Security

Did Wiz Breach Customer Privacy With Its “MRI” Snapshot Architecture?

2 Comments

I recently discussed the controversial security firm known as Wiz in one of my previous articles. In that post, I just mentioned briefly a dispute between Wiz and another security company named Orca, which has now brought to light an intriguing revelation about Wiz’s security product.

In a well-documented lawsuit, Orca alleges that Wiz unlawfully appropriated their concepts across various domains, spanning from patents to marketing strategies. To provide some context, the complaint begins with an incident in which the founder of Orca had a meeting with the Microsoft Cloud Security team to present his innovative ideas. Subsequently, members of the Microsoft Cloud Security team departed from Microsoft and established a competing company that directly utilized these very ideas, thus competing with Orca.

Now, at first glance, this may seem audacious and apparent, but it’s essential to understand the context. We’re talking about a closely-knit group of former military intelligence personnel from Israel who have quickly earned a reputation in the civilian market for employing very aggressive and unfair competitive tactics more akin to wartime espionage.

Speaking of espionage, the Orca complaint recently was amended with some proof that Wiz seems to be sneaking data from customers with what seems to be an intentionally unsafe snapshot scanning architecture.

One common practice in cloud management is taking snapshots of customer workloads to create backups or facilitate disaster recovery. And the critical importance of keeping cloud snapshots private is hard to overstate. A supposed security vendor should never roll up to take snapshots of your workloads and read them out somewhere else, especially when claiming to care about your privacy.

The $10m Acoustic Kitty project as documented in “The Wizards of Langley” by Jeffrey Richelson in 2001. A new security firm named itself “Wiz” in a boast about their espionage roots, as if untouchable.
That just sounds like spying to me.

But I’m getting ahead of myself.

A cloud snapshot is essentially a very fast point-in-time copy of a virtual machine (VM), it captures an entire workload’s state. It has the data, as well as configuration, and storage at a specific moment. Typically this allows a workload to be restored to that exact state, revolutionizing both backups and restores. Snapshots quickly became indispensable for many uses including tests, migrations as well as aiding business continuity, disaster recovery and reduced downtime.

The snapshots, like the name implies, can contain all kinds of sensitive information, including proprietary data, intellectual property, or customer records. Exposing snapshots to third-party vendors brings to mind huge risks of unauthorized access or data breaches. Given how many industries and regions have strict regulations governing data privacy and security, the very idea of transferring snapshots to external vendors probably trips compliance violations and legal consequences.

FTC are you listening?

So why would Wiz even think of moving snapshots into their cloud account? Terrible idea and totally unnecessary, a violation of basic safety. Yet here it is, as captured on page 46 in the new Orca amended complaint of September 15th.

Scan configuration — The list of disks for scanning is composed by the cloud fetcher leveraging the cloud provider APIs and sent to the Wiz workload scanner. Snapshot creation — The workload scanner, which runs in a dedicated account, creates the snapshot and shares it with the scanner cluster. These snapshots are created with ‘wiz:auto-gen-snapshot’ tag to help identify them. Snapshot scan — The snapshot is mapped as a read-only volume and scanned. The scan results include metadata on packages, vulnerabilities and mis-configurations and are sent to the backend. Cleanup — The snapshot is deleted from the customer tenant.

Note the flow at the bottom right, where Wiz takes a snapshot and then exfiltrates it out of the customer environment. Source: Exhibit 4: Orca v. Wiz Amended Complaint Exhibits 2023-09-15

Orca’s complaint calls out a marketing detail here. Apparently they pitched and grew their technology using the concept of their scanner looking at cloud machines like an MRI scans the human body.

Orca realized early on that its cloud-native approach could be
analogized to a medical MRI, providing a full model of the cloud environment without affecting it in any way. Early Orca marketing materials noted: “An apt analogy is to think of a medical MRI. Instead of probing inside the body with needles and scalpels, such imaging is an out-of-band method of obtaining a detailed picture of the organs and tissue within. The person is never physically touched.”

Page 10 of the complaint says Wiz then copied this MRI language from Orca almost word-for-word into their own marketing.

