Chinese Hackers in ISPs, OpenAI's breakthrough, Security Concerns, and Tech Hiring Trends

[00:00:02] [SPEAKER_01]: It's Thursday, August 29, 2024, and I'm Dave Sobel. Four things to know today. Chinese state-backed

[00:00:09] [SPEAKER_01]: hackers escalate their attacks on US ISPs targeting government and military communications. OpenAI

[00:00:16] [SPEAKER_01]: races to launch Strawberry, an AI product aiming to enhance reasoning for complex problem-solving.

[00:00:23] [SPEAKER_01]: Anegi introduces Apple Intelligence Controls and ConnectWise may buy Accient and

[00:00:30] [SPEAKER_01]: Rethinking Consumer vs. Business Security Needs, How Messaging Changes with Market Size

[00:00:36] [SPEAKER_01]: In reporting from The Washington Post, Chinese government-backed hackers have significantly

[00:00:46] [SPEAKER_01]: intensified their attacks on US Internet service providers, gaining access to major and smaller

[00:00:52] [SPEAKER_01]: companies to spy on users, including government and military personnel. The hacks utilized

[00:00:59] [SPEAKER_01]: sophisticated techniques, including exploiting zero-day vulnerabilities and raising concerns

[00:01:04] [SPEAKER_01]: about intelligence gathering. The Chinese embassy denied state involvement, attributing the attacks

[00:01:10] [SPEAKER_01]: to a ransomware group. US cybersecurity officials continued to monitor the situation, noting the

[00:01:17] [SPEAKER_01]: ongoing threat posed by groups like Vault Typhoon. States Goop is reporting that police departments

[00:01:23] [SPEAKER_01]: are increasingly using generative AI, like Accent's Draft 1, to write incident reports,

[00:01:30] [SPEAKER_01]: which could save officers time but raises concerns about accuracy and accountability.

[00:01:35] [SPEAKER_01]: While some departments use it for minor incidents, others apply it to all types of reports.

[00:01:41] [SPEAKER_01]: The use of AI in law enforcement has sparked debate due to potential biases

[00:01:45] [SPEAKER_01]: and the risk of officers evading responsibility for their reports.

[00:01:51] [SPEAKER_01]: Hundreds of open-source large-language model servers and vector databases are leaking

[00:01:55] [SPEAKER_01]: sensitive corporate and personal data due to inadequate security measures. A recent

[00:02:01] [SPEAKER_01]: investigation revealed vulnerabilities in flow-wise servers, allowing access to critical information

[00:02:07] [SPEAKER_01]: like API keys and tokens. Additionally, around 30 vector databases were found unprotected,

[00:02:14] [SPEAKER_01]: containing sensitive data that attackers could manipulate or corrupt.

[00:02:18] [SPEAKER_01]: Organizations should restrict access, monitor activities, and apply software updates to

[00:02:24] [SPEAKER_01]: mitigate risks. Why do we care? Chinese hackers in ISPs

[00:02:30] [SPEAKER_01]: feels like headline news this audience wants to know about. They're gathering intelligence,

[00:02:36] [SPEAKER_01]: which shouldn't be shocking, although it's pretty notable. One attack vector I noted was

[00:02:41] [SPEAKER_01]: watching for passwords over the wire. I wanted to note law enforcement's use of generative AI

[00:02:47] [SPEAKER_01]: and leave that one for you to ponder. Consider large-language models as a data attack vector.

[00:02:53] [SPEAKER_01]: This is worth considering with your clients and a value you can add too for managing.

[00:03:00] [SPEAKER_01]: 3. Trinity Cyber is a revolutionary new capability that helps MSPs expand

[00:03:07] [SPEAKER_01]: security services and grow your business while improving margins. Automated threat mitigation

[00:03:12] [SPEAKER_01]: and full content inspection in line and in real time. That's right, in real time. These guys

[00:03:20] [SPEAKER_01]: seem to have finally invented the man in the middle we have been waiting for.

[00:03:24] [SPEAKER_01]: Here's what Wayne Porter, owner of MSP Allegheny Computer Services, has to say.

[00:03:31] [SPEAKER_00]: The thing that really makes Trinity Cyber different from a technical aspect is it's a new ability

[00:03:36] [SPEAKER_00]: to neutralize any adversary and it does it automated, in line, and real time.

[00:03:43] [SPEAKER_01]: Lesson your workload, reduce your expenses and increase your margins

[00:03:47] [SPEAKER_01]: with Trinity Cyber. Visit trinitiesyber.com slash msp4 to learn about their discounted MSP pricing options.

[00:03:59] [SPEAKER_01]: OpenAI is racing to launch a new AI product codenamed Strawberry, which aims to enhance

[00:04:05] [SPEAKER_01]: reasoning capabilities in chatbots, particularly in solving complex problems like math and programming.

[00:04:12] [SPEAKER_01]: This initiative is part of OpenAI's strategy to maintain its competitive edge in conversational AI,

[00:04:18] [SPEAKER_01]: especially with the upcoming launch of its flagship model, Orion.

