Latest headlines: Scott Tiner on making a disaster recovery plan, Paul Konikowski on the Owl Labs Meeting Owl security vulnerabilities
August 15, 2022 | Volume: 15 | Issue: 16
In this house, we love a theme. And the theme for today’s newsletter is most definitely “cybersecurity.” Scott Tiner wrote last time about how security could be a success or failure for schools — depending on how prepared they are for it. This time, he writes about the importance of making a disaster recovery plan and sticking to it. Cyberattacks are no joke, so it’s more important than ever to stay vigilant. He provides some tips on how to do that in his article.
On the other hand, Paul Konikowski tells a cautionary tale of security vulnerabilities in hardware. You never want to hear that, but it’s today’s reality. In the article, he writes about the Meeting Owl from Owl Labs, the vulnerabilities, and how the company patched them. He also talks about how we can do better, i.e. not hosting an online database of end-user information. Read more here.
Last month I wrote about cybersecurity in schools and what steps we can take to prevent attacks from happening. I wrote in the blog that there are many things we can do to harden our security and to make our institutions less of a soft target. Yet, as I pointed out in that piece, chances are that one way or another we will all get hit by some type of attack. This month, I am writing about preparing in advance for what to do after an attack happens. In IT lingo, have a disaster recovery plan.
In January 2022, cybersecurity researchers at Modzero reported a handful of security vulnerabilities to Owl Labs regarding their 360-degree video conferencing Meeting Owl, Meeting Owl Pro, Meeting Owl 3, and Whiteboard Owl. In May, Owl Labs released patches for these vulnerabilities. As an industry, we need to do better. Not just in our quickness in responding to security concerns, but in general. I will expand on that more later in this article. First, let’s talk about the associated CVEs.
