Security lapse exposed Clearview AI source code – TechCrunch:
Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene.
The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.
But for a time, a misconfigured server exposed the company's internal files, apps and source code for anyone on the internet to find.
Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview's source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.
The repository contained Clearview's source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company's secret keys and credentials, which granted access to Clearview's cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.
The repository also exposed Clearview's Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company's private messages and communications.
(Score: 3, Insightful) by fadrian on Monday April 20 2020, @08:31PM (4 children)
If certain people didn't NEED to have their submissions checked, then maybe their stories would get to the front page sooner. That being said, the notion that some random, offshoot blog would come anywhere close to a reviewed publication in terms of editorial quality is so laughable that one wonders if your comment would be better suited for the Onion than for here.
That is all.
(Score: 3, Insightful) by NickM on Monday April 20 2020, @09:18PM
I a master of typographic, grammatical and miscellaneous errors !
(Score: 2, Offtopic) by aristarchus on Tuesday April 21 2020, @12:27AM
And within mere minutes, more aristarchus submissions meet their appointed fates, rejected from hidden "hold" queue, to wander aimlessly across the muted sands of time, like silent claws of censored clams! Oy, the Mussels! Oh, the carapacians! Not like anyone is trying to cover up anything, like perhaps, Illegal human experimentation [soylentnews.org], or Magical Republican Syndrome [soylentnews.org]. Sorry, all off topic, except for the fact that Trump's supporter, and "young blood" vampire Peter Thiel is behind Clearview AI.
(Score: 0) by Anonymous Coward on Tuesday April 21 2020, @01:58AM
LOL, you say it like S/N is the pinnacle of serious foruming.
(Score: 2) by DannyB on Tuesday April 21 2020, @02:26PM
What is this Onion you speak of? Hmmm. Interesting.
The lower I set my standards the more accomplishments I have.