Tag Archives: cyber

canna grow
Soapbox

CannaGrow Expo Heads to Palm Springs

By Aaron G. Biros
No Comments
canna grow

We’ve covered the CannaGrow Expo previously, but this time around we catch up with Joseph De Palma, founder of CannaGrow, to talk about the genesis of his conference and what makes the event so special. This year’s CannaGrow Expo heads to Palm Springs, California, a new location for the event, on May 19thand 20th.

We’ve watched De Palma’s conference grow over the years, moving around the country and becoming the tight-knit community we know it as today. The meat and potatoes of the show are definitely the educational sessions, panel discussions, roundtables and the expo hall. But covering it year after year we’ve noticed a real sense of community develop, one where genuine idea sharing, collaboration and inclusivity are preached. There are no dumb questions at the CannaGrow Expo.

Tom Lauerman speaks to a room full of attendees at CannaGrow San Diego

According to Joseph De Palma, CannaGrow started in 2014, when the original event was held in Denver. “From the beginning, we wanted to create an event specifically for growers, where the focus was always on education and ‘becoming a better grower’,” says De Palma. “We had experienced the existing events in the marketplace, and almost all fit into two categories at the time, festival, or generic tradeshow. Those were fine for their purpose, but they didn’t foster an environment of education, and that’s what we believed was most important to the emerging cannabis industry.” Back in 2014, their show only had 10 sessions and 30 exhibitors. “Passionate growers from around the country had 2 days of grow-focused sharing and learning, and you could see the energy and excitement,” De Palma says. “Discussions would dive deep, people made new friends, and it really elevated the conversation around cultivation.”

Attendees gather at a lighting exhibit at CannaGrow San Diego

Since the show’s debut, it’s grown substantially. The 7th CannaGrow Expo is fast approaching, and this upcoming conference has four separate tracks and roughly 100 exhibitors. But it still keeps its sense of community, one where you don’t feel crowded, where everyone has time to chat and network, without the overwhelming feeling that can come with larger trade shows. “That inclusivity and open dialog is built in,” says De Palma. “If you go to an event that’s tradeshow dominant, most people are there to walk, shop, and leave. At CannaGrow, growers and extractors come together with a plan for the weekend, remaining in a constant state of engagement with others at the show.”

This year’s show has some exciting additions to look out for. The agenda covers a wide range of topics, including everything from an introduction to growing with living soil to a discussion of cyber security. The Extraction Summit, new to this year’s event and held on Day 2, is their response to the massive rise in popularity and demand of extracts.

Eric Schlissel
Eric Schlissel, president and chief executive officer of GeekTek

Eric Schlissel, cybersecurity specialist, president and chief executive officer of GeekTek, is giving a talk focused on IT infrastructure. “My presentation will center around the actions cannabis businesses need to take right now to repel cybercrime and potential federal seizure,” says Schlissel. “As cannabis operators build their businesses and develop their security strategies, they often focus exclusively on the physical portion of their business – the merchandise and the cash in particular – and overlook the importance of designing and fortifying a secure IT infrastructure. I will discuss the importance of a holistic security strategy that embraces both and how you can both create one and prepare it for expansion into other states or even globally from the very start.” Schlissel’s discussion is one example of just how all-encompassing CannaGrow intends to be.

De Palma and his team leave few stones unturned as the show truly delivers vital information for cannabis cultivators in every area. Some things we are looking forward to? Seeing old friends and learning everything under the sun about cannabis science, growing and extraction. “People get to know each other, and with everyone sharing a core passion for cultivation and extraction, lifelong friendships are made,” says De Palma.


To check out the agenda, speakers and exhibitors, click here.

Marguerite Arnold
Soapbox

Paradox Or Paragon? A Non-Techie Look At Blockchain and Cannabis: Part III

By Marguerite Arnold
1 Comment
Marguerite Arnold

Disclaimer: Marguerite Arnold has just raised the first funds for her blockchain-based company, MedPayRx in Germany (and via traditional investment funding, not an ICO). She will also be speaking about the impact of blockchain on the cannabis industry in Berlin in April at the International Cannabis Business Conference.


