Today I want to update on two previous threads.
First, revisiting the company providing facial recognition to the IRS, ID.me. In a LinkedIn post Wednesday, the CEO Blake Hall explained they do use a powerful facial recognition technology. The company does use a technique known as one-to-many face matching in which a target face is compared against a database of other known faces to find possible matches. This is a reversal of a previous statement. Additionally, the company has confirmed that they use Amazon’s Rekognition technology.
And, updating on Log4Shell, Sophos has released research indicating that mass vulnerability exploitation has failed to occur – and the reason is the attention given by security professionals. While initially there were a large number of scans looking for the vulnerability, from late December through January 2022, the attack attempts have flattened out and declined. Researchers observe that this is not a case of overhyping the problem, but instead one where the industry reacted and patched.
Why do we care?
Consumers have a right to be skeptical, mainly when companies are comfortable being unclear about the types of technology used. Will facial recognition for taxes fly? I’m a bit skeptical.
Now, onto the good news. The security community appears to have moved fast enough to handle a good portion of Log4Shell. They did so because of the size of the issue. It does prove it’s possible, however. Now the key is making it systemized rather than a fire drill when required.

