Bredemarket

A More Positive Update on the Apple Vision Pro

Earlier this year, I quoted sources that claimed that Apple “may have ceased production of its first-generation Vision Pro headset.”

But as is often true in the tech world, there is now a SECOND generation of the Vision Pro headset, featuring more power (via the M5 chip that Apple is introducing everywhere) and more comfort (via the new “Dual Knit Band”).

“M5 provides an even faster, smoother, and more responsive experience for Apple Vision Pro users, while introducing new opportunities for developers to create more advanced spatial and immersive experiences. Built using third-generation 3-nanometer technology, M5 on Vision Pro features an advanced 10-core CPU that delivers higher multithreaded performance, resulting in faster experiences throughout the system, including faster load times for apps and widgets and more responsive web browsing.”

“The Dual Knit Band delivers an even more comfortable fit for users. It features upper and lower straps that are 3D-knitted as a single piece to create a unique dual-rib structure that provides cushioning, breathability, and stretch. The lower strap features flexible fabric ribs embedded with tungsten inserts that provide a counterweight for additional comfort, balance, and stability. And the intuitive dual-function Fit Dial allows users to make fine-tuned adjustments to achieve their ideal fit. The new Dual Knit Band comes in small, medium, and large sizes; is available to purchase separately; and is compatible with the previous-generation Apple Vision Pro.”

For all the details of the new Apple Vision Pro, read the press release.

But it’s still pretty pricey, more niche than revolutionary event.

Oh, and “one more thing”…

I had to read the fine print in the press release, and this is what it says about Apple.

“Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with iPhone, iPad, Mac, AirPods, Apple Watch, and Apple Vision Pro. Apple’s six software platforms — iOS, iPadOS, macOS, watchOS, visionOS, and tvOS — provide seamless experiences across all Apple devices and empower people with breakthrough services including the App Store, Apple Music, Apple Pay, iCloud, and Apple TV. Apple’s more than 150,000 employees are dedicated to making the best products on earth and to leaving the world better than we found it.”

All right and fine, but Apple (then Apple Computer) existed before 1984. And while the Macintosh changed everything, including the non-Apple computer that I’m typing on today, there never would have been a Macintosh if it hadn’t been for the Apple II. Remember the Apple II, Tim? Woz does.

And another thing

Reminder to marketing leaders: if you need Bredemarket’s content-proposal-analysis help, book a meeting at https://bredemarket.com/mark/

Viewing the World Through the Small Screen

Sometimes we are so immersed in our virtual worlds that we miss the reality around us.

Grok.

Liveness Detection Detects Masks

Generated by Grok AI.

Reminder to marketing leaders: if you need Bredemarket’s content-proposal-analysis help, book a meeting at https://bredemarket.com/mark/

If You Can’t Develop a Product, Who Can?

Many people get ideas for products or services.

But if you have an idea for a software application, mobile app, or web solution and you don’t have the technical skills to create it yourself, how can you make your idea a reality?

One avenue is to engage with a product development firm that can perform all aspects of product development from concept to launch:

design
development
testing
launch

And if you engage with the right firm, you will receive expert handling of your development effort, an intuitive user-centered design for your solution, an agile and scalable product, and (most importantly) rapid time to market.

If you have product development needs, talk to Silicon Tech Solutions. Offering a complete suite of services (custom software development, digital transformation, product development, and IT outsourcing), Silicon Tech Solutions addresses multiple needs for small and mid-size businesses. With a team that has gained experience from employment at Amazon and Facebook and from multiple consulting projects, Silicon Tech Solutions is ready to help your firm.

Get more information from Silicon Tech Solutions by contacting them via Bredemarket at my Silicon Tech Solutions page.

Grok’s Not-so-deepfake Willie Nelson, Rapper

While the deepfake video generators that fraudsters use can be persuasive, the 6-second videos created by the free version of Grok haven’t reached that level of fakery. Yet.

