Tonight on GeekNights, we make some technology predictions for one, five, and ten years into the future. We did this once back in 2010. In the news, Ticketmaster and Santander have massive data breaches, Google accidentally published its secret search sauce, Twitter adds pornography, and Rubin is the next generation AI chip.
Regarding the Ticketmaster / Santander / Snowflake whatever situation, and without discussing anything that is not publicly shared, I will say that the way this was initially reported was hot garbage.
Excerpt from a public statement from the Snowflake CISO:
Our key preliminary findings identified to date:
- we have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;
- we have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;
- this appears to be a targeted campaign directed at users with single-factor authentication;
- as part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware; and
- we did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.
You can believe what Snowflake says if you want. It’s undeniable that lots of data that was stored in Snowflake, from a variety of Snowflake customers, has been leaked.
Even if the CEO isn’t lying. The attack was directed at users with single-factor authentication, they say? At the very least why isn’t two-factor required? That’s been standard practice for years.
All the parties involved are trying to blame each other. The truth is that they are all fuckups.
I am curious if anyone else is being hounded by execs that want something AI related to be worked on. They don’t seem to even care if it’s useful or relevant.
I remember a similiar episode being done like this but on college football.
No, because I don’t work at that kind of place. But similar things have happened before. Corporate decision makers who know nothing about technology hear a new buzzword and want to be able to say their company is doing that.
One time I was working somewhere and the CEO got excited about chatbots and Alexa and things like that, well before any machine learning hype. Never met the guy or saw his face, but he told one person who told my boss who had my co-worker make one. Co-worker did successfully make it, and it worked, but pretty sure nobody ever used it. Just a complete waste of time and resources.
Sadly that’s where I’m at. I’ve moved to an adjacent industry to the one I was in for 10 years, and I’m re-building the same tools I already successfully built twice before, but now they want a little AI badge on it.