Structure News: Why Microsoft just sent the federal government a huge message

Your weekly tech news roundup, with a little bit of Structure. Where We Don't Get The Point Of Dressage Either August 12th, 2016 / by Tom Krazit This week, we'll talk about Microsoft's greatest argument for why the tech industry hates software back doors, an exciting new speaker for Structure Security, and how unbelievable it was that there wasn't a riot at Hartsfield-Jackson International Airport this week. BIG PICTURE Even the smartest, most detail-oriented people are capable of making mistakes. That's why one of the best ways to prevent people from making software-development mistakes is to prevent them from creating a particular piece of software in the first place. Microsoft was one of the many tech companies that supported Apple's fight against the FBI's desire for a back door into the iPhone, but it delivered its best argument in support of that fight this week in embarrassing fashion. Two security researchers (the website they set up to release this information is hilarious, by the way) discovered that Microsoft inadvertently shipped code that allows devices protected by Secure Boot to be unlocked, which could allow attackers to install rookits and other malware that Secure Boot was supposed to protect against in the first place. ZDNet, Ars Technica, and The Register all have good writeups of the technical details, and while Microsoft is releasing patches to fix the issue, it seems like it might not be able to fix the hole completely. Microsoft wrote the code because it wanted to have a way to internally test and debug Windows devices that prevented the user fromturning off Secure Boot. However, that code was probably supposed to stay inside Microsoft, and instead it was apparently included on retail Windows devices, where it lay dormant but discoverable. This was the core of Apple's argument: if we build it, someday they'll probably get it. An awful lot of federal law enforcement officials seem to think that code that enables backdoors could be somehow magically protected and only used by responsible authorities, but engineers -- who understand the pressures and complexity of modern software development, and who understand the nature of the attacks their organizations face on a daily basis -- know better. Fortunately for Microsoft, the fallout from this mistake will be limited due to the relatively small number of devices out there in the wild affected by this problem. But hopefully it's a wake-up call to government officials who have yet to realize that law enforcement back doors arent just troubling, they could actually put everyone at risk for significant cybercrimes. STRUCTURE NEWS RSA'S NILOOFAR HOWE ADDED TO STRUCTURE SECURITY LINEUP The lineup for Structure Security 2016 is almost set, but sometimes when you get an opportunity to add a great speaker, you've got to do it. We're pleased to announce that Niloofar Howe (pictured), chief strategy officer at RSA, will be joining us at Structure Security. RSA's clients include some of the biggest businesses around the world, under constant attack by security threats, and her insights into how those clients are preparing for the future should be fascinating. As a reminder, Structure Security will take place September 27th and 28th at the Golden Gate Club in San Francisco's Presidio district. Niloofar joins several other impressive and compelling speakers, such as Jay Leek of Blackstone, Geoff Belknap of Slack, and Arlette Hart of the FBI. You can find more information on the conference here. The price goes up on Saturday, so save your company a little money and get in on the action now. INDUSTRY NEWS DELTA AIR LINES CEO TAKES RESPONSIBILITY FOR OUTAGE It was a pretty horrible week for the employees of Delta Air Lines, who were forced to cancel over 2,000 flights across three days -- and face irate travelers in airports across the country -- because of a meltdown in one of their data centers. The Wall Street Journal has the details, and while Delta CEO Ed Bastian did not single out any of its current tech providers for blame, you can be sure that every enterprise tech sales rep in the country is going to pitch Delta over the next few months. NERVANA CEO ON INTEL ACQUISITION, FUTURE TECHNOLOGY OUTLOOK It was a pretty great week for the team behind deep learning startup Nervana, which was acquired by Intel for a little more than $400 million (reports differed on the exact price). The Next Platform sat down with Nervana CEO Naveen Rao to talk about its future inside the chip maker, which will likely involve attempts to get serious about making chips for deep learning applications, where rival Nvidia has enjoyed success. AFTER APPLE OFFERS $200,000 FOR IPHONE HACKS, A PRIVATE FIRM OFFERS $500,000 Last week we talked about Apple's bug bounty program announced at Black Hat, and it didn't take long for somebody else to up the ante. The Verge reports on Exodus Intelligences price war in the bug bounty war, a topic we'll be sure to raise with Marten Mickos of HackerOne and Casey Ellis of Bugcrowd at Structure Security. OPEN SOURCE WON. SO, NOW WHAT? The adoption of open source software by enterprise technology providers and adopters is one of the most pervasive trends in enterprise computing that we've chronicled over the years at Structure. So, as Wired rightly asks, now what? Making sure that a stable core of open-source technology remains reliable and trustworthy is harder than it looks, especially now that there are so many stakeholders. HACKERS MAKE THE FIRST EVER RANSOMWARE FOR SMART THERMOSTATS August, 2018: Give us 0.43 bitcoin if you want the air conditioning turned back on! The internet of things is going to present so many security challenges (that Intel's Scott Montgomery will outline at Structure Security), and Motherboard reports that now that researchers have demonstrated a proof-of-concept ransomware against an unnamed connected thermostat, it's starting to get a little scary. DATA BREACH AT ORACLE'S MICROS POINT-OF-SALE DIVISION Brian Krebs reports that a known Russian cybercrime group appears to have hacked a customer support portal run by Oracle to support customers of its MICROS point-of-sale software, which runs on over 300,000 cash registers. The extent of the breach is unclear, but given the sophistication of the Carbanak Gang, Krebs and other experts believe that the breach might be used to compromise those point-of-sale terminals, which could be quite costly. QUOTE OF THE WEEK It takes a lot of inertia for there to be major changes in the (airline) industry. That means these computer systems will have to be dragged kicking and screaming into the 21st century." Vinay Bhaskara, Airways News, as told to Business Insider Click here to unsubscribe from this list. Our mailing address is: 405 El Camino Real, #215 Menlo Park, CA 94025 Copyright (C) 2016 StructureSeries All rights reserved.