Preview Mode Links will not work in preview mode

Thanks for joining us! Let me know if there are any topics you'd like us to cover by sending an email to me at craigpeterson . com!

  1. All Episodes
  2. Class-Action Suit Against Facebook, Vulnerable Business Applications and more on Tech Talk With Craig Peterson today on Maine's WGAN Saturday Show [10-26-19]

Class-Action Suit Against Facebook, Vulnerable Business Applications and more on Tech Talk With Craig Peterson today on Maine's WGAN Saturday Show [10-26-19]

Oct 25, 2019

Welcome Back!

We are closing up today's show discussing the Class Action lawsuit against Facebook and why Business Applications are leaking information.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Related Articles:

Plaintiffs in Facebook Class Action Awarded Standing 

Are your Apps Leaking? Unpatched Vulnerabilities Lead to Leaking Apps 
---

Automated Machine-Generated Transcript:

Craig Peterson
Hey guys, Craig Peterson back again. Welcome. Welcome to everybody. If you haven't heard me before, I am on the radio every Saturday from one till 3 pm here on WGAN. And we talk a lot about technology and my business is entirely based on technology, on networks and security and securing regulated businesses including financial businesses, medical businesses, and DFARs security for military contractor businesses as well. So that's what I do. Why do I talk a lot about security? Because I have been in the boat before where I didn't know what was happening. I got hacked, different type of technique. Basically I got hacked two decades ago. And I almost lost the business that I had been building because of this hack. I was all of a sudden the de facto security person in the business as the owner of the business, right, and as the owner, you have to wear a lot of hats. And then I started helping other business owners with it, and then started helping their people, the office managers, that's a very common title of the people that I work with, who are the de facto it and security people. So I, you know, I've been working with them over the years and I have found that almost to a person, they need some help because it's, it's so complicated. And so many people out there are lying to them, just like we talked about a couple of segments ago with VPN, how these VPN companies are building. Line line line online, which is really, really bad if you ask me. So I try and help straighten them out and straighten it out here on the show. We have a lot of home users, a lot of home listeners, a lot of retirees here who are listeners on the radio. And you guys are some of the biggest targets, believe it or not, because the huge, multi-billion dollar corporations, they can afford security. If you have less than 1000 employees, you can't. And the basic reason you can't is that you can't afford the security people that you need. You might be able to afford some of the equipment that you need. You probably can, but you can't afford to have the people that you need to design that to set it up and to run it. It's a full-time job for a staff of people. And so that's where we come in for those types of companies that really need really want the security but can't afford it, and can't do it themselves and really need help. So that's, that's my business side of things. And you know if you have any questions at all if we can help because this is complicated, let me know. Just email me at Craig Peterson dot com that'll come to me. And I answer pretty much every question that comes our way. Sometimes I answer them here on the radio, if particularly if it's a common question a lot of people have. Sometimes I will just go ahead and email you back. I also have a text number so that you can send questions to me, and my texting number is just 855-385-5553 you can text me anytime. If it's the middle of the night. I'm not going to answer for him in the meeting right. Not answer right away anyways. 855-385-5553 to be things right now. And we'll get to them because this is our last segment of the day. So I have to get to them right now. But I want to get to these. One again is from Ars Technica. Another one is from dark reading. So we got a couple of articles from each of these sites this week. This one is about Facebook. And this has been kind of everywhere online. If you go ahead and do some searches, you'll see this, but Facebook has facial recognition software. And if you go into your security controls on Facebook, you'll see right there that Facebook has a little checkbox that lets you turn off facial recognition. And the idea is with Facebook, hey, listen, we want to let you know when you're in a photo from a friend or a relative. Right And personally, I'd like to know if I'm in a photo from a friend or a relative, right. I think that'd be a great thing. Facebook will let you know.