Part I of this series was an overview discussion of blockchain, cryptocurrencies and cannabis and Part II dove into some of the pitfalls of ICOs in the cannabis space. This is the third and final piece of this series.

Beyond raising money or tying a tradable altcoin to cannaproduct, there are many places where blockchain technology can (and will) be used to great effect in the cannabis industry.

In fact, ICOs and cryptocurrency are only part of the blockchain discussion for the cannabis industry. In general, the technology will disrupt the vertical just like it is upending other businesses right now. However, for the moment at least, it will prove most useful in the most complicated and challenging technical and regulatory areas – supply chain product tracking being the lowest hanging fruit (which is still fairly high off the ground for a number of reasons). If evaluating blockchain tech is too onerous (which it usually is for the average investor or even senior cannabis exec), there are other options. Look for innovative mobile DApps (distributed apps that use blockchain for a specific purpose) and smart business cases.

The fascinating reality is that where there are service models that can be adapted to regulatory guidelines, blockchain promises, in fact, to remove the red tape and paperwork holding the industry back internationally. The impact on research and testing will also be huge.The rules are certainly changing with regards to public companies and cannabis.

The technology, or even the regulations, in other words, is not necessarily all to blame for the many issues budding blockchain entrepreneurs currently face. This space-age techie stuff, no matter how mind-blowing, is still “just” a tool. As the late Peter Drucker famously said, the raison d’etre of every successful business is one that solves a critical need for their customer. Find one for the industry that happens to use the technology, and you might just retire early. But there is a lot of road between that reality and now. And there probably will not be an ICO on that path. Not in most jurisdictions, and certainly not without complications in every one of them.

With an internationally stock-listed Canadian cannabis business now developing, the rules are certainly changing with regards to public companies and cannabis. For all the press that Cronos recently received for getting listed on the NASDAQ, AbCann got (relatively quietly) listed in Frankfurt last summer. Canopy and Aurora have also just become two of the hottest stocks in Sweden.

That said, these are public companies with regular stock issuances. What that means for ICO issuances related to the cannabis industry in Canada specifically is anyone’s guess at the moment. In Germany presently, this is mine-strewn territory. But even here, that will be driven as much if not more by banking law than canna-reform, just like everywhere else.

Not to mention this of course: Given the choice of investing in a public cannabis company already in business with its stock conveniently listed and purchasable via a regular exchange, what would most people choose? It’s just a whole lot easier than taking a flier on a cannabis-themed ICO offering for a concept that may be a great idea, but will never materialize. Or find a bank. Even in Europe or Canada.

The End Game Is Rosy Even If The Path Is Unclear

Despite all the caveats, the impact on the cannabis industry of this technology will be large – far beyond finance in other words – and in ways that are not necessarily all understood even now. The potential impacts on research, compliance and even further reform, however, are already clear. And for the most part, potentially very positive.

For that reason, there is no such thing as a blanket “yes” or “no” at any part of this discussion. Regulatory environments regarding both cannabis and blockchain are changing everywhere. Go slow and with caution is the watchword of the day. Look for interesting beta projects and track them.This is a rapidly changing territory in every direction.

Mentioning cannabis and blockchain if not cryptocurrency in the same breath is also legit, now. As little as 2 years ago, the idea or any combination of the two terms in fact, for whatever reason, was widely dismissed as just another iteration of Silk Road.

When combining this technology and cannabis, in other words, expect either amazing results or fantastic explosions that create a lot of heat and noise but go nowhere. There is more room, in other words, for a cannabis.io to become the industry’s NextGen Pets.com than Google or Facebook. That said, there are experiments going on now, in several countries where the banking and insurance questions are being addressed early (Germany, Canada, Australia and Israel all being such locales) where such issues have begun to be addressed up front.

In summary? Stay tuned and watch this space. This is a rapidly changing territory in every direction.

MJ Freeway Hardships Linger

By Aaron G. Biros
No Comments

MJ Freeway, a seed-to-sale traceability software company with a number of government contracts, has been making headlines this year for all the wrong reasons. A series of security breaches, website crashes and implementation delays have beleaguered the software company throughout 2017.

