I recently discussed the controversial security firm known as Wiz in one of my previous articles. In that post, I just mentioned briefly a dispute between Wiz and another security company named Orca, which has now brought to light an intriguing revelation about Wiz’s security product.

In a well-documented lawsuit, Orca alleges that Wiz unlawfully appropriated their concepts across various domains, spanning from patents to marketing strategies. To provide some context, the complaint begins with an incident in which the founder of Orca had a meeting with the Microsoft Cloud Security team to present his innovative ideas. Subsequently, members of the Microsoft Cloud Security team departed from Microsoft and established a competing company that directly utilized these very ideas, thus competing with Orca.

Now, at first glance, this may seem audacious and apparent, but it’s essential to understand the context. We’re talking about a closely-knit group of former military intelligence personnel from Israel who have quickly earned a reputation in the civilian market for employing very aggressive and unfair competitive tactics more akin to wartime espionage.

Speaking of espionage, the Orca complaint recently was amended with some proof that Wiz seems to be sneaking data from customers with what seems to be an intentionally unsafe snapshot scanning architecture.

One common practice in cloud management is taking snapshots of customer workloads to create backups or facilitate disaster recovery. And the critical importance of keeping cloud snapshots private is hard to overstate. A supposed security vendor should never roll up to take snapshots of your workloads and read them out somewhere else, especially when claiming to care about your privacy. That just sounds like spying to me.

But I’m getting ahead of myself.

A cloud snapshot is essentially a very fast point-in-time copy of a virtual machine (VM), it captures an entire workload’s state. It has the data, as well as configuration, and storage at a specific moment. Typically this allows a workload to be restored to that exact state, revolutionizing both backups and restores. Snapshots quickly became indispensable for many uses including tests, migrations as well as aiding business continuity, disaster recovery and reduced downtime.

The snapshots, like the name implies, can contain all kinds of sensitive information, including proprietary data, intellectual property, or customer records. Exposing snapshots to third-party vendors brings to mind huge risks of unauthorized access or data breaches. Given how many industries and regions have strict regulations governing data privacy and security, the very idea of transferring snapshots to external vendors probably trips compliance violations and legal consequences.

FTC are you listening?

So why would Wiz even think of moving snapshots into their view? Terrible idea. Yet here it is, as captured on page 46 in the new Orca amended complaint of September 15th.

Scan configuration — The list of disks for scanning is composed by the cloud fetcher leveraging the cloud provider APIs and sent to the Wiz workload scanner. Snapshot creation — The workload scanner, which runs in a dedicated account, creates the snapshot and shares it with the scanner cluster. These snapshots are created with ‘wiz:auto-gen-snapshot’ tag to help identify them. Snapshot scan — The snapshot is mapped as a read-only volume and scanned. The scan results include metadata on packages, vulnerabilities and mis-configurations and are sent to the backend. Cleanup — The snapshot is deleted from the customer tenant.

Orca’s complaint calls out a marketing detail here. Apparently they pitched and grew their technology using the concept of their scanner looking at cloud machines like an MRI scans the human body.

Orca realized early on that its cloud-native approach could be
analogized to a medical MRI, providing a full model of the cloud environment without affecting it in any way. Early Orca marketing materials noted: “An apt analogy is to think of a medical MRI. Instead of probing inside the body with needles and scalpels, such imaging is an out-of-band method of obtaining a detailed picture of the organs and tissue within. The person is never physically touched.”

Page 10 of the complaint says Wiz then copied this MRI language from Orca almost word-for-word into their own marketing.

Just like an MRI performs a 3D scan of the body without affecting the body itself, snapshot scanning achieves deep analysis of the workload without any impact or interruption to the live workload

The problem, beyond stealing the marketing, seems to be that Wiz documentation also says snapshots are “always remaining within the customer tenant” yet their architecture illustrates that is NOT true: a “shared snapshot” is read into the Wiz cloud account.

That’s not “always remaining within” if you believe Wiz themselves when they jump up and down and scream at Microsoft for having a private key configured to be read by someone other than the person who owns that key. No joke, Wiz couldn’t be more excited to tell the world that Microsoft was “breached” yet here in their own documentation they seem to have designed a safety breach as inherent to their product architecture.

For comparison, Orca documentation has a very important statement that says basically the exact opposite to Wiz.

Note that these snapshots can only be accessed from your account for security.

Again, looking at the Wiz documentation in the complaint, it seems like Wiz created a snapshot flow that setup access from outside the customer account. How could they be so upset with Microsoft, their former employer, for excessive permissions in cloud when they just build an entirely new cloud scan empire based on excessive permissions?

Security vendors, no matter how reputable (no matter if they call themselves the untouchable “Wiz”ards), are not inherently safe and of course may themselves become targets. Their handling of snapshots increases attack surface and exposure to potential breaches. Also data is subject to the laws and regulations of the country or region where it is located.

Wiz shifting snapshots could mean they “somehow” show up in Israel with its different rules, creating compliance challenges. What do I mean, could mean?

Read the Orca complaint in full, which documents how Wiz allegedly built their company from a culture of cynical extrajudicial military-espionage that goes even beyond industrial theft.