But that this facial recognition technology is far from perfect. And it's been used by the Chinese socialist government to track people and penalize them if they don't do what the government tells them to do. And it's being used in London the most surveilled city in the world. It's being used there to track people. And it's being used, as I mentioned by Facebook. So another landmark lawsuit underway here of federal court declined to hear another appeal to stop a $35 billion class-action lawsuit against Facebook. That's real money. Well, it's real money to you and me, you know, not so much for Facebook, right. But in San Francisco last week, the US Circuit Court of Appeals for the Ninth Circuit, which means it's almost always Going to be overturned. It is the most overturned district Circuit Court in the country. But I think this particular ruling might stand. But the US court of appeals to the Ninth Circuit denied Facebook's protection petition for an unborn Karen in the case. So usually appeals cases are heard by three judges that are picked within the district court. And so they were looking to try and get a larger group of judges, maybe all of them to hear. So in the Ninth Circuit, there's 11 of the 29 judges, judges that would sit for the unbanked punk cases, and the court said none on the three-judge panel was enough. So this class acts as a class action suit that can now move forward includes these three different Illinois residents who filed suit against Facebook back in 2015. That's how long these things take. Okay? The suits that were rolled together into one class action complaint argue that Facebook's collection of users faces for tagging proposes violates the Illinois biometric Information Privacy Act. And that's a law that requires businesses to gather consent from residents of Illinois before the biometric data is used or even collected. Ok. So the Facebook find in Illinois be five grand for each nine violation. There are about 7 million Facebook users in Illinois, hence the $35 billion that they're going for. A very, very big one. Massachusetts brands branch of the ACLU. This week also released results of a test it ran on Amazon's recognition software, in which it mistakenly match many New England professional athletes to mug shots from a database. So fascinating, isn't it? absolutely fascinating. These facial recognition systems not only don't do well with Caucasian faces, but they are horrible. with Chinese, many of the Asian faces, they can't tell them apart. The very bad with African faces. And it's there. There's just a lawsuit potential all over the place for people that are arrested or detained or charged, based on facial recognition, particularly if they are air quotes here, minorities, right? so fascinating stuff there, Facebook's in more trouble. Now, this is from a company called Veracode. You might have heard of them. I've talked about them before on the code. They've got this annual State of software security report. And what they found I thought was very, very interesting. There's something in the software business called regression testing. Now, if you've known me for a while, you know, I was involved very heavily in what's called Colonel software, I helped to develop windows in the kernel, various versions of Unix, in the kernel, various network protocols again in the colonel, and I've done it for some of the biggest names in the world. Okay, absolutely.

So we would always do regression tests. In other words, we fixed a bug. Well, before we fix a, you know, and release that, that fix for the bug, we have to test it. And then we put that test into a series of what are called regression tests. So let's say a year or two years from now, there, somebody else has made some changes and, and it might have not touched our code. It might have touched the code that I fixed, right? But it's been a few years. So what happens is, the good companies will do a regression test and they'll make sure that That bug fixed two years ago, did not reappear. Well, it turns out that businesses aren't doing regression tests. And the more at least many of them aren't. Because according to this, many enterprise organizations are to increase breach risk because of aging unaddressed application security flaws. And this isn't just applications like apps that might be on your phone. These are applications that might be web apps, they might be applications that are used to run anything from a green screen through a Mac or Windows computer. They did security tests on more than 85,000 applications and found that on average, companies fix just 56% of all software security issues they discover between the initial and final scans. Most of the flaws that are fixed tend to be newly discovered ones well older previously discovered issues are neglected and allowed to accumulate dangerously. So very codes calling this security debt. It's increasing breach risks that many organizations. And when you get right down to it, those older flaws are usually the easiest for the bad guys to breach. Because it's well known how to breach using those flawed vectors. Very interesting. So, bottom line, pull up your socks companies out there that are developing any sort of software. And don't think that just because you're using a cloud vendor for part of it, are you using various API's to go to various cloud vendors to put your overall business operations together? Don't think that makes you safe because it doesn't. And what we're finding now is more and more, that's actually a dangerous, more dangerous way to do it, than writing the code yourself. Then there's all the open-source code and the problems people have had with that. So anyhow, hopefully, you guys, you were attended my security summer this year. We went through a lot of great security stuff that was absolutely free. My master class this week on VPN, hopefully, you attended that. It was absolutely free. had a lot of great questions that we answered. I also want to remind you of coming up this week, the masterclasses about mobile devices coming up probably Thursday afternoon. Sign up now Craig Peter song.com slash masterclass. Okay, Craig Peterson calm. You'll see it on my homepage as well. Have a great week. You've been listening to me on WGAN and online as well.

Sorry I got a frog in my throat just in time.

Transcribed by https://otter.ai

 

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553