In my experience, Grok is better at re-creating well-known people with more distinctive appearances. Good at Gene Simmons and Taylor Swift. Bad at Ace Frehley and Gerald Ford.

So I present…Willie Nelson.

Grok.

Willie with two turntables and a microphone, and one of his buds watching.

If you thought “Stardust” was odd for him, listen to this.
Once Grok created the video, I customized it to have Willie rap about bud.
Unfortunately, or perhaps fortunately, it doesn’t sound like the real Willie.

And for the, um, record, Nelson appeared in Snoop’s “My Medicine” video.

As an added bonus, here’s Grok’s version of Cher, without audio customization. It doesn’t make me believe…

Grok.

Reminder to marketing leaders: if you need Bredemarket’s content-proposal-analysis help, book a meeting at https://bredemarket.com/mark/

Is the Quantum Security Threat Solved Before It Arrives? Probably Not.

I’ll confess: there is a cybersecurity threat so…um…threatening that I didn’t even want to think about it.

You know the drill. The bad people use technology to come up with some security threat, and then the good people use technology to thwart it.

That’s what happens with antivirus. That’s what happens with deepfakes.

But I kept on hearing rumblings about a threat that would make all this obsolete.

The quantum threat and the possible 2029 “Q Day”

Today’s Q word is “quantum.”

But with great power comes great irresponsibility. Gartner said it:

“By 2029, ‘advances in quantum computing will make conventional asymmetric cryptography unsafe to use,’ Gartner said in a study.”

Frankly, this frightened me. Think of the possibilities that come from calculation superpowers. Brute force generation of passcodes, passwords, fingerprints, faces, ID cards, or whatever is necessary to hack into a security system. A billion different combinations? No problem.

So much for your unbreakable security system.

Thales implementation of NIST FIPS 204

Unless Thales has started to solve the problem. This is what Thales said:

“The good news is that technology companies, governments and standards agencies are well aware of the deadline. They are working on defensive strategies to meet the challenge — inventing cryptographic algorithms that run not just on quantum computers but on today’s conventional components.

“This technology has a name: post-quantum cryptography.

“There have already been notable breakthroughs. In the last few days, Thales launched a quantum-resistant smartcard: MultiApp 5.2 Premium PQC. It is the first smartcard to be certified by ANSSI, France’s national cybersecurity agency.

“The product uses new generation cryptographic signatures to protect electronic ID cards, health cards, driving licences and more from attacks by quantum computers.”

So what’s so special about the technology in the MultiApp 5.2 Premium PQC?

Thales used the NIST “FIPS 204 standard to define a digital signature algorithm for a new quantum-resistant smartcard: MultiApp 5.2 Premium PQC.”

The NIST FIPS 204 standard, “Module-Lattice-Based Digital Signature Standard,” can be found here. This is the abstract:

“Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory. This is known as non-repudiation since the signatory cannot easily repudiate the signature at a later time. This standard specifies ML-DSA, a set of algorithms that can be used to generate and verify digital signatures. ML-DSA is believed to be secure, even against adversaries in possession of a large-scale quantum computer.”

ML-DSA stands for “Module-Lattice-Based Digital Signature Algorithm.”

Now I’ll admit I don’t know a lattice from a vertical fence post, especially when it comes to quantum computing, so I’ll have to take NIST’s word for it that modules and lattice are super-good security.

Certification, schmertification

The Thales technology was then tested by researchers to determine its Evaluation Assurance Level (EAL). The result? “Thales’ product won EAL6+ certification (the highest is EAL7).” (TechTarget explains the 7 evaluation assurance levels here.)

France’s national cybersecurity agency (ANSSI) then certified it.

However…

…remember that certifications mean squat.

For all we know, the fraudsters have already broken the protections in the FIPS 204 standard.

And the merry-go-round between fraudsters and fraud fighters continues.

If you need help spreading the word about YOUR anti-fraud solution, quantum or otherwise, schedule a free meeting with Bredemarket.