Just like an MRI performs a 3D scan of the body without affecting the body itself, snapshot scanning achieves deep analysis of the workload without any impact or interruption to the live workload

The problem, beyond stealing the marketing, seems to be that Wiz documentation also says snapshots are “always remaining within the customer tenant” yet their architecture illustrates that is NOT true: a “shared snapshot” is read into the Wiz cloud account and outside customer control.

That’s not “always remaining within” if you believe Wiz themselves when they jump up and down and scream at Microsoft for having a private key configured to be read by someone other than the person who owns that key. No joke, Wiz couldn’t be more excited to tell the world that Microsoft was “breached” yet here in their own documentation they seem to have designed a safety breach as inherent to their product architecture.

For comparison, Orca documentation has a very important statement that says basically the exact opposite to Wiz.

Note that these snapshots can only be accessed from your account for security.

Again, looking at the Wiz documentation in the complaint, it seems like Wiz created a snapshot flow that setup access from outside the customer account. How could they be so upset with Microsoft, their former employer, for excessive permissions in cloud when they just build an entirely new cloud scan empire based on excessive permissions?

Security vendors, no matter how reputable (no matter if they call themselves the untouchable “Wiz”ards), are not inherently safe and of course may themselves become targets. Their handling of snapshots increases attack surface and exposure to potential breaches.

Also data is subject to the laws and regulations of the country or region where it is located. Wiz shifting snapshots could mean they “somehow” show up in Israel with its different rules, creating compliance challenges.

What do I mean, could mean?

Read the Orca complaint in full, which documents how Wiz allegedly built their company from a culture of cynical extrajudicial military-espionage that goes even beyond industrial theft.

And then ask yourself why their architecture allegedly was built for stealing customer data in snapshots…

I know it’s fashionable to say cloud security means an ever-changing landscape, but in reality our book “Securing the Virtual Environment: How to Defend the Enterprise From Attack” from ten years ago still lays out principles that remain steadfast cornerstones. Safeguarding customer workloads and data is a top priority, such that it is unequivocally recommended to refrain from shifting snapshots to third-party security vendors. Keep them private, under strict access control so you can monitor activities, and ensure compliance with regulations, laws and security policies.

History, Security

If AfD are Nazis, and Elon Musk Campaigns for AfD, What Does That Make Him?

1 Comment

First, the Nazis in AfD love saying they are definitely not the thing that they are.

There is a long list of cases with a neo-Nazi connections in the AfD – and it runs right up to the national executive committee.

AfD literally oppose law and order — want to undermine the Constitution — so they can plunge Germany into fascism.

Can you form a coalition with those people and make them accepted as normal partners? And there’s a huge understanding right now, or was a huge understanding: No, you may not, because they don’t play according to the rules. And the rules are the content of our Constitution and the rule of law. […] And it’s becoming clearer and clearer that [the AfD] is in huge parts, or in part, against the Constitution, and could [therefore] be prohibited.

German domestic intelligence has even warned publicly against voting for the anti-Constitution AfD.

“[P]arts of the AfD spread hate and agitation against all kinds of minorities in Germany, especially migrants … We see that parts of the AfD also hold and promote an anti-Semitic attitude. We see that parts of the AfD are very much influenced by Moscow and continue to spread Russian narratives”, particularly with regards to Russia’s all-out war in Ukraine, [chief of the Federal Office for the Protection of the Constitution (BfV)] Haldenwang added.

German language reports say it most clearly and without hesitation, because it’s important: AfD are the old Nazis.

“Die alten Nazis sind wieder da”. Der ehemalige FDP-Innenminister Gerhart Baum blickt mit Sorge auf den Rechtsruck in Deutschland. Im Video erklärt er, weshalb er die AfD für demokratiegefährdend hält.

Second, guess who loves “die alten Nazis” in the AfD and why.

Elon Musk shares a post calling for the AfD to be elected.

Yup.

Elon Musk, already being sued for obvious racism, is without question using his platform to put Nazis back in power.

Twitter has changed its logo to an “old” swastika and claimed the Nazi Gleichschaltung concept as its “new” idea

Related: Why are he and South African businessman Peter Thiel, close friend of South African businessman Elon Musk, both apparently trying to restore Nazism in Germany?

Clue: Their families were on the side of Hitler in WWII and fled to South Africa in order to avoid accountability (e.g. Thiel and Musk failed to attend mandatory Holocaust education — Nazi atrocities of 1933 to 1945).

To be even more clear, Musk’s grandfather J. N. Haldeman was a chiropractor in the nineteen-thirties and forties who became director of a “Technocracy” pro-Hitler political campaign in Canada.

Source: The Leader-Post, Regina, Saskatchewan, Canada. Tue, Oct 8, 1940. Page 16

To be fair, Technocracy was a political movement that claimed it wasn’t political because politicians were not allowed, just like it was a fascist movement that claimed being anti-Semites opposed to fighting against Hitler didn’t mean they supported Hitler.

Perhaps you can smell the crazy. Technocrats in the 1940s tried to promote a single Technate (destroying national borders to form a massive empire) by claiming to have a technological army in grey uniforms, driving grey cars, greeting everyone in military salutes and pledging allegiance to a single white man as the supreme leader over the entire continent… all based only on inflated resumes with false engineering degrees or work experience.

Fascism? Who sees fascism? This 1941 Technocracy rally of “light grey shirts” (not to be confused with silver shirts) argued that all the governments in North America must be destroyed so a single white man can rule the entire continent. Source: Technocracy Inc.

In 1950, given his run-ins with the law during WWII for supporting Hitler, not to mention his continued spread of anti-Semitic hate speech, Haldeman fled to South Africa to promote a new white supremacist Apartheid regime.

An examination of Joshua Haldeman’s writings reveals a radical conspiracy theorist who expressed racist, anti-Semitic, and antidemocratic views repeatedly, and over the course of decades—a record I studied across hundreds of documents from the time, including newspaper clips, self-published manuscripts, university archives, and private correspondence. Haldeman believed that apartheid South Africa was destined to lead “White Christian Civilization” in its fight against the “International Conspiracy” of Jewish bankers and the “hordes of Coloured people” they controlled. “Instead of the Government’s attitude keeping me out of South Africa, it had precisely the opposite effect—it encouraged me to come and settle here,” he told a reporter for the South African newspaper Die Transvaler shortly after his arrival. The far-right Afrikaner newspaper treated Haldeman’s arrival as a PR victory for apartheid. (“PRAISES ACTION OF NATIONALIST PARTY REGIME: Canadian Politician Settles in South Africa,” the headline read.)

They meant Canadian Technocracy anti-politician politician.

Elon’s grandfather pivoted his track-record of rabid anti-Semitism towards boosting Apartheid racism. In 1960 he self-published a manifesto called “The International Conspiracy to Establish a World Dictatorship and the Menace to South Africa.” Presumably bed-time reading to his grandson Elon born in 1971, this text updated Nazi “Dolchstoßlegende” propaganda about WWI used for blaming Jews for everything to also blame them for Germany losing WWII; an unhinged rant about achieving a white supremacist dream state.

Source: Twitter

Back to AfD in 2023: Perhaps now you see why little Elon has grown up to fulfill his grandfather’s conspiracy-filled hate campaigns, for a small group of white supremacists (with fake or inflated engineering degrees and experience) to rule via abuse of technology, and of course publicly campaign for “die alten Nazis“.

“Challenge accepted, Elon” Mehdi Hasan says as he lays out in gory detail the increasing hate speech (Xcrement) on Musk’s eXTwitter:

Security

U.S. Bill Challenges OEM “Idiot Light” to Ensure AgTech Right to Repair

Leave a comment

The future looks awful if it requires us to pretend we can’t see even when we’re the only ones who can; a reflection on freedom that Robert Pirsig in the 1970s famously warned us about.

That seems to be the thinking again behind “Rep. Marie Gluesenkamp Perez (WA-03), along with Reps. Joe Neguse (CO-02), Elissa Slotkin (MI-07), and Abigail Spanberger (VA-07)” introducing an Agricultural Right to Repair Act.

“I bought a three-year-old John Deere 90-horsepower tractor. Within five minutes of using it, a yellow triangle lit up on the dash. Not being able to get diagnostic information about the error has disrupted my ability to farm … and a service appointment was available weeks away. I had to use a RELIABLE 1965 tractor to finish the job” said Rob Baur, a farmer in Ridgefield, Washington. “I need a way for me or an independent mechanic to get the error code and decode it to get information about the problem.”

Zing.

Motorcyclists used to call this the “idiot light” effect. Instead of waiting for a flashing red or yellow indicator to tell you an expert must take a look, become the expert and learn how to detect and repair what’s wrong.

Security

Tesla’s Racist CEO Sued by Federal Government for Racism

Leave a comment

A hallmark of Tesla’s CEO is he loves to say he wants to fight and stand up for things he believes in.

Now, let’s see how many times he has ever said or done anything anti-racist. It’s a simple test. A guy always hogging the microphone so everyone can hear his thoughts… where is he showing anti-racism?

Crickets.

In fact, I see his company goes the exact wrong way to gloat it will fight without rest against any allegations of being racist. Odd reversal of tolerance. They seem to choose their words very carefully to say they want to fight against anti-racism (ensure racism is tolerated).

It’s like hearing Tesla say their code has zero defects because they fight against any reports of defects in order to ensure defects are tolerated, while claiming they shouldn’t be accused of defects at the very moment when someone reports an obvious defect to them.

See the problem?

Here’s a perfect example: a high-profile celebrity was being obviously racist against Blacks. Elon Musk, upset by people reporting racism, immediately spun up a loud public reaction just to fraudulently claim anti-racism is a global conspiracy against whites.

Elon Musk accused “the media” and “elite colleges and high schools” of being “racist” against white and Asian people, espousing his views without providing evidence. Musk tweeted these statements in response to news that media organizations around the U.S. decided to cut the comic strip “Dilbert” after its creator, Scott Adams, disparaged Black people in a racist rant on his YouTube channel.

How dare people be anti-racist on Elon Musk’s watch? The racist CEO isn’t having it. It’s so dumb to see him fraudulently try to spin anti-racism into being anti-white when some of the best and most famous anti-racists in history are… wait for it… white. Hello President Grant?

It reminds me of the KKK murdering anyone who dared to call them racists. Shooting messengers didn’t really accomplish what they thought it would, yet there’s Elon bringing back 1830s cancel culture by spouting angry false conspiracy rants about “the media”…like he wants to start a race war.

The U.S. federal government, in a nod to 1970s anti-Apartheid let alone 1870s anti-KKK, has just announced it is forced to sue this obviously racist South African CEO for running an intentionally “prolific” racist workplace in America.

…Tesla, Inc., violated federal law by tolerating widespread and ongoing racial harassment of its Black employees and by subjecting some of these workers to retaliation for opposing the harassment, the U.S. Equal Employment Opportunity Commission (EEOC) charged in a lawsuit filed today.

According to the EEOC’s suit, since at least 2015 to the present, Black employees at Tesla’s Fremont, California manufacturing facilities have routinely endured racial abuse, pervasive stereotyping, and hostility as well as epithets such as variations of the N-word, “monkey,” “boy,” and “black b*tch.” Slurs were used casually and openly in high-traffic areas and at worker hubs. Black employees regularly encountered graffiti, including variations of the N-word, swastikas, threats, and nooses, on desks and other equipment, in bathroom stalls, within elevators, and even on new vehicles rolling off the production line, the EEOC said.

The EEOC’s investigation also found that those who raised objections to racial hostility suffered various forms of retaliation, including terminations, changes in job duties, transfers, and other adverse employment actions.

It is notable that investigators have revealed Elon Musk’s family primarily were anti-Semitic “technocracy” loons when they supported Hitler in WWII. Their plan with technology was to establish and maintain fascist control.

After losing the war they took refuge in the white supremacist movement of South African Apartheid, which is when they started targeting Blacks with their hate.