to keep company secrets safe. If this is all true – that a LastPass employee was allowed to access privileged work surfaces through their personal computer, and that an employee didn’t do a three-year old update – this could be the last gasp for Last Pass’ reputation.

Source: Android Police

Both the EU and the US are looking at new legislation that would force companies to ensure the “right to repair” for cell phones, but it seems like some manufacturers are getting out ahead of potential legislation.

At Mobile World Congress 2023, Nokia launched smartphones that come with components you can dismantle along with a repair manual from IFixit.

This announcement comes as the right to repair movement gains momentum in the U.S. and EU. According to a report by the European Parliament, about 77 per cent of EU citizens would rather fix a device than buy a new one.  

Adam Ferguson, head of product marketing at HMD Global said “People value long-lasting, quality devices, and they shouldn’t have to compromise on price to get it. The new Nokia G22 is purposefully built with a repairable design, so you can keep it even longer.”

With these changes, HMD hopes to follow the steps of other phone manufacturers who have keyed into this “right to repair” movement.

Some of the other phone manufacturers are Fairphone which released its latest device with repairability and sustainability at the core and even Apple has launched its self-service repair programs in Europe, providing consumers with over 200 tools, parts and even repair manuals.

Source: TechRepublic

Twitter suffered its outage yesterday, with thousands of users reporting problems with accessing links from the social media platform and other websites. 

Downdetector reported more than 8,000 incidents of people reporting issues.

Later yesterday, Twitter’s support account tweeted that the issue was resolved and things should be working as normal.

Director of internet observatory NetBlocks, Alp Toker told Reuters that the error messages point to problems with the platform’s microservices which are having  knock-on effects on other aspects of the service.   

Toker said “This suggests Twitter has not been effectively testing its updates before pushing them to the public”

Musk tweeted that a small change with Twitter’s data-access tool had caused the problem. He said, “The code stack is extremely brittle for no good reason. Will ultimately need a complete rewrite.”

No good reason?  Hmmm. Are you sure that nothing has changed at Twitter over the past few months that could possibly account for these outages?  

Source: Reuters

Microsoft continues to integrate AI across all its platforms and tools.

In its latest move, the Redmond giant bundled the technology behind ChatGPT with its Power Platform, to allow users to develop applications with little or no coding.  Power Virtual Agent and AI Builder, were updated with the new capabilities.

Power Virtual Agent, a tool for businesses to build chatbots, can now connect to internal company resources to generate summaries of weekly reports and customer queries. And, AI builder, which allows businesses to automate workflows, got new generative AI capabilities and a new version of its business management platform Dynamics 365.

The company so far has announced AI updates for its popular Windows operating system and search engine Bing but not yet for its Office productivity suite, which includes Word and Excel – although we can certainly expect more updates to those programs in the very near future. 

Source: Reuters

Are we shaping up into a generative AI bubble or are we on the verge of an explosion of new development?

An iconic Silicon Valley investor, Reid Hoffman of Greylock Partners, announced he had to leave OpenAI’s non-profit board to avoid conflicts of interest with upcoming investments.

He said, “There are future trillion-dollar companies being built and invested in right now, which will not only change markets, but launch new ones.”

As the generative AI frenzy continues, there is a growing arms race to shape and profit from that future, according to an article in Axios.

While Microsoft’s fusion with OpenAI gave an incredible boost to both ChatGPT and it would seem to Microsoft,  it also inspired and encouraged competitors who are betting that they can find a way to compete with the tech giant in this new AI gold rush.

Silicon Valley venture capitalists have pivoted from “OpenAI is the next transformational tech company” to “We’ve found a way to beat it.”

So, while core AI technology is at least initially in the hands of the cloud giants like Google and Microsoft, the other tech giants from Meta to Salesforce have also rushed to release their offerings – now, we can expect to see startups that will harness this technology and apply it to new markets, niches, specific industries and consumer businesses.

Whether they are the next Google or just take enough market share to be acquired by the giants – the gold rush is on.

Source: Axios

Can AI know what you are thinking? 

In more AI news, researchers found they could reconstruct high-resolution and highly accurate images from brain activity by inputting fMRI scans on an AI image generator.

The researchers claim they have decoded text representations from fMRI signals within the higher visual cortex, which were then used as input for a final constructed image.

A few studies have produced high-resolution reconstructions of images but, researchers note, it was only after training and fine-tuning the generative models.

Training these complex models is difficult and there are not many prior examples in neuroscience to guide them, although it’s not the first or only work in this field.

Researchers have previously been testing the ways that AI models work with the human brain. In a January 2022 study, researchers from the Netherlands trained a generative AI network on fMRI data from 1,050 unique faces and converted the brain imaging results into actual images. The study found that the AI was able to perform unparalleled stimulus reconstruction.

Nevertheless, these new researchers have managed to get what they termed another peek into the process, adding some new learning to this important research. For example, the researchers showed in a diagram how using higher stimuli, not only created higher noise levels in the brain but also could lead to higher image resolution.  We’re calling it the “Spinal Tap effect.”

Source: Vice

Those are the top tech news stories for today

Links to these stories can be found in the article posted on itworldcanada.com/podcasts. You can also find more great stories and more in-depth coverage in itworldcanada.com or in the US on technewsday.com

Hashtag Trending goes to air five days a week with a daily newscast and we have a special weekend edition with an interview featuring an expert in some aspect of technology that is making the news.

We’re always happy to hear from you, you can find me on LinkedIn, Mastodon, Twitter or just leave a comment under the article for this podcast at ITWorldCanada.com/podcasts.

I’m your host Jim Love – Have a Terrific Tuesday!

The post Hashtag Trending Mar.7th-Employee overlooked update that could have prevented LastPass data breach; another Twitter outage and Nokia announces repairable phones first appeared on IT World Canada.

Leave a Reply