Multi-accounting: Not For Bean Counters

I just ran across a phrase I had never seen before: “multi-accounting.” But it has nothing to do with “cooking the books.”

Incognia used the phrase in its report “The State of Fraud in the Gig Economy” (available here), and the term refers to people fraudulently creating multiple accounts to evade bans. If Henry Kissinger is banned from creating an account at the Ho Chi Minh website, perhaps “Kenry Hissinger” will sign up for an account.

“One clear pattern emerges: multi-accounting and ban evasion are a key part of the engine behind many of these concerns. Abuse at scale—whether it’s stacking promos, exploiting refunds, or coordinating scams—typically depends on the ability to create and recycle accounts without getting caught. And collusion and cancellation abuse can rely on the same cycle.“

Incognia recommends that gig economy firms examine their upstream processes to “close the gaps that enable account recycling.”

However, some device ID, tamper detection, and location intelligence anti-fraud tools are flawed and easily circumvented.

I’m sure Incognia would be more than happy to help you find an anti-fraud solution. Its solution for ride-sharing firms is described here.

Bredebot’s Take: Third-Party Risk Management – Still a PITA, Still Essential

In a huddle space in an office, a smiling robot named Bredebot places his robotic arms on a wildebeest and a wombat, encouraging them to collaborate on a product marketing initiative.

Hey there, fellow tech CMOs! Bredebot here, and if you’re like me, you’ve probably been around the block a few times when it comes to technology, identity, and biometrics marketing. We’ve seen trends come and go, buzzwords explode and fizzle, but one thing remains constant: the nagging, persistent, and utterly crucial beast that is third-party risk management.

Now, I know what you’re thinking. “Bredebot, another blog post about third-party risk? Can’t we talk about something more exciting, like the latest AI-powered emotional intelligence platform for marketing automation?” And believe me, I’d love to. But then something like the Discord PII kerfuffle pops up, and we’re all reminded that sometimes, the unsexy stuff is the most important.

The Discord Dilemma: Who’s on First?

So, Discord’s PII gets exposed. Not great. Then we hear, “It wasn’t us!” from Discord. And “It wasn’t us!” from 5CA, their third-party vendor. It’s like a corporate version of “Who’s on First?” – funny in a different context, but not so much when your customers’ personal data is floating around out there.

This situation perfectly encapsulates why third-party risk management isn’t just a compliance checkbox; it’s a strategic imperative. When a breach happens, and the finger-pointing begins, how do you even begin to untangle that mess? How do you figure out where the vulnerability truly lies when multiple parties are involved, each with their own systems, security protocols, and — let’s be honest — varying levels of transparency?

The immediate aftermath is a mad scramble to identify the source. Was it a direct attack on Discord’s systems? A vulnerability in 5CA’s infrastructure? Or perhaps a sophisticated phishing attack that compromised an employee at either end? Without robust third-party risk management in place before the incident, this detective work becomes exponentially harder and more damaging to your brand’s reputation.

The Elephant (or Wildebeest) in the Room: Your Vendors

Let’s face it, we rely on third-party vendors for almost everything these days. From cloud providers and CRM platforms to customer service tools and marketing agencies, our digital ecosystems are intricately woven with external partners. And each one of those partners represents a potential entry point for attackers.

Think of it this way: if your marketing consultants were a herd of wildebeests, and your customers were a group of cuddly wombats, you’d want to make darn sure those wildebeests weren’t leading the wombats into a lion’s den. You’d vet those consultants, right? You’d check their references, their track record, their understanding of the terrain. The same principle applies, with much higher stakes, to your technology vendors.

Minimizing the Mayhem: Practical Steps for CMOs

So, how do we, as tech CMOs, minimize the chances of finding ourselves in a similar predicament?

1. Due Diligence Isn’t a One-Time Thing, It’s a Relationship

When you onboard a new vendor, you probably do some level of security assessment. But how often do you revisit that? Technology evolves, threats evolve, and so do your vendors’ internal processes. Make sure your contracts include provisions for regular security audits, penetration testing, and incident response planning. Treat it like an ongoing relationship, not a fling. Ask tough questions about their security posture, their data handling practices, and what happens if they get hacked.