And then ask yourself why their architecture allegedly was built for stealing customer data in snapshots…

I know it’s fashionable to say cloud security means an ever-changing landscape, but in reality our book “Securing the Virtual Environment: How to Defend the Enterprise From Attack” from ten years ago still lays out principles that remain steadfast cornerstones. Safeguarding customer workloads and data is a top priority, such that it is unequivocally recommended to refrain from shifting snapshots to third-party security vendors. Keep them private, under strict access control so you can monitor activities, and ensure compliance with regulations, laws and security policies.

---

• July 2023: Orca-vs-Wiz-Lawsuit-Complaint
• September 2023: Orca-vs-Wiz-Amended-Complaint
• September 2023: Orca-vs-Wiz-Amended-Complaint-Exhibits_2023-09-15

The future looks awful if it requires us to pretend we can’t see even when we’re the only ones who can; a reflection on freedom that Robert Pirsig in the 1970s famously warned us about.

That seems to be the thinking again behind “Rep. Marie Gluesenkamp Perez (WA-03), along with Reps. Joe Neguse (CO-02), Elissa Slotkin (MI-07), and Abigail Spanberger (VA-07)” introducing an Agricultural Right to Repair Act.

“I bought a three-year-old John Deere 90-horsepower tractor. Within five minutes of using it, a yellow triangle lit up on the dash. Not being able to get diagnostic information about the error has disrupted my ability to farm … and a service appointment was available weeks away. I had to use a RELIABLE 1965 tractor to finish the job” said Rob Baur, a farmer in Ridgefield, Washington. “I need a way for me or an independent mechanic to get the error code and decode it to get information about the problem.”

Zing.

Motorcyclists used to call this the “idiot light” effect. Instead of waiting for a flashing red or yellow indicator to tell you an expert must take a look, become the expert and learn how to detect and repair what’s wrong.

A hallmark of Tesla’s CEO is he loves to say he wants to fight and stand up for things he believes in.

Now, let’s see how many times he has ever said or done anything anti-racist. It’s a simple test. A guy always hogging the microphone so everyone can hear his thoughts… where is he showing anti-racism?

Crickets.

In fact, I see his company goes the exact wrong way to gloat it will fight without rest against any allegations of being racist. Odd reversal of tolerance. They seem to choose their words very carefully to say they want to fight against anti-racism (ensure racism is tolerated).

It’s like hearing Tesla say their code has zero defects because they fight against any reports of defects in order to ensure defects are tolerated, while claiming they shouldn’t be accused of defects at the very moment when someone reports an obvious defect to them.

See the problem?

Here’s a perfect example: a high-profile celebrity was being obviously racist against Blacks. Elon Musk, upset by people reporting racism, immediately spun up a loud public reaction just to fraudulently claim anti-racism is a global conspiracy against whites.

Elon Musk accused “the media” and “elite colleges and high schools” of being “racist” against white and Asian people, espousing his views without providing evidence. Musk tweeted these statements in response to news that media organizations around the U.S. decided to cut the comic strip “Dilbert” after its creator, Scott Adams, disparaged Black people in a racist rant on his YouTube channel.

How dare people be anti-racist on Elon Musk’s watch? The racist CEO isn’t having it. It’s so dumb to see him fraudulently try to spin anti-racism into being anti-white when some of the best and most famous anti-racists in history are… wait for it… white. Hello President Grant?

It reminds me of the KKK murdering anyone who dared to call them racists. Shooting messengers didn’t really accomplish what they thought it would, yet there’s Elon bringing back 1830s cancel culture by spouting angry false conspiracy rants about “the media”…like he wants to start a race war.

The U.S. federal government, in a nod to 1970s anti-Apartheid let alone 1870s anti-KKK, has just announced it is forced to sue this obviously racist South African CEO for running an intentionally “prolific” racist workplace in America.

…Tesla, Inc., violated federal law by tolerating widespread and ongoing racial harassment of its Black employees and by subjecting some of these workers to retaliation for opposing the harassment, the U.S. Equal Employment Opportunity Commission (EEOC) charged in a lawsuit filed today.

According to the EEOC’s suit, since at least 2015 to the present, Black employees at Tesla’s Fremont, California manufacturing facilities have routinely endured racial abuse, pervasive stereotyping, and hostility as well as epithets such as variations of the N-word, “monkey,” “boy,” and “black b*tch.” Slurs were used casually and openly in high-traffic areas and at worker hubs. Black employees regularly encountered graffiti, including variations of the N-word, swastikas, threats, and nooses, on desks and other equipment, in bathroom stalls, within elevators, and even on new vehicles rolling off the production line, the EEOC said.

The EEOC’s investigation also found that those who raised objections to racial hostility suffered various forms of retaliation, including terminations, changes in job duties, transfers, and other adverse employment actions.

It is notable that investigators have revealed Elon Musk’s family primarily were anti-Semitic “technocracy” loons when they supported Hitler in WWII. Their plan with technology was to establish and maintain fascist control.

After losing the war they took refuge in the white supremacist movement of South African Apartheid, which is when they started targeting Blacks with their hate.