[00:04:22] [SPEAKER_01]: Strawberry could also help generate high quality training data to reduce errors in AI outputs.

[00:04:29] [SPEAKER_01]: The technology was demonstrated to US national security officials and was previously known as Q Star.

[00:04:36] [SPEAKER_01]: This explains the strawberry emojis bouncing around the internet.

[00:04:40] [SPEAKER_01]: Google has expanded its Gemini 1.5 AI models with three new experimental versions,

[00:04:46] [SPEAKER_01]: including a smaller model and improved pro and flash variants.

[00:04:51] [SPEAKER_01]: These models can process extensive multimodal inputs and achieve near perfect retrieval rates.

[00:04:58] [SPEAKER_01]: While the reception has been mixed, users can test the models for free in Google AI Studio and the Gemini API.

[00:05:06] [SPEAKER_01]: Anthropic has published the system prompts for its AI models, including Claude III opus,

[00:05:12] [SPEAKER_01]: aiming for transparency and ethical practices in AI development.

[00:05:16] [SPEAKER_01]: These prompts outline the model's capabilities and limitations, such as avoiding facial recognition

[00:05:22] [SPEAKER_01]: and maintaining impartiality on controversial topics.

[00:05:27] [SPEAKER_01]: Anthropic plans to regularly update and disclose changes to these prompts,

[00:05:32] [SPEAKER_01]: potentially pressuring competitors to follow suit.

[00:05:36] [SPEAKER_01]: Why do we care? There are two significant changes here.

[00:05:40] [SPEAKER_01]: Open AI showed their release to the US government before release,

[00:05:45] [SPEAKER_01]: and Anthropic published its system prompts. That's my primary focus.

[00:05:51] [SPEAKER_01]: Assume the models themselves become commodities.

[00:05:54] [SPEAKER_01]: How each company approaches regulation and security will be a competitive difference.

[00:05:59] [SPEAKER_01]: Open AI is electing to manage regulation concerns by consulting with the government,

[00:06:04] [SPEAKER_01]: which is a new strategy. So Anthropic is bringing more transparency to their prompts as their differentiator.

[00:06:13] [SPEAKER_01]: Anagy has launched new Apple Intelligence controls for device management,

[00:06:18] [SPEAKER_01]: allowing IT administrators to test activation and deactivation of AI features

[00:06:23] [SPEAKER_01]: before the public release of Mac OS 15, iOS 18, and iPad OS 18.

[00:06:29] [SPEAKER_01]: These updates address data security concerns by enabling organizations to manage AI settings

[00:06:35] [SPEAKER_01]: on their devices. Anagy customers can utilize these controls alongside Apple's AI beta

[00:06:41] [SPEAKER_01]: to enhance device management during the transition.

[00:06:45] [SPEAKER_01]: SAS Alerts has launched a new managed SAS Alerts solutions for managed services providers

[00:06:50] [SPEAKER_01]: that offers 24x7 monitoring and expert support to enhance cybersecurity for SAS applications.

[00:06:57] [SPEAKER_01]: Key features include continuous incident analysis, monthly reporting,

[00:07:02] [SPEAKER_01]: and proactive security enhancements. The service aims to help MSPs protect their clients against

[00:07:07] [SPEAKER_01]: increasing SAS-related threats and it will be available starting September 1st for 75 cents

[00:07:13] [SPEAKER_01]: per user per month. SureWeb has become the first cloud solutions provider to offer Sentinel-1's

[00:07:20] [SPEAKER_01]: Purple AI to manage services providers, enhancing their cybersecurity operations with generative

[00:07:25] [SPEAKER_01]: capabilities. This solution aims to improve threat hunting, investigation and incident response,

[00:07:32] [SPEAKER_01]: addressing skill shortages and streamlining security processes.

[00:07:36] [SPEAKER_01]: And in what is a rumor but will unnecessarily cause a freak out for many, CRN is reporting

[00:07:42] [SPEAKER_01]: that ConnectWise is finalizing a deal to acquire Accient, that business continuity

[00:07:47] [SPEAKER_01]: and disaster recovery vendor for $400 million to $500 million. This acquisition aims to

[00:07:53] [SPEAKER_01]: enhance ConnectWise's offerings against competitors like Kaseya.

[00:07:58] [SPEAKER_01]: Why do we care? What's interesting to me is that the noise around the MSP community will be

[00:08:04] [SPEAKER_01]: around ConnectWise, a deal that's notably not done, glossing over two other key moves.

[00:08:11] [SPEAKER_01]: Adagy has support for Apple Intelligence even before it's in the field. I keep talking

[00:08:16] [SPEAKER_01]: about AI governance, well here's a tool for it. Plus I found it notable that SureWeb

[00:08:22] [SPEAKER_01]: is the first to market with Sentinel-1 on the AI product. Now, Sentinel-1 is not very exclusive

[00:08:28] [SPEAKER_01]: with their deals, it seems they'll do one with everyone, but a launch partner is always a notable

[00:08:33] [SPEAKER_01]: choice. Providers, these are the more interesting stories out there.

[00:08:40] [SPEAKER_01]: Some big ideas for you. Why does getting a job in tech suck right now? The article from

[00:08:46] [SPEAKER_01]: RYX,R, the current challenges in tech hiring stem from a talent redistribution towards

[00:08:53] [SPEAKER_01]: larger companies, increased dishonesty in applications and the influence of AI on

[00:08:59] [SPEAKER_01]: hiring practices. While AI is not replacing engineering jobs, it is affecting the hiring

[00:09:05] [SPEAKER_01]: landscape by making it easier for candidates to misrepresent their qualifications. Additionally,

[00:09:11] [SPEAKER_01]: Venture Capital is shifting towards capital intensive AI projects rather than labor intensive ones

[00:09:17] [SPEAKER_01]: impacting job availability. Despite concerns, AI is unlikely to eliminate software engineering roles

[00:09:24] [SPEAKER_01]: as productivity enhancements may actually increase demand for developers.

[00:09:30] [SPEAKER_01]: And a follow up to my live show from Wednesday and for those of you that weren't there,

[00:09:35] [SPEAKER_01]: you'll get it tomorrow in the podcast feed and it's on YouTube already.

[00:09:39] [SPEAKER_01]: From the verge, hello, you're here because you compared AI image editing to Photoshop.

[00:09:45] [SPEAKER_01]: The article discusses the implications of AI image editing compared to traditional tools like

[00:09:51] [SPEAKER_01]: Photoshop highlighting concerns about the ease of creating manipulative images and

[00:09:56] [SPEAKER_01]: the erosion of trust in photography. It argues that while Photoshop requires skill and time,

[00:10:02] [SPEAKER_01]: AI tools drastically lower these barriers, making it easy for anyone to produce convincing fakes.

[00:10:10] [SPEAKER_01]: The piece also addresses societal issues stemming from image manipulation such as

[00:10:15] [SPEAKER_01]: unrealistic beauty standards and misinformation and emphasizes the challenges of regulating

[00:10:20] [SPEAKER_01]: AI technology effectively. How about this article? Stop paying for antivirus software.

[00:10:26] [SPEAKER_01]: Here's why you don't need it. Got your attention? The article argues against the need for paid

[00:10:33] [SPEAKER_01]: antivirus software highlighting that built-in security features like Microsoft Defender protect

[00:10:38] [SPEAKER_01]: most users. It notes that many Americans still pay for third party antivirus often due to

[00:10:45] [SPEAKER_01]: generational habits but emphasizes that modern threats primarily target businesses rather

[00:10:51] [SPEAKER_01]: than individual consumers. The piece suggests letting subscriptions to services like Norton

[00:10:56] [SPEAKER_01]: or McAfee expire as default protections are generally sufficient for home users.

[00:11:02] [SPEAKER_01]: And Josh Brown argues for optimism as a default mindset contrasting it with pessimism,

[00:11:09] [SPEAKER_01]: often leading to missed opportunities. He reflects on historical financial events

[00:11:14] [SPEAKER_01]: emphasizing that successful investors and builders typically adopt a positive outlook

[00:11:20] [SPEAKER_01]: even amidst crises. Despite current challenges, he encourages a focus on potential improvements

[00:11:27] [SPEAKER_01]: and progress asserting that optimism ultimately prevails and is essential for long-term investment

[00:11:33] [SPEAKER_01]: and growth. Why do we care? If you need a weekend boost, Brown's take is one.

[00:11:41] [SPEAKER_01]: I include the Verge's thought piece to consider the level of friction required

[00:11:46] [SPEAKER_01]: to make a technology mainstream. But the main story to ponder is security.

[00:11:51] [SPEAKER_01]: There's an interesting dynamic here. What is appropriate for business differs from what's

[00:11:56] [SPEAKER_01]: appropriate for consumers and we struggle to deliver a message that speaks to users on their

[00:12:01] [SPEAKER_01]: terms. I wanted to offer this perspective to help you consider how to reconcile messaging,

[00:12:06] [SPEAKER_01]: particularly for smaller businesses. Thanks for listening. Today is National

[00:12:13] [SPEAKER_01]: Lemon Juice Day. It's also National Sports Day, but I don't think those two go together.

[00:12:19] [SPEAKER_01]: This weekend you'll get that live episode I mentioned. It's a great conversation with

[00:12:23] [SPEAKER_01]: Jessica Davis about how to think about AI and deep fakes in the context of journalism and sourcing.

[00:12:30] [SPEAKER_01]: Then on Sunday my interview with Hugo Milan talking about hiring strategies.

[00:12:35] [SPEAKER_01]: If you got a comment or a thought on a story, put it in the comments if you're on

[00:12:38] [SPEAKER_01]: YouTube or reach out on LinkedIn if you're listening to the podcast. It's a long holiday weekend in the

[00:12:43] [SPEAKER_01]: US and I will be back again on Tuesday with more news. If you like the show, share it with a colleague.

[00:12:50] [SPEAKER_01]: Enjoy the weekend.

[00:13:39] [SPEAKER_00]: Part of the MSP Radio Network.