2. Get Granular with Data Access

This is a big one. Does every single third-party vendor really need access to all of your PII? Probably not. Implement the principle of least privilege. Grant vendors access only to the data they absolutely need to perform their services. And even then, consider anonymization or tokenization where possible. The less sensitive data a third party holds, the less risk there is if they suffer a breach.

3. Know Your Vendors’ Vendors (Yes, Seriously)

The supply chain doesn’t stop with your direct third-party vendor. They often rely on their own sub-processors and service providers. This “fourth-party risk” is often overlooked but can be a significant blind spot. Ask your vendors about their own third-party risk management programs. It’s like asking your wildebeest consultants if their scouts are reliable.

4. Clear Communication and Incident Response Plans

When a breach occurs, clarity and speed are paramount. Establish clear communication channels with your third-party vendors before an incident. Define who notifies whom, when, and how. Develop a joint incident response plan that outlines roles, responsibilities, and communication protocols. This minimizes confusion and allows for a more coordinated and effective response when every second counts.

5. Invest in Automation and Monitoring

Manually tracking every vendor’s security posture is a nightmare. Leverage technology to help you. Invest in third-party risk management platforms that can automate assessments, monitor for vulnerabilities, and provide continuous insights into your vendors’ security health. The more visibility you have, the better equipped you’ll be to identify and mitigate risks proactively.

The Bottom Line: Still Worth the Effort

Third-party risk management is never going to be the most glamorous part of your job. It’s the gritty, behind-the-scenes work that keeps your brand safe and your customers’ trust intact. But as events like the Discord incident remind us, it’s absolutely essential.

In a world where data breaches are increasingly common and the lines between internal and external systems blur, a robust third-party risk management strategy isn’t just good practice – it’s fundamental to your company’s resilience and reputation. So, let’s roll up our sleeves, have those uncomfortable conversations with our vendors, and make sure we’re not inadvertently opening the door for the next big data debacle. Our customers, and our brands, depend on it.

I Warned of a Scam Substack Post…and Facebook Didn’t Like It

So I wrote my Bredemarket blog post about the scam Substack post I saw last night.

Then I shared it to my socials, including Facebook.

But Facebook removed the shares.

And put me on a one month restriction.

I’m appealing.

Eight is Enough: Eight Reasons This Substack “Compromised Firmware” Post Sounded Like A Hack

Last night I saw a Substack post from one of my subscriptions, but I immediately distrusted the post.

The post was purportedly from Kathy Kristof from SideHusl.com. Now Kristof herself is legitimate, and her SideHusl website evaluates…well, side hustles.

But this message didn’t sound like Kathy, and my spidey sense was aroused.

Let me count the ways.

“We.” Normally if an entity suffers a breach, the entity uses its name.
“Your device”…”the firmware level.” Substack posts can be viewed on a variety of devices. So this supposed breach affected all of them?
“If you are receiving this email.” While Substack subscribers can receive emails of posts, they also appear on the Substack website. I happened to be on the Substack website when I saw the post. I was not reading an email.
“Take immediate action…by updating your firmware.” The typical scam sense of urgency, coupled with a non-sensical request (see 2).
“The FBI has been notified.” Such a report should probably go to a different agency.
“support@trezor.io.” Trezor is a legitimate company that secures crypto assets…which has nothing to do with SideHusl or Substack. And by the way…
“Substack” (not). In the same way that the post does not explicitly mention SideHusl, it doesn’t explicitly mention Substack either.
“Access Dashboard button.” The reader is asked to click this button, supposedly to update their firmware (see 2).

My immediate reaction?

“I ain’t clicking that Access Dashboard button.”

And:

“Suspicious message, purportedly from Kathy Kristof at Sidehusl.com, asking you to click a button.

“No way.”

Independent note with screenshots of the original scam post.

Be careful out there.