Just this morning, the Philadelphia Inquirer reported the company’s services crashed Saturday night and Monday afternoon. That article also mentions an anonymous hacker tried to sell sensitive information from the Washington and Nevada hacks in September. Back in April, when Pennsylvania awarded the state’s contract to MJ Freeway for its tracking system, Amy Poinsett, co-founder and chief executive officer of MJ Freeway told reporters “I think I can confidently say we are the most secure cannabis company in this particular industry.” It is safe to say this is now being called into question.

Earlier this week, New Cannabis Venture’s Alan Brochstein reported that MJ Freeway is unable to meet Washington’s October 31st deadline to integrate their software with the state, forcing customers to manually report data.

Roughly a month ago, Nevada suddenly cancelled their contract with MJ Freeway, just two years into their five-year deal. Back in June, the company’s source code was stolen and published online. And back in January of this year, the company’s sales and inventory system was the target of a cyber attack.

According to an email we obtained, all of MJFreeway’s clients in Spain experienced an online outage, but that services were restored within 24 hours. In an email sent to clients in Spain, the company told customers that the problems were the result of a system failure. “Our initial analysis indicates that this was a system failure and unfortunately none of the data was able to be successfully retrieved from the backup archive due to an error but we can assure you that none of your data was extracted or viewed at any moment,” reads the email. “We are extremely distressed regarding the event that occurred with the system and the service interruption that occurred yesterday. We recognize that this is a situation that is very serious and negatively impacts your club.” The email says that MJ Freeway is addressing those problems in a few ways, one of which being ongoing audits of their data backups. “The event has led us to reconstruct our “hosting environment” in Europe to use the latest technology from Amazon Web Services with the best redundancy, flexibility and security, using the highest stability measures in the AWS environment,” reads the email. While the site will be restored fully, according the email, historical data is lost. The company is working with their clients to help them get data back into the system. 

MJ Freeway’s Source Code Stolen & Published Online

By Aaron G. Biros
9 Comments

Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on Gitlab.com, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on Gitlab.com, and portions of the source code were posted, but have since been taken down. Source code is essentially a list of commands of a program, the basis for making improvements and modifications to a software system. Source code can sometimes contain sensitive information. To be clear, MJ Freeway does not use an open source model; their source code is the basis of their traceability software. Open source is a tool that fosters public collaboration on software development, helping identify weaknesses or areas for improvement.

When asked to comment on the matter, MJ Freeway issued the following statement:

“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.

Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.

We follow or exceed all relevant industry security standards and are confident that we have the most robust security measures in our industry. None of our peers come close. However, we live in a world of determined cyber-criminals and we operate in a competitive environment. Success and size makes a company a bigger target for malicious actors, as other large companies also know. We will continue to investigate and take follow-up action as we learn more about this incident.”

On Sunday, June 18th, a user by the name of ‘techdudes420’ posted in the subreddit, r/weedbiz, a thread titled “MJFreeway goes open source.” The link for that post was the Gitlab.com page where MJ Freeway’s source code was published briefly. The same user then published a second reddit post the following day with the same link to the stolen code, but this time in the r/COents, a subreddit for the Colorado cannabis community. MJ Freeway is based in Denver. That post claimed the user found the stolen source code with a quick search and that the user was banned because of that. The moderator of the thread chimed in, saying they banned the user for posting the stolen code. “We received a takedown request from the software owner stating the code had been stolen and released without permission,” says the moderator. “After investigating the matter I reached the same conclusion and removed the thread.” The moderator then updated the comment shortly after: “Edit: As for OP [original poster] ‘finding’ the code, if that were true I don’t know why he or she would have created a new Reddit account just to post the link.”

In addition to their own cybersecurity analysis, a spokeswoman for MJ Freeway says they will be performing a third party audit and analysis this week as well. When that information becomes available, we will update this article.


Update: Multiple sources have reported that portions of MJ Freeway’s source code are still available online on torrent sites like PirateBay.