Security Lapse Exposed Clearview AI Source Code 22
Zack Whittaker, reporting for TechCrunch: Since it exploded onto the scene in January after a newspaper expose, Clearview AI quickly became one of the most elusive, secretive, and reviled companies in the tech startup scene. The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it, and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles. But for a time, a misconfigured server exposed the company's internal files, apps and source code for anyone on the internet to find.
Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview's source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code. The repository contained Clearview's source code, which could be used to compile and run the apps from scratch.
Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview's source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code. The repository contained Clearview's source code, which could be used to compile and run the apps from scratch.
We now have a clear view into their code (Score:5, Funny)
We need a +1/2 awful pun (groan) mod. (Score:4, Insightful)
Subject says it all.
Re: (Score:1)
Parent and parent's parent: No mod points when I want them, sigh. ;-)
Multiple Config Errors (Score:5, Insightful)
So there were multiple config errors. They let people past the firewall, they let people onto the server, they let people into the software repository, and the entire software repository was available to any new user. I think we can safely assume the rest of their system is equally incompetently configured.
Re: (Score:2)
So there were multiple config errors. They let people past the firewall,
Who mentioned a firewall?
Sadly, it is more and more frequent these days to see companies store data in "the cloud" without any type of firewall.
Re: (Score:1)
Sounds like the default settings on gitlab.
SAUCE! GIMME! (Score:3)
Anyone have magnet links?
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:1)
None here ether..
The world's smallest violin. (Score:4, Interesting)
Couldn't have happened to a nicer bunch.
If you didn't know, they are white supremacists. [wikipedia.org]
Re: The world's smallest violin. (Score:1)
When you see the same thing wherever you look, there is one common factor.
Re: (Score:2, Interesting)
Yeah I am sure that Hoan Ton-That and Richard Swartz are "white supremacists".
There seems to be a lot of pretty good evidence that they have links to white superemicists and racists, yes.
Hoan Ton-That disavowed racism, but the words he chose to do so made it pretty clear that he had been at least flirting with it:
"In his statement, Ton-That described those associations as the product of a life spent on the internet. “I learned about the world, its inhabitants and ideas online,” Ton-That said. “It had not always been a straight path, and it had not always served me w
Re: The world's smallest violin. (Score:2)
Answering yourself as AC doesn't convince anyone, all-night troll.
Re: (Score:2)
If you believe everything on Wikipedia and that Huffington Post is an unbiased and honest journalism website, then I have a bridge to sell you. The article quoted makes all kinds of claims with zero proof and supposes a lot and presents it as fact. That is piss poor journalism. This is typical for Huff Post. They have a known bias and are proud of it.
So no real data (Score:2)
The app itself is just a simple shell that takes an image and uploads it.
What does not seem to be in the data and source code found, is the giant database/model that would be used to match images.
You would need a login to send any data to the server to attempt a match, so this breach, while embarrassing, doesn't seem that bad in absolute terms.
Re: So no real data (Score:3, Interesting)
I hope they have the server sourcecode as well in that breached area of their network. These assholes shpuld not be allowed to keep any secrets.
I find this bit funny:
https://en.m.wikipedia.org/wik... [wikipedia.org]
"Clearview's investors include Peter Thiel, a noted "surveillance enthusiast" who invested $200,000 in its first round of funding,[30] Naval Ravikant,[2] and RIT Capital Partners.[31]"
But then we have this:
https://en.m.wikipedia.org/wik... [wikipedia.org]
"One of Peter's elementary schools, a strict establishment in Swakopmund,
Good (Score:1)
I want to know how the crap they are VIOLATING us with works. Fuck them, and their stinky, rabid high horse they rode in on.
"We were just following orders", "I didn't know", "We are not responsible"...BULLSHIT! Those have stopped being valid excuses scince the Nuremburg trials.
GDPR? (